Högskolan i Skövde

his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
From rationale to lessons learned in the cloud information security risk assessment: a study of organizations in Sweden
Department of Computer Science, Information Systems, Luleå University of Technology, Sweden.
University of Skövde, School of Informatics. University of Skövde, Informatics Research Environment. (Information Systems)ORCID iD: 0000-0002-5286-4850
University of Skövde, School of Informatics.
2022 (English)In: Information and Computer Security, E-ISSN 2056-4961, Vol. 30, no 2, p. 190-205Article in journal (Refereed) Published
Abstract [en]

Purpose:

This study aims to address the issue of practicing information security risk assessment (ISRA) on cloud solutions by studying municipalities and large organizations in Sweden.

Design/methodology/approach:

Four large organizations and five municipalities that use cloud services and conduct ISRA to adhere to their information security risk management practices were studied. Data were gathered qualitatively to answer the study’s research question: How is ISRA practiced on the cloud? The Coat Hanger model was used as a theoretical lens to study and theorize the practices.

Findings:

The results showed that the organizations aimed to follow the guidelines, in the form of frameworks or their own experience, to conduct ISRA; furthermore, the frameworks were altered to fit the organizations’ needs. The results further indicated that one of the main concerns with the cloud ISRA was the absence of a culture that integrates risk management. Finally, the findings also stressed the importance of a good understanding and a well-written legal contract between the cloud providers and the organizations using the cloud services.

Originality/value:

As opposed to the previous research, which was more inclined to try out and evaluate various cloud ISRA, the study provides insights into the practice of cloud ISRA experienced by the organizations. This study represents the first attempt to investigate cloud ISRA that organizations practice in managing their information security.

Place, publisher, year, edition, pages
Emerald Group Publishing Limited, 2022. Vol. 30, no 2, p. 190-205
Keywords [en]
Cloud computing, Practice, Impact, Rationale, Information security risk assessment, Lesson learned
National Category
Information Systems
Research subject
Information Systems
Identifiers
URN: urn:nbn:se:his:diva-20501DOI: 10.1108/ICS-03-2021-0034ISI: 000688206900001Scopus ID: 2-s2.0-85113812542OAI: oai:DiVA.org:his-20501DiVA, id: diva2:1589930
Note

CC BY 4.0

Attribution 4.0 International

Corresponding author Ali Padyab can be contacted at: ali.padyab@his.se

Article publication date: 25 August 2021

Available from: 2021-09-01 Created: 2021-09-01 Last updated: 2022-04-19Bibliographically approved

Open Access in DiVA

fulltext(312 kB)190 downloads
File information
File name FULLTEXT02.pdfFile size 312 kBChecksum SHA-512
8d4fc5547a7f6de412950c5eeaeb4ee80bcdad904f4297e7a4026d9c72ec52ade5b7d0f1ce45b720297347c376d11870b3431dd5cf4fd1d718ac5837a6471f5c
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Padyab, Ali

Search in DiVA

By author/editor
Padyab, Ali
By organisation
School of InformaticsInformatics Research Environment
In the same journal
Information and Computer Security
Information Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 223 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 295 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf