lnu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Cybersecurity Compliance in the Public Sector: Are the Best Security Practices Properly Addressed?
Linnaeus University, Faculty of Technology, Department of Informatics. (Linnaeus University Systems Community)ORCID iD: 0009-0000-8265-0944
Linnaeus University, Faculty of Technology, Department of Informatics.ORCID iD: 0000-0001-7520-695x
Linnaeus University, Faculty of Technology, Department of Informatics.ORCID iD: 0000-0001-6227-0290
2023 (English)In: HCI International 2023 Posters. HCII 2023: 25th International Conference on Human-Computer Interaction, HCII 2023, Copenhagen, Denmark, July 23–28, 2023, Proceedings, Part IV / [ed] Stephanidis, C., Antona, M., Ntoa, S., Salvendy, G., Switzerland: Springer, 2023, p. 219-226Conference paper, Published paper (Refereed)
Sustainable development
SDG 9: Build resilient infrastructure, promote inclusive and sustainable industrialization, and foster innovation
Abstract [en]

Improving and strengthening cybersecurity in the public sector should represent a top priority for government agencies, including municipalities and regions. To be resilient against cyberattack surges, organizations should consider establishing a cybersecurity program based on international standards and best practices. In this paper we explore the cybersecurity compliance in the Swedish public sector in relation to the best practices and guidelines highlighted in the ISO/IEC 27001A framework. Our findings indicate that the overall security status among the municipalities and regions contained many flaws, with substantial holes and critical issues. ISO/IEC 27001A creates a standardized base, but it is somewhat theoretical and starts with a policy, not providing insights on how to govern information security. Also, most of these “ISO/IEC”-related gaps were found to have been compiled into a single “Technology” domain. Though compliance with standards, best practices, and regulatory requirements can help reduce cyber risks, it does not guarantee that an organization will have strong cybersecurity. To address this issue and assess how well organizations can protect, discern, react, and recover from cyberattacks, an effective method for measuring security performance must be developed.

Place, publisher, year, edition, pages
Switzerland: Springer, 2023. p. 219-226
Series
Communications in Computer and Information Science, ISSN 1865-0929, E-ISSN 1865-0937 ; 1835
Keywords [en]
ISO/IEC 27001, cybersecurity, risks, flawed governance, compliance, public sector.
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science
Identifiers
URN: urn:nbn:se:lnu:diva-123242DOI: 10.1007/978-3-031-36001-5_28Scopus ID: 2-s2.0-85169448045ISBN: 9783031360015 (electronic)OAI: oai:DiVA.org:lnu-123242DiVA, id: diva2:1781535
Conference
25th International Conference on Human-Computer Interaction, HCII 2023, Copenhagen, Denmark, July 23–28, 2023
Available from: 2023-07-10 Created: 2023-07-10 Last updated: 2024-08-28Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Magnusson, LarsDalipi, FisnikElm, Patrik

Search in DiVA

By author/editor
Magnusson, LarsDalipi, FisnikElm, Patrik
By organisation
Department of Informatics
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 333 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf