liu.seSearch for publications in DiVA
Change search
ReferencesLink to record
Permanent link

Direct link
Actual and Perceived Information Systems Security
Linköping University, Department of Management and Engineering. Linköping University, The Institute of Technology.
2007 (English)Doctoral thesis, monograph (Other academic)
Abstract [en]

As the Internet becomes the major information infrastructure in most sectors, the importance of Information Systems (IS) security steadily increases. While reaching a certain level of actual IS security is vital for most businesses, this level must also be perceived as acceptable by stakeholders. Businesses have to maintain a certain level of security and be able to assess the level of other actors’ security. IS security is abstract and complex, however, and difficult to estimate and measure. This thesis uses epistemic and ontological frameworks to study the conceptual nature of IS security and separate the concepts of actual and perceived IS security. A well-known event is used to illustrate the conceptual discussion: the Sasser worm that was spread around the world in 2004. This study also includes a smaller case study from the City of Stockholm, where about 4,000 computers were infected by Sasser.

The outcome of the study is that actual IS security should be treated as a dynamic condition that is influenced by three different objects: information assets, threat objects and security mechanisms. Incidents are processes that are ruled by the conditions of these three objects and affect the states of confidentiality, integrity and availability of information assets. The concepts of threat, risk and trust remain at epistemic level, i.e. perceptions. Perceptions of IS security can differ depending on their social establishment and are classified as subjective judgements, inter-subjective judgements or institutional facts. While actual IS security conditions can influence actors’ perceptions of IS security, perceived IS security can also influence actual IS security.

Place, publisher, year, edition, pages
Institutionen för ekonomisk och industriell utveckling , 2007. , 298 p.
Linköping Studies in Arts and Science, ISSN 0282-9800 ; 412Linköping Studies in Information Science. Dissertation, ISSN 1403-6231 ; 18
Keyword [en]
Information systems security, IS security, IT security, Information security, Actual and perceived
National Category
Other Computer and Information Science
URN: urn:nbn:se:liu:diva-10215ISBN: 978-91-85895-47-2OAI: diva2:16984
Public defence
2007-12-04, C3, Hus C, Campus Valla, Linköpings universitet, Linköping, 13:15 (English)
Available from: 2007-11-19 Created: 2007-11-19 Last updated: 2015-06-17

Open Access in DiVA

cover(205 kB)39 downloads
File information
File name COVER01.pdfFile size 205 kBChecksum SHA-1
Type coverMimetype application/pdf
fulltext(1481 kB)2795 downloads
File information
File name FULLTEXT01.pdfFile size 1481 kBChecksum SHA-1
Type fulltextMimetype application/pdf

Other links

Link to Licentiate Thesis

Search in DiVA

By author/editor
Oscarson, Per
By organisation
Department of Management and EngineeringThe Institute of Technology
Other Computer and Information Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 2795 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 3253 hits
ReferencesLink to record
Permanent link

Direct link