Digitala Vetenskapliga Arkivet

Change search
Refine search result
1 - 37 of 37
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Al Sabbagh, Bilal
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    A cultural adaption model for global cyber security warning systems: A socio-technical proposal2011Conference paper (Refereed)
    Abstract [en]

    In this paper we explore the problems of developing a cyber security warning system both from a theoretical and practical perspective. We review some of the current development in warning systems around the world and we also examine the security metrics area. We then expanded on a proposed socio-technical coordinate system for global cyber security alerts and adapted it to an information security culture framework.

  • 2.
    Al Sabbagh, Bilal
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Norwegian University of Science and Technology, Norway.
    A Framework and Prototype for A Socio-Technical Security Information and Event Management System (ST-SIEM)2016In: 2016 European Intelligence and Security Informatics Conference: Proceedings / [ed] Joel Brynielsson, Fredrik Johansson, IEEE Computer Society, 2016, p. 192-195Conference paper (Refereed)
    Abstract [en]

    In this short paper we present a socio-technical framework for integrating a security risk escalation maturity model into a security information and event management system. The objective of the framework is to develop the foundations for the next generation socio-technical security information and event management systems (ST-SIEMs) enabling socio-technical security operations centers (ST-SOCs). The primary benefit of the socio-technical framework is twofold: supporting organizations in overcoming the identified limitations in their security risk escalation maturity, and supporting SOCs in overcoming the limitations of their SIEMs. The risk escalation maturity level is quantified using metrics. These metrics are then used by SIEMs for cross correlating security events before they are disseminated to respective organizations. Typical SIEMs in use today calculate security events using generic risk factors not necessarily relevant for every organization. The proposed framework can enable security administrators to effectively and efficiently manage security warnings and to establish necessary countermeasures.

  • 3.
    Al Sabbagh, Bilal
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Security from a Systems Thinking Perspective - Applying Soft Systems Methodology to the Analysis of an Information Security Incident2014In: Proceedings of the 58th Meeting of ISSS, Washington DC, USA, July 2014, International Society for the Systems Sciences (ISSS) , 2014Conference paper (Refereed)
    Abstract [en]

    Applying systems theory to information security enables security analysts to consider the socio-technical role of the security system instead of only focusing on the technical part. Systems theory can also equip security analysts with the skills required to have a holistic and an abstract level of understanding of the security problem in their organisations and to proactively define and evaluate existing risks. The Soft Systems Methodology (SSM) developed by Peter Checkland was created in order to deal with unstructured situations where human beings are part of the socio-technical system. In this paper, SSM is applied as a framework to diagnose a real case security incident in an organisation. The purpose of this application is to demonstrate how the methodology can be considered a beneficial tool for security analysts during security incident management and risk analysis. Literature review and experience indicate an existing lack of customisable incident response tools that facilitate communication and elaboration within organizations during incident management. In addition to the fact that these tools are mainly technical and don’t take the human factor into consideration. Using SSM as such, we define the security attack as a human activity transformation system that transforms a security event triggered by an attacker into a security breach that cause damage to the victim organisation. The attack system is then modelled to include a number of dependent activity sub-systems that interact with each other and their environment including the security control activity systems. By having such systemic perception of a security attack, security analysts, we suggest, can have a holistic perception under what conditions a security attack has succeeded and what elements of the socio-technical system and its environment should have been considered in order to mitigate and reduce the risk exposure.

  • 4.
    Al Sabbagh, Bilal
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Norwegian University of Science and Technology, Norway.
    Socio-Technical SIEM (ST-SIEM): Towards Bridging the Gap in Security Incident Response2017In: International Journal of Systems and Society, ISSN 2327-3984, Vol. 4, no 2, p. 8-21, article id 2Article in journal (Refereed)
    Abstract [en]

    This article discusses the design and specifications of a Socio-Technical Security Information and Event Management System (ST-SIEM). This newly-developed artifact addresses an important limitation identified in today incident response practice—the lack of sufficient context in actionable security information disseminated to constituent organizations. ST-SIEM tackles this limitation by considering the socio-technical aspect of information systems security. This concept is achieved by correlating the technical metrics of security warnings (which are generic in nature, and the sources of which are sometimes unknown) with predefined social security metrics (used for modeling the security culture of constituent organizations). ST-SIEM, accordingly, adapts the risk factor of the triggered security warning based on each constituent organization security culture. Moreover, the artifact features several socio-technical taxonomies with an impact factor to support organizations in classifying, reporting, and escalating actionable security information. The overall project uses design science research as a framework to develop the artifact.

  • 5.
    Al Sabbagh, Bilal
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    ST(CS)2 - Featuring socio-technical cyber security warning systems2012In: Proceedings of the 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), IEEE, 2012, p. 312-316Conference paper (Refereed)
    Abstract [en]

    In this short paper we propose a socio-technical framework for developing cyber security warning systems. We start by reviewing latest research and theories on socio-technical nature of information systems security. We then show the need to consider the social dimension of information systems security as recommended by number of global security consortiums. Afterward we review the development of some of the main currently existing global cyber security warning systems. Finally we present our suggested socio-technical coordination platform to feature socio-technical enabled cyber security warning systems.

  • 6.
    Bider, Ilia
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Henkel, Martin
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Perjons, Erik
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Reuse of Simulated Cases in Teaching Enterprise Modelling2015In: Advances in Conceptual Modeling: Proceedings / [ed] Manfred A.Jeusfeld, Kamalakar Karlapalem, Springer, 2015, p. 337-346Conference paper (Refereed)
    Abstract [en]

    Case-based teaching/learning is widely used in Information Systems (IS) education in general, and in teaching/learning modeling, in particular. A case presents to the students a real or imaginary business situation asking them to build a model of it, or showing how such model can be built. In situations where a business case is presented in a text form, reusing it as is, or with modification in the same or a different course does not constitute much of a problem. However, using textual description for presenting cases has drawbacks on its own, as it does not help the students to acquire the skills of dissecting analyzing and analyzing the reality when building a model. The latter can be better achieved when a case is presented in a multimedia form, e.g. recorded interviews, website of a company, etc. As the previous works of the same authors show, such case presentations gives the students better understanding of the essence of modeling, which is appreciated by the students. The dark side of the multimedia presentation is that such a case presentation requires more time to build compared to using a textual form, and it is not easy to change it. This paper is a preliminary inquiry into the problem of reusing of cases presented with the help of multimedia. It presents a conceptual model of the domain aimed at discussing the potential of reuse of the whole case or its parts, and concludes with considerations on reusability that need to be covered when building multimedia presentations of cases.

  • 7.
    Bider, Ilia
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Henkel, Martin
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Perjons, Erik
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Simulating apprenticeship using multimedia in higher education: A case from the information systems field2015In: Interactive Technology and Smart Education, ISSN 1741-5659, E-ISSN 1758-8510, Vol. 12, no 2, p. 137-154Article in journal (Refereed)
    Abstract [en]

    Purpose – This paper aims to report on a project aimed at using simulation for improving the quality of teaching and learning modeling skills. More specifically, the project goal was to facilitate the students to acquire skills of building models of organizational structure and behavior through analysis of internal and external documents, and interviews with employees and management. An important skill that practitioners in the information systems field need to possess is the skill of modeling information systems. The main problem with acquiring modeling skills is to learn how to extract knowledge from the unstructured reality of business life. Design/methodology/approach – To achieve the goal, a solution was introduced in the form of a computerized environment utilizing multimedia to simulate a case of an apprenticeship situation. The paper gives an overview of the problem that the solution addresses, presents the solution and reports on the trial completed in a first-year undergraduate course at Stockholm University. Findings – The results of the trial indicate that using rich multimedia along with a case-based learning approach did improve the overall performance of the students. It was also shown that both students’ and the teachers’ attitudes toward the solution were positive. Originality/value – The solution presented in this paper, using computer simulation in teaching/learning by focusing on an apprenticeship situation, can be reused by other university teachers, especially in the Information Systems discipline. This solution can thus be used in teaching, system design, requirements engineering, business analysis and other courses typical for information systems.

  • 8.
    Bider, Ilia
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Henkel, Martin
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences. Gjøvik University College, Norway.
    Perjons, Erik
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Teaching Enterprise Modeling Based on Multi-media Simulation: A Pragmatic Approach2015In: E-Technologies: Proceedings / [ed] Morad Benyoucef, Michael Weiss, Hafedh Mili, Springer, 2015, p. 239-254Conference paper (Refereed)
    Abstract [en]

    The paper addresses the problem of how university students can acquire enterprise modeling skills so that they can build high quality models of organizational structure and behavior in practical settings after their graduation. The best way of learning such skills is apprenticeship where the students follow a modeling master in a real business case. However, in a university classroom setting this is difficult to arrange, if even possible. Therefore, the paper suggests the use of a computer-based simulation as a good approximation to apprenticeship. Moreover, it suggests a pragmatic, low-cost approach making the idea accessible even for courses with a low budget. A business case is simulated by providing the students with multi-media information sources that are usually used by system or business analysts when building models. The sources consist of recorded interviews with the stakeholders, a web-site of the enterprise under investigation, internal protocols from management meetings, results of twitter search on the company name, etc. The paper presents practical guidelines on how to build such simulation based on a trial successfully completed at the Department of Computer and System Sciences at Stockholm University.

  • 9.
    Bider, Ilia
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Henkel, Martin
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Perjons, Erik
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Technology Enhanced Learning of Modeling Skills in the Field of Information Systems2015In: IADIS international conference on information systems, 2015 / [ed] Miguel Baptista Nunes, Pedro Isaías and Philip Powell, IADIS Press, 2015, p. 121-128Conference paper (Refereed)
    Abstract [en]

    This paper reports on a project aimed at using simulation for improving the quality of teaching and learning in the field of Information Systems. More specifically, the project goal was facilitating the students to acquire skills of building models of organizational structure and behavior through analysis of internal and external documents, and interviewing employees and management. The solution tested in the project was a computerized environment utilizing multi-media to simulate a business case. The paper gives an overview of the problem that the solution addresses, presents the solution, and reports on a trial completed in a first year undergraduate course at Stockholm University. The results of the trial indicate that using rich multi-media along with a case based learning approach did improve the overall performance of the students. It was also shown that both students’ and the teachers’ attitude toward the solution was positive.

  • 10.
    Bider, Ilia
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences. IbisSoft AB, Stockholm, Sweden .
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    A Framework for Synchronizing Human Behavior, Processes and Support Systems Using a Socio-technical Approach2014In: Enterprise, Business-Process and Information Systems Modeling: Proceedings, Springer Berlin/Heidelberg, 2014, p. 109-123Conference paper (Refereed)
    Abstract [en]

    The paper suggests a framework for achieving alignment between a process and its external and internal environment. The framework consists of two components. The first component concerns alignment between the process and its external environment - business environment in which the process functions or is to function. The second component concerns alignment between the process and its internal environment the most important part of which are people participating in the process. The second component, which is in the focus of the paper, is based on the socio-technical view on information systems. The framework is aimed to move the focus of business process reengineering/ improvement from local optimization through the use of technology to the needs of satisfying business goals, and fostering human capital that is needed to achieve them.

  • 11.
    El Mekawy, Mohamed
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    AlSabbagh, Bilal
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    The Impact of Business-IT Alignment on Information Security Process2014In: HCI in Business: Proceedings / [ed] Fiona Fui-Hoon Nah, Springer, 2014, p. 25-36Conference paper (Refereed)
    Abstract [en]

    Business-IT Alignment (BITA) has the potential to link with organi-zational issues that deal with business-IT relationships at strategic, tactical and operational levels. In such context, information security process (ISP) is one of the issues that can be influenced by BITA. However, the impact has yet not been researched. This paper investigates the BITA impact on ISP. For this in-vestigation, the relationships of elements of the Strategic Alignment Model and the components of Security Values Chain Model are considered. The research process is an in-depth literature survey followed by case study in two organiza-tions located in United States and the Middle East. The results show clear impact of BITA on how organizations would distribute allocated security budget and resources based on the needs and risk exposure. The results should support both practitioners and researchers to gain improved insights of the relationships between BITA and IT security components.

  • 12.
    Henriksson, Aron
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Dalianis, Hercules
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Generating Features for Named Entity Recognition by Learning Prototypes in Semantic Space: The Case of De-Identifying Health Records2014In: 2014 IEEE International Conference on Bioinformatics and Biomedicine (BIBM), IEEE conference proceedings, 2014, p. 450-457Conference paper (Refereed)
    Abstract [en]

    Creating sufficiently large annotated resources for supervised machine learning, and doing so for every problem and every domain, is prohibitively expensive. Techniques that leverage large amounts of unlabeled data, which are often readily available, may decrease the amount of data that needs to be annotated to obtain a certain level of performance, as well as improve performance when large annotated resources are indeed available. Here, the development of one such method is presented, where semantic features are generated by exploiting the available annotations to learn prototypical (vector) representations of each named entity class in semantic space, constructed by employing a model of distributional semantics (random indexing) over a large, unannotated, in-domain corpus. Binary features that describe whether a given word belongs to a specific named entity class are provided to the learning algorithm; the feature values are determined by calculating the (cosine) distance in semantic space to each of the learned prototype vectors and ascertaining whether they are below or above a given threshold, set to optimize Fβ-score. The proposed method is evaluated empirically in a series of experiments, where the case is health-record deidentification, a task that involves identifying protected health information (PHI) in text. It is shown that a conditional random fields model with access to the generated semantic features, in addition to a set of orthographic and syntactic features, significantly outperforms, in terms of F1-score, a baseline model without access to the semantic features. Moreover, the quality of the features is further improved by employing a number of slightly different models of distributional semantics in an ensemble. Finally, the way in which the features are generated allows one to optimize them for various Fβ -scores, giving some degree of control to trade off precision and recall. Methods that are able to improve performance on named entity recognition tasks by exploiting large amounts of unlabeled data may substantially reduce costs involved in creating annotated resources for every domain and every problem.

  • 13.
    Karokola, Geoffrey
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Yngström, Louise
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Evaluating A Framework for Securing e-Government Services – A Case of Tanzania2013In: Hawaii International Conference on System Sciences / [ed] Lisa O’Conner, IEEE Computer Society, 2013, p. 1792-1801Conference paper (Refereed)
    Abstract [en]

    The current and emerging security threats poses a variety of security risks to e-government services. The Tanzanian national e-government strategy recognizes the importance and use of e-government maturity models (eGMMs) as a tool for guiding and benchmarking egovernment implementation and service delivery. However, the models lack security services (technical and non-technical) in their maturity stages – leading to misalignment of strategic objectives between e-government services and security services. To bridge the existing security services gap in eGMMs – a framework for securing e-government services which integrates IT security services into maturity stages of eGMMs was proposed. The goal of this paper is to present an outline of the evaluation results for the proposed framework, in the context of a developing world environment. In the process, seven evaluation criteria were developed; thereafter, a casestudy was conducted into six government organizations located in Tanzania. The overall results show that the framework was accepted in the studied environment. The framework usefulness was perceived highest at 95%; the framework dynamics & flexibility was perceived lowest at 76%.

  • 14.
    Karokola, Geoffrey Rwezaura
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Mwakalinga, G Jeffy
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Rukiza, Viola
    Royal Institute of Technology (KTH) Sweden.
    Secure e-Government Adoption: A Case Study of Tanzania2011In: Proceedings of the European Security Conference (ESC 2011), Örebro, Sweden, 2011, p. 18-32Conference paper (Refereed)
    Abstract [en]

    This paper presents a case study for secure e-government services adoption in Tanzania, where four organizations are studied. In the process, to compare the adoption process both private and public organizations were critically studied. The study utilizes a mixed research method that combines the use of both qualitative and quantitative methods for questionnaire preparation, data collection, and processing and analysis. The study also reviewed different adoption models, where seven hypotheses were constructed. The results show that out of the seven constructed hypothesis four were supported: Perceived usefulness has a positive influence on the behavioral intention and use of e-government services; perceived trust has a positive influence on the behavioral intention of a user on the usage of e-government service; higher levels of perceived IT security has a positive and significant effect on perceived trust; and behavioral intention has a direct and positive effect on the actual usage and adoption of technology of e-government services. Also, we found that private organization appears to be earlier adopters of technology and offers more secure e-services sooner than public organizations.

    Download full text (pdf)
    Fulltext
  • 15.
    Karokola, Geoffrey Rwezaura
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Yngström, Louise
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Evaluating A Framework for Securing e-Government Services: A Case of TanzaniaManuscript (preprint) (Other academic)
  • 16.
    Karokola, Geoffrey Rwezaura
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Yngström, Louise
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Secure e-Government services: Protection Profile for Electronic Voting - A Case of Tanzania2012In: IST-Africa 2012 Conference Proceedings / [ed] Paul Cunningham and Miriam Cunningham, IIMC International Information Management Corporation , 2012Conference paper (Refereed)
  • 17.
    Karokola, Geoffrey Rwezaura
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Yngström, Louise
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Secure e-Government Services: Towards A Framework for Integrating IT Security Services into e-Government Maturity Models2011In: Proceedings of the IEEE/10th ISSA 2011 Conference on Information Security, IEEE/HAISA2011 , 2011, p. 1-9Conference paper (Refereed)
    Abstract [en]

    e-Government maturity models (eGMMs) lack security services (technical and socio/non-technical) in its critical maturity stages. The paper proposes a comprehensive framework for integrating IT security services into eGMM critical stages. The proposed framework is a result of integrating information security maturity model (ISMM) critical levels into e-government maturity model (eGMM) critical stages. The research utilizes Soft Systems Methodology (SSM) of scientific inquiry adopted from Checkland and Scholes. The paper contributes to the theoretical and empirical knowledge in the following ways: firstly, it introduces a new approach that shows how government’s can progressively secure their e-government services; secondly, it outlines the security requirements (technical and non-technical) for critical maturity stages of eGMM; and thirdly, it enhances awareness and understanding to the governments and stakeholders such as practitioners, experts and citizens on the importance of security requirements being clearly defined within eGMM critical stages.

    Download full text (pdf)
    Fulltext
  • 18.
    Karokola, Geoffrey Rwezaura
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Yngström, Louise
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Towards An Information Security Maturity Model for Secure e-Government Services: A Stakeholders View2011In: Proceedings of the 5th International Symposium on Human Aspects of Information Security & Assurance, HAISA , 2011, p. 58-73Conference paper (Refereed)
    Abstract [en]

    The paper proposes a comprehensive information security maturity model (ISMM) that addresses both technical and socio/non-technical security aspects. The model is intended for securing e-government services (implementation and service delivery) in an emerging and increasing security risk environment. The paper applied inductive approach that utilizes extensive literature review and survey study approaches. A total of eight existing ISMMs were selected and critically analyzed. Models were then categorized into security awareness, evaluation and management orientations. Based on the model’s strengths – three models were selected to undergo further analyses and then they were synthesized. Each of the three selected models was either from the security awareness, evaluation or management orientations category. To affirm the findings – a survey study was conducted into six government organizations located in Tanzania. The study was structured to a large extent by the security controls adopted from the Security By Consensus (SBC) model. Finally, an ISMM with five critical maturity levels was proposed. The maturity levels were: undefined, defined, managed, controlled and optimized. The papers main contribution is the proposed model that addresses both technical and non-technical security services within the critical maturity levels. Additionally, the paper enhances awareness and understanding on the needs for security services be an integral part of e-government services to stakeholders.

    Download full text (pdf)
    Fulltext
  • 19.
    Karokola, Geoffrey
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Yngström, Louise
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Secure e-Government Services: A Comparative Analysis of e- Government Maturity Models for the Developing Regions - The need for Security Services2012In: The International Journal of Electronic Government Research, ISSN 1548-3886, Vol. 8, no 1, p. 1-25Article in journal (Refereed)
    Abstract [en]

    E-Government offers many benefits to government agencies, citizens and the business community. However,e-Government services are prone to current and emerging security challenges posing potential threats tocritical information assets. Securing it appears to be a major challenge facing governments globally. Basedon the international security standards – the paper thoroughly investigates and analyzes eleven e-governmentmaturity models (eGMMs) for security services. Further, it attempts to establish a common frame of referencefor eGMM critical stages. The study utilizes the Soft Systems Methodology (SSM) of scientific inquiry/learning cycle adopted from Checkland and Scholes. The findings show that security services (technical andnon-technical) are lacking in eGMMs – implying that eGMMs were designed to measure more quantity ofoffered e-government services than the quality of security services. Therefore, as a step towards achievingsecure e-government services the paper proposes a common frame of reference for eGMM with five criticalstages. These stages will later be extended to include the required security services.

  • 20.
    Kowalski, Stewart
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Bednar, Peter
    Bider, Ilia
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Proceedings of STPIS’15: Preface2015In: Socio-Technical Perspective in IS Development (STPIS'15): Proceedings / [ed] Stewart Kowalski, Peter Bednar, Ilia Bider, CEUR-WS.org , 2015, p. i-iiConference paper (Other academic)
    Download full text (pdf)
    fulltext
  • 21.
    Kowalski, Stewart
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Bednar, Peter
    Bider, Ilia
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Proceedings of STPIS’17: Preface2017In: Proceedings of the 3rd International Workshop on Socio-Technical Perspective in IS development (STPIS'17) / [ed] Stewart Kowalski, Peter Bednar, Ilia Bider, CEUR-WS.org , 2017, p. i-iiConference paper (Other academic)
  • 22.
    Kowalski, Stewart
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Bednar, Peter
    Bider, Ilia
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Proceedings of STPIS'18: Preface2018In: 4th International Workshop on Socio-Technical Perspective in IS development (STPIS'18): Proceedings / [ed] Stewart Kowalski, Peter Bednar, Ilia Bider, CEUR-WS.org , 2018, p. i-iiiConference paper (Other academic)
    Abstract [en]

    This volume contains the papers presented at STPIS'18: 4th International Workshop on Socio-Technical Perspective in IS Development to beheld on June 12, 2018 in Tallinn, Estonia.

    Download full text (pdf)
    fulltext
  • 23.
    Kowalski, Stewart
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Bednar, PeterBider, IliaStockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Proceedings of the 1st International Workshop on Socio-Technical Perspective in IS Development (STPIS'15)2015Conference proceedings (editor) (Refereed)
  • 24.
    Kowalski, Stewart
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Bednar, PeterBider, IliaStockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    STPIS 2016: Socio-Technical Perspective in IS Development: Proceedings of the 2nd International Workshop on Socio-Technical Perspective in IS Development co-located with 28th International Conference on Advanced Information Systems Engineering (CAiSE 2016)2016Conference proceedings (editor) (Refereed)
  • 25.
    Kowalski, Stewart
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Bednar, PeterBider, IliaStockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    STPIS 2018 Socio-Technical Perspective in IS Development: Proceedings of the 4th International Workshop on Socio-Technical Perspective in IS Development co-located with 30th International Conference on Advanced Information Systems Engineering (CAiSE 2018)2018Conference proceedings (editor) (Refereed)
  • 26. Kowalski, Stewart
    et al.
    Bednar, PeterNolte, AlexanderBider, IliaStockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    STPIS 2019: Socio-Technical Perspective in IS Development 2019: Proceedings2019Conference proceedings (editor) (Refereed)
    Abstract [en]

    This volume contains the papers presented at STPIS'19: 5th International Workshop on Socio-Technical Perspective in IS Development was held on June 10, 2019 in Stockholm, Sweden.

  • 27.
    Mwakalinga, G Jeffy
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    ICT Crime Cases Autopsy: Using the Adaptive Information Security Systems Model to Improve ICT Security2011In: International Journal of Computer Science and Network Security, ISSN 1738-7906, Vol. 11, no 3, p. 114-123Article in journal (Refereed)
    Abstract [en]

    This paper presents an analysis of ICT crimes using the adaptive information security systems model. There is a desire of being able to identify potential ICT victims so that measures could be taken to protect them. We briefly describe the crime theories, the top ten crimes, and the desire to have crime proofing products. We then describe the adaptive model for information security systems, and the architecture and the socio-technical system for analyzing ICT crimes. The analysis of the ICT crimes is presented. Finally, we present recommendations on how to improve on how to improve ICT security

  • 28. Nohlberg, Marcus
    et al.
    Wangler, Benkt
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    A Conceptual Model of Social Engineering2011In: Journal of Information System Security, ISSN 1551-0123, E-ISSN 1551-0808, Vol. 7, no 2, p. 3-13Article in journal (Refereed)
    Abstract [en]

    Social engineering is a term used for techniques to trick, or con, users into giving out information to someone that should not have it. In this paper we discuss and model various notions related to social engineering. By using a broad, cross disciplinary approach, we present a conceptual model of the different kinds of social engineering attacks, and their preparation, the victim and the perpetrator, as well as the cultural aspects. By using this approach a better general understanding of social engineering can be reached. The model is also a good tool for teaching about and protecting against social engineering attacks.

  • 29.
    Wahlgren, Gunnar
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Bencherifa, Khalid
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    A Framework for selecting IT Security Risk Management Methods based on ISO270052013Conference paper (Refereed)
    Abstract [en]

    The ISO27005 is an international standard that gives recommendation on IT Security Risk Management Methods. In this short paper we outline a criteria framework to analysis 7 of the major IT security risk methodology used. This framework can be used by organizations to select the appropriated methodology to fit their organizations risk posture and risk environment.

  • 30.
    Wahlgren, Gunnar
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Fedotova, Anna
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Musaeva, Alexandra
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    IT Security Incidents Escalation in the Swedish financial sector: A Maturity Model Study2016In: Proceedings of the Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016) / [ed] Nathan L. Clarke, Steven M. Furnell, Plymouth University , 2016, p. 45-55Conference paper (Refereed)
    Abstract [en]

    This paper reports the primary results of a design science research study to deal with the problem of IT security escalation in Swedish government and private organizations. A maturity capability escalation model was used to perform evaluations of two of Sweden's four largest banks. The evaluation indicated that banks were aligned with the current Swedish regulations minimal requirements for IT security incident handling and where on a level 3 of a 5 level model.

    Download full text (pdf)
    fulltext
  • 31.
    Wahlgren, Gunnar
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Norwegian University of Science and Technology, Norway.
    A Maturity Model for IT-related Security Incident Management2019In: Business Information Systems: Proceedings, Part I / [ed] Witold Abramowicz, Rafael Corchuelo, Springer, 2019, p. 203-217Conference paper (Refereed)
    Abstract [en]

    The purpose of the study is to validate the ability of a maturity model for measuring escalation capability of IT-related security incident. First, an Escalation Maturity Model (EMM) and a tool were developed to measure the maturity of an organization to escalate IT-related security incidents. An IT tool for self-assessment was used by a representative from three organizations in the Swedish health sector to measure the organization’s ability to escalate IT-related security incident. Second, typical security incident scenarios were created. The incident managers from the different organizations were interviewed about their organization’s capabilities to deal with these scenarios. Third, a number of independent information security experts, none of whom had seen the results of EMM, ranked how the three different organizations have handled the different scenarios using a measurable scale. Finally, the results of EMM are compared against the measurable result of the interviews to establish the predictive ability of EMM. The findings of the proof of concept study shows that the outcome of EMM and the way in which an organization would handle different incidents correspond well, at least for organizations with low and medium maturity levels.

  • 32.
    Wahlgren, Gunnar
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Norwegian University of Science and Technology, Norway.
    A Maturity Model for Measuring Organizations Escalation Capability of IT-related Security Incidents in Sweden2016In: Workshop on Information Security and Privacy (WISP) 2016: Proceedings, Association for Information Systems, 2016, Vol. 8Conference paper (Refereed)
    Abstract [en]

    Managing IT-related security incidents are a growing important issue facing the organizations in IT security risk management. We have used design science approach to develop an artifact to measure different organizations capabilities and maturity to handle IT-related security incidents. In this paper, we present how we have tested and will test the artifact on several different Swedish organizations. The participating organizations come from both the private and public sectors and all organizations handle critical infrastructure which can be damaged if an IT-related security incident occurs. Organizations had the opportunity to evaluating the actual model itself but also to test the model by calculating the organization's escalation capability using a query package for self-assessment. In this paper, we present the results of the self-assessment which indicate an overall low level of maturity in Sweden. The most remarkable result was only 20% of the participating organizations in the study had "Knowledge and Education" maturity above the lowest levels.

  • 33.
    Wahlgren, Gunnar
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Gjøvik University College, Norway.
    Evaluation of Escalation Maturity Model for IT Security Risk Management: A Design Science Work in Progress2014In: The 2014 Dewald Roode Workshop on Information Systems Security Research, IFIP WG8.11/WG11.13: Conference Proceedings / [ed] Anthony Vance, 2014Conference paper (Refereed)
    Abstract [en]

    In this early stage paper we present a draft of an IT Security Risk Escalation Capability Maturity Model. This model is used to develop a new approach to IT Security Risk Management where IT Security Risk Management is placed as a recurring activity at all levels of the organization including the strategic, tactical and operational levels. To construct this model we combined ISO 27005 framework for IT Security Risk Management with NIST Multitier framework and take elements from the ISAC IT Risk framework. We end our paper with an outline of our current plans to evaluate this escalation maturity model by using expert groups to rank outcomes of response to similar IT incidents by different organization that have been ranked according to this maturity model. In this way we hope to establish if there are correlations as to the maturity level of an organization and how well it responds to an IT incident.

    Download full text (pdf)
    fulltext
  • 34.
    Wahlgren, Gunnar
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    IT Security Risk Management Model for Cloud Computing: a Need for a New Escalation Approach2013In: International Journal of E-Entrepreneurship and Innovation, ISSN 1947-8585, Vol. 4, no 4, p. 1-19Article in journal (Refereed)
    Abstract [en]

    We combined ISO 27005 framework for IT Security Risk Management with NIST Multitier framework. With this combined framework we create a new approach to IT Security Risk Management where IT Security Risk Management is place at the strategic, tactical and operational levels of an organizational. In this paper we concentrate on the monitoring and communication steps of IT Security Risk Management and especially escalation of new IT Security Incidents. We present a first draft to an IT Security Risk Escalation Capability Maturity Model based on ISACA´s Risk IT Framework. Finally we apply the approach to typical cloud computing environment as a first step to evaluate this new approach.

  • 35.
    Wahlgren, Gunnar
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    IT Security Risk Management Model for Cloud Computing: A Need for a New Escalation Approach2013Conference paper (Refereed)
    Abstract [en]

    We combined ISO 27005 framework for IT Security Risk Management with NIST Multitier framework and we claim that IT Security Risk Management framework exist at each organizational levels. In this paper we concentrate on the monitoring and communication steps of IT Security Risk Management and especially escalation of new IT Security Incidents. We present a first draft to an IT Security Risk Escalation Capability Maturity Model based on ISACA´s Risk IT Framework. Finally we will use our approach in a cloud computing environment as we believe that it is necessary to react fast on incident and therefore a need to have a well-documented and communicated monitoring and escalation processes between different organizational levels.

  • 36.
    Wahlgren, Gunnar
    et al.
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Norwegian University of Science and Technology, Norway.
    IT Security Risk Management Model for Handling IT-Related Security Incidents: The Need for a New Escalation Approach2018In: Security and Privacy Management, Techniques, and Protocols, IGI Global, 2018, p. 129-151Chapter in book (Refereed)
    Abstract [en]

    Managing IT-related security incidents is an important issue facing many organizations in Sweden and around the world. To deal with this growing problem, the authors have used a design science approach to develop an artifact to measure different organizations' capabilities and maturity to handle IT-related security incidents. In this chapter, an escalation maturity model (artifact) is presented, which has been tested on several different Swedish organizations. The participating organizations come from both the private and public sectors, and all organizations handle critical infrastructure, which can be damaged if an IT-related security incident occurs. Organizations had the opportunity to evaluate the actual model itself and also to test the model by calculating the organization's escalation capability using a query package for self-assessment.

  • 37. Wang, Xueqin
    et al.
    Al Sabbagh, Bilal
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    Kowalski, Stewart
    Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
    A Socio-Technical Framework for Threat Modeling A Software Supply Chain2013In: The 2013 Dewald Roode Workshop on Information Systems Security Research, IFIP WG8.11/WG11.13: Conference Proceedings / [ed] Anthony Vance, International Federation for Information Processing, 2013Conference paper (Refereed)
    Abstract [en]

    In this paper we suggest a possible threat modeling approach for software supply chain. A Socio-technical approach is discussed and applied for modeling software supply chain security based on a case study of Swedish armed forces (SWAF). First we review current practices and theories for threat modeling of software supply chain. Then we suggest the application of a socio-technical framework for studying software supply chain security problem from a systemic viewpoint. Afterward we propose a step-by-step approach for threat modeling including modeling the target system, identifying threats and analyzing countermeasures. We also present a Delphi groups validation of the socio-technical framework.

1 - 37 of 37
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf