Controlled Information Security: Results and conclusions from the research projects
Publish date: 2011-06-23
Report number: FOI-R--3187--SE
Pages: 42
Written in: English
Keywords:
- Information security
- metric
- ISO/IEC 27001
- ISO/IEC 27004
Abstract
The Swedish public sector has taken a number of steps to improve the information security. For instance, the Swedish Civil Contingencies Agency has prescribed the implementation of information security managements systems. Still, in a study covering eleven government agencies, the Swedish National Audit Office found that none of the assessed agencies were considered to have adequate levels of information security. In order to address the needs of understanding, learning, and managing information security, the Swedish Civil Contingencies Agency started an information security research program. Within this program the COntrolled INformation Security (COINS) research project was established. The COINS project aims at providing knowledge, methods, and tools to support the improvement of the information security abilities in organizations, with a focus on Swedish government agencies. In this report, the results produced within the COINS project are presented.