his.sePublikationer
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Thesis Proposal: A Method for Information Classification
Högskolan i Skövde, Institutionen för informationsteknologi. Högskolan i Skövde, Forskningscentrum för Informationsteknologi. (Informationssystem (IS), Information Systems)
2017 (Engelska)Rapport (Övrigt vetenskapligt)
Abstract [en]

In the highly digitalized world in which we live today, information and information systems have become key assets to organizations.  These assets need to be managed properly because it is difficult to safeguard assets that an organization does not know exist and does not know the value they offer. In an Information Security Management System (ISMS), asset management is an important activity as it aims at identifying, assigning ownership and adding protection to information assets. Within asset management, one activity is information classification that has the objective to ensure that information receives an appropriate level of protection in accordance with its importance to the organization. In practice, this is usually done using a classification scheme, and the result is handled as input to the risk analysis. Information classification is a well-known practice for all kind of organizations, both in the private and public sector, and is included in different variants in standards such as ISO/IEC 27002, COBIT and NIST-SP800.

However, information classification has received little attention from academia, and many organizations are struggling with the implementation. Little is known about the reasons behind why it is problematic, and how to address such issues. Furthermore, the existing methods, described in, e.g., standards do not provide a coherent and systematic approach to information classification. The short descriptions in standards, and literature alike, leave out important aspects needed for many to adopt any kind of information classification. For instance, there is a lack of detailed descriptions regarding (1) overview of procedures, and concepts, (2) which roles are involved in the classification, and how they interact, (3) how to tailor the method for different situations and (4) a framework that structures and guides the classification. If information classification is not implemented in an organization, the organization might not know what information they possess, what the value of the information is, but even if it is implemented, an unclear approach can lead to information being under or overvalued, which, in turn, lead to under or overprotected information.

This thesis aims to increase the applicability of information classification by devising a method for information classification in ISMS that draws from established standards and practice. In order to address this aim, a Design Science Research (DSR) study has been performed in five cycles. The contributions so far include an identification of issues and enablers for information classification and propose a component-based method for information classification. Furthermore, eighth design principles underpinning an information classification method are presented. Additionally, an outline for further research is provided, where the objectives are to further develop the method by addressing the context around information classification (the risk analysis and security controls), and by adding usage views to the method. Finally, a security declaration as an addition to the information classification method is outlined as a complement for tying security controls to the information classification scheme. 

Ort, förlag, år, upplaga, sidor
2017. , s. 58
Nationell ämneskategori
Datavetenskap (datalogi) Systemvetenskap, informationssystem och informatik
Forskningsämne
Informationssystem (IS)
Identifikatorer
URN: urn:nbn:se:his:diva-14546OAI: oai:DiVA.org:his-14546DiVA, id: diva2:1162686
Anmärkning

Thesis proposal, PhD programme, University of Skövde

Tillgänglig från: 2017-12-05 Skapad: 2017-12-05 Senast uppdaterad: 2018-01-13Bibliografiskt granskad

Open Access i DiVA

fulltext(959 kB)3560 nedladdningar
Filinformation
Filnamn FULLTEXT01.pdfFilstorlek 959 kBChecksumma SHA-512
4e9fe74aa9c8defa9a2d454697675a49605b7102c68081ba0d3a5dad320815d158af76a27ca513bf8c1bd364c95577083d123fc48411fc20206b5f8c126cfc35
Typ fulltextMimetyp application/pdf

Sök vidare i DiVA

Av författaren/redaktören
Bergström, Erik
Av organisationen
Institutionen för informationsteknologiForskningscentrum för Informationsteknologi
Datavetenskap (datalogi)Systemvetenskap, informationssystem och informatik

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 3560 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

urn-nbn

Altmetricpoäng

urn-nbn
Totalt: 536 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf