Change search
ReferencesLink to record
Permanent link

Direct link
Assessing The Relative Importance of Information Security Governance Processes on Reducing Negative Impacts From Information Security Incidents
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
2010 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Today the extent and value of electronic data is constantly growing. Dealing across the internet depends on how secure consumers believe their personal data are. And therefore, information security becomes essential to any business with any form of web strategy, from simple business-to-consumer, or business-to-business to the use of extranets, e-mail and instants messaging. It matters too any organization that depends on computers for its daily existence.

This master thesis has its focus on Information Security Governance. The goal of this thesis was to study different Information Security processes within the five objectives for Information Security Governance in order to identify which processes that organizations should prioritize in order to reduce negative consequences on the data, information and software of a business from security incidents. By surveying IT experts, it was possible to gather their relative opinion regarding the relationship between Information Security Governance processes and security incidents.

By studying the five desired objectives for Information Security Governance,


Alignment, Risk Management, Resource Management, Performance Measurement


Value Delivery

the result indicated that some processes within Performance Measurements have a difference in relation to other processes. For those processes a conclusion can be made that they are not as important as the processes which they were compared to. A reason for this can be that the processes within performance measurement are different in such a way that they measure an incident after it has actually happened.

While other processes within the objectives for ISG are processes which needs to be fulfilled in order to prevent that an incident happens. This could obviously explain why the expert‟s choose to value the processes within performance measurement less important compared to other processes.

However, this conclusion cannot be generalized, since the total amount of completed responses where less than expected. More respondents would have made the result more reliable. The majority of the respondents were academicals and their opinion and experience may be different from the IT experts within the industry, which have a better understanding of how it actually works in reality within an organization.

Place, publisher, year, edition, pages
2010. , 58 p.
Keyword [en]
Information Technology, Information Security, Information Security Governance
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
URN: urn:nbn:se:kth:diva-81417OAI: diva2:497435
Educational program
Master of Science in Engineering - Computer Science and Technology
Available from: 2012-02-28 Created: 2012-02-10 Last updated: 2012-03-06Bibliographically approved

Open Access in DiVA

fulltext(1116 kB)345 downloads
File information
File name FULLTEXT01.pdfFile size 1116 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Farnian, Adnan
By organisation
Industrial Information and Control Systems
Electrical Engineering, Electronic Engineering, Information Engineering

Search outside of DiVA

GoogleGoogle Scholar
Total: 345 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 189 hits
ReferencesLink to record
Permanent link

Direct link