Return to search

Clarifying roles and responsibilities in information security : A case study of policy implementation in high-stakes environments

In information security, the success of security policies is critically dependent on their implementation in organizations. This thesis explores the gap between formal definitions and the actual implementation of security policies, focusing on roles within a Swedish defense company. Using a qualitative research approach, this study employs semi-structured interviews to gather in-depth insights from individuals directly involved in security management, with the aim of uncovering the real-world complexities and challenges faced in policy implementation. This study identifies several core issues that affect policy implementation: ambiguity in role definitions, inconsistencies in policy communication at different organizational levels, and the frequent need for individuals to adapt policies to practical and situational needs. These factors contribute to the risk of security breaches by creating conditions in which policies are misunderstood or incorrectly applied. The findings highlight a significant discrepancy between how policies are intended to function and how they are implemented in daily operations, revealing a critical vulnerability in organizational security frameworks. This thesis contributes to the existing body of knowledge by mapping the landscape of security policy implementation within the context of the highly regulated defense industry. The results provide empirical evidence that improves the understanding of the interaction between policy, practice and the human element in security regimes with the aim of improving clarity and reducing the incidence of human error in security practices.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:his-24097
Date January 2024
CreatorsAlndawi, Tara
PublisherHögskolan i Skövde, Institutionen för informationsteknologi
Source SetsDiVA Archive at Upsalla University
LanguageEnglish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.0025 seconds