To Örebro University

oru.seÖrebro University Publications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
An information classification model for public sector organizations in Sweden: a case study of a Swedish municipality
Department of Informatics, Örebro University, Örebro, Sweden.
Department of Informatics, Örebro University, Örebro, Sweden.
Örebro University, Örebro University School of Business. Department of Informatics.ORCID iD: 0000-0002-3722-6797
2022 (English)In: Information and Computer Security, E-ISSN 2056-4961, Vol. 30, no 2, p. 153-172Article in journal (Refereed) Published
Abstract [en]

Purpose: The purpose of this study is to create an information classification model that is tailored to suit the specific needs of public sector organizations in Sweden.

Design/methodology/approach: To address the purpose of this research, a case study in a Swedish municipality was conducted. Data was collected through a mixture of techniques such as literature, document and website review. Empirical data was collected through interviews with 11 employees working within 7 different sections of the municipality.

Findings: This study resulted in an information classification model that is tailored to the specific needs of Swedish municipalities. In addition, a set of steps for tailoring an information classification model to suit a specific public organization are recommended. The findings also indicate that for a successful information classification it is necessary to educate the employees about the basics of information security and classification and create an understandable and unified information security language.

Practical implications: This study also highlights that to have a tailored information classification model, it is imperative to understand the value of information and what kind of consequences a violation of established information security principles could have through the perspectives of the employees.

Originality/value: It is the first of its kind in tailoring an information classification model to the specific needs of a Swedish municipality. The model provided by this study can be used as a tool to facilitate a common ground for classifying information within all Swedish municipalities, thereby contributing the first step toward a Swedish municipal model for information classification.

Place, publisher, year, edition, pages
Emerald Group Publishing Limited, 2022. Vol. 30, no 2, p. 153-172
Keywords [en]
Information classification, Information classification model, Information security, Information security principles, Swedish civil contingencies agency (MSB)
National Category
Information Systems
Identifiers
URN: urn:nbn:se:oru:diva-93893DOI: 10.1108/ICS-03-2021-0032ISI: 000685612100001Scopus ID: 2-s2.0-85112534218OAI: oai:DiVA.org:oru-93893DiVA, id: diva2:1587548
Available from: 2021-08-25 Created: 2021-08-25 Last updated: 2023-12-04Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Gao, Shang

Search in DiVA

By author/editor
Gao, Shang
By organisation
Örebro University School of Business
In the same journal
Information and Computer Security
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 238 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf