Endre søk
Begrens søket
1 - 17 of 17
RefereraExporteraLink til resultatlisten
Permanent link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Treff pr side
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sortering
  • Standard (Relevans)
  • Forfatter A-Ø
  • Forfatter Ø-A
  • Tittel A-Ø
  • Tittel Ø-A
  • Type publikasjon A-Ø
  • Type publikasjon Ø-A
  • Eldste først
  • Nyeste først
  • Skapad (Eldste først)
  • Skapad (Nyeste først)
  • Senast uppdaterad (Eldste først)
  • Senast uppdaterad (Nyeste først)
  • Disputationsdatum (tidligste først)
  • Disputationsdatum (siste først)
  • Standard (Relevans)
  • Forfatter A-Ø
  • Forfatter Ø-A
  • Tittel A-Ø
  • Tittel Ø-A
  • Type publikasjon A-Ø
  • Type publikasjon Ø-A
  • Eldste først
  • Nyeste først
  • Skapad (Eldste først)
  • Skapad (Nyeste først)
  • Senast uppdaterad (Eldste først)
  • Senast uppdaterad (Nyeste først)
  • Disputationsdatum (tidligste først)
  • Disputationsdatum (siste først)
Merk
Maxantalet träffar du kan exportera från sökgränssnittet är 250. Vid större uttag använd dig av utsökningar.
  • 1.
    Ekstedt, Mathias
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lindström, Åsa
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Gammelgård, Magnus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johansson, Erik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Plazaola, Leonel
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Silva, Enrique
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Liliesköld, Joakim
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Consistent enterprise software system architecture for the CIO: a utility-cost based approach2004Inngår i: Proceedings of the 37th Annual Hawaii International Conference on System Sciences, 2004, 2004Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Previously, business operations of most large companies were supported by a number of isolated software systems performing diverse specific tasks, from real-time process control to administrative functions. In order to better achieve business goals, these systems have in recent years been extended, and more importantly, integrated into a company-wide system in its own right, the enterprise software system. Due to its history, this system is composed of a considerable number of heterogeneous and poorly understood components interacting by means of equally diverse and confusing connectors. To enable informed decision-making, the Chief Information Officer (CIO), responsible for the overall evolution of the company's enterprise software system, requires management tools. This paper proposes enterprise software system architecture (ESSA) as a foundation for an approach for managing the company's software system portfolio. In order to manage the overwhelming information amounts associated with the enterprise software system, this approach is based on two concepts. Firstly, the approach explicitly relates the utility of knowledge to the cost of its acquisition. The utility of knowledge is derived from the increased value of better-informed decision-making. The cost of knowledge acquisition is primarily related to the resources spent on information searching. Secondly, the approach focuses on ensuring the consistency of the architectural model.

  • 2.
    Johansson, Erik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Assessment of Enterprise Information Security: How to make it Credible and Efficient2005Doktoravhandling, med artikler (Annet vitenskapelig)
    Abstract [en]

    Information is an important business asset in today’s enterprises. Hence enterprise information security is an important system quality that must be carefully managed. Although enterprise information security is acknowledged as one of the most central areas for enterprise IT management, the topic still lacks adequate support for decision making on top-management level.

    This composite thesis consists of four articles which presents the Enterprise Information Security Assessment Method (EISAM), a comprehensive method for assessing the current state of the enterprise information security. The method is useful in helping guide top-management’s decision-making because of the following reasons: 1) it is easy to understand, 2) it is prescriptive, 3) it is credible, and 4) it is efficient.

    The assessment result is easy to understand because it presents a quantitative estimate. The result can be presented as an aggregated single value, abstracting the details of the assessment. The result is easy to grasp and enables comparisons both within the organization and in terms of industry in general.

    The method is prescriptive since it delivers concrete and traceable measurements. This helps guide top-level management in their decisions regarding enterprise-wide information security by highlighting the areas where improvements efforts are essential.

    It is credible for two reasons. Firstly, the method presents an explicit and transparent definition of enterprise information security. Secondly, the method in itself includes an indication of assessment uncertainty, expressed in terms of confidence levels.

    The method is efficient because it focuses on important enterprise information security aspects, and because it takes into account how difficult it is to find security related evidence. Being resource sparse it enables assessments to take place regularly, which gives valuable knowledge for long-term decision-making.

    The usefulness of the presented method, along with its development, has been verified through empirical studies at a leading electric power company in Europe and through statistical surveys carried out among information security experts in Sweden.

    The success from this research should encourage further researcher in using these analysis techniques to guide decisions on other enterprise architecture attributes.

    Fulltekst (pdf)
    FULLTEXT01
  • 3.
    Johansson, Erik E.
    KTH, Tidigare Institutioner                               , Kemi.
    Free radical mediated cellulose degradation during high-consistency ozone conditions: reaction patterns in fibers and free radical chemistryd Erik E. Johansson2000Licentiatavhandling, med artikler (Annet vitenskapelig)
  • 4.
    Johansson, Erik
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Assessment of Enterprise Information Security: The Importance of Information Search Cost2006Inngår i: Proceedings of the Annual Hawaii International Conference on System Sciences, ISSN 1530-1605, Vol. 9, s. 219a-Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    There are today several methods and standards available for assessment of the level of information security in an enterprise. A problem with these assessment methods is that they neither provide an indication of the amount of effort required to obtain the assessment nor an approximation of this measure's credibility. This paper describes a part of a new method for assessing the level of enterprise information security expresses the credibility of the results in terms of confidence levels and make use of an estimation of the cost of searching for security evidence. Such methods for predicting information search cost of assessments are detailed in the paper. Search cost predictions are used for providing guidance on how to minimize the effort spent on performing enterprise information security assessments. The conclusions are based on a security assessment performed at a large European energy company and a statistical survey among Swedish security experts.

  • 5.
    Johansson, Erik
    et al.
    KTH, Tidigare Institutioner                               , Kemi.
    Johan, Lind
    Free radical degradation of fibers during HC pulp ozonation conditions1999Konferansepaper (Annet vitenskapelig)
  • 6.
    Johansson, Erik
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Assessment of Enterprise Information Security: An Architecture Theory Diagram Definition2005Inngår i: Proceedings CSER 2005, 2005, s. 136-146Konferansepaper (Fagfellevurdert)
    Abstract [en]

    In order to manage and improve something, it is normally necessary to be able to assess the current state of affairs. A problem with assessment, however, is that in order to assess, it is normally necessary to be able to define the assessment topic. These general statements are also true within the area of Enterprise Information Security. Although much has been written on the topic, there is little consensus on what Enterprise Information Security really is. The lack of consensus lessens the credibility of existing assessment approaches.

    This paper presents a well-defined, transparent, and quantified method for the assessment of Enterprise Information Security. The method is based on the consolidation of the most prominent sources on the topic and results in a single quantitative estimate of the level of Enterprise Information Security in a company.

    The usefulness of the presented method has been verified by a case study at a large European electric utility.

    The present paper is a part of an ongoing research project on a credible and cost-effective method for Enterprise Information Security assessment.

  • 7.
    Johansson, Erik
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Assessment of Enterprise Information Security: Estimating the Credibility of the Results2005Inngår i: Proceedings of the Symposium on Requirements Engineering for Information Security (SREIS 05) at the 13th IEEE Requirements Engineering Conference (RE 05), 2005Konferansepaper (Annet vitenskapelig)
  • 8.
    Johansson, Erik
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Assessment of Enterprise Information Security: The Importance of Prioritization2005Inngår i: Ninth IEEE International EDOC Enterprise Computing Conference, Proceedings, 2005, s. 207-218Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Assessing the level of information, security in an enterprise is a serious challenge for many organizations. This paper considers the prioritization of the field of enterprise information security. The paper thus considers how we may know what parts Of information security are important for a company to address and what parts are not. Two methods for prioritization are used. The results demonstrate to what extent different standards committees, guideline authors and expert groups differ in their opinions on what the important issues are in enterprise information security. The ISOJEC 17799, the NIST SP 800-26, the ISF standards committees, the CMU/SEI OCTAVE framework authors and an expert panel at the Swedish Information Processing Society (DFS) are considered. The differences in prioritization have important consequences on enterprise information security assessments. The effects on the information security assessment results in a European energy company are presented in the paper.

  • 9.
    Johansson, Erik
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Cegrell, Torsten
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Assessment of Enterprise Information Security in Electric Utilities: The Importance of Prioritization2006Inngår i: Proceedings CIGRE Session 2006, 2006Konferansepaper (Fagfellevurdert)
    Abstract [en]

    In today’s large electric utilities enterprise system is highly complex. Technically, they possess several hundreds of extensively interconnected and heterogeneous IT systems performing tasks that vary from Enterprise Resource Planning (ERP) to real-time control and monitoring of the processes, such as Distributed Control System (DCS) and Supervisory Control and Data Acquisition System (SCADA). Organizationally, the enterprise system embraces business processes and business units using, as well as maintaining and acquiring, the IT systems. Information and systems are to a large extent becoming integrated in industry operations since communication and sharing of information are becoming more efficient and faster than before. However, the networking and interconnection of systems can increase the enterprise exposure to information security risks. The significance of information security has been continuously increasing in the management of organizations and in ensuring their operating ability as well as in maintaining disturbance-free and efficient operations. Thus, enterprise information security has become an increasingly important system quality. Assessing a sufficient level of information security is a necessary pre-requisite for the continuance and credibility of operations. But assessing the level of information security in an enterprise is a serious challenge for many organizations, since the area still lacks sufficient support for decision-making on a top-management level. One problem with such assessments is that there are various views on what, exactly, should be measured. There are different opinions on what the constituent parts of enterprise information security are and what these parts? relative importance is. Addressing that problem, this paper presents an operational definition and prioritization of the field of enterprise information security. First, the paper proposes a framework for capturing the semantic essence of enterprise information security. Then, the relative weights of the framework?s subdomains are quantified. Two methods for prioritization are used to obtain the weights. The results demonstrate to what extent different standards committees, guideline authors and expert groups differ in their opinions on what the important issues are in enterprise information security. As prioritization sources, the ISO/IEC 17799, the NIST SP 800-26, the ISF standards committees, the CMU/SEI OCTAVE framework authors and an expert panel at the Swedish Information Processing Society (DFS) are considered. To demonstrate the practical consequences, the effects of varying prioritizations on the enterprise information security assessment results in a European energy company are presented.

  • 10.
    Johansson, Erik
    et al.
    KTH, Tidigare Institutioner                               , Kemi.
    Lind, Johan
    Ljunggren, Sten
    Aspects on the chemistry of cellulose degradation and the effect of ethylene glucol duringozone delignification of kraft pulps2000Inngår i: Journal of Pulp and Paper Science (JPPS), ISSN 0826-6220Artikkel i tidsskrift (Annet vitenskapelig)
  • 11.
    Johansson, Erik
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Malmgren, R.
    Holmgren, ÅJ.
    Johansson, B.
    Increasing the security awareness in the water sector is a choice of color - Will you take the blue pill or the red pill?2009Inngår i: Water Security Congress 2009, 2009, s. 403-417Konferansepaper (Fagfellevurdert)
    Abstract [en]

    This paper is based upon experiences from security assessments of SCADA-systems, including assessment performed at one of Sweden's larger water facility. The paper highlights findings and examines state-of-the-practice control system models. These models are commonly employed in the water sector and provide an abstract representation of the system architecture. These kinds of models are indeed a powerful tool for the facility owners and other stakeholders that needs to understand the system configuration. However, these abstract representations are seldom aligned with the reality. They are more like a choice of blissful ignorance. This paper is like a "red pill" for your organization since it point out the sometimes painful truth about reality. It takes a closer look on some abstract representations and reveals some cases where they actually makes the world look "nicer" than it is from a security perspective. It looks nicer merely because the deficient abstract representations don't really show system weaknesses that could have critical consequences. The overall consequence is that the operator of a water facility can be deceived to believe that the security level is far better than it is in reality, simply because details of the system are not scrutinized enough in his models.

  • 12.
    Johansson, Erik
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Issues of Cyber Security In Scada-Systems-on the Importance of Awareness2009Inngår i: IET Conference Publications, Institution of Engineering and Technology, 2009Konferansepaper (Fagfellevurdert)
    Abstract [en]

    The concern in our society for "cyber attacks" is increasing and cyber security has become a hot topic when it comes to protecting nation's critical infrastructures. A new technological landscape has not only made the SCADA-systems more open but also more vulnerable to cyber attacks due to existing vulnerabilities. An effective state of the art approach for understanding weaknesses of SCADA-systems is to create graphical models over the system architecture, and perform analyses based on this. Based on practical assessments, literature and interviews surveys with both industry professionals and academics this paper highlights some common pitfalls when using graphical models commonly used as a basis for cyber security assessments of SCADA-systems.

  • 13.
    Johansson, Erik
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Security Isssues For SCADA Systems within Power Distribution2008Inngår i: Nordic Distribution and Asset Management Conference (NORDAC 2008), 2008Konferansepaper (Fagfellevurdert)
    Fulltekst (pdf)
    fulltext
  • 14.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johansson, Erik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Collecting evidence2007Inngår i: Enterprise Architecture: Models and Analyses for Information Systems Decision Making, Studentlitteratur, 2007, s. 213-252Kapittel i bok, del av antologi (Annet vitenskapelig)
  • 15.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johansson, Erik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Assessment of Business Process Information Security2007Inngår i: International Journal of Business Process Integration and Management, ISSN 1741-8763, Vol. 3, nr 2, s. 118-130Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    Business processes are increasingly dependent on their supporting information systems. With this dependence comes an increased security risk with respect to the information flowing through the processes. This paper presents a method for assessment of the level of information security within business processes in the form of a percentage number, where a high score indicates good information security and a low score indicates a poor level of information security. The method also provides a numerical estimate of the credibility of the information security score, so that an assessment based on few and uncertain pieces of evidence is associated with low credibility and an assessment based on a large set of trustworthy evidence is associated with high credibility. A common problem with information security assessments is the cost related to collecting the required evidence. The paper proposes an evidence collection strategy designed to minimize the effort spent on gathering assessment data while maintaining the desired credibility of the results. A case study is presented, demonstrating the use of the method.

  • 16.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johansson, Erik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ullberg, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A tool for enterprise architecture analysis2007Inngår i: 11TH IEEE INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE, PROCEEDINGS, LOS ALAMITOS: IEEE COMPUTER SOC , 2007, s. 142-153Konferansepaper (Fagfellevurdert)
    Abstract [en]

    The discipline of enterprise architecture advocates the use of models to support decision-making on enterprise-wide information system issues. In order to provide such support, enterprise architecture models should be amenable to analyses of various properties, as e.g. the availability, performance, interoperability, modifiability, and information security of the modeled enterprise information systems. This paper presents a software tool for such analyses. The tool guides the user in the generation of enterprise architecture models and subjects these models to analyses resulting in quantitative measures of the chosen quality attribute. The paper describes and exemplifies both the architecture and the usage of the tool.

  • 17.
    Lindstrom, Åsa
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johansson, Erik
    KTH, Skolan för elektro- och systemteknik (EES), Reglerteknik.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Simonsson, Mårten
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A survey on CIO concerns - do enterprise architecture frameworks support them?2006Inngår i: Information Systems Frontiers, ISSN 1387-3326, E-ISSN 1572-9419, Vol. 8, nr 2, s. 81-90Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    The challenge of IT management is today considerable. In industry, the organizational role of the Chief Information Officer (CIO) has been promoted as the owner of these challenges. In spite of a general acceptance of the problems associated with the responsibilities of the CIO, very little academic research has been conducted on the issues and constraints of this role. In order to address these shortcomings, this article presents the results of a survey in which Swedish CIOs have prioritized their most important concerns. In academia, a response to the IT system management challenges has presented itself in the discipline of Enterprise Architecture. The article argues that the CIO role is the primary stakeholder of Enterprise Architecture, so his/her need for decision support should guide Enterprise Architecture research and framework development. Therefore, the article presents a brief review over how well two existing Enterprise Architecture frameworks address the surveyed concerns of the CIO. Results from the survey indicate that the three highest prioritized concerns of CIOs are to decrease the cost related to the business organization, to improve the quality of the interplay between the IT organization and the business organization and to provide new computer-aided support to the business organization. The comparison between the CIOs' prioritization and the foci of the frameworks shows some discrepancies. The largest disharmony lies in the lack of decision support for issues related to the IT organization. Furthermore, support for explicitly estimating and managing costs is lacking within the frameworks.

1 - 17 of 17
RefereraExporteraLink til resultatlisten
Permanent link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf