Högskolan i Skövde

his.sePublications
Change search
Link to record
Permanent link

Direct link
Anteryd, Fredrik
Publications (2 of 2) Show all publications
Bergström, E., Anteryd, F. & Åhlfeldt, R.-M. (2018). Information Classification Policies: An Exploratory Investigation. In: G. Dhillon, S. Samonas (Ed.), Proceedings of the Annual Information Institute Conference: . Paper presented at 17th Annual Security Conference, March 26-28, 2018 Las Vegas, NV, USA. Washington, DC: Information Institute
Open this publication in new window or tab >>Information Classification Policies: An Exploratory Investigation
2018 (English)In: Proceedings of the Annual Information Institute Conference / [ed] G. Dhillon, S. Samonas, Washington, DC: Information Institute , 2018Conference paper, Published paper (Refereed)
Abstract [en]

InfoSec policies are considered a key mechanism in information security, and most organizations have one. However, the large majority of security policy research has focused on what policies should include rather than how they are accomplished in practice. To contribute to overcoming the lack of knowledge regarding this crucial aspect, this paper investigates information security policies based on what underlying approaches information classification practices are built on and the perceived ease of turning the policy into practice. To do so, a survey was sent to 284 Swedish government agencies, and 80 of their internal policies were collected as data. The data were analyzed both qualitatively, and qualitatively. The results show that information classification adoption rates are low despite being mandatory and that agencies are struggling in closing the gap between standards and practice. Furthermore, the results also show that information classification policies need to be more specific and give more actionable advice regarding, e.g., how information life-cycle management is included in practice, and where the responsibility for classification is put in the organization.

Place, publisher, year, edition, pages
Washington, DC: Information Institute, 2018
Keywords
Information security management, information classification, InfoSec policies., Public Administration Studies, Studier av offentlig förvaltning
National Category
Information Systems
Research subject
Information Systems
Identifiers
urn:nbn:se:his:diva-18924 (URN)978-1-935160-19-9 (ISBN)
Conference
17th Annual Security Conference, March 26-28, 2018 Las Vegas, NV, USA
Available from: 2020-08-17 Created: 2020-08-17 Last updated: 2020-08-24Bibliographically approved
Bergström, E., Åhlfeldt, R.-M. & Anteryd, F. (2016). Informationsklassificering och säkerhetsåtgärder. Skövde: Högskolan i Skövde
Open this publication in new window or tab >>Informationsklassificering och säkerhetsåtgärder
2016 (Swedish)Report (Other academic)
Place, publisher, year, edition, pages
Skövde: Högskolan i Skövde, 2016. p. 34
Series
IIT Technical Reports ; HS‐IIT‐TR‐16‐002
Keywords
information security, information classification, information security management
National Category
Information Systems
Research subject
Humanities and Social sciences; Technology; Information Systems
Identifiers
urn:nbn:se:his:diva-12100 (URN)
Funder
Swedish Civil Contingencies Agency
Note

HS‐IIT‐TR‐16‐002

Available from: 2016-04-05 Created: 2016-04-05 Last updated: 2023-01-03Bibliographically approved
Organisations

Search in DiVA

Show all publications