This study examined how municipalities work with information security focusing on the use of security standards. Data was collected from three different municipalities differentiating in population, for the purpose of determining whether financial resources was a factor to successful information security within the organization. The study was based on a theoretical framework that consisted of ISO 27000, The General Data Protection Regulation, as well as the NIS directive. To examine the municipalities information security and whether security standards were used data was collected via interviews. In these interviews the informants were asked questions created in a semi-structured way to provide them with context while still being able to answer freely. This data was later to be analysed and categorised into themes where it could be interpreted. These themes within information security, consisted of continuity, risk assessment, policies, regulations, security standards, budget, and resources. Through analysis, the answers were compared as well as put into the context of what had been discovered in prior research within the field. It later points towards certain improvements in some respects as well as no further improvements in other areas. The study could affirm prior results from earlier research, and that municipalities still had essential deficiencies in their information security such as not working systematically with information security at an acceptable level. However, there were some improvements compared to prior research among municipalities and there were clear indications that there had been put a larger focus on information security. The informants also affirmed that regulations such as the General Data Protection Regulation had affected the municipalities executives’ approach towards information security within the organization. / I studien undersöks kommuners arbete med informationssäkerhet fokuserat på användandet av säkerhetsstandarder. Data samlades in från tre olika kommuner. Urvalet av kommuner baserades på population för att identifiera om ekonomi var en faktor till framgångsrik informationssäkerhet inom organisationen. Studien baserades på ett teoretiskt ramverk bestående av ISO 27000, dataskyddsförordningen tillika NIS-direktivet. För att undersöka informationssäkerheten bland tre kommuner och huruvida säkerhetsstandarder användes gjordes en datainsamling via intervjuer. Intervjuerna var semi-strukturerade så att informanterna fick en tydlig kontext och möjligheten att svara fritt. Insamlade data analyserades och kategoriserades in i teman, så det kunde tolkas. De informationssäkerhetstemana bestod av kontinuitet, riskbedömning, policys, lagar, säkerhetsstandarder, budget och resurser. Svaren analyserades och jämfördes även mot tidigare forskning i ämnet. Vad som kunde utläsas var att utveckling visades i vissa aspekter medan mindre inom andra. Studien kunde bekräfta resultat från tidigare studier, att kommuner fortfarande uppvisade brister i deras arbete informationssäkerhet. Samband mellan kommunerna var brister inom det systematiska arbetet med informationssäkerhet. Förbättringar hade dock gjorts jämfört med tidigare forskning således fanns tydliga indikationer på att informationssäkerhet uppmärksammats. Informanterna påpekade också att lagar som dataskyddsförordning hade påverkat kommunernas syn på informationssäkerhet inom organisationen.
| Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:lnu-96329 |
| Date | January 2020 |
| Creators | Eklund, Jonathan, Renner, Robin |
| Publisher | Linnéuniversitetet, Institutionen för informatik (IK), Linnéuniversitetet, Institutionen för informatik (IK) |
| Source Sets | DiVA Archive at Upsalla University |
| Language | Swedish |
| Detected Language | English |
| Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
| Format | application/pdf |
| Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0018 seconds