Developing an information classification method

Purpose: The purpose of this paper is to develop a method for information classification. The proposed method draws on established standards, such as the ISO/IEC 27002 and information classification practices. The long-term goal of the method is to decrease the subjective judgement in the implementation of information classification in organisations, which can lead to information security breaches because the information is under- or over-classified. Design/methodology/approach: The results are based on a design science research approach, implemented as five iterations spanning the years 2013 to 2019. Findings: The paper presents a method for information classification and the design principles underpinning the method. The empirical demonstration shows that senior and novice information security managers perceive the method as a useful tool for classifying information assets in an organisation. Research limitations/implications: Existing research has, to a limited extent, provided extensive advice on how to approach information classification in organisations systematically. The method presented in this paper can act as a starting point for further research in this area, aiming at decreasing subjectivity in the information classification process. Additional research is needed to fully validate the proposed method for information classification and its potential to reduce the subjective judgement. Practical implications: The research contributes to practice by offering a method for information classification. It provides a hands-on-tool for how to implement an information classification process. Besides, this research proves that it is possible to devise a method to support information classification. This is important, because, even if an organisation chooses not to adopt the proposed method, the very fact that this method has proved useful should encourage any similar endeavour. Originality/value: The proposed method offers a detailed and well-elaborated tool for information classification. The method is generic and adaptable, depending on organisational needs.

MoreLess

Year of publication:	2020
Authors:	Bergström, Erik ; Karlsson, Fredrik ; Åhlfeldt, Rose-Mharie
Published in:	Information & Computer Security. - Emerald, ISSN 2056-4961, ZDB-ID 2810936-3. - Vol. 29.2020, 2 (03.12.), p. 209-239
Publisher:	Emerald

Online Resource

Check full text access |

More access options

Check Google Scholar

In libraries world-wide (WorldCat)

In German libraries (KVK)

subito order

I need help

More details

Type of publication:	Article
Language:	English
Other identifiers:	10.1108/ics-07-2020-0110 [DOI]
Source:	Other ZBW resources

Persistent link: https://www.econbiz.de/10012638364