• FOI Startpage
  • Sitemap
  • Anpassa

Controlled Information Security

In order to address the needs of understanding, learning, and managing information security, the Swedish Civil Contingencies Agency started an information security research program. Within this program the COntrolled INformation Security (COINS) research project was established.

The COINS project aims at providing knowledge, methods, and tools to support the improvement of the information security abilities in organizations, with a focus on Swedish government agencies. A central question for the project is how information security issues are communicated within the organizations. The project is carried out in a number of steps which embrace:

  1. Design modeling techniques and metrics for the communication of information security issues in organizations
  2. Collect data from a Swedish government agency
  3. Use the modeling techniques to model the communication of information security at the agency
  4. Apply metrics on the data in order to assess the information security at the agency
  5. Design information security metrics for a specific agency using a participatory design approach
  6. Apply the metrics at the agency and produce the related reports
  7. Develop a framework for inter-organizational comparison of the maturity of information security and metrics programs
  8. Produce a roadmap for future research in the area

Publications

Hallberg, J., Eriksson, M., Granlund, H., Kowalski, S., Lundholm, K., Monfelt, Y., Pilemalm, S., Wätterstam, T., & Yngström, L. (2011). Controlled Information Security: Results and conclusions from the research project. Base Data Report. FOI-R--3187--SE. Linköping, Sweden: Swedish Defence Research Agency, FOI.

Granlund, H., Lundholm, K., Hallberg, J., & Eriksson, M. (2011). A Framework for Inter-Organizational Comparisons of Information Security Capabilities. Methodology Report. FOI-R--3186--SE. Linköping, Sweden: Swedish Defence Research Agency, FOI.

Lundholm, K., Hallberg, J., & Granlund, H. (2011). Design and Use of Information Security Metrics: Application of the ISO/IEC 27004 standard. Scientific Report. FOI-R--3189--SE. Linköping, Sweden: Swedish Defence Research Agency, FOI.

Lundholm, K. & Hallberg, J. (2011). Relevant information security characteristics: Based on needs for information security assessment. Base Data Report. FOI-R--3188--SE. Linköping, Sweden: Swedish Defence Research Agency, FOI.

Hallberg, J., Pilemalm, S., Lundholm, K., Yngström, L., Monfelt, Y., & Davidson, A. (2010). Controlled information security: How to recognize and improve organizational information security status. FOI Memo 3102. Linköping, Sweden: Swedish Defence Research Agency, FOI.

Lundholm, K. & Hallberg, J. (2009). Information security metrics based on organizational models. Base Data Report. FOI-R--2812--SE. Linköping, Sweden: Swedish Defence Research Agency, FOI.

CONTACT 

Project Leader and Researcher:

Jonas Hallberg

 

Photographer:
Johan Bengtsson, FOI.