Riskhanteringens utmaning : En studie som identifierar svenska organisationers riskhantering avseende informationssäkerhet samt dess prioritering.
Background: Risk Management plays an important part of the enterprises strategic business activity. Efficient Risk Management will secure the businesses survival, assets and creates market advantages. The interest of information security has consequently gained in Swedish corporations. Corporations have realized the importance of the information which is stored in the IT systems. IT is the tool for businesses future progress and growth and therefore a source of risks. For managing these risks standards and frameworks are needed. To what extent are information security standards and frameworks used in Swedish organizations? Are information security integrated with operational Risk Management?Purpose: The purpose of this study is to identify the Risk Management regarding information security in the studied organizations and to recognize the priority of information security.Method: The main part of this study is based on case studies including four Swedish organizations, with the purpose to identify the Risk Management regarding information security in these organizations. The study is also added with a complementary survey carried out on Large Cap corporations on the Nordic exchange. The later survey will create a more general apprehension.Conclusions: Findings shows that the Swedish organizations have realized the importance of standards and frameworks and the accompanying benefits. The main elements for using standards and frameworks are - better control, identification of business opportunities and gained security. The findings also suggested that the organizations should invest more resources in integrating information security with Risk Management and on the executive management involvement.
Source Type:Master's Thesis
Keywords:risk management information security operational risks standards frameworks regulations
Date of Publication:06/12/2007