Högskolan i Skövde

his.sePublikasjoner
EnglishSvenskaNorsk
Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
To Risk Analyse, or Not to Risk Analyse: That’s the Question
School of Engineering, Jönköping University, Sweden.
Computer Science, Electrical and Space Engineering, Luleå University of Technology, Sweden.
Högskolan i Skövde, Institutionen för informationsteknologi. Högskolan i Skövde, Forskningsmiljön Informationsteknologi. (Information Systems)ORCID-id: 0000-0003-1692-5721
2025 (engelsk)Inngår i: Human Aspects of Information Security and Assurance: 18th IFIP WG 11.12 International Symposium, HAISA 2024, Skövde, Sweden, July 9–11, 2024, Proceedings, Part I / [ed] Nathan Clarke; Steven Furnell, Cham: Springer, 2025, s. 107-119Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Risk analysis is a key activity for organisations that are looking to protect their valuable information assets against threats, such as malicious actors. It is one of the essential parts of risk management and is used to justify and prioritise what assets require the attention of which potential security controls. Risk management, and more specifically, risk analysis, is an activity that should be performed continuously. However, recent studies indicate that this is not always the case. As such, this paper investigates risk analysis as it is performed in practice in different Swedish public sector organisations. The results are based on semi-structured interviews with 17 senior security experts, an analysis of standards, and a national method support aiming to fill the gap between standard and practice. The results are presented in three themes: how, when and why risk analysis is performed. Of note, we identify that there is an issue of overlooking specific assets or systems when establishing an organisational-wide risk profile and a general recognition of the necessity for risk analysis, albeit not always in alignment with a classic risk analysis. 
sted, utgiver, år, opplag, sider
Cham: Springer, 2025. s. 107-119
Serie
IFIP Advances in Information and Communication Technology, ISSN 1868-4238, E-ISSN 1868-422X ; 721
Emneord [en]
Cybersecurity, Information security, Risk analysis, Risk assessment, Cyber security, Information assets, Organisational, Public sector organization, Risk analyze, Risks management, Security controls, Security experts, Semi structured interviews, Swedishs
HSV kategori
Forskningsprogram
Informationssystem (IS)
Identifikatorer
URN: urn:nbn:se:his:diva-24793DOI: 10.1007/978-3-031-72559-3_8Scopus ID: 2-s2.0-85211361560ISBN: 978-3-031-72558-6 (tryckt)ISBN: 978-3-031-72561-6 (tryckt)ISBN: 978-3-031-72559-3 (digital)OAI: oai:DiVA.org:his-24793DiVA, id: diva2:1922674
Konferanse
18th IFIP WG 11.12 International Symposium, HAISA 2024, Skövde, Sweden, July 9–11, 2024
Prosjekter
VISKA
Forskningsfinansiär
Swedish Civil Contingencies Agency, MSB 2021-14650
Merknad

© IFIP International Federation for Information Processing 2025

Correspondence Address: E. Bergström; School of Engineering, Jönköping University, Jönköping, Sweden; email: erik.bergstrom@ju.se

We gratefully acknowledge the grant from the Swedish Civil Contingencies Agency (MSB), project VISKA (MSB 2021-14650).

Tilgjengelig fra: 2024-12-19 Laget: 2024-12-19 Sist oppdatert: 2025-09-29bibliografisk kontrollert

Open Access i DiVA

Fulltekst mangler i DiVA

Andre lenker

Forlagets fulltekstScopus

Person

Lundgren, Martin

Søk i DiVA

Av forfatter/redaktør
Lundgren, Martin
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric

doi
isbn
urn-nbn
Totalt: 258 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
Högskolebiblioteket i Skövde
|
Kontakt