lnu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
On System Thinking and Information Security
Linnaeus University, Faculty of Technology, Department of Informatics.
Linnaeus University, Faculty of Technology, Department of Informatics. (Information Management)
Linnaeus University, Faculty of Technology, Department of Informatics. (Information Management)ORCID iD: 0000-0002-3670-6537
2019 (English)In: The OR Society Annual Conference OR61, 3-5 September 2019, Sibson Building, Kent University: Conference Handbook, The Operational Research Society , 2019, p. 161-162, article id OR61A151Conference paper, Oral presentation with published abstract (Refereed)
Abstract [en]

Security problems we have to deal with today regarding Internet are created by ourselves. Internet, initially created to handle US Government data traffic, evolved to become communication between different research institutes. The protocols that were used had no security at all. Today we still use this network to almost everything and the complexity has grown tremendously. Compared to when the network initially was created, we now try to protect assets rather than just communicate, divide users according to permission and accessibility, and deal with privacy issues. Basically, everything is depending on the network that initially was created with no security.

Privacy has been a critical security aspect for the EU, but with the event of the GDPR privacy is both a legal aspect and an auditable ICT concept. GDPR includes topics like: owning your own data, independent of who collected it and where it is stored, and; the right to be forgotten. Each data collector also needs to have a complete data-flow map, describing any privacy data sets in a flow, to make these traceable and ready for audit inspection. Any organization handling EU residents’ data, needs to adhere to proactive Information Security processes. 

GDPR is based on the principles of Governance, Risk, and Compliance. It is not a purely legal construct; it is a management and strategy issue, not an IT issue. Further examples relate to cloud services with distributed resources, which illustrate the complex problem situation.

There is a need for a new perspective, moving from systems management to data flow management. We propose a systemic model which illustrate processes and flows within a fractal structure; we build on Beer’s Viable System Model. Such a model enables mapping of complexity and data flows and provide a tool for auditing and, thus, enable meeting the requirements of GDPR.

Place, publisher, year, edition, pages
The Operational Research Society , 2019. p. 161-162, article id OR61A151
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
URN: urn:nbn:se:lnu:diva-89020OAI: oai:DiVA.org:lnu-89020DiVA, id: diva2:1349425
Conference
The Operational Research Society OR61 Annual Conference
Available from: 2019-09-09 Created: 2019-09-09 Last updated: 2019-09-09

Open Access in DiVA

No full text in DiVA

Authority records BETA

Elm, PatrikMirijamdotter, Anita

Search in DiVA

By author/editor
Elm, PatrikMirijamdotter, Anita
By organisation
Department of Informatics
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

urn-nbn

Altmetric score

urn-nbn
Total: 9 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf