Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Developing an information classification method
Jönköping University, School of Engineering, JTH, Department of Computer Science and Informatics.ORCID iD: 0000-0002-1436-2980
School of Business, Örebro University, Örebro, Sweden.
School of Informatics, University of Skövde, Skövde, Sweden.
2021 (English)In: Information and Computer Security, E-ISSN 2056-4961, Vol. 29, no 2, p. 209-239Article in journal (Refereed) Published
Abstract [en]

Purpose: The purpose of this paper is to develop a method for information classification. The proposed method draws on established standards, such as the ISO/IEC 27002 and information classification practices. The long-term goal of the method is to decrease the subjective judgement in the implementation of information classification in organisations, which can lead to information security breaches because the information is under- or over-classified.

Design/methodology/approach: The results are based on a design science research approach, implemented as five iterations spanning the years 2013 to 2019.

Findings: The paper presents a method for information classification and the design principles underpinning the method. The empirical demonstration shows that senior and novice information security managers perceive the method as a useful tool for classifying information assets in an organisation.

Research limitations/implications: Existing research has, to a limited extent, provided extensive advice on how to approach information classification in organisations systematically. The method presented in this paper can act as a starting point for further research in this area, aiming at decreasing subjectivity in the information classification process. Additional research is needed to fully validate the proposed method for information classification and its potential to reduce the subjective judgement.

Practical implications: The research contributes to practice by offering a method for information classification. It provides a hands-on-tool for how to implement an information classification process. Besides, this research proves that it is possible to devise a method to support information classification. This is important, because, even if an organisation chooses not to adopt the proposed method, the very fact that this method has proved useful should encourage any similar endeavour.

Originality/value: The proposed method offers a detailed and well-elaborated tool for information classification. The method is generic and adaptable, depending on organisational needs.

Place, publisher, year, edition, pages
Emerald Group Publishing Limited, 2021. Vol. 29, no 2, p. 209-239
Keywords [en]
Information classification, Information classification method, Information security management, Information security management systems, ISO Standards, Security of data, Design Principles, Design-science researches, Design/methodology/approach, Information assets, Long-term goals, Organisational, Subjective judgement, Classification (of information)
National Category
Information Systems
Identifiers
URN: urn:nbn:se:hj:diva-51259DOI: 10.1108/ICS-07-2020-0110ISI: 000595848200001Scopus ID: 2-s2.0-85097088962OAI: oai:DiVA.org:hj-51259DiVA, id: diva2:1510958
Available from: 2020-12-17 Created: 2020-12-17 Last updated: 2021-12-21Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Bergström, Erik

Search in DiVA

By author/editor
Bergström, Erik
By organisation
JTH, Department of Computer Science and Informatics
In the same journal
Information and Computer Security
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 324 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf