Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Security mistakes in information system deployment projects
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.ORCID iD: 0000-0003-3922-9606
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
2011 (English)In: Information Management & Computer Security, ISSN 0968-5227, E-ISSN 1758-5805, Vol. 19, no 2, 80-94 p.Article in journal (Refereed) Published
Abstract [en]

Purpose - This paper aims to assess the influence of a set of human and organizational factors in information system deployments on the probability that a number of security-related mistakes are in the deployment. Design/methodology/approach - A Bayesian network (BN) is created and analyzed over the relationship between mistakes and causes. The BN is created by eliciting qualitative and quantitative data from experts of industrial control system deployments in the critical infrastructure domain. Findings - The data collected in this study show that domain experts have a shared perception of how strong the influence of human and organizational factors are. According to domain experts, this influence is strong. This study also finds that security flaws are common in industrial control systems operating critical infrastructure. Research limitations/implications - The model presented in this study is created with the help of a number of domain experts. While they agree on qualitative structure and quantitative parameters, future work should assure that their opinion is generally accurate. Practical implications - The influence of a set of important variables related to organizational/human aspects on information security flaws is presented. Social implications - The context of this study is deployments of systems that operate nations' critical infrastructure. The findings suggest that initiatives to secure such infrastructures should not be purely technical. Originality/value - Previous studies have focused on either the causes of security flaws or the actual flaws that can exist in installed information systems. However, little research has been spent on the relationship between them. The model presented in this paper quantifies such relationships.

Place, publisher, year, edition, pages
Emerald Group Publishing Limited, 2011. Vol. 19, no 2, 80-94 p.
Keyword [en]
Bayesian statistical decision theory, Data security, Human failure, Information systems, Organizational structures, Quality function deployment
National Category
Communication Systems
Identifiers
URN: urn:nbn:se:kth:diva-100908DOI: 10.1108/09685221111143033Scopus ID: 2-s2.0-79959599477OAI: oai:DiVA.org:kth-100908DiVA: diva2:545796
Note

QC 20120919

Available from: 2013-03-20 Created: 2012-08-21 Last updated: 2017-12-07Bibliographically approved

Open Access in DiVA

fulltext(540 kB)393 downloads
File information
File name FULLTEXT01.pdfFile size 540 kBChecksum SHA-512
b86743dec8a31ecdf3ec3f744b6b65dcd82ea82f9211580f7d6063f087d7dbdc70bcd79f4d8168003535da2f8c9a320208c5b8bfdd91a0384451a176085cb61d
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopusPublisher's website

Search in DiVA

By author/editor
Sommestad, TeodorEkstedt, MathiasHolm, HannesAfzal, Muhammad
By organisation
Industrial Information and Control Systems
In the same journal
Information Management & Computer Security
Communication Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 393 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 152 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf