Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Information Classification Policies: An Exploratory Investigation
University of Skövde, Sweden.ORCID iD: 0000-0002-1436-2980
University of Skövde, Sweden.
University of Skövde, Sweden.
2018 (English)In: Proceedings of the Annual Information Institute Conference / [ed] G. Dhillon and S. Samonas, 2018Conference paper, Published paper (Refereed)
Abstract [en]

InfoSec policies are considered a key mechanism in information security, and most organizations have one. However, the large majority of security policy research has focused on what policies should include rather than how they are accomplished in practice. To contribute to overcoming the lack of knowledge regarding this crucial aspect, this paper investigates information security policies based on what underlying approaches information classification practices are built on and the perceived ease of turning the policy into practice. To do so, a survey was sent to 284 Swedish government agencies, and 80 of their internal policies were collected as data. The data were analyzed both qualitatively, and qualitatively. The results show that information classification adoption rates are low despite being mandatory and that agencies are struggling in closing the gap between standards and practice. Furthermore, the results also show that information classification policies need to be more specific and give more actionable advice regarding, e.g., how information life-cycle management is included in practice, and where the responsibility for classification is put in the organization.

Place, publisher, year, edition, pages
2018.
Keywords [en]
Information security management, information classification, InfoSec policies.
National Category
Public Administration Studies
Identifiers
URN: urn:nbn:se:hj:diva-47049ISBN: 978-1-935160-19-9 (print)OAI: oai:DiVA.org:hj-47049DiVA, id: diva2:1377101
Conference
17th Annual Security Conference, March 26-28, 2018 Las Vegas, NV, USA
Available from: 2019-12-11 Created: 2019-12-11 Last updated: 2019-12-11

Open Access in DiVA

Fulltext(229 kB)18 downloads
File information
File name FULLTEXT01.pdfFile size 229 kBChecksum SHA-512
5bf8b3c7fe17d102bd184c6df74d3ad5ab7dd3b39467f7bb558047e7446cc9188e6e56138dc1e19f779a3e808e7655d318a035af9f113e1a77f968688cf15750
Type fulltextMimetype application/pdf

Other links

Fulltext

Authority records BETA

Bergström, Erik

Search in DiVA

By author/editor
Bergström, Erik
Public Administration Studies

Search outside of DiVA

GoogleGoogle Scholar
Total: 18 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 142 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf