Observations on Practical Information Security Issues
and Life Cycle Management in IT Systems
- a Case Study
2010 (English)In: The Security Conference Europe August 15-17, 2010 in Örebro, Sweden, 2010Conference paper (Other academic)
Abstract. This paper presents three case studies related to practical information
security issues during the Life Cycle of IT systems in (1) a big, global
organisation, (2) a medium sized governmental agency, and (3) a small sales
and production enterprise. The maturity of the processes used during systems
development, as well as the organisation are taken into consideration, and
methods of communication of information security, follow-up and feedback is
described. Security related processes and procedures, or the lack thereof, are
described and their effect discussed.
Efficient communication of the security policy, fast feedback on actions and
follow-up on security related procedures seems to increase the level of
information security and can be expressed in terms of the Quality of Service
delivered from the organisation to its customers or clients.
Place, publisher, year, edition, pages
Keywords: Information security, Security management, IT governance, Life cycle, Data protection, Secure systems development, Quality of Service.
Research subject Computer and Systems Sciences
IdentifiersURN: urn:nbn:se:su:diva-51967OAI: oai:DiVA.org:su-51967DiVA: diva2:386448
The Security conference EUROPE- Discources in Security, Assurance and Privacy
The 1st Security Conference – Europe is scheduled for August 15-17, 2010 in Örebro, Sweden. The Conference is a European version of the Annual Security Conference in Las Vegas and attracts a nice mix of participants from academia, government and industry. Co-organizers for the European 2010 event are Örebro University, University of Skövde and Virginia Commonwealth University2011-01-122011-01-12