Controlled Information Security: Results and conclusions from the research projects

Authors:

  • Jonas Hallberg
  • Margaretha Eriksson
  • Helena Granlund
  • Stewart Kowalski
  • Kristoffer Lundholm
  • Yngve Monfelt
  • Sofie Pilemalm
  • Tove Wätterstam
  • Louise Yngström

Publish date: 2011-06-23

Report number: FOI-R--3187--SE

Pages: 42

Written in: English

Keywords:

  • Information security
  • metric
  • ISO/IEC 27001
  • ISO/IEC 27004

Abstract

The Swedish public sector has taken a number of steps to improve the information security. For instance, the Swedish Civil Contingencies Agency has prescribed the implementation of information security managements systems. Still, in a study covering eleven government agencies, the Swedish National Audit Office found that none of the assessed agencies were considered to have adequate levels of information security. In order to address the needs of understanding, learning, and managing information security, the Swedish Civil Contingencies Agency started an information security research program. Within this program the COntrolled INformation Security (COINS) research project was established. The COINS project aims at providing knowledge, methods, and tools to support the improvement of the information security abilities in organizations, with a focus on Swedish government agencies. In this report, the results produced within the COINS project are presented.