Högskolan i Skövde

his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
The challenges of evaluating and following up on information security within Swedish government agencies: A qualitative case study
University of Skövde, School of Informatics.
2023 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

The digitalisation of society is rapidly progressing, but along with digitalisation, there are threats. Cyber attacks are a rising concern, especially for the public sec-tor and government agencies. To resist attacks, it is crucial to establish a systematic information security work. Among activities within the systematic information security work, two of them are evaluation and follow-up. Those are activities important for the continuous improvement that should occur when working systematically. However, research has revealed that such activities are challenging to perform. Swedish government agencies have experienced difficulties for years with evaluating and following up on their information security work, although it is a requirement to fulfil. Therefore, this study aims at investigating how information security is evaluated and followed up within Swedish government agencies for civil preparedness by applying a qualitative case study.

The study used two methods to collect data. Data was gathered from public documents and a qualitative content analysis was performed. A total of 152 documents were analysed, including appropriation directions and annual reports. In combination, ten semi-structured interviews were conducted with informants from government agencies responsible for civil preparedness and individuals with extensive work experience regarding information security in the public and private sectors. The interview data were analysed similarly to the public documents, hence content analysis and categorisation into themes.

The results indicate that evaluation and follow-up of information security are performed, but they are burdensome for government agencies. It is mainly due to unclear requirements and weak governance. In addition, evaluation is a time-consuming and resource-intensive activity, which makes it challenging to motivate. The study enlightens these challenges, and its findings could be utilised in future research to aid the problem situation.

Place, publisher, year, edition, pages
2023. , p. 67
Keywords [en]
Information security, public sector, ISMS, evaluation, governance
National Category
Information Systems, Social aspects
Identifiers
URN: urn:nbn:se:his:diva-22933OAI: oai:DiVA.org:his-22933DiVA, id: diva2:1778925
External cooperation
Knowit
Subject / course
Informationsteknologi
Educational program
Privacy, Information and Cyber Security - Master's Programme 120 ECTS
Supervisors
Examiners
Available from: 2023-07-03 Created: 2023-07-03 Last updated: 2023-07-03Bibliographically approved

Open Access in DiVA

fulltext(1013 kB)345 downloads
File information
File name FULLTEXT01.pdfFile size 1013 kBChecksum SHA-512
bd7a43387fdfa2b5183e951650d00f9796cdc8abb7fbad9aabc0103261ef3a967142a9adf004baa2d572e96e59bcdfb72093ec01f92af6a1adfeefaf70b35acb
Type fulltextMimetype application/pdf

By organisation
School of Informatics
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar
Total: 345 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 765 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf