Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Assessment of Enterprise Information Security: The Importance of Information Search Cost
KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.ORCID-id: 0000-0003-3922-9606
KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.ORCID-id: 0000-0002-3293-1681
2006 (engelsk)Inngår i: Proceedings of the Annual Hawaii International Conference on System Sciences, ISSN 1530-1605, Vol. 9, s. 219a-Artikkel i tidsskrift (Fagfellevurdert) Published
Abstract [en]

There are today several methods and standards available for assessment of the level of information security in an enterprise. A problem with these assessment methods is that they neither provide an indication of the amount of effort required to obtain the assessment nor an approximation of this measure's credibility. This paper describes a part of a new method for assessing the level of enterprise information security expresses the credibility of the results in terms of confidence levels and make use of an estimation of the cost of searching for security evidence. Such methods for predicting information search cost of assessments are detailed in the paper. Search cost predictions are used for providing guidance on how to minimize the effort spent on performing enterprise information security assessments. The conclusions are based on a security assessment performed at a large European energy company and a statistical survey among Swedish security experts.

sted, utgiver, år, opplag, sider
2006. Vol. 9, s. 219a-
Emneord [en]
Confidence levels, Information security assessments, Security evidences, Approximation theory, Expert systems, Industrial management, Information dissemination, Systems analysis
HSV kategori
Identifikatorer
URN: urn:nbn:se:kth:diva-8898DOI: 10.1109/HICSS.2006.67Scopus ID: 2-s2.0-33749635085OAI: oai:DiVA.org:kth-8898DiVA, id: diva2:14378
Merknad
QC 20101028Tilgjengelig fra: 2005-12-08 Laget: 2005-12-08 Sist oppdatert: 2018-01-13bibliografisk kontrollert
Inngår i avhandling
1. Assessment of Enterprise Information Security: How to make it Credible and Efficient
Åpne denne publikasjonen i ny fane eller vindu >>Assessment of Enterprise Information Security: How to make it Credible and Efficient
2005 (engelsk)Doktoravhandling, med artikler (Annet vitenskapelig)
Abstract [en]

Information is an important business asset in today’s enterprises. Hence enterprise information security is an important system quality that must be carefully managed. Although enterprise information security is acknowledged as one of the most central areas for enterprise IT management, the topic still lacks adequate support for decision making on top-management level.

This composite thesis consists of four articles which presents the Enterprise Information Security Assessment Method (EISAM), a comprehensive method for assessing the current state of the enterprise information security. The method is useful in helping guide top-management’s decision-making because of the following reasons: 1) it is easy to understand, 2) it is prescriptive, 3) it is credible, and 4) it is efficient.

The assessment result is easy to understand because it presents a quantitative estimate. The result can be presented as an aggregated single value, abstracting the details of the assessment. The result is easy to grasp and enables comparisons both within the organization and in terms of industry in general.

The method is prescriptive since it delivers concrete and traceable measurements. This helps guide top-level management in their decisions regarding enterprise-wide information security by highlighting the areas where improvements efforts are essential.

It is credible for two reasons. Firstly, the method presents an explicit and transparent definition of enterprise information security. Secondly, the method in itself includes an indication of assessment uncertainty, expressed in terms of confidence levels.

The method is efficient because it focuses on important enterprise information security aspects, and because it takes into account how difficult it is to find security related evidence. Being resource sparse it enables assessments to take place regularly, which gives valuable knowledge for long-term decision-making.

The usefulness of the presented method, along with its development, has been verified through empirical studies at a leading electric power company in Europe and through statistical surveys carried out among information security experts in Sweden.

The success from this research should encourage further researcher in using these analysis techniques to guide decisions on other enterprise architecture attributes.

sted, utgiver, år, opplag, sider
Stockholm: KTH, 2005. s. 28
Serie
Trita-ICS, ISSN 1104-3504 ; 0502
Emneord
Enterprise Information Security, Enterprise Architecture, Security Assessment, Information Technology Management
HSV kategori
Identifikatorer
urn:nbn:se:kth:diva-545 (URN)
Disputas
2005-12-16, Sal F2, Lindstedtsvägen 28, Stockholm, 10:00
Opponent
Veileder
Merknad
QC 20101028Tilgjengelig fra: 2005-12-08 Laget: 2005-12-08 Sist oppdatert: 2018-01-13bibliografisk kontrollert

Open Access i DiVA

Fulltekst mangler i DiVA

Andre lenker

Forlagets fulltekstScopus

Personposter BETA

Ekstedt, MathiasJohnson, Pontus

Søk i DiVA

Av forfatter/redaktør
Johansson, ErikEkstedt, MathiasJohnson, Pontus
Av organisasjonen
I samme tidsskrift
Proceedings of the Annual Hawaii International Conference on System Sciences

Søk utenfor DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric

doi
urn-nbn
Totalt: 239 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf