Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Addressing Dynamic Issues in Information Security Management
KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektroniksystem.
Department of Computer and System Sciences, Stockholm University, Sweden.
Department of Computer and System Sciences, Stockholm University, Sweden.
KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektroniksystem.ORCID-id: 0000-0003-0565-9376
2011 (Engelska)Ingår i: Information Management & Computer Security, ISSN 0968-5227, Vol. 19, nr 1, 5-24 s.Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Purpose – The paper addresses three main problems resulting from uncertainty in information securitymanagement: i) dynamically changing security requirements of an organization ii) externalities caused by a securitysystem and iii) obsolete evaluation of security concerns.

Design/methodology/approach – In order to address these critical concerns, a framework based on optionsreasoning borrowed from corporate finance is proposed and adapted to evaluation of security architecture anddecision-making for handling these issues at organizational level. The adaptation as a methodology is demonstrated by a large case study validating its efficacy.

Findings – The paper shows through three examples that it is possible to have a coherent methodology, buildingon options theory to deal with uncertainty issues in information security at an organizational level.

Practical implications – To validate the efficacy of the methodology proposed in this paper, it was applied tothe SHS (Spridnings- och Hämtningssystem: Dissemination and Retrieval System) system. The paper introduces themethodology, presents its application to the SHS system in detail and compares it to the current practice.

Originality/value – This research is relevant to information security management in organizations, particularlyissues on changing requirements and evaluation in uncertain circumstances created by progress in technology.

Ort, förlag, år, upplaga, sidor
UK: Emerald Group Publishing Limited , 2011. Vol. 19, nr 1, 5-24 s.
Nyckelord [en]
Dynamic Security Requirement Management, IT Security Externalities, Re-evaluation of IT Products
Nationell ämneskategori
Data- och informationsvetenskap
Identifikatorer
URN: urn:nbn:se:kth:diva-19429Scopus ID: 2-s2.0-79955624015OAI: oai:DiVA.org:kth-19429DiVA: diva2:337617
Anmärkning
Updated from submitted to published. QC 20120323Tillgänglig från: 2010-08-08 Skapad: 2010-08-08 Senast uppdaterad: 2012-03-23Bibliografiskt granskad

Open Access i DiVA

Fulltext saknas

Scopus

Sök vidare i DiVA

Av författaren/redaktören
Abbas, HaiderHemani, Ahmed
Av organisationen
Elektroniksystem
I samma tidskrift
Information Management & Computer Security
Data- och informationsvetenskap

Sök vidare utanför DiVA

GoogleGoogle Scholar

Totalt: 365 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf