The 14 layered framework for including social and organisational aspects in security management
2011 (English)In: Information Management & Computer Security, ISSN 0968-5227, Vol. 19, no 2, 124-133 p.Article in journal (Refereed) Published
Ett socio tekniskt ramverk baserat på tillämpad systemteori presenteras. Ramverket avses i första hand kunna stödja och beskriva kommunikation om informationssäkerhet.
Purpose – The purpose of this paper is to describe the controlled information security project which is designed to investigate, assess and provide tools to improve the information security status in organizations with a focus on public agencies. A central question for the project is how information security issues are communicated within organizations, specifically underlining that communication is control in a cybernetic sense. Design/methodology/approach – The research method applied can be expressed as applied general systems theory combined with design science. The project is carried out in a number of steps: to design modelling techniques and metrics for information security issues in organizations; to collect data from Swedish governmental agencies; to use the modelling techniques to model communication of information security in organizations from different perspectives; to apply metrics on the data in order to assess information security levels in the agencies; to identify gaps; and to identify needs for improvement. Findings – The motivation for the research is that communication of information security issues within organizations tend to be insufficient and the mental connections between IT-security and information security work are weak, which prohibits the organization from learning and adapting in its security work. An entity's authority depends on its ability to control and manage the variety in the 14 layers. The general control objectives needed were implied based on the information security management standard. Originality/value – The paper focuses on mind to mind communication conditions and how to adapt mechanistic systems.
Place, publisher, year, edition, pages
2011. Vol. 19, no 2, 124-133 p.
Information security management, holistic approach, applied research
tillämpad system teori
Research subject Computer and Systems Sciences
IdentifiersURN: urn:nbn:se:su:diva-67195DOI: 10.1108/09685221111143060OAI: oai:DiVA.org:su-67195DiVA: diva2:469612
ISSN: 0968-52272011-12-262011-12-262015-09-08Bibliographically approved