Change search
ReferencesLink to record
Permanent link

Direct link
A Socio-technical Analysis of Information Systems Security Assurance: A Case Study for Effective Assurance
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
2006 (English)Doctoral thesis, monograph (Other academic)
Abstract [en]

This thesis examines the concepts of Information System (IS) security assurance using a socio-technical framework. IS security assurance deals with the problem of estimating how well a particular security system will function efficiently and effectively in a specific operational environment. In such environments, the IS interact with other systems such as ethical, legal, operational and administrative. Security failure in any of these systems may result in security failure of the whole system.

In this thesis a socio-technical framework is used to examine culture, usability problems, security internal controls, security requirements and re-use of security requirements of TANESCO information systems. TANESCO is the energy utility company in Tanzania where the case study was conducted. Results show that culture affects the way people approach IS security. Also results show that the socio-technical framework is effective in modeling systems security and its environment. The re-use of security requirements is also shown to significantly minimise the time taken when developing and improving security requirements for an IS.

The overall purpose of this thesis has been to develop a framework for information systems security assurance. The resulting framework of thinking brings together numerous assurance concepts into a coherent explanation that should be useful for any organisation or evaluators seeking to understand the underlying principals of systems security assurance. It contains organisational, cultural, and technical issues that should be looked at when considering and applying systems security assurance methods and techniques.

Place, publisher, year, edition, pages
Kista: Institutionen för data- och systemvetenskap (tills m KTH) , 2006. , 328 p.
Report Series / Department of Computer & Systems Sciences, ISSN 1101-8526 ; No 06/16
National Category
Information Science
URN: urn:nbn:se:su:diva-1350ISBN: 91-7155-339-8OAI: diva2:189928
Public defence
2006-12-01, sal C, Forum, Isafjordsgatan 39, Kista, 13:00
Available from: 2006-11-09 Created: 2006-11-09Bibliographically approved

Open Access in DiVA

fulltext(1744 kB)7888 downloads
File information
File name FULLTEXT01.pdfFile size 1744 kBChecksum MD5
Type fulltextMimetype application/pdf

By organisation
Department of Computer and Systems Sciences
Information Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 7888 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 1557 hits
ReferencesLink to record
Permanent link

Direct link