2020
DOI: 10.1108/ics-07-2020-0110
|View full text |Cite
|
Sign up to set email alerts
|

Developing an information classification method

Abstract: Purpose The purpose of this paper is to develop a method for information classification. The proposed method draws on established standards, such as the ISO/IEC 27002 and information classification practices. The long-term goal of the method is to decrease the subjective judgement in the implementation of information classification in organisations, which can lead to information security breaches because the information is under- or over-classified. Design/methodology/approach The results are based on a desi… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
9
0

Year Published

2023
2023
2024
2024

Publication Types

Select...
4
2

Relationship

1
5

Authors

Journals

citations
Cited by 9 publications
(9 citation statements)
references
References 50 publications
0
9
0
Order By: Relevance
“…These modularization concepts have been used in the information security management field before, although not for this purpose. The method component format has been used when developing a method for information classification (Bergström et al , 2020); our study can be considered another example of how SME concepts can inform information security management research.…”
Section: Discussionmentioning
confidence: 99%
“…These modularization concepts have been used in the information security management field before, although not for this purpose. The method component format has been used when developing a method for information classification (Bergström et al , 2020); our study can be considered another example of how SME concepts can inform information security management research.…”
Section: Discussionmentioning
confidence: 99%
“…different people at different levels in an organization will rate scales differently (Hubbard, 2020)" (Wangen and Snekkenes, 2013, p. 5) Depending on previous experiences, roles, framing etc. one tends to interpret and value risk and value of/to assets differently (Bergström et al, 2019;Bergström et al, 2021;Bergström and Åhlfeldt, 2014; Anthony (Tony) Cox, 2008;Fenz et al, 2014;Hubbard, 2020;Kaarst-Brown and Thompson, 2015;Sajko et al, 2006;Wangen and Snekkenes, 2013) Actor subjectiveness…”
Section: Methodsmentioning
confidence: 99%
“…(Wangen and Snekkenes, 2013) Not understanding each other properly will lead to problems in discussions and interpretations of discourse (Ahmad et al, 2015;Arhin and Wiredu, 2018;Richmond et al, 2005;Shedden, 2016;Wangen and Snekkenes, 2013) Discourse interpretation "As collections of canonical practices, they 'inevitably and intentionally omit the details' (Brown and Duguid, 1991, p. 40), making them too abstract to be directly applicable to a specific organizational context." (Niemimaa and Niemimaa, 2017, p. 12) Guidelines are difficult to interpret and adapt as they often omit details (Bayuk, 2010;Bergström, 2020;Bergström et al, 2021;Brown and Duguid, 1991;Niemimaa and Niemimaa, 2017;Fibikova and Müller, 2011;Ghernaouti-Helie et al, 2011;Park et al, 2010) Difficult to adapt guidelines Source: Created by author…”
Section: Methodsmentioning
confidence: 99%
See 2 more Smart Citations