his.sePublikasjoner
Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Revisiting information security risk management challenges: a practice perspective
Högskolan i Skövde, Institutionen för informationsteknologi. Högskolan i Skövde, Forskningscentrum för Informationsteknologi. (Informationssystem (IS), Information Systems)
Department of Computer Science, Information Systems, Luleå University of Technology, Luleå, Sweden.
Department of Computer Science, Information Systems, Luleå University of Technology, Luleå, Sweden.
2019 (engelsk)Inngår i: Information and Computer Security, E-ISSN 2056-4961, Vol. 27, nr 3, s. 358-372Artikkel i tidsskrift (Fagfellevurdert) Published
Abstract [en]

Purpose: The study aims to revisit six previously defined challenges in information security risk management to provide insights into new challenges based on current practices. Design/methodology/approach: The study is based on an empirical study consisting of in-depth interviews with representatives from public sector organisations. The data were analysed by applying a practice-based view, i.e. the lens of knowing (or knowings). The results were validated by an expert panel. Findings: Managerial and organisational concerns that go beyond a technical perspective have been found, which affect the ongoing social build-up of knowledge in everyday information security work. Research limitations/implications: The study has delimitation as it consists of data from four public sector organisations, i.e. statistical analyses have not been in focus, while implying a better understanding of what and why certain actions are practised in their security work. Practical implications: The new challenges that have been identified offer a refined set of actionable advice to practitioners, which, for example, can support cost-efficient decisions and avoid unnecessary security trade-offs. Originality/value: Information security is increasingly relevant for organisations, yet little is still known about how related risks are handled in practice. Recent studies have indicated a gap between the espoused and the actual actions. Insights from actual, situated enactment of practice can advise on process adaption and suggest more fit approaches. 

sted, utgiver, år, opplag, sider
Emerald Group Publishing Limited, 2019. Vol. 27, nr 3, s. 358-372
Emneord [en]
Asset valuation, Information security, Practice theory, Risk management
HSV kategori
Forskningsprogram
Informationssystem (IS)
Identifikatorer
URN: urn:nbn:se:his:diva-17319DOI: 10.1108/ICS-09-2018-0106ISI: 000479219900003Scopus ID: 2-s2.0-85067021789OAI: oai:DiVA.org:his-17319DiVA, id: diva2:1332040
Tilgjengelig fra: 2019-06-27 Laget: 2019-06-27 Sist oppdatert: 2019-10-02bibliografisk kontrollert

Open Access i DiVA

Fulltekst mangler i DiVA

Andre lenker

Forlagets fulltekstScopus

Personposter BETA

Bergström, Erik

Søk i DiVA

Av forfatter/redaktør
Bergström, Erik
Av organisasjonen
I samme tidsskrift
Information and Computer Security

Søk utenfor DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric

doi
urn-nbn
Totalt: 313 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf