Riskhanteringens utmaning : En studie som identifierar svenska organisationers riskhantering avseende informationssäkerhet samt dess prioritering. / The challenge of Risk Management : A study on Risk Management regarding information security in Swedish organizations and their priorities

Tehrani, Amir, Siwetz, Clara

January 2007

<p>Background: Risk Management plays an important part of the enterprises strategic business activity. Efficient Risk Management will secure the businesses survival, assets and creates market advantages. The interest of information security has consequently gained in Swedish corporations. Corporations have realized the importance of the information which is stored in the IT systems. IT is the tool for businesses future progress and growth and therefore a source of risks. For managing these risks standards and frameworks are needed. To what extent are information security standards and frameworks used in Swedish organizations? Are information security integrated with operational Risk Management?</p><p>Purpose: The purpose of this study is to identify the Risk Management regarding information security in the studied organizations and to recognize the priority of information security.</p><p>Method: The main part of this study is based on case studies including four Swedish organizations, with the purpose to identify the Risk Management regarding information security in these organizations. The study is also added with a complementary survey carried out on Large Cap corporations on the Nordic exchange. The later survey will create a more general apprehension.</p><p>Conclusions: Findings shows that the Swedish organizations have realized the importance of standards and frameworks and the accompanying benefits. The main elements for using standards and frameworks are - better control, identification of business opportunities and gained security. The findings also suggested that the organizations should invest more resources in integrating information security with Risk Management and on the executive management involvement.</p>

Risk Management

Information Security

Operational risks

Standards

Frameworks & Regulations

Riskhantering

Informationssäkerhet

Operationella risker

Standarder

Ramverk

Regelverk.

Business studies

Företagsekonomi

Riskhanteringens utmaning : En studie som identifierar svenska organisationers riskhantering avseende informationssäkerhet samt dess prioritering. / The challenge of Risk Management : A study on Risk Management regarding information security in Swedish organizations and their priorities

Tehrani, Amir, Siwetz, Clara

January 2007

Background: Risk Management plays an important part of the enterprises strategic business activity. Efficient Risk Management will secure the businesses survival, assets and creates market advantages. The interest of information security has consequently gained in Swedish corporations. Corporations have realized the importance of the information which is stored in the IT systems. IT is the tool for businesses future progress and growth and therefore a source of risks. For managing these risks standards and frameworks are needed. To what extent are information security standards and frameworks used in Swedish organizations? Are information security integrated with operational Risk Management? Purpose: The purpose of this study is to identify the Risk Management regarding information security in the studied organizations and to recognize the priority of information security. Method: The main part of this study is based on case studies including four Swedish organizations, with the purpose to identify the Risk Management regarding information security in these organizations. The study is also added with a complementary survey carried out on Large Cap corporations on the Nordic exchange. The later survey will create a more general apprehension. Conclusions: Findings shows that the Swedish organizations have realized the importance of standards and frameworks and the accompanying benefits. The main elements for using standards and frameworks are - better control, identification of business opportunities and gained security. The findings also suggested that the organizations should invest more resources in integrating information security with Risk Management and on the executive management involvement.

Risk Management

Information Security

Operational risks

Standards

Frameworks & Regulations

Riskhantering

Informationssäkerhet

Operationella risker

Standarder

Ramverk

Regelverk.

Business studies

Företagsekonomi