Models, methodology and challenges within strategic information security for senior managements
2009 (English)Doctoral thesis, comprehensive summary (Other academic)
The work in this thesis is based on an interest for strategic information security, and in particular business continuity planning, in combination with own experiences from strategic management of corporations. Information security policy- and education, practice and awareness issues have also been part of my focus. Strategic information security is the part of information security that senior managements (top managements) should own and care for, like for any other strategic area in an organization. One problem is that this is often not the case as the senior management attention and awareness is focused on other areas instead. The work has mainly addressed explanatory models and methodology to explain what strategic information security including business continuity planning is to senior management teams and a training concept. It has also high-lighted challenges from current and future technology, and terminology problems affecting business continuity planning in a direct or indirect way. The purpose of the thesis was broken down into six objectives matching identified knowledge gaps. These resulted in the research question "How to improve the senior management own and care process for strategic information security, and in particular business continuity planning?" The results from the empirical studies are two models and one methodology to be used when targeting strategic information security issues like modeling and implementations of business continuity planning, security policies and security education, practice and awareness during the own and care process. A further result is a training concept for organizational crisis management. In addition, the results also indicate challenges that need to be addressed during work with security policies and business continuity planning. The thesis further contributes with a framework for business continuity planning guiding how the models and methodology, together with the training concept and challenges should be used together in the own and care process, to resolve problems and achieve organizational change. The contribution is of a general nature and is suitable to use in both private and public sector organizations.
Place, publisher, year, edition, pages
Luleå: Luleå tekniska universitet, 2009. , 89 p.
Doctoral thesis / Luleå University of Technology 1 jan 1997 → …, ISSN 1402-1544
Research subject Computer and Systems Science
IdentifiersURN: urn:nbn:se:ltu:diva-17009Local ID: 123ee260-cac6-11de-b769-000ea68e967bISBN: 978-91-7439-056-8OAI: oai:DiVA.org:ltu-17009DiVA: diva2:990002
Godkänd; 2009; 20091106 (jlm); DISPUTATION Ämnesområde: Data- och systemvetenskap Opponent: Professor Per Flensburg, Högskolan Väst Ordförande: Professor Ann Hägerfors, Luleå tekniska universitet Tid: Fredag 18 december, 2009, klockan 10:00 Plats: Hoppesalen, Luleå tekniska universitet2016-09-292016-09-29Bibliographically approved