Högskolan i Skövde

his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Case study: testing Wahlgren’s escalation maturity model within public sector organisations in Sweden: Studying model support for operators of essential services in meeting NIS directive requirements for incident escalation
University of Skövde, School of Informatics.
2021 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Critical infrastructures are vital services, and attacks on such systems affect people's social and economic well-being. Therefore, operators of such services must have appropriate measures in place to handle IT-related incidents. However, reports show that organisations classified as Operators of Essential Services (OES) do not have appropriate measures to handle IT-related incidents.

A case study approach is used in this study to test the usability and the applicability of Wahlgren's Escalation Maturity Model level within various public sector organisations in Sweden regarding their escalation and communication of IT-related incidents. A follow-up semi-structured interview is also conducted with employees at the technical level to determine if the current organisation's maturity level shortcomings are known across different organisational levels.

The tool's maturity level scaling attributes are difficult to understand because all organisations in this study achieve the same level of maturity, even though there is a wide range of performance regarding the number of questions answered in the affirmative. The data output generated from the testing of the model can assist organisations in improving their incident escalation activities. However, the lack of precision of the model makes it challenging to apply in the public sector. The results reveal that all the five organisations obtained an escalation maturity level of zero (0), non-existent, regarding escalation of IT-related incidents. As a result, with the current model, the participating organisations will have a difficult task complying with the NIS Directive's security and notification requirements.

Place, publisher, year, edition, pages
2021. , p. 35
Keywords [en]
IT security, maturity model, IT-related incidents, NIS directive, operation of essential services, escalation maturity
National Category
Information Systems, Social aspects
Identifiers
URN: urn:nbn:se:his:diva-20202OAI: oai:DiVA.org:his-20202DiVA, id: diva2:1578614
Subject / course
Informationsteknologi
Educational program
Privacy, Information and Cyber Security - Master's Programme 120 ECTS
Supervisors
Examiners
Available from: 2021-07-06 Created: 2021-07-06 Last updated: 2021-07-06Bibliographically approved

Open Access in DiVA

fulltext(700 kB)161 downloads
File information
File name FULLTEXT01.pdfFile size 700 kBChecksum SHA-512
5a4434c32318fdd5f69d38d72ade582b4975826fb9969ab854d120309472f25e2aa497eb3447a784f42a9e244fd12b7b0e065d7699a695fc1aaa73a362a51d5b
Type fulltextMimetype application/pdf

By organisation
School of Informatics
Information Systems, Social aspects

Search outside of DiVA

GoogleGoogle Scholar
Total: 161 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 378 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf