Spelling suggestions: "subject:"forminformation classification"" "subject:"forminformation 1classification""
1 |
Tidsaspekt för informationsklassificering inom svenska myndigheter / Timescale for information classification in Swedish governmental agenciesSusi, Tommy January 2016 (has links)
No description available.
|
2 |
Information Classification in Information Security Management and its ChallengesKatura, Robert January 2023 (has links)
Information classification is a prerequisite for carrying out risk management in information security, as the assets worth protecting are identified and the need for protection is determined by the classification categories. The information classification thus has a major impact on the security architecture of systems and organizations. Nevertheless, information classification leads a shadowy existence in the scientific literature, which is reflected in a limited number of scientific publications. This discrepancy between the relevance of information classification in risk management and its low scientific attention was the motivation to take a closer look at the topic. This thesis created an overview of the current state of research in information classification and shed some light on potential problems to stimulate new research questions. The results of the work include a current overview of the status of research on information classification in risk management of information security and its context to other academic disciplines and practical needs, particularly research on bias and systems engineering. This thesis also summarized a total of 109 individual research gaps in information classification research, derived from the evaluation of the scientific literature and on the conclusions of identified open questions. From the gaps identified, some suggestions for future research in the field of information classification could be made.
|
3 |
Analysis of information classification best practicesMikkelinen, Nicklas January 2015 (has links)
Information security, information management systems and more specifically information classification are important parts of an organisations information security. More and more information is being processed each day, and needs to be secured. Without proper information classification guidelines in place and lacking research within the subject, organisations could be vulnerable to attacks from third parties. This project displays a list of best practices found within information classification guidelines published online by different organisations. Out of 100 reviewed documents, 30 included information classification guidelines, and when analysed with a thematic analysis provides best practices within information classification.
|
4 |
A Virtual Construction Environment (VCE) for Macro PlanningWaly, Ahmed Fathi 18 June 2001 (has links)
Macro Planning of construction projects is among the most challenging tasks faced by the project team. Decisions made during this process have a tremendous impact on the successful execution of the project from its early conceptual phases, through the project construction and completion. For a large majority of construction projects, the current planning practices remain manually based. General and project specific data are communicated among project participants through design drawings in a 2D paper-based format. Due to the interdependence between the different elements and the large amount of information that needs to be manually processed, the current manual implementation approach is very difficult to undertake, and imposes a heavy burden on the project team to carry out the planning process.
Various research efforts have been undertaken in an attempt to capture current planning techniques and allow for the development of new innovative and automated ways in planning. The developed planning systems are characterized as responsive decision systems, relying mainly on programmed knowledge and heuristics for decision making, hence reducing or eliminating the role of the human planner.
This research presents the framework for a new interactive planning environment called the Virtual Construction Environment (VCE) that supports the thinking process of the project team during the macro planning phase of design-build projects. Unlike previous responsive-type systems developed, the approach utilized in the VCE is supportive to the project team enabling them to be an active participant in the decision making process.
The main purpose of the VCE is to assist the project team during decision making, by providing pertinent information necessary for making appropriate decisions in a structured format. This information may be organized, stored, and retrieved by the project team whenever needed during the virtual sessions. The VCE also provides the project team with appropriate tools to test different work execution and site layout planning scenarios early during project development. During the virtual sessions, the project team reconstructs the facility by bringing graphical elements together. The project team's movements and interactions are recorded to capture their thinking process on how to construct the facility (i.e. sequence of major assemblies). Other project participants can retrieve recorded decisions for further review or modification. The project team is also able to specify construction methods, and allocate resources required for the implementation of major assemblies. The VCE guides the project team to perform these interdependent planning functions interactively and concurrently. Using system graphical libraries, major equipment and temporary facilities can be superimposed and displayed as graphical objects for site layout planning. This enables the project team to visually check for space and accessibility conflicts during different virtual construction time intervals.
In order to define required information in the VCE, the author has developed a MAcro Planning Information Classification (MAPIC) model under which information required for macro planning decision making could be classified and organized in a structured standardized format. The project team may then retrieve and utilize this information whenever needed during the virtual sessions.
A prototype computer tool is developed to illustrate the framework of the VCE. The computer prototype is implemented using available commercial software tools. / Ph. D.
|
5 |
Förenklade informationsklassificeringsscheman hos svenska statliga myndigheter / Simplified classification schemes at Swedish state agenciesGustavsson, Fredrik January 2016 (has links)
Information is a vital part for most organizations, not least for state agencies as they handle personal data for every citizen, such as medical records, social security numbers and other sensitive information. It is therefore critical to protect the information assets at a sufficient level according to its value. Information security aims to do this by preserving the properties of confidentiality, integrity and availability of the information. This means that accurate and complete information shall be accessible and usable by an authorized entity upon demand. Swedish state agencies are obliged to manage their information security by the implementation of an information security management system (ISMS). The ISMS has to be set up and operated in compliance with the international standards ISO/IEC 27001 and ISO/IEC 27002, but these standards are somewhat vague in describing how to perform certain procedures. One part of the ISMS consists of the process of classifying the information, a process that according to the result from a survey by the Swedish Civil Contingencies Agency (MSB) is troublesome (MSB, 2014), especially for smaller-sized agencies. In this classification process, a classification scheme is used to determine the consequences to the organisation if the confidentiality, integrity or availability of the information is jeopardized. The result of this process determines the level of protection that each piece of information asset will receive at a later stage. It is vital to classify the assets at a suitable level to avoid over or under classification, as the former can lead to unnecessary costs and difficulties in using the assets, and the latter can put the asset at risk of unauthorized access. The interest from the academic world have however been low regarding research focused on the 27000 series of standards, compared to the more mature ISO/IEC 9000 and ISO/IEC 14000 series. This thesis project aims to investigate how the classification scheme has been simplified and to identify enabling factors from the development and use of simplified classification schemes. The research questions for this thesis project are: In which ways have a number of Swedish state agencies simplified their information classification schemes? Which factors have influenced the development and use of a simplified classification scheme? A mixed method, an embedded case study, was used, including both a review of existing information security policies for the state agencies to gather information about current information classification models and schemes, as well as interviews with the chiefs of information security for the state agencies regarding the development and usage of a simplified information classification scheme. In total, 120 documents from 81 agencies were reviewed and 7 interviews were completed. The results from the study shows that the state agencies that have simplified their classification scheme do so by focusing on one aspect: confidentiality. The agencies motivate this by a number of reasons: The aspects integrity and availability are regarded complex and difficult for the end user to relate to and classify. In order to simplify for the end user these aspects are handled by the IT department and the IT environment The integrity and availability aspects are more or less built into the IT environment and thus handled automatically as long as the end user correctly classifies the information asset according to the confidentiality aspect and handles the information according to the handling guidelines The study also shows the need for a national, common set of handling guidelines and consequence levels for the classification scheme as this would simplify and improve the security in communication between the state agencies
|
6 |
Information Classification in Swedish Governmental Agencies : Analysis of Classification GuidelinesAnteryd, Fredrik January 2015 (has links)
Information classification deals with the handling of sensitive information, such as patient records and social security information. It is of utmost importance that this information is treated with caution in order to ensure its integrity and security. In Sweden, the Civil Contingencies Agency has established a set of guidelines for how governmental agencies should handle such information. However, there is a lack of research regarding how well these guidelines are followed as well as if the agencies have made accommodations of these guidelines of their own. This work presents the results from a survey sent to 245 governmental agencies in Sweden, investigating how information classification actually is performed today. The questionnaire was answered by 144 agencies and 54 agencies provided detailed documents of their classification process. The overall results show that the classification process is difficult, while those who provided documents proved to have good guidelines, but not always consistent with the existing recommendations.
|
7 |
Classification Storage : A practical solution to file classification for information security / Classification Storage : En praktisk lösning till fil klassificering för informationssäkerhetSloof, Joël January 2021 (has links)
In the information age we currently live in, data has become the most valuable resource in the world. These data resources are high value targets for cyber criminals and digital warfare. To mitigate these threats, information security, laws and legislation is required. It can be challenging for organisations to have control over their data, to comply with laws and legislation that require data classification. Data classification is often required to determine appropriate security measured for storing sensitive data. The goal of this thesis is to create a system that makes it easy for organisations to handle file classifications, and raise information security awareness among users. In this thesis, the Classification Storage system is designed, implemented and evaluated. The Classification Storage system is a Client--Server solution that together create a virtual filesystem. The virtual filesystem is presented as one network drive, while data is stored separately, based on the classifications that are set by users. Evaluating the Classification Storage system is realised through a usability study. The study shows that users find the Classification Storage system to be intuitive, easy to use and users become more information security aware by using the system. / I dagens informationsålder har data blivit den mest värdefulla tillgången i världen. Datatillgångar har blivit högt prioriterade mål för cyberkriminella och digital krigsföring. För att minska dessa hot, finns det ett behov av informationssäkerhet, lagar och lagstiftning. Det kan vara utmanande för organisationer att ha kontroll över sitt data för att följa lagar som kräver data klassificering för att lagra känsligt data. Målet med avhandlingen är att skapa ett system som gör det lättare för organisationer att hantera filklassificering och som ökar informationssäkerhets medvetande bland användare. Classification Storage systemet har designats, implementerats och evaluerats i avhandlingen. Classification Storage systemet är en Klient--Server lösning som tillsammans skapar ett virtuellt filsystem. Det virtuella filsystemet är presenterad som en nätverksenhet, där data lagras separat, beroende på den klassificeringen användare sätter. Classification Storage systemet är evaluerat genom en användbarhetsstudie. Studien visar att användare tycker att Classification Storage systemet är intuitivt, lätt att använda och användare blir mer informationssäkerhets medveten genom att använda systemet.
|
8 |
Trust as a factor in the information classification processAndersson, Simon January 2021 (has links)
Risk management is an important part of every business. In order to properly conduct it, risk assessment and within it, information classification is needed. The information classification produces a list of information assets and states how they are valued within the organization. That is then used as an important part of the risk assessment process. In order to conduct such a valuation, users are consulted as they often times understand the value of information. However, using the CIA-Triad when communicating has proved to be difficult for users not knowledgeable in information security. Trust as a concept has been proven to have some connection to the concepts of the CIA-Triad and has been proposed as a possible translator in order to ease the communication of information value in the process of information classification. Semi-structured interviews were held with information security professionals in order to further understand the connection between the CIA-triad concepts and trust as well as to gain further understanding in the important parts of information classification. A thematic analysis showed how confidentiality and integrity are prominent factors that connect to trust, with availability, while still being mentioned as having a connection, was not as prominent. Further, the empirical data was used to build a model based on trust and importance that allows for a translation of the CIA-triad concepts. This resulted in a classification-scheme based model that allows trust as a concept to be used as a translator of the CIA-concepts, thus including trust as a concept in the information classification process.
|
9 |
Informationsklassificering : ett styrdokument för klassificering av informationssystemLarsson, Nicklas, Hallén, Kim January 2010 (has links)
<p>Hantering av information blir allt viktigare i dagens informationssamhälle då information är en av de värdefullaste tillgångarna för verksamheter. Syftet med uppsatsen har varit att skapa ett styrdokument för IT-administratörer som hjälper dem vid klassificering av informationssystem. Styrdokumentet har som uppgift att kontrollera att informationssystem lever upp till verksamheternas krav som finns på konfidentialitet, integritet, tillgänglighet och spårbarhet. Styrdokumentets vetenskapliga värde har verifierats genom att utvalda IT-administratörer undersökt och utvärderat styrdokumentet. Resultatet visar att styrdokumentet kan användas som ett hjälpmedel. Det är lättförståeligt, lämpar sig för mindre tekniska personer och kan även i vissa fall effektivisera klassificeringsprocessen. Slutsatsen är att behovet av denna typ av styrdokument för klassificering av informationssystem behövs inom verksamheter.</p> / <p>Information management is increasingly important in today’s information society as information is one of the most valuable assets for businesses. The purpose of this paper was to create a steering document for IT administrators and to help them when classifying information systems. The steering document is responsible for verifying that information systems meet businesses requirements of confidentiality, integrity, availability, and traceability. The scientific value of the steering document has been verified by selected IT administrators, who have investigated and evaluated it. The results show that the steering document may be used as a guideline for information system classification. It is easily understandable, suitable for less technical people, and may in some cases make the classification process even more efficient. The conclusion is that this type of steering document for information system classification is needed within businesses.</p>
|
10 |
Classificação de informação usando ontologias / Information classification using ontologiesSilva, Eunice Palmeira da 28 September 2006 (has links)
Although the positive aspects that Internet possesses and the potential it permits, there is a problematic that consists on finding needed pieces of information among the deluge of available documents on the web. Tools that are able to semantically treat the information contained in the documents which follows a structure only focused on data presentation are still lacking. The MASTER-Web system solves the problem of integrated extraction of content-pages that belong to classes which form a cluster. In this context, we propose the extension of this tool to the scientific articles classification
based on ontologies. To achieve this goal, an ontology for the Artificial Intelligence domain was constructed and rule-based classification strategies were adopeted. The approach presented here employs this ontology and textual classification techniques to extract useful pieces of information from the articles in order to infer to which themes
it is about. This combination led to significative results: e.g. in the texts, the system is able to identify the specific subdivisions of AI and entails conclusions, distinguishing
correctlly the themes of the articles from the ones that are briefiy mentioned in the texts. The application of simple techniques and a detailed ontology lead to promising
classification results, independently of the document structure, proposing an eficient and plausible solution. / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / Apesar dos aspectos positivos que a Internet possui e do potencial que permite, existe a problemática, que consiste em encontrar a informação necessária em meio a uma enorme quantidade de documentos disponíveis na rede. Faltam, ainda, ferramentas capazes de tratar semanticamente a informação contida em documentos que seguem uma estrutura preocupada apenas com a exibição dos seus dados. O sistema MASTERWeb, resolve o problema da extração integrada de páginas-conteúdo pertencentes às classes que integram um grupo (cluster ). Neste contexto propomos a extensão dessa ferramenta para a classificação de artigos científicos baseada em ontologias. Para isso foi construída uma ontologia do domínio de Inteligência Artificial e adotadas estratégias de classificação utilizando sistemas de regras. A abordagem apresentada aqui, emprega esta ontologia e técnicas de classificação textual para extrair dos artigos informações úteis, e daí inferir sobre os temas tratados nestes artigos. Essa combinação conduziu a resultados bastante significativos: por exemplo, o sistema é capaz de identificar no texto as subáreas de IA que ele aborda e deriva conclusões, distinguindo os assuntos tratados pelo artigo daqueles que são brevemente citados no texto. A aplicação de técnicas simples e uma ontologia bem formada levam a resultados de classificação promissores, independentemente da estrutura do documento, propondo uma solução eficiente e plausível.
|
Page generated in 0.1819 seconds