Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Assessment of Business Process Information Security
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.ORCID iD: 0000-0002-3293-1681
KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
2007 (English)In: International Journal of Business Process Integration and Management, ISSN 1741-8763, Vol. 3, no 2, 118-130 p.Article in journal (Refereed) Published
Abstract [en]

Business processes are increasingly dependent on their supporting information systems. With this dependence comes an increased security risk with respect to the information flowing through the processes. This paper presents a method for assessment of the level of information security within business processes in the form of a percentage number, where a high score indicates good information security and a low score indicates a poor level of information security. The method also provides a numerical estimate of the credibility of the information security score, so that an assessment based on few and uncertain pieces of evidence is associated with low credibility and an assessment based on a large set of trustworthy evidence is associated with high credibility. A common problem with information security assessments is the cost related to collecting the required evidence. The paper proposes an evidence collection strategy designed to minimize the effort spent on gathering assessment data while maintaining the desired credibility of the results. A case study is presented, demonstrating the use of the method.

Place, publisher, year, edition, pages
2007. Vol. 3, no 2, 118-130 p.
Keyword [en]
Computer security, Cost of evidence, Credibility, Enterprise information security, Information security, ISO/IEC 17799
National Category
Electrical Engineering, Electronic Engineering, Information Engineering Computer Systems
Identifiers
URN: urn:nbn:se:kth:diva-80674DOI: 10.1504/IJBPIM.2008.020975Scopus ID: 2-s2.0-55549123558OAI: oai:DiVA.org:kth-80674DiVA: diva2:496604
Note

QC 20120228

Available from: 2012-02-10 Created: 2012-02-10 Last updated: 2016-12-09Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full textScopus

Authority records BETA

Johnson, Pontus

Search in DiVA

By author/editor
Johnson, PontusJohansson, Erik
By organisation
Industrial Information and Control Systems
Electrical Engineering, Electronic Engineering, Information EngineeringComputer Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 78 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf