Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A Socio-technical Analysis of Information Systems Security Assurance: A Case Study for Effective Assurance
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
2006 (English)Doctoral thesis, monograph (Other academic)
Abstract [en]

This thesis examines the concepts of Information System (IS) security assurance using a socio-technical framework. IS security assurance deals with the problem of estimating how well a particular security system will function efficiently and effectively in a specific operational environment. In such environments, the IS interact with other systems such as ethical, legal, operational and administrative. Security failure in any of these systems may result in security failure of the whole system.

In this thesis a socio-technical framework is used to examine culture, usability problems, security internal controls, security requirements and re-use of security requirements of TANESCO information systems. TANESCO is the energy utility company in Tanzania where the case study was conducted. Results show that culture affects the way people approach IS security. Also results show that the socio-technical framework is effective in modeling systems security and its environment. The re-use of security requirements is also shown to significantly minimise the time taken when developing and improving security requirements for an IS.

The overall purpose of this thesis has been to develop a framework for information systems security assurance. The resulting framework of thinking brings together numerous assurance concepts into a coherent explanation that should be useful for any organisation or evaluators seeking to understand the underlying principals of systems security assurance. It contains organisational, cultural, and technical issues that should be looked at when considering and applying systems security assurance methods and techniques.

Place, publisher, year, edition, pages
Kista: Institutionen för data- och systemvetenskap (tills m KTH) , 2006. , 328 p.
Series
Report Series / Department of Computer & Systems Sciences, ISSN 1101-8526 ; No 06/16
National Category
Information Science
Identifiers
URN: urn:nbn:se:su:diva-1350ISBN: 91-7155-339-8 (print)OAI: oai:DiVA.org:su-1350DiVA: diva2:189928
Public defence
2006-12-01, sal C, Forum, Isafjordsgatan 39, Kista, 13:00
Opponent
Supervisors
Available from: 2006-11-09 Created: 2006-11-09Bibliographically approved

Open Access in DiVA

fulltext(1744 kB)8134 downloads
File information
File name FULLTEXT01.pdfFile size 1744 kBChecksum SHA-1
62742e9b51dcb6d5eed9cd36c4b81cbeaf1396672aa969a9db68713637618d8278dd0c44
Type fulltextMimetype application/pdf

By organisation
Department of Computer and Systems Sciences
Information Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 8134 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 1890 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf