Change search
ReferencesLink to record
Permanent link

Direct link
The 14 layered framework for including social and organisational aspects in security management
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
Swedish Defennce Research Agency, Division of Information Syatems, Linköping.
Swedish Defennce Research Agency, Division of Informaton Systems, Linköpng.
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
2011 (English)In: Information Management & Computer Security, ISSN 0968-5227, Vol. 19, no 2, 124-133 p.Article in journal (Refereed) Published
Abstract [sv]

Ett socio tekniskt ramverk baserat på tillämpad systemteori presenteras. Ramverket avses i första hand kunna stödja och beskriva kommunikation om informationssäkerhet.

Abstract [en]

Purpose – The purpose of this paper is to describe the controlled information security project which is designed to investigate, assess and provide tools to improve the information security status in organizations with a focus on public agencies. A central question for the project is how information security issues are communicated within organizations, specifically underlining that communication is control in a cybernetic sense. Design/methodology/approach – The research method applied can be expressed as applied general systems theory combined with design science. The project is carried out in a number of steps: to design modelling techniques and metrics for information security issues in organizations; to collect data from Swedish governmental agencies; to use the modelling techniques to model communication of information security in organizations from different perspectives; to apply metrics on the data in order to assess information security levels in the agencies; to identify gaps; and to identify needs for improvement. Findings – The motivation for the research is that communication of information security issues within organizations tend to be insufficient and the mental connections between IT-security and information security work are weak, which prohibits the organization from learning and adapting in its security work. An entity's authority depends on its ability to control and manage the variety in the 14 layers. The general control objectives needed were implied based on the information security management standard. Originality/value – The paper focuses on mind to mind communication conditions and how to adapt mechanistic systems.

Place, publisher, year, edition, pages
2011. Vol. 19, no 2, 124-133 p.
Keyword [en]
Information security management, holistic approach, applied research
Keyword [sv]
tillämpad system teori
National Category
Information Systems
Research subject
Computer and Systems Sciences
URN: urn:nbn:se:su:diva-67195DOI: 10.1108/09685221111143060OAI: diva2:469612

ISSN: 0968-5227

Available from: 2011-12-26 Created: 2011-12-26 Last updated: 2015-09-08Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full text

Search in DiVA

By author/editor
Yngström, Louise
By organisation
Department of Computer and Systems Sciences
In the same journal
Information Management & Computer Security
Information Systems

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Altmetric score

Total: 25 hits
ReferencesLink to record
Permanent link

Direct link