Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rethinking capabilities in information security risk management: a systematic literature review
Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering, Digital Services and Systems. (Information Systems)ORCID iD: 0000-0003-1692-5721
(English)In: International Journal of Risk Assessment and Management, ISSN 1466-8297, E-ISSN 1741-5241Article in journal (Refereed) In press
Abstract [en]

Information security risk management capabilities have predominantly focused on instrumental onsets, while largely ignoring the underlying intentions and knowledge these management practices entail. This article aims to study what capabilities are embedded in information security risk management. A theoretical framework is proposed, namely rethinking capability as the alignment between intent and knowing. The framework is situated around four general risk management practices. A systematic literature review using the framework was conducted, resulting in the identification of eight identified capabilities. These capabilities were grouped into respective practices: integrating various perspectives and values to reach a risk perception aligned with the intended outcome (identify); adapting to varying perspectives of risks and prioritizing them in accordance with the intended outcome (prioritize); security controls to enable resources, and integrate/reconfigure beliefs held by various stakeholders (implement); and sustaining the integrated resources and competences held by stakeholders to continue the alignment with the intended outcome (monitor).

Keywords [en]
information security, risk management, capability, intent, knowing
National Category
Information Systems, Social aspects
Research subject
Information systems
Identifiers
URN: urn:nbn:se:ltu:diva-75680OAI: oai:DiVA.org:ltu-75680DiVA, id: diva2:1345392
Available from: 2019-08-23 Created: 2019-08-23 Last updated: 2019-08-23

Open Access in DiVA

No full text in DiVA

Search in DiVA

By author/editor
Lundgren, Martin
By organisation
Digital Services and Systems
In the same journal
International Journal of Risk Assessment and Management
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 61 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf