An information classification model for public sector organizations in Sweden: a case study of a Swedish municipality
2022 (English)In: Information and Computer Security, E-ISSN 2056-4961, Vol. 30, no 2, p. 153-172Article in journal (Refereed) Published
Abstract [en]
Purpose: The purpose of this study is to create an information classification model that is tailored to suit the specific needs of public sector organizations in Sweden.
Design/methodology/approach: To address the purpose of this research, a case study in a Swedish municipality was conducted. Data was collected through a mixture of techniques such as literature, document and website review. Empirical data was collected through interviews with 11 employees working within 7 different sections of the municipality.
Findings: This study resulted in an information classification model that is tailored to the specific needs of Swedish municipalities. In addition, a set of steps for tailoring an information classification model to suit a specific public organization are recommended. The findings also indicate that for a successful information classification it is necessary to educate the employees about the basics of information security and classification and create an understandable and unified information security language.
Practical implications: This study also highlights that to have a tailored information classification model, it is imperative to understand the value of information and what kind of consequences a violation of established information security principles could have through the perspectives of the employees.
Originality/value: It is the first of its kind in tailoring an information classification model to the specific needs of a Swedish municipality. The model provided by this study can be used as a tool to facilitate a common ground for classifying information within all Swedish municipalities, thereby contributing the first step toward a Swedish municipal model for information classification.
Place, publisher, year, edition, pages
Emerald Group Publishing Limited, 2022. Vol. 30, no 2, p. 153-172
Keywords [en]
Information classification, Information classification model, Information security, Information security principles, Swedish civil contingencies agency (MSB)
National Category
Information Systems
Identifiers
URN: urn:nbn:se:oru:diva-93893DOI: 10.1108/ICS-03-2021-0032ISI: 000685612100001Scopus ID: 2-s2.0-85112534218OAI: oai:DiVA.org:oru-93893DiVA, id: diva2:1587548
2021-08-252021-08-252023-12-04Bibliographically approved