Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Assessment of Business Process Information Security
KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.ORCID-id: 0000-0002-3293-1681
KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
2007 (engelsk)Inngår i: International Journal of Business Process Integration and Management, ISSN 1741-8763, Vol. 3, nr 2, s. 118-130Artikkel i tidsskrift (Fagfellevurdert) Published
Abstract [en]

Business processes are increasingly dependent on their supporting information systems. With this dependence comes an increased security risk with respect to the information flowing through the processes. This paper presents a method for assessment of the level of information security within business processes in the form of a percentage number, where a high score indicates good information security and a low score indicates a poor level of information security. The method also provides a numerical estimate of the credibility of the information security score, so that an assessment based on few and uncertain pieces of evidence is associated with low credibility and an assessment based on a large set of trustworthy evidence is associated with high credibility. A common problem with information security assessments is the cost related to collecting the required evidence. The paper proposes an evidence collection strategy designed to minimize the effort spent on gathering assessment data while maintaining the desired credibility of the results. A case study is presented, demonstrating the use of the method.

sted, utgiver, år, opplag, sider
2007. Vol. 3, nr 2, s. 118-130
Emneord [en]
Computer security, Cost of evidence, Credibility, Enterprise information security, Information security, ISO/IEC 17799
HSV kategori
Identifikatorer
URN: urn:nbn:se:kth:diva-80674DOI: 10.1504/IJBPIM.2008.020975Scopus ID: 2-s2.0-55549123558OAI: oai:DiVA.org:kth-80674DiVA, id: diva2:496604
Merknad

QC 20120228

Tilgjengelig fra: 2012-02-10 Laget: 2012-02-10 Sist oppdatert: 2016-12-09bibliografisk kontrollert

Open Access i DiVA

Fulltekst mangler i DiVA

Andre lenker

Forlagets fulltekstScopus

Personposter BETA

Johnson, Pontus

Søk i DiVA

Av forfatter/redaktør
Johnson, PontusJohansson, Erik
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric

doi
urn-nbn
Totalt: 87 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf