Högskolan i Skövde

his.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
“Check, Check, Check, We Got Those” – Catalogue Use in Information Security Risk Management
School of Engineering, Department of Computer Science and Informatics, Jönköping University, Sweden.ORCID iD: 0000-0002-1436-2980
University of Skövde, School of Informatics. University of Skövde, Informatics Research Environment. (Information Systems)ORCID iD: 0000-0003-1692-5721
SINTEF Digital, Trondheim.
SINTEF Digital, Trondheim, Norway.
2023 (English)In: Human Aspects of Information Security and Assurance: 17th IFIP WG 11.12 International Symposium, HAISA 2023, Kent, UK, July 4–6, 2023, Proceedings / [ed] Steve Furnell; Nathan Clarke, Cham: Springer, 2023, Vol. 1, p. 181-191Conference paper, Published paper (Refereed)
Abstract [en]

Information Security Risk Management (ISRM) is fundamental in most organisations today. The literature describes ISRM as a complex activity, and one way of addressing this is to enable knowledge reuse in the shape of catalogues. Catalogues in the ISRM domain can contain lists of, e.g. assets, threats and security controls. In this paper, we focus on three aspects of catalogue use. Why we need catalogues, how catalogue granularity is perceived, and how catalogues help novices in practice. As catalogue use is not yet a widespread practice in the ISRM, we have selected a domain where catalogues are a part of the ISRM work. In this case, the Air Traffic Management (ATM) domain uses a methodology that includes catalogues and is built on ISO/IEC 27005. The results are based on data collected from 19 interviews with ATM professionals that are either experts or novices in ISRM. With this paper, we nuance the view on what catalogues can contribute with. For example, consistency, coherency, a starting point and new viewpoints. At the same time, we identify the need to inform about the aim of the catalogues and the limitations that come with catalogue use in order to leverage the use – especially from a novice perspective. © 2023, IFIP International Federation for Information Processing.

Place, publisher, year, edition, pages
Cham: Springer, 2023. Vol. 1, p. 181-191
Series
IFIP Advances in Information and Communication Technology (IFIPAICT), ISSN 1868-4238, E-ISSN 1868-422X ; 674
Keywords [en]
Catalogues, Information Security Risk Management, Risk management practice
National Category
Information Systems, Social aspects Information Systems
Research subject
Information Systems
Identifiers
URN: urn:nbn:se:his:diva-23312DOI: 10.1007/978-3-031-38530-8_15Scopus ID: 2-s2.0-85172661821ISBN: 978-3-031-38529-2 (print)ISBN: 978-3-031-38532-2 (print)ISBN: 978-3-031-38530-8 (electronic)OAI: oai:DiVA.org:his-23312DiVA, id: diva2:1805080
Conference
17th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance, HAISA 2023, Kent, United Kingdom, July 4–6, 2023
Available from: 2023-10-16 Created: 2023-10-16 Last updated: 2024-04-15Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Bergström, ErikLundgren, Martin

Search in DiVA

By author/editor
Bergström, ErikLundgren, Martin
By organisation
School of InformaticsInformatics Research Environment
Information Systems, Social aspectsInformation Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 117 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf