Högskolan i Skövde

his.sePublikationer
EnglishSvenskaNorsk
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
To Risk Analyse, or Not to Risk Analyse: That’s the Question
School of Engineering, Jönköping University, Sweden.
Computer Science, Electrical and Space Engineering, Luleå University of Technology, Sweden.
Högskolan i Skövde, Institutionen för informationsteknologi. Högskolan i Skövde, Forskningsmiljön Informationsteknologi. (Information Systems)ORCID-id: 0000-0003-1692-5721
2025 (Engelska)Ingår i: Human Aspects of Information Security and Assurance: 18th IFIP WG 11.12 International Symposium, HAISA 2024, Skövde, Sweden, July 9–11, 2024, Proceedings, Part I / [ed] Nathan Clarke; Steven Furnell, Cham: Springer, 2025, s. 107-119Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Risk analysis is a key activity for organisations that are looking to protect their valuable information assets against threats, such as malicious actors. It is one of the essential parts of risk management and is used to justify and prioritise what assets require the attention of which potential security controls. Risk management, and more specifically, risk analysis, is an activity that should be performed continuously. However, recent studies indicate that this is not always the case. As such, this paper investigates risk analysis as it is performed in practice in different Swedish public sector organisations. The results are based on semi-structured interviews with 17 senior security experts, an analysis of standards, and a national method support aiming to fill the gap between standard and practice. The results are presented in three themes: how, when and why risk analysis is performed. Of note, we identify that there is an issue of overlooking specific assets or systems when establishing an organisational-wide risk profile and a general recognition of the necessity for risk analysis, albeit not always in alignment with a classic risk analysis. 
Ort, förlag, år, upplaga, sidor
Cham: Springer, 2025. s. 107-119
Serie
IFIP Advances in Information and Communication Technology, ISSN 1868-4238, E-ISSN 1868-422X ; 721
Nyckelord [en]
Cybersecurity, Information security, Risk analysis, Risk assessment, Cyber security, Information assets, Organisational, Public sector organization, Risk analyze, Risks management, Security controls, Security experts, Semi structured interviews, Swedishs
Nationell ämneskategori
Systemvetenskap, informationssystem och informatik Systemvetenskap, informationssystem och informatik med samhällsvetenskaplig inriktning Arbetslivsstudier
Forskningsämne
Informationssystem (IS)
Identifikatorer
URN: urn:nbn:se:his:diva-24793DOI: 10.1007/978-3-031-72559-3_8Scopus ID: 2-s2.0-85211361560ISBN: 978-3-031-72558-6 (tryckt)ISBN: 978-3-031-72561-6 (tryckt)ISBN: 978-3-031-72559-3 (digital)OAI: oai:DiVA.org:his-24793DiVA, id: diva2:1922674
Konferens
18th IFIP WG 11.12 International Symposium, HAISA 2024, Skövde, Sweden, July 9–11, 2024
Projekt
VISKA
Forskningsfinansiär
Myndigheten för samhällsskydd och beredskap, MSB , MSB 2021-14650
Anmärkning

© IFIP International Federation for Information Processing 2025

Correspondence Address: E. Bergström; School of Engineering, Jönköping University, Jönköping, Sweden; email: erik.bergstrom@ju.se

We gratefully acknowledge the grant from the Swedish Civil Contingencies Agency (MSB), project VISKA (MSB 2021-14650).

Tillgänglig från: 2024-12-19 Skapad: 2024-12-19 Senast uppdaterad: 2025-09-29Bibliografiskt granskad

Open Access i DiVA

Fulltext saknas i DiVA

Övriga länkar

Förlagets fulltextScopus

Person

Lundgren, Martin

Sök vidare i DiVA

Av författaren/redaktören
Lundgren, Martin
Av organisationen
Institutionen för informationsteknologiForskningsmiljön Informationsteknologi
Systemvetenskap, informationssystem och informatikSystemvetenskap, informationssystem och informatik med samhällsvetenskaplig inriktningArbetslivsstudier

Sök vidare utanför DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetricpoäng

doi
isbn
urn-nbn
Totalt: 258 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • apa-cv
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
Högskolebiblioteket i Skövde
|
Kontakt