Change search
ReferencesLink to record
Permanent link

Direct link
Action Design Research - GBM-OA to fill the gaps in MSB Method support
2015 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

In an initial contact with an organization we learned that they faced challenges in their work with information security. The suggested framework, Swedish Civil Contingency Agency (MSB) Method support, required a lot of pre-knowledge, which made it difficult and complicated for the user. Described as a buffet of options to create flexibility for the user, the organization found it hard to operationalize. By using Action Design Research (ADR) we go through three cycles of building, intervention and evaluation (BIE) to develop an artifact to improve their information security risk assessment work. Together with the organization we defined five goals that could improve the current method and its ease of appliance. After conducting a literature review in the field of information security risk assessment we identified a suitable candidate to complement the MSB Method support. Inside the BIE of ADR we use Situational Method Engineering (SME) to assemble a hybrid of the Genre Based Method - Octave Allegro (GBM-OA) method and the MSB method support. The research contribution from our work is three folded. First we suggest six new design principles for information security risk assessment method development. Secondly we show how GBM-OA can be used inside a large framework for information security risk assessment. Thirdly we show how a method can be changed to support the users in the transition from a traditional, technical view of IT-security towards more modern, information and even knowledge security view.

Place, publisher, year, edition, pages
2015. , 177 p.
Keyword [en]
Technology, Action Design Research, ADR, Situational Method Engineering, SME, MSB, GBM-OA, Risk assessment, Risk assessment methods, Visual method modeling, Genre concept, Iterative workflow, Measurement criteria's, Organization specific reporting, Snowball sampling, Design Principle, Municipality
Keyword [sv]
URN: urn:nbn:se:ltu:diva-58422Local ID: f00af505-f8ee-4800-966e-5202d993422fOAI: diva2:1031810
Subject / course
Student thesis, at least 30 credits
Educational program
Information Security, master's level
Validerat; 20150617 (global_studentproject_submitter)Available from: 2016-10-04 Created: 2016-10-04Bibliographically approved

Open Access in DiVA

fulltext(3973 kB)0 downloads
File information
File name FULLTEXT02.pdfFile size 3973 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Berkman, JohanMark, Daniel

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

ReferencesLink to record
Permanent link

Direct link