Change search
ReferencesLink to record
Permanent link

Direct link
Models, methodology and challenges within strategic information security for senior managements
2009 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The work in this thesis is based on an interest for strategic information security, and in particular business continuity planning, in combination with own experiences from strategic management of corporations. Information security policy- and education, practice and awareness issues have also been part of my focus. Strategic information security is the part of information security that senior managements (top managements) should own and care for, like for any other strategic area in an organization. One problem is that this is often not the case as the senior management attention and awareness is focused on other areas instead. The work has mainly addressed explanatory models and methodology to explain what strategic information security including business continuity planning is to senior management teams and a training concept. It has also high-lighted challenges from current and future technology, and terminology problems affecting business continuity planning in a direct or indirect way. The purpose of the thesis was broken down into six objectives matching identified knowledge gaps. These resulted in the research question "How to improve the senior management own and care process for strategic information security, and in particular business continuity planning?" The results from the empirical studies are two models and one methodology to be used when targeting strategic information security issues like modeling and implementations of business continuity planning, security policies and security education, practice and awareness during the own and care process. A further result is a training concept for organizational crisis management. In addition, the results also indicate challenges that need to be addressed during work with security policies and business continuity planning. The thesis further contributes with a framework for business continuity planning guiding how the models and methodology, together with the training concept and challenges should be used together in the own and care process, to resolve problems and achieve organizational change. The contribution is of a general nature and is suitable to use in both private and public sector organizations.

Place, publisher, year, edition, pages
Luleå: Luleå tekniska universitet, 2009. , 89 p.
Doctoral thesis / Luleå University of Technology 1 jan 1997 → …, ISSN 1402-1544
Keyword [en]
Social sciences
Keyword [sv]
Research subject
Computer and Systems Science
URN: urn:nbn:se:ltu:diva-17009Local ID: 123ee260-cac6-11de-b769-000ea68e967bISBN: 978-91-7439-056-8OAI: diva2:990002
Godkänd; 2009; 20091106 (jlm); DISPUTATION Ämnesområde: Data- och systemvetenskap Opponent: Professor Per Flensburg, Högskolan Väst Ordförande: Professor Ann Hägerfors, Luleå tekniska universitet Tid: Fredag 18 december, 2009, klockan 10:00 Plats: Hoppesalen, Luleå tekniska universitetAvailable from: 2016-09-29 Created: 2016-09-29Bibliographically approved

Open Access in DiVA

fulltext(2233 kB)1 downloads
File information
File name FULLTEXT01.pdfFile size 2233 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Lindström, John

Search outside of DiVA

GoogleGoogle Scholar
Total: 1 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 3 hits
ReferencesLink to record
Permanent link

Direct link