Addressing Dynamic Issues in Information Security Management
2011 (Engelska)Ingår i: Information Management & Computer Security, ISSN 0968-5227, E-ISSN 1758-5805, Vol. 19, nr 1, s. 5-24Artikel i tidskrift (Refereegranskat) Published
Abstract [sv]
Ett ramverk för behandling av osäkerhet inom ledningssystem för informationssäkerhet presenteras. Ramverket baseras på teorier från corporate finance. En fallstudie visar hur ramverket kan appliceras.
Abstract [en]
The paper addresses three main problems resulting from uncertainty in information security management: i)dynamically changing security requirements of an organization ii) externalities caused by a security system and iii)obsolete evaluation of security concerns. A framework based on options reasoning borrowed from corporate finance is proposed and adapted to evaluation of security architecture and decision-making for handling these issues at organizational level. The adaptation as methodology is demonstrated by a large case study validating its efficacy.
Ort, förlag, år, upplaga, sidor
Emerald Group Publishing Limited, 2011. Vol. 19, nr 1, s. 5-24
Nyckelord [en]
Dynamic Security Requirement Management, IT Security Externalities, Re-evaluation of IT Products
Nyckelord [sv]
ITsäkerhetskrav, evaluering av ITsäkerhet
Nationell ämneskategori
Systemvetenskap, informationssystem och informatik
Forskningsämne
data- och systemvetenskap
Identifikatorer
URN: urn:nbn:se:su:diva-67096DOI: 10.1108/09685221111115836OAI: oai:DiVA.org:su-67096DiVA, id: diva2:469521
2011-12-262011-12-262022-02-24Bibliografiskt granskad