Change search
Link to record
Permanent link

Direct link
BETA
Lundgren, Martin
Publications (1 of 1) Show all publications
Lundgren, M. & Bergström, E. (2019). Dynamic Interplay in the Information Security Risk Management Process. International Journal of Risk Assessment and Management, 22(2), 212-230
Open this publication in new window or tab >>Dynamic Interplay in the Information Security Risk Management Process
2019 (English)In: International Journal of Risk Assessment and Management, ISSN 1466-8297, E-ISSN 1741-5241, Vol. 22, no 2, p. 212-230Article in journal (Refereed) Published
Abstract [en]

In this paper, the formal processes so often assumed in information security risk management and its activities are investigated. For instance, information classification, risk analysis, and security controls are often presented in a predominantly instrumental progression. This approach, however, has received scholarly criticism, as it omits social and organizational aspects, creating a gap between formal and actual processes. This study argues that there is an incomplete understanding of how the activities within these processes actually interplay in practice. For this study, senior information security managers from four major Swedish government agencies were interviewed. As a result, twelve characteristics are presented that reflect an interplay between activities and that have implications for research, as well as for developers of standards and guidelines. The study’s conclusions suggest that the information security risk management process should be seen more as an emerging process, where each activity interplays dynamically in response to new requirements and organizational and social challenges.

Place, publisher, year, edition, pages
InderScience Publishers, 2019
Keywords
information classification, risk analysis, security controls, interplay, formal processes
National Category
Information Systems Information Systems, Social aspects
Research subject
Information systems
Identifiers
urn:nbn:se:hj:diva-47036 (URN)10.1504/IJRAM.2019.101287 (DOI)
Note

Validerad;2019;Nivå 1;2019-08-21 (johcin)

Available from: 2019-04-18 Created: 2019-12-09
Organisations

Search in DiVA

Show all publications