Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Addressing Dynamic Issues in Information Security Management
KTH, School of Information and Communication Technology (ICT), Electronic Systems.
Department of Computer and System Sciences, Stockholm University, Sweden.
Department of Computer and System Sciences, Stockholm University, Sweden.
KTH, School of Information and Communication Technology (ICT), Electronic Systems.ORCID iD: 0000-0003-0565-9376
2011 (English)In: Information Management & Computer Security, ISSN 0968-5227, Vol. 19, no 1, 5-24 p.Article in journal (Refereed) Published
Abstract [en]

Purpose – The paper addresses three main problems resulting from uncertainty in information securitymanagement: i) dynamically changing security requirements of an organization ii) externalities caused by a securitysystem and iii) obsolete evaluation of security concerns.

Design/methodology/approach – In order to address these critical concerns, a framework based on optionsreasoning borrowed from corporate finance is proposed and adapted to evaluation of security architecture anddecision-making for handling these issues at organizational level. The adaptation as a methodology is demonstrated by a large case study validating its efficacy.

Findings – The paper shows through three examples that it is possible to have a coherent methodology, buildingon options theory to deal with uncertainty issues in information security at an organizational level.

Practical implications – To validate the efficacy of the methodology proposed in this paper, it was applied tothe SHS (Spridnings- och Hämtningssystem: Dissemination and Retrieval System) system. The paper introduces themethodology, presents its application to the SHS system in detail and compares it to the current practice.

Originality/value – This research is relevant to information security management in organizations, particularlyissues on changing requirements and evaluation in uncertain circumstances created by progress in technology.

Place, publisher, year, edition, pages
UK: Emerald Group Publishing Limited , 2011. Vol. 19, no 1, 5-24 p.
Keyword [en]
Dynamic Security Requirement Management, IT Security Externalities, Re-evaluation of IT Products
National Category
Computer and Information Science
Identifiers
URN: urn:nbn:se:kth:diva-19429Scopus ID: 2-s2.0-79955624015OAI: oai:DiVA.org:kth-19429DiVA: diva2:337617
Note
Updated from submitted to published. QC 20120323Available from: 2010-08-08 Created: 2010-08-08 Last updated: 2012-03-23Bibliographically approved

Open Access in DiVA

No full text

Scopus

Authority records BETA

Hemani, Ahmed

Search in DiVA

By author/editor
Abbas, HaiderHemani, Ahmed
By organisation
Electronic Systems
In the same journal
Information Management & Computer Security
Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 393 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf