Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Dynamic Interplay in the Information Security Risk Management Process
Luleå tekniska universitet, Digitala tjänster och system.ORCID-id: 0000-0003-1692-5721
University of Skövde.ORCID-id: 0000-0002-1436-2980
2019 (Engelska)Ingår i: International Journal of Risk Assessment and Management, ISSN 1466-8297, E-ISSN 1741-5241, Vol. 22, nr 2, s. 212-230Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

In this paper, the formal processes so often assumed in information security risk management and its activities are investigated. For instance, information classification, risk analysis, and security controls are often presented in a predominantly instrumental progression. This approach, however, has received scholarly criticism, as it omits social and organizational aspects, creating a gap between formal and actual processes. This study argues that there is an incomplete understanding of how the activities within these processes actually interplay in practice. For this study, senior information security managers from four major Swedish government agencies were interviewed. As a result, twelve characteristics are presented that reflect an interplay between activities and that have implications for research, as well as for developers of standards and guidelines. The study’s conclusions suggest that the information security risk management process should be seen more as an emerging process, where each activity interplays dynamically in response to new requirements and organizational and social challenges.

Ort, förlag, år, upplaga, sidor
InderScience Publishers , 2019. Vol. 22, nr 2, s. 212-230
Nyckelord [en]
information classification, risk analysis, security controls, interplay, formal processes
Nationell ämneskategori
Systemvetenskap, informationssystem och informatik Systemvetenskap, informationssystem och informatik med samhällsvetenskaplig inriktning
Forskningsämne
Informationssystem
Identifikatorer
URN: urn:nbn:se:hj:diva-47036DOI: 10.1504/IJRAM.2019.101287OAI: oai:DiVA.org:hj-47036DiVA, id: diva2:1376455
Anmärkning

Validerad;2019;Nivå 1;2019-08-21 (johcin)

Tillgänglig från: 2019-04-18 Skapad: 2019-12-09

Open Access i DiVA

Fulltext saknas i DiVA

Övriga länkar

Förlagets fulltext

Personposter BETA

Lundgren, Martin

Sök vidare i DiVA

Av författaren/redaktören
Lundgren, MartinBergström, Erik
I samma tidskrift
International Journal of Risk Assessment and Management
Systemvetenskap, informationssystem och informatikSystemvetenskap, informationssystem och informatik med samhällsvetenskaplig inriktning

Sök vidare utanför DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetricpoäng

doi
urn-nbn
Totalt: 22 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf