Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Dynamic Interplay in the Information Security Risk Management Process
Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Digital Services and Systems. (Information Systems)ORCID iD: 0000-0003-1692-5721
University of Skövde. (Information Systems)ORCID iD: 0000-0002-1436-2980
2019 (English)In: International Journal of Risk Assessment and Management, ISSN 1466-8297, E-ISSN 1741-5241Article in journal (Refereed) In press
Abstract [en]

In this paper, the formal processes so often assumed in information security risk management and its activities are investigated. For instance, information classification, risk analysis, and security controls are often presented in a predominantly instrumental progression. This approach, however, has received scholarly criticism, as it omits social and organizational aspects, creating a gap between formal and actual processes. This study argues that there is an incomplete understanding of how the activities within these processes actually interplay in practice. For this study, senior information security managers from four major Swedish government agencies were interviewed. As a result, twelve characteristics are presented that reflect an interplay between activities and that have implications for research, as well as for developers of standards and guidelines. The study’s conclusions suggest that the information security risk management process should be seen more as an emerging process, where each activity interplays dynamically in response to new requirements and organizational and social challenges.

Place, publisher, year, edition, pages
2019.
Keywords [en]
information classification, risk analysis, security controls, interplay, formal processes
National Category
Information Systems
Research subject
Information systems
Identifiers
URN: urn:nbn:se:ltu:diva-73706OAI: oai:DiVA.org:ltu-73706DiVA, id: diva2:1305774
Available from: 2019-04-18 Created: 2019-04-18 Last updated: 2019-04-18

Open Access in DiVA

No full text in DiVA

Search in DiVA

By author/editor
Lundgren, MartinBergström, Erik
By organisation
Digital Services and Systems
In the same journal
International Journal of Risk Assessment and Management
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 45 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf