Informationsklassificering : ett styrdokument för klassificering av informationssystem

Larsson, Nicklas, Hallén, Kim

January 2010

Hantering av information blir allt viktigare i dagens informationssamhälle då information är en av de värdefullaste tillgångarna för verksamheter. Syftet med uppsatsen har varit att skapa ett styrdokument för IT-administratörer som hjälper dem vid klassificering av informationssystem. Styrdokumentet har som uppgift att kontrollera att informationssystem lever upp till verksamheternas krav som finns på konfidentialitet, integritet, tillgänglighet och spårbarhet. Styrdokumentets vetenskapliga värde har verifierats genom att utvalda IT-administratörer undersökt och utvärderat styrdokumentet. Resultatet visar att styrdokumentet kan användas som ett hjälpmedel. Det är lättförståeligt, lämpar sig för mindre tekniska personer och kan även i vissa fall effektivisera klassificeringsprocessen. Slutsatsen är att behovet av denna typ av styrdokument för klassificering av informationssystem behövs inom verksamheter. / Information management is increasingly important in today’s information society as information is one of the most valuable assets for businesses. The purpose of this paper was to create a steering document for IT administrators and to help them when classifying information systems. The steering document is responsible for verifying that information systems meet businesses requirements of confidentiality, integrity, availability, and traceability. The scientific value of the steering document has been verified by selected IT administrators, who have investigated and evaluated it. The results show that the steering document may be used as a guideline for information system classification. It is easily understandable, suitable for less technical people, and may in some cases make the classification process even more efficient. The conclusion is that this type of steering document for information system classification is needed within businesses.

Availability

CIA-triad

confidentiality

information

information classification

information management

information security

integrity

CIA-triangeln

information

informationshantering

informationsklassificering

informationssäkerhet

integritet

konfidentialitet

tillgänglighet

Computer Sciences

Datavetenskap (datalogi)

Um método de classificação em grupos de informações visando sua segurança

Torres, José Antonio Corrales

05 March 2008

Made available in DSpace on 2016-03-15T19:38:09Z (GMT). No. of bitstreams: 1 Jose Antonio Corrales Torres.pdf: 1028407 bytes, checksum: b5574af2fd8d98d1a9fe03ff29b6aa07 (MD5) Previous issue date: 2008-03-05 / In the contemporary society, information and knowledge grew in importance and have become the most valuable assets, space and time are less relevant and more vulnerable due to the increasing mobile technology. New procedures and processes were created towards security. The information classification is the primary requirement to adjust rules and procedures, the protection level and cost. The current process is manual, restricted by the knowledge of few people and subject to imperfections. This study suggests a method to classify the information, regarding its confidentiality, using groups generated by an Artificial Neural Network. The development of this method was supported by studies of methodologies applied to information protection, to the technology and business risk management, classification methodologies and control structures. The implementation made use of a Neural Network, based on the Self-Organization Maps (SOM) of Kohonen, due to its heavy specialization on groups handling. The study case objective was the implementation and it considered the information from universities, due to their various properties (administrative, pedagogic and scientific research). The analysis of the results indicated the similarity among the elements that composed the groups generated by the training of the Neural Network, complemented by calculations using the original weights. The viability of the application of the considered method to an organization was confirmed. / Na sociedade contemporânea, a informação e o conhecimento assumiram a importância de representar os ativos de maior valor, num cenário em que o espaço e o tempo, devido à tecnologia voltada à mobilidade, perderam a relevância e tornaram-se mais vulneráveis. Surgiram novos procedimentos e mecanismos destinados à segurança. A classificação das informações é o requisito fundamental para direcionar as medidas, o nível de proteção e o custo. Atualmente o processo é manual, restrito ao entendimento de algumas pessoas e sujeito a imperfeições. Este estudo propõe um método para classificar as informações, quanto à sua confidencialidade, em grupos gerados por uma Rede Neural Artificial. O desenvolvimento deste método foi pautado por estudos em metodologias destinadas à segurança das informações, ao gerenciamento de risco de negócio e tecnológico, metodologias para classificação e estruturas de controle. A implementação usou a Rede Neural, baseada nos Mapas Auto-Organizáveis (SOM) de Kohonen, devido à sua acentuada especialização no tratamento de grupos. O estudo de caso objetivou a implementação e contemplou as informações das universidades, em razão da diversidade de suas propriedades (administrativa, pedagógica e pesquisa científica). A análise dos resultados obtidos permitiu observar a semelhança dos elementos que compõe os grupos gerados pelo treinamento da Rede Neural, complementado por cálculos que utilizam os pesos iniciais. Mostrou-se a viabilidade da aplicação do método proposto para uma organização.

informações

segurança

classificação das informações

redes neurais

redes de Kohonen

mapas auto-organizáveis

information

security

information classification

artificial neural networks

Kohonen s net

self-organization maps

CNPQ::ENGENHARIAS::ENGENHARIA ELETRICA

A framework to manage sensitive information during its migration between software platforms

Ajigini, Olusegun Ademolu

06 1900

Software migrations are mostly performed by organisations using migration teams. Such migration teams need to be aware of how sensitive information ought to be handled and protected during the implementation of the migration projects. There is a need to ensure that sensitive information is identified, classified and protected during the migration process. This thesis suggests how sensitive information in organisations can be handled and protected during migrations by using the migration from proprietary software to open source software to develop a management framework that can be used to manage such a migration process.A rudimentary management framework on information sensitivity during software migrations and a model on the security challenges during open source migrations are utilised to propose a preliminary management framework using a sequential explanatory mixed methods case study. The preliminary management framework resulting from the quantitative data analysis is enhanced and validated to conceptualise the final management framework on information sensitivity during software migrations at the end of the qualitative data analysis. The final management framework is validated and found to be significant, valid and reliable by using statistical techniques like Exploratory Factor Analysis, reliability analysis and multivariate analysis as well as a qualitative coding process. / Information Science / D. Litt. et Phil. (Information Systems)

Closed Source Software

Information classification

Information protection

Information security

Information sensitivity

Information sensitivity

IP Protection

IS Migration

IS theory development

IT control frameworks

005.8

Information technology -- Management

Computer programs -- Software

Information science -- Software

Computer programs -- Security measures

Data protection