his.sePublikasjoner
Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Thesis Proposal: A Method for Information Classification
Högskolan i Skövde, Institutionen för informationsteknologi. Högskolan i Skövde, Forskningscentrum för Informationsteknologi. (Informationssystem (IS), Information Systems)
2017 (engelsk)Rapport (Annet vitenskapelig)
Abstract [en]

In the highly digitalized world in which we live today, information and information systems have become key assets to organizations.  These assets need to be managed properly because it is difficult to safeguard assets that an organization does not know exist and does not know the value they offer. In an Information Security Management System (ISMS), asset management is an important activity as it aims at identifying, assigning ownership and adding protection to information assets. Within asset management, one activity is information classification that has the objective to ensure that information receives an appropriate level of protection in accordance with its importance to the organization. In practice, this is usually done using a classification scheme, and the result is handled as input to the risk analysis. Information classification is a well-known practice for all kind of organizations, both in the private and public sector, and is included in different variants in standards such as ISO/IEC 27002, COBIT and NIST-SP800.

However, information classification has received little attention from academia, and many organizations are struggling with the implementation. Little is known about the reasons behind why it is problematic, and how to address such issues. Furthermore, the existing methods, described in, e.g., standards do not provide a coherent and systematic approach to information classification. The short descriptions in standards, and literature alike, leave out important aspects needed for many to adopt any kind of information classification. For instance, there is a lack of detailed descriptions regarding (1) overview of procedures, and concepts, (2) which roles are involved in the classification, and how they interact, (3) how to tailor the method for different situations and (4) a framework that structures and guides the classification. If information classification is not implemented in an organization, the organization might not know what information they possess, what the value of the information is, but even if it is implemented, an unclear approach can lead to information being under or overvalued, which, in turn, lead to under or overprotected information.

This thesis aims to increase the applicability of information classification by devising a method for information classification in ISMS that draws from established standards and practice. In order to address this aim, a Design Science Research (DSR) study has been performed in five cycles. The contributions so far include an identification of issues and enablers for information classification and propose a component-based method for information classification. Furthermore, eighth design principles underpinning an information classification method are presented. Additionally, an outline for further research is provided, where the objectives are to further develop the method by addressing the context around information classification (the risk analysis and security controls), and by adding usage views to the method. Finally, a security declaration as an addition to the information classification method is outlined as a complement for tying security controls to the information classification scheme. 

sted, utgiver, år, opplag, sider
2017. , s. 58
HSV kategori
Forskningsprogram
Informationssystem (IS)
Identifikatorer
URN: urn:nbn:se:his:diva-14546OAI: oai:DiVA.org:his-14546DiVA, id: diva2:1162686
Merknad

Thesis proposal, PhD programme, University of Skövde

Tilgjengelig fra: 2017-12-05 Laget: 2017-12-05 Sist oppdatert: 2018-01-13bibliografisk kontrollert

Open Access i DiVA

fulltext(959 kB)3534 nedlastinger
Filinformasjon
Fil FULLTEXT01.pdfFilstørrelse 959 kBChecksum SHA-512
4e9fe74aa9c8defa9a2d454697675a49605b7102c68081ba0d3a5dad320815d158af76a27ca513bf8c1bd364c95577083d123fc48411fc20206b5f8c126cfc35
Type fulltextMimetype application/pdf

Søk i DiVA

Av forfatter/redaktør
Bergström, Erik
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar
Totalt: 3534 nedlastinger
Antall nedlastinger er summen av alle nedlastinger av alle fulltekster. Det kan for eksempel være tidligere versjoner som er ikke lenger tilgjengelige

urn-nbn

Altmetric

urn-nbn
Totalt: 527 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf