lnu.sePublications
Change search
Link to record
Permanent link

Direct link
BETA
Magnusson, Lars
Biography [eng]

Researching improved system management methods at the enterprise level. Today's organizations must be agiler than current support functions, like ITIL or COBIT, allows for. At the same time, regulations like EU GDPR or US SOX requires much better security adaptations and control of data. Thus, the management team needs more agile Enterprise IT management and tools to manage their IT environment.

Biography [swe]

Forskar rörande förbättrad systemförvaltning på överordnad verksamhetsnivå. Dagens verksamheter måste vara mer agila än stödfunktioner som ITIL eller COBIT tillåter. Samtidigt, som lagar som GDPR eller am. SOX kräver mycket högre säkerhet och kontroll av data. Därför behöver verksamhetsledningen bättre styr- och ledningsverktyg för att förvalta IT-miljön.

Publications (10 of 13) Show all publications
Magnusson, L., Elm, P. & Mirijamdotter, A. (2019). On System Thinking and Information Security. In: The OR Society Annual Conference OR61, 3-5 September 2019, Sibson Building, Kent University: Conference Handbook. Paper presented at The Operational Research Society OR61 Annual Conference (pp. 161-162). The Operational Research Society, Article ID OR61A151.
Open this publication in new window or tab >>On System Thinking and Information Security
2019 (English)In: The OR Society Annual Conference OR61, 3-5 September 2019, Sibson Building, Kent University: Conference Handbook, The Operational Research Society , 2019, p. 161-162, article id OR61A151Conference paper, Oral presentation with published abstract (Refereed)
Abstract [en]

Security problems we have to deal with today regarding Internet are created by ourselves. Internet, initially created to handle US Government data traffic, evolved to become communication between different research institutes. The protocols that were used had no security at all. Today we still use this network to almost everything and the complexity has grown tremendously. Compared to when the network initially was created, we now try to protect assets rather than just communicate, divide users according to permission and accessibility, and deal with privacy issues. Basically, everything is depending on the network that initially was created with no security.

Privacy has been a critical security aspect for the EU, but with the event of the GDPR privacy is both a legal aspect and an auditable ICT concept. GDPR includes topics like: owning your own data, independent of who collected it and where it is stored, and; the right to be forgotten. Each data collector also needs to have a complete data-flow map, describing any privacy data sets in a flow, to make these traceable and ready for audit inspection. Any organization handling EU residents’ data, needs to adhere to proactive Information Security processes. 

GDPR is based on the principles of Governance, Risk, and Compliance. It is not a purely legal construct; it is a management and strategy issue, not an IT issue. Further examples relate to cloud services with distributed resources, which illustrate the complex problem situation.

There is a need for a new perspective, moving from systems management to data flow management. We propose a systemic model which illustrate processes and flows within a fractal structure; we build on Beer’s Viable System Model. Such a model enables mapping of complexity and data flows and provide a tool for auditing and, thus, enable meeting the requirements of GDPR.

Place, publisher, year, edition, pages
The Operational Research Society, 2019
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-89020 (URN)
Conference
The Operational Research Society OR61 Annual Conference
Available from: 2019-09-09 Created: 2019-09-09 Last updated: 2019-09-18Bibliographically approved
Magnusson, L. & Iqbal, S. (2018). Implications of EU-GDPR in Low-Grade Social, Activist and NGO Settings. International Journal of Business and Technology, 6(3), 1-7, Article ID 7.
Open this publication in new window or tab >>Implications of EU-GDPR in Low-Grade Social, Activist and NGO Settings
2018 (English)In: International Journal of Business and Technology, E-ISSN 2223-8387, Vol. 6, no 3, p. 1-7, article id 7Article in journal (Refereed) Published
Abstract [en]

Social support services are becoming popular among the citizens of every country and every age. Though, social support services easily accessible on mobile phones are used in different contexts, ranging from extending your presence and connectivity to friends, family and colleagues to using social media services for being a social activist seeking to help individuals confined in miserable situations such as homeless community, drug addicts or even revolutionists fighting against dictatorships etc. However, a very recent development in the European Parliament’s law (2016/679) on the processing and free movement of personal data in terms of EU-GDPR (General data protection rules) considers the low funded social service development efforts unsafe. This article analyses a case study conducted at a shelter for homeless mothers in the United States to conceptualize the future similar development efforts from low end public activist groups within European union. This article aims to raise awareness on this issue and also puts forth a conceptual model to envision the possibilities of mitigating the risks attached to such development efforts under the light of EU-GDPR which will be implemented in may 2018.

Place, publisher, year, edition, pages
UBT, 2018
Keywords
GDPR, social services, information security, public activist
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science; Computer and Information Sciences Computer Science, Information Systems; Economy, Business Informatics
Identifiers
urn:nbn:se:lnu:diva-85249 (URN)10.33107/ijbte.2018.6.3.07 (DOI)978-9951-437-60-8 (ISBN)
Available from: 2019-06-13 Created: 2019-06-13 Last updated: 2019-06-13Bibliographically approved
Magnusson, L., Elm, P. & Mirijamdotter, A. (2018). Towards secure data flow oriented multi-vendor IT governance models. International Journal of Business and Technology, 6(3), 1-9, Article ID 8.
Open this publication in new window or tab >>Towards secure data flow oriented multi-vendor IT governance models
2018 (English)In: International Journal of Business and Technology, ISSN 2223-8387, Vol. 6, no 3, p. 1-9, article id 8Article in journal (Refereed) Published
Abstract [en]

Today, still, ICT Governance is being regarded as a departmental concern, not an overall organizational concern. History has shown us that implementation strategies, which are based on departments, results in fractional implementations leading to ad hoc solutions with no central control and stagnation for the in-house ICT strategy. Further, this recently has created an opinion trend; many are talking about the ICT department as being redundant, a dying out breed, which should be replaced by on-demand specialized external services. Clearly, the evermore changing surroundings do force organizations to accelerate the pace of new adaptations within their ICT plans, more vivacious than most organizations currently is able to. This leads to that ICT departments tend to be reactive rather than acting proactively and take the lead in the increased transformation pace in which organizations find themselves. Simultaneously, the monolithic systems of the 1980ies/1990ies is often very dominating in an organization, consume too much of the yearly IT budget, leaving healthy system development behind. These systems were designed before data became an organizational all-encompassing resource; the systems were designed more or less in isolation in regards to the surrounding environment. These solutions make data sharing costly and not at all optimal. Additionally, in strives to adapt to the organization’s evolution, the initial architecture has become disrupted and built up in shreds. Adding to this, on May 25, 2018, an upgraded EU Privacy Regulation on General Data Protection Regulation (GDPR) will be activated. This upgraded privacy regulation includes a substantial strengthening of 1994’s data privacy regulation, which will profoundly affect EU organizations. This regulation will, among other things, limit the right to collect and process personal data and will give the data subject all rights to his/her data sets, independentof where this data is/has been collected and by whom. Such regulation force data collecting and processingorganizations to have total control over any personal data collected and processed. This includes detailedunderstanding of data flows, including who did what and when and under who’s authorization, and how data istransported and stored. Concerning data/information flows, maps are a mandatory part of the system documentation. This encompasses all systems, including outsourced such as cloud services. Hence, individual departments cannot any longer claim they “own” data. Further, since mid-2000, we have seen aglobal inter-organizational data integration, independent of organizations, public or private. If this integration ceasesto exist, the result will be a threat to the survival of the organization. Additionally, if the organization fails to providea transparent documentation according to the GDPR, substantial economic risk is at stake. So, the discussion aboutthe ICT departments’ demise is inapt. Any organizational change will require costly and time-consuming ICTdevelopment efforts to adapt to the legislation of today’s situation. Further, since data nowadays is interconnectedand transformed at all levels, interacting at multiple intersections all over the organization, and becoming a unifiedbase of all operative decisions, an ICT governance model for the organization is required.

Place, publisher, year, edition, pages
UBT, 2018
Keywords
ICT Governance, Privacy, IT, GDPR, Data flow, Data integration
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-84876 (URN)10.33107/ijbte.2018.6.3.08 (DOI)978-9951-437-54-7 (ISBN)
Available from: 2019-06-10 Created: 2019-06-10 Last updated: 2019-07-08Bibliographically approved
Magnusson, L. & Iqbal, S. (2017). Implications of EU-GDPR in Low-Grade Social, Activist and NGO Settings. In: Edmond Hajrizi (Ed.), Proceedings 6th UBT annual international conference, 27-29 ocktober, Durrës, Albania: International Conference on Computer Science and Communication Engineering & Information Systems and Security. Paper presented at International Conference on Computer Science and Communication Engineering & Information Systems and Security, 27-29 ocktober, Durrës, Albania (pp. 91-97). UBT
Open this publication in new window or tab >>Implications of EU-GDPR in Low-Grade Social, Activist and NGO Settings
2017 (English)In: Proceedings 6th UBT annual international conference, 27-29 ocktober, Durrës, Albania: International Conference on Computer Science and Communication Engineering & Information Systems and Security / [ed] Edmond Hajrizi, UBT , 2017, p. 91-97Conference paper, Published paper (Refereed)
Abstract [en]

Social support services are becoming popular among the citizens of every country and every age. Though, social support services easily accessible on mobile phones are used in different contexts, ranging from extending your presence and connectivity to friends, family and colleagues to using social media services for being a social activist seeking to help individuals confined in miserable situations such as homeless community, drug addicts or even revolutionists fighting against dictatorships etc. However, a very recent development in the European Parliament’s law (2016/679) on the processing and free movement of personal data in terms of EU-GDPR (General data protection rules) considers the low funded social service development efforts unsafe. This article analyses a case study conducted at a shelter for homeless mothers in the United States to conceptualize the future similar development efforts from low end public activist groups within European union. This article aims to raise awareness on this issue and also puts forth a conceptual model to envision the possibilities of mitigating the risks attached to such development efforts under the light of EU-GDPR which will be implemented in may 2018.

Place, publisher, year, edition, pages
UBT, 2017
Keywords
GDPR, social services, information security, public activist
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science; Computer and Information Sciences Computer Science, Information Systems; Economy, Business Informatics
Identifiers
urn:nbn:se:lnu:diva-77145 (URN)978-9951-437-60-8 (ISBN)
Conference
International Conference on Computer Science and Communication Engineering & Information Systems and Security, 27-29 ocktober, Durrës, Albania
Available from: 2018-08-16 Created: 2018-08-16 Last updated: 2018-09-10Bibliographically approved
Magnusson, L., Elm, P. & Mirijamdotter, A. (2017). Towards Secure Data Flow Oriented Multi-Vendor IT Governance Models. In: Hajrizi, E. (Ed.), UBT 6th Annual International Conference 2017: Leadership and Innovation. Paper presented at UBT International Conference 2017 - International Conferences on Information Systems and Security. Durrës, Albania, 27-29 October 2017. (pp. 163-163).
Open this publication in new window or tab >>Towards Secure Data Flow Oriented Multi-Vendor IT Governance Models
2017 (English)In: UBT 6th Annual International Conference 2017: Leadership and Innovation / [ed] Hajrizi, E., 2017, p. 163-163Conference paper, Oral presentation with published abstract (Refereed)
Abstract [en]

Today, still, ICT Governance is being regarded as a departmental concern, not an overall organizational concern. History has shown us that implementation strategies, which are based on departments, results in fractional implementations leading to ad hoc solutions with no central control and stagnation for the in-house ICT strategy. Further, this recently has created an opinion trend; many are talking about the ICT department as being redundant, a dying out breed, which should be replaced by on-demand specialized external services. Clearly, the evermore changing surroundings do force organizations to accelerate the pace of new adaptations within their ICTplans, more vivacious than most organizations currently is able to. This leads to that ICT departments tend to be reactive rather than acting proactively and take the lead in the increased transformation pace in which organizations find themselves. Simultaneously, the monolithic systems of the 1980ies/1990ies is often very dominating in an organization, consume too much of the yearly IT budget, leaving healthy system development behind. These systems were designed before data became an organizational all-encompassing resource; the systems were designed more or less in isolation in regards to the surrounding environment. These solutions make data sharing costly and not at all optimal. Additionally, in strives to adapt to the organization’s evolution, the initial architecture has become disrupted and built up in shreds. Adding to this, on May 25, 2018, an upgraded EU Privacy Regulation on General Data Protection Regulation (GDPR) will be activated. This upgraded privacy regulation includes a substantial strengthening of 1994’s data privacy regulation, which will profoundly affect EU organizations. This regulation will, among other things, limit the right to collect and process personal data and will give the data subject all rights to his/her data sets, independentof where this data is/has been collected and by whom. Such regulation force data collecting and processingorganizations to have total control over any personal data collected and processed. This includes detailedunderstanding of data flows, including who did what and when and under who’s authorization, and how data istransported and stored. Concerning data/information flows, maps are a mandatory part of the system documentation. Thisencompasses all systems, including outsourced such as cloud services.Hence, individual departments cannot any longer claim they “own” data. Further, since mid-2000, we have seen aglobal inter-organizational data integration, independent of organizations, public or private. If this integration ceasesto exist, the result will be a threat to the survival of the organization. Additionally, if the organization fails to providea transparent documentation according to the GDPR, substantial economic risk is at stake. So, the discussion aboutthe ICT departments’ demise is inapt. Anyorganizational change will require costly and time-consuming ICTdevelopment efforts to adapt to the legislation of today’s situation. Further, since data nowadays is interconnectedand transformed at all levels, interacting at multiple intersections all over the organization, and becoming a unifiedbase of all operative decisions, an ICT governance model for the organization is require

Keywords
IT Governance, Data-Flow, GDPR, Agility
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-73291 (URN)978-9951-437-54-7 (ISBN)
Conference
UBT International Conference 2017 - International Conferences on Information Systems and Security. Durrës, Albania, 27-29 October 2017.
Available from: 2018-04-24 Created: 2018-04-24 Last updated: 2018-09-10Bibliographically approved
Magnusson, L. (2013). 12.3 Informationssäkerhet på 2010-talet (10ed.). In: Tord Schultz, Lars Hornborg, Eva Fredriksson (Ed.), Bonniers IT-managementhandbok: . Stockholm: Bonnier
Open this publication in new window or tab >>12.3 Informationssäkerhet på 2010-talet
2013 (Swedish)In: Bonniers IT-managementhandbok / [ed] Tord Schultz, Lars Hornborg, Eva Fredriksson, Stockholm: Bonnier, 2013, 10Chapter in book (Other (popular science, discussion, etc.))
Abstract [sv]

Artikeln går igenom de informationsäkerhetsutmaningar vi står inför under 2010-talet, både tekniskt som processmässigt. Bland annat beskrivs vikten av revisioner och regelverk, samt hur bygga upp en säkerhetspolicy.

Abstract [en]

This article goes through the information security challenges we face in the 2010s, both technically and from a process perspective. Among other things, the importance of audits and regulations is described as well as how to build a security policy.

Place, publisher, year, edition, pages
Stockholm: Bonnier, 2013 Edition: 10
Keywords
Informationssystem, Informationssäkerhet, IT-säkerhet, IT-processer
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
urn:nbn:se:lnu:diva-77503 (URN)91-974291-2-0 (ISBN)
Note

Artikeln är publicerad  i författarens förstanamn (Kurt) inte tilltalsnamn (Lars) pga. krav från dåvarande arbetsgivare. 

Available from: 2018-08-31 Created: 2018-08-31 Last updated: 2018-09-03Bibliographically approved
Magnusson, L. (2013). Accesskontroll som nyckel till bättre IT-säkerhet (10ed.). In: Tord Schultz, Lars Hornborg, Eva Fredriksson (Ed.), Bonniers IT-managementhandbok: . Stockholm: Bonnier
Open this publication in new window or tab >>Accesskontroll som nyckel till bättre IT-säkerhet
2013 (Swedish)In: Bonniers IT-managementhandbok / [ed] Tord Schultz, Lars Hornborg, Eva Fredriksson, Stockholm: Bonnier, 2013, 10Chapter in book (Other (popular science, discussion, etc.))
Abstract [sv]

Modern IT ställer högre krav på access/autentiseringsprocesserna, denna artikel debaterar dessa i relation till HRs ansvar att signalera förändringar i anställningar. 

Abstract [en]

Modern IT places higher demands on access/authentication processes. This article discusses these in relation to HR's responsibility to signal changes in employment.

Place, publisher, year, edition, pages
Stockholm: Bonnier, 2013 Edition: 10
Keywords
Accesskontroll, Autentisering, Informationssystem, Informationssäkerhet, IT-säkerhet, Managementprocesser
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems; Computer and Information Sciences Computer Science, Computer Science
Identifiers
urn:nbn:se:lnu:diva-77504 (URN)91-974291-2-0 (ISBN)
Available from: 2018-08-31 Created: 2018-08-31 Last updated: 2018-09-03Bibliographically approved
Magnusson, L. (2013). HR Access: a key to better InfoSecurity. ISC2 InfoSecurity Professional Magazine, 4(22), 23-23
Open this publication in new window or tab >>HR Access: a key to better InfoSecurity
2013 (English)In: ISC2 InfoSecurity Professional Magazine, ISSN -, Vol. 4, no 22, p. 23-23Article in journal, Editorial material (Other (popular science, discussion, etc.)) Published
Abstract [en]

As seen in virtually all IT audits, the auditors find active accounts connected to people retired, that left the organization or simply change jobs. Accounts that should be closed. THise article is a discussion about forcing the HR department to give IT better signals of personnel changes, so IT does not need to rely on personal knowledge.  The issue is a key US SOX finding and will be an EU GDPR key finding in GDPR audits.

Place, publisher, year, edition, pages
Faringham, US: ISC2, 2013
Keywords
Enterprise Management, Information Security, Practices, Procedures
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems; Computer and Information Sciences Computer Science, Computer Science
Identifiers
urn:nbn:se:lnu:diva-77422 (URN)
Available from: 2018-08-31 Created: 2018-08-31 Last updated: 2018-09-03Bibliographically approved
Magnusson, L. (2012). A New Authentication Paradigm?. ISC2 InfoSecurity Professional Magazine, 3(17), 24-24
Open this publication in new window or tab >>A New Authentication Paradigm?
2012 (English)In: ISC2 InfoSecurity Professional Magazine, ISSN -, Vol. 3, no 17, p. 24-24Article in journal, Editorial material (Refereed) Published
Abstract [en]

A discussion piece regarding early 2010 woes and concerns about authentication of cloud service users and the information security aspects of that.  Includes a perspective of authentication  in the view of AT&T Plan 9 Factorum security service. 

Place, publisher, year, edition, pages
Faringham, US: ISC2, 2012
Keywords
Enterprise Management, Information Security, Practices, Procedures
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems; Computer and Information Sciences Computer Science, Computer Science
Identifiers
urn:nbn:se:lnu:diva-77420 (URN)
Available from: 2018-08-31 Created: 2018-08-31 Last updated: 2019-08-30Bibliographically approved
Magnusson, L. (2011). A Call for Best-Practice Framework. ISC2 InfoSecurity Professional Magazine, 2(14), 32-32
Open this publication in new window or tab >>A Call for Best-Practice Framework
2011 (English)In: ISC2 InfoSecurity Professional Magazine, Vol. 2, no 14, p. 32-32Article in journal, Editorial material (Other (popular science, discussion, etc.)) Published
Abstract [en]

A discussion piece within (ISC)2 community regarding variation in auditor security configuration standards. Discussing how to conform to a wider standard, so what was approved by one auditor group is not conforming to another auditing group. 

Place, publisher, year, edition, pages
Faringham, Ma 01701, US: (ISC)2, 2011
Keywords
Enterprise Management, Information Security, Practices, Procedures
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems; Computer and Information Sciences Computer Science, Computer Science
Identifiers
urn:nbn:se:lnu:diva-77229 (URN)
Note

Ej belagd 180910

Available from: 2018-08-31 Created: 2018-08-31 Last updated: 2018-09-10Bibliographically approved
Organisations

Search in DiVA

Show all publications