Mid Sweden University

miun.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Are You Ready When It Counts?: IT Consulting Firm’s Information Security Incident Management
Mid Sweden University, Faculty of Science, Technology and Media, Department of Information Systems and Technology. (RCR)
Mid Sweden University, Faculty of Science, Technology and Media, Department of Information Systems and Technology. (RCR)ORCID iD: 0000-0003-4869-5094
2019 (English)In: Proceedings of the 5th International Conference on Information Systems Security and Privacy (ICISSP), SciTePress, 2019, Vol. 1, p. 26-37Conference paper, Published paper (Refereed)
Abstract [en]

Information security incidents are increasing both in number and in scope. In consequence, the General Data Protection Regulation and the Directive on security of network and information systems force organisations to report such incidents to a supervision authority. Due to the growing of both the importance of managing incidents and the tendency to outsourcing, this study focuses on IT-consulting firms and highlights their vulnerable position as subcontractors. This study thereby addresses the lack of empirical research on incident management and contributes valuable insights in IT-consulting firms’ experiences with information security incident management. Evidence from interviews and a survey with experts at IT-consulting firms focuses on challenges in managing information security incidents. The analyses identify and clarify both new and known challenges, such as how the recent regulations affect the role of an IT-consulting firm and how the absence of major incidents influences stakeholder awareness. Improvements of IT-consulting firm’s incident management process need to address internal and external communication, the information security awareness of employees and customers and the adequacy of the cost focus.

Place, publisher, year, edition, pages
SciTePress, 2019. Vol. 1, p. 26-37
Keywords [en]
Security Awareness, Information Security Incident Management, IT Consulting, GDPR, NIS Directive
National Category
Information Systems
Identifiers
URN: urn:nbn:se:miun:diva-35902DOI: 10.5220/0007247500260037ISI: 000570402400002Scopus ID: 2-s2.0-85064667686ISBN: 978-989-758-359-9 (print)OAI: oai:DiVA.org:miun-35902DiVA, id: diva2:1300690
Conference
5th International Conference on Information Systems Security and Privacy (ICISSP), Prague, Czech Republic, 23-25 February, 2019.
Available from: 2019-03-29 Created: 2019-03-29 Last updated: 2020-11-11Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Große, Christine

Search in DiVA

By author/editor
Große, Christine
By organisation
Department of Information Systems and Technology
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 369 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf