Förenklade informationsklassificeringsscheman hos svenska statliga myndigheter / Simplified classification schemes at Swedish state agencies

Gustavsson, Fredrik

January 2016

Information is a vital part for most organizations, not least for state agencies as they handle personal data for every citizen, such as medical records, social security numbers and other sensitive information. It is therefore critical to protect the information assets at a sufficient level according to its value. Information security aims to do this by preserving the properties of confidentiality, integrity and availability of the information. This means that accurate and complete information shall be accessible and usable by an authorized entity upon demand. Swedish state agencies are obliged to manage their information security by the implementation of an information security management system (ISMS). The ISMS has to be set up and operated in compliance with the international standards ISO/IEC 27001 and ISO/IEC 27002, but these standards are somewhat vague in describing how to perform certain procedures. One part of the ISMS consists of the process of classifying the information, a process that according to the result from a survey by the Swedish Civil Contingencies Agency (MSB) is troublesome (MSB, 2014), especially for smaller-sized agencies. In this classification process, a classification scheme is used to determine the consequences to the organisation if the confidentiality, integrity or availability of the information is jeopardized. The result of this process determines the level of protection that each piece of information asset will receive at a later stage. It is vital to classify the assets at a suitable level to avoid over or under classification, as the former can lead to unnecessary costs and difficulties in using the assets, and the latter can put the asset at risk of unauthorized access. The interest from the academic world have however been low regarding research focused on the 27000 series of standards, compared to the more mature ISO/IEC 9000 and ISO/IEC 14000 series. This thesis project aims to investigate how the classification scheme has been simplified and to identify enabling factors from the development and use of simplified classification schemes. The research questions for this thesis project are: In which ways have a number of Swedish state agencies simplified their information classification schemes? Which factors have influenced the development and use of a simplified classification scheme? A mixed method, an embedded case study, was used, including both a review of existing information security policies for the state agencies to gather information about current information classification models and schemes, as well as interviews with the chiefs of information security for the state agencies regarding the development and usage of a simplified information classification scheme. In total, 120 documents from 81 agencies were reviewed and 7 interviews were completed. The results from the study shows that the state agencies that have simplified their classification scheme do so by focusing on one aspect: confidentiality. The agencies motivate this by a number of reasons: The aspects integrity and availability are regarded complex and difficult for the end user to relate to and classify. In order to simplify for the end user these aspects are handled by the IT department and the IT environment The integrity and availability aspects are more or less built into the IT environment and thus handled automatically as long as the end user correctly classifies the information asset according to the confidentiality aspect and handles the information according to the handling guidelines The study also shows the need for a national, common set of handling guidelines and consequence levels for the classification scheme as this would simplify and improve the security in communication between the state agencies

information security

information classification

classification scheme

Swedish state agencies

informationssäkerhet

informationsklassificering

klassificeringsschema

svenska statliga myndigheter

Computer Sciences

Datavetenskap (datalogi)

Erratic Patterns : Unravelling the Cultural Transfers of Library Classifiers / Oberäkneliga mönster : Att avtäcka de kulturella överföringarna av biblioteksklassificerare

Lindkvist, Keeley

January 2023

This thesis investigates the oft-overlooked influence of the classifier's input during the assignment of library classifications and draws upon cultural transfer theory to shed light on the underlying principles that guide the process. Classifiers' personal knowledge, experience, and beliefs, have a critical role in determining the 'aboutness' of a work and its subsequent classification. To explore this theory, this research employs a dual-methods approach, using qualitative analysis of past literature contrasted with a data set formed through a real-world reclassification project at The Swedish Institute in Rome (ISVRoma) using the Library of Congress Classification scheme (LCC), with classifications in the catalogue of the American Academy in Rome (AARome) used for comparison. The resultant data provides a basis for examining the classifier's cultural input and the manifestation of cultural transfer theory in library classification. The findings of this thesis reveal the dynamic nature of classification, which is not a mere static or administrative task, but rather an evolving process deeply embedded in the societal and cultural context. Classifiers are found to act as interpreters, translators, and shapers of knowledge, bringing a profoundly human element to knowledge organisation and retrieval. The classifiers' craft, therefore, extends beyond the implementation of a systemic and controlled vocabulary and involves an active contribution of their knowledge and experience. This contributes to the overall flexibility and adaptability of the classification system. The thesis also underscores the necessity of reassessing our understanding of library classification systems, especially in light of AI's increasing role in this field.

Library classifier

library classification

classification

cultural transfer

classification and culture

knowledge organisation

knowledge organization

The Swedish Institute in Rome (ISVRoma)

Biblioteksklassificerare

biblioteksklassificering

kulturell överföring

klassificering och kultur

kunskapsorganisation

Svenska institutet i Rom (ISVRoma)

Information Studies

Biblioteks- och informationsvetenskap