As the Internet becomes the major information infrastructure in most sectors, the importance of Information Systems (IS) security steadily increases. While reaching a certain level of actual IS security is vital for most businesses, this level must also be perceived as acceptable by stakeholders. Businesses have to maintain a certain level of security and be able to assess the level of other actors’ security. IS security is abstract and complex, however, and difficult to estimate and measure. This thesis uses epistemic and ontological frameworks to study the conceptual nature of IS security and separate the concepts of actual and perceived IS security. A well-known event is used to illustrate the conceptual discussion: the Sasser worm that was spread around the world in 2004. This study also includes a smaller case study from the City of Stockholm, where about 4,000 computers were infected by Sasser. The outcome of the study is that actual IS security should be treated as a dynamic condition that is influenced by three different objects: information assets, threat objects and security mechanisms. Incidents are processes that are ruled by the conditions of these three objects and affect the states of confidentiality, integrity and availability of information assets. The concepts of threat, risk and trust remain at epistemic level, i.e. perceptions. Perceptions of IS security can differ depending on their social establishment and are classified as subjective judgements, inter-subjective judgements or institutional facts. While actual IS security conditions can influence actors’ perceptions of IS security, perceived IS security can also influence actual IS security.
Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:liu-10215 |
Date | January 2007 |
Creators | Oscarson, Per |
Publisher | Linköpings universitet, Institutionen för ekonomisk och industriell utveckling, Linköpings universitet, Tekniska högskolan, Institutionen för ekonomisk och industriell utveckling |
Source Sets | DiVA Archive at Upsalla University |
Language | English |
Detected Language | English |
Type | Doctoral thesis, monograph, info:eu-repo/semantics/doctoralThesis, text |
Format | application/pdf |
Rights | info:eu-repo/semantics/openAccess |
Relation | Linköping Studies in Arts and Science, 0282-9800 ; 412, Linköping Studies in Information Science. Dissertation, 1403-6231 ; 18 |
Page generated in 0.0015 seconds