ju.se
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Tools Supporting Information Security Risk Management in Practice
Jönköping University, School of Engineering, JTH, Department of Computer Science and Informatics.ORCID iD: 0000-0002-1436-2980
2023 (English)In: CEUR Workshop Proceedings: 9th International Conference on Socio-Technical Perspective in Information Systems Development, STPIS 2023, CEUR-WS , 2023, Vol. 3598, p. 146-159Conference paper, Published paper (Refereed)
Abstract [en]

It is well-known that Information Security Risk Management (ISRM) activities can be challenging to perform and that tool support could provide support in different ways, for example, by automating tasks, guiding the user, or helping with documentation. Despite the need for tools, there is a lack of studies investigating ISRM tool usage. This paper contributes by presenting the results from one of the first studies targeting information classification and ISRM tool usage in practice. The study is based on a survey sent to government agencies in Sweden and was answered by 139 respondents (67%). The survey targeted the type of tools used and the perceptions of those tools. Findings include a list of tools perceived to contribute to performing ISRM activities, such as information classification, the reasons why the tools were selected, and how well they fulfil their needs. More specifically, we found that spreadsheets and document templates are the most common tools used – despite not being perceived as fulfilling the needs. We also found that taking on an even more holistic view might be needed when considering functionality in ISRM tools.
Place, publisher, year, edition, pages
CEUR-WS , 2023. Vol. 3598, p. 146-159
Series
CEUR Workshop Proceedings, ISSN 1613-0073 ; 3598
Keywords [en]
Information classification, Information Security Risk Management, Tool support, Tools in practice
National Category
Information Systems
Identifiers
URN: urn:nbn:se:hj:diva-63285Scopus ID: 2-s2.0-85181110511OAI: oai:DiVA.org:hj-63285DiVA, id: diva2:1825890
Conference
9th International Conference on Socio-Technical Perspective in Information Systems Development, STPIS 2023 Hybrid, Portsmouth 27 October 2023 through 28 October 2023
Available from: 2024-01-10 Created: 2024-01-10 Last updated: 2024-01-24Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

ScopusFulltext

Authority records

Bergström, Erik

Search in DiVA

By author/editor
Bergström, Erik
By organisation
JTH, Department of Computer Science and Informatics
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 171 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.46.0
|
WCAG
|
Jönköping University
|
Jönköping University Library