Is IT good enough: An analysis of Swedish universities information security
(2023) SYSK16 20221Department of Informatics
- Abstract
- Previous research in information security research has pointed out the importance of aware employees, while practitioners have focused on technical safety measures, this while the geopolitical situation has rapidly changed. In this paper the public Swedish institutions of higher education are investigated to gain a more complete picture of the potential pitfalls that exist in Swedish government agencies. The study uses a mixed method approach, first a qualitative content analysis of ten Swedish institutions of higher education information security policy to identify any problem areas, further a quantitative survey was sent out to 85 IT-managers at thirty of the thirty-two Swedish institutions of higher education to investigate what issues... (More)
- Previous research in information security research has pointed out the importance of aware employees, while practitioners have focused on technical safety measures, this while the geopolitical situation has rapidly changed. In this paper the public Swedish institutions of higher education are investigated to gain a more complete picture of the potential pitfalls that exist in Swedish government agencies. The study uses a mixed method approach, first a qualitative content analysis of ten Swedish institutions of higher education information security policy to identify any problem areas, further a quantitative survey was sent out to 85 IT-managers at thirty of the thirty-two Swedish institutions of higher education to investigate what issues they had observed. The findings show that information security awareness and education programs seem to have been neglected among the Swedish institutions of higher education, even though researchers have stressed their importance. The new geopolitical situation and the high return of investment on socially engineered attacks, highlights the importance of information security awareness, this before an information security crisis occurs (Less)
- Popular Abstract
- Previous research in information security research has pointed out the importance of aware employees, while practitioners have focused on technical safety measures, this while the geopolitical situation has rapidly changed. In this paper the public Swedish institutions of higher education are investigated to gain a more complete picture of the potential pitfalls that exist in Swedish government agencies. The study uses a mixed method approach, first a qualitative content analysis of ten Swedish institutions of higher education information security policy to identify any problem areas, further a quantitative survey was sent out to 85 IT-managers at thirty of the thirty-two Swedish institutions of higher education to investigate what issues... (More)
- Previous research in information security research has pointed out the importance of aware employees, while practitioners have focused on technical safety measures, this while the geopolitical situation has rapidly changed. In this paper the public Swedish institutions of higher education are investigated to gain a more complete picture of the potential pitfalls that exist in Swedish government agencies. The study uses a mixed method approach, first a qualitative content analysis of ten Swedish institutions of higher education information security policy to identify any problem areas, further a quantitative survey was sent out to 85 IT-managers at thirty of the thirty-two Swedish institutions of higher education to investigate what issues they had observed. The findings show that information security awareness and education programs seem to have been neglected among the Swedish institutions of higher education, even though researchers have stressed their importance. The new geopolitical situation and the high return of investment on socially engineered attacks, highlights the importance of information security awareness, this before an information security crisis occurs (Less)
Please use this url to cite or link to this publication:
http://lup.lub.lu.se/student-papers/record/9106864
- author
- Lindvall, Daniel LU
- supervisor
- organization
- course
- SYSK16 20221
- year
- 2023
- type
- M2 - Bachelor Degree
- subject
- keywords
- information security policy, university, Sweden, security governance, information security management, information security awareness, institutional theory, institutional logics, general system theory, security, data breaches
- report number
- INF22-77
- language
- English
- id
- 9106864
- date added to LUP
- 2023-01-30 09:31:40
- date last changed
- 2023-01-30 09:31:40
@misc{9106864, abstract = {{Previous research in information security research has pointed out the importance of aware employees, while practitioners have focused on technical safety measures, this while the geopolitical situation has rapidly changed. In this paper the public Swedish institutions of higher education are investigated to gain a more complete picture of the potential pitfalls that exist in Swedish government agencies. The study uses a mixed method approach, first a qualitative content analysis of ten Swedish institutions of higher education information security policy to identify any problem areas, further a quantitative survey was sent out to 85 IT-managers at thirty of the thirty-two Swedish institutions of higher education to investigate what issues they had observed. The findings show that information security awareness and education programs seem to have been neglected among the Swedish institutions of higher education, even though researchers have stressed their importance. The new geopolitical situation and the high return of investment on socially engineered attacks, highlights the importance of information security awareness, this before an information security crisis occurs}}, author = {{Lindvall, Daniel}}, language = {{eng}}, note = {{Student Paper}}, title = {{Is IT good enough: An analysis of Swedish universities information security}}, year = {{2023}}, }