Skip to main content
Springer Nature Link
Log in

Information Classification Enablers

  • Conference paper
  • First Online:
Foundations and Practice of Security (FPS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9482))

Included in the following conference series:

  • 746 Accesses

Abstract

This paper presents a comprehensive systematic literature review of information classification (IC) enablers. We propose a classification based on the well-known levels of management: strategic, tactical and operational. The results reveal that a large number of enablers could be adopted to increase the applicability of IC in organizations. The results also indicate that there is not one single enabler solving the problem, but rather several enablers can influence the adoption.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Adiraju, S.K.: Security considerations in integrating the fragmented, outsourced, ITSM processes. In: Third International Conference on Services in Emerging Markets, pp. 175–182 (2012)

    Google Scholar 

  2. Ager, T., Johnson, C., Kiernan, J.: Policy-based management and sharing of sensitive information among government agencies. In: Military Communications Conference, pp. 1–9 (2006)

    Google Scholar 

  3. Aksentijevic, S., Tijan, E., Agatic, A.: Information security as utilization tool of enterprise information capital. In: Proceedings of the 34th International Convention, pp. 1391–1395 (2011)

    Google Scholar 

  4. Al-Fedaghi, S.: On information lifecycle management. In: Asia-Pacific Services Computing Conference, pp. 335–342 (2008)

    Google Scholar 

  5. Ayres, L.: Thematic Coding and Analysis. The Sage encyclopedia of qualitative research methods, Thousand Oaks (2008). pp. 868–869

    Book  Google Scholar 

  6. Baškarada, S.: Analysis of data. Information Quality Management Capability Maturity Model, pp. 139–221. Vieweg+Teubner, Wiesbaden (2009)

    Chapter  Google Scholar 

  7. Bayuk, J.: Data-centric security. Comput. Fraud Secur. 2009(3), 7–11 (2009)

    Article  Google Scholar 

  8. Bergström, E., Åhlfeldt, R.-M.: Information classification issues. In: Bernsmed, K., Fischer-Hübner, S. (eds.) NordSec 2014. LNCS, vol. 8788, pp. 27–41. Springer, Heidelberg (2014)

    Google Scholar 

  9. Bernard, R.: Information lifecycle security risk assessment: A tool for closing security gaps. Comput. Secur. 26(1), 26–30 (2007)

    Article  Google Scholar 

  10. Bezuidenhout, M., Mouton, F., Venter, H.S.: Social engineering attack detection model: Seadm. In: Information Security for South Africa, pp. 1–8 (2010)

    Google Scholar 

  11. Blazic, A.J., Saljic, S.: Confidentiality labeling using structured data types. In: Fourth International Conference on Digital Society, pp. 182–187 (2010)

    Google Scholar 

  12. Boell, S., Cezec-Kecmanovic, D.: Are systematic reviews better, less biased and of higher quality? In: European Conference on Information Systems (2011)

    Google Scholar 

  13. Bunker, G.: Technology is not enough: taking a holistic view for information assurance. Inf. Secur. Tech. Rep. 17(1–2), 19–25 (2012)

    Article  Google Scholar 

  14. Burnap, P., Hilton, J.: Self protecting data for de-perimeterised information sharing. In: Third International Conference on Digital Society, pp. 65–70 (2009)

    Google Scholar 

  15. Chaput, S., Ringwood, K.: Cloud compliance: A framework for using cloud computing in a regulated world. In: Antonopoulos, N., Gillam, L. (eds.) Cloud Computing: Principles, Systems and Applications. Computer Communications and Networks, 14th edn, pp. 241–255. Springer, Heidelbreg (2010)

    Chapter  Google Scholar 

  16. Clark Iii, C., Chaffin, L., Chuvakin, A., Dunkel, D., Fogie, S., Gregg, M., Grossman, J., Hansen, R., Petkov, P.D., Rager, A., Schiller, C.A., Paladino, S.: InfoSecurity 2008 Threat Analysis. Syngress, Burlington (2008)

    Google Scholar 

  17. Collette, R.: Overcoming obstacles to data classification [information security]. Computer Economics Report 28(4), 8–11 (2006). (Int. Ed.)

    MathSciNet  Google Scholar 

  18. Escalante, D., Korty, A.J.: Cloud services: policy and assessment. EDUCAUSE Rev. 46(4), 60–61 (2011)

    Google Scholar 

  19. Everett, C.: Building solid foundations: the case for data classification. Comput. Fraud Secur. 2011(6), 5–8 (2011)

    Article  Google Scholar 

  20. Feuerlicht, J., Grattan, P.: The role of classification of information in controlling data proliferation in end-user personal computer environment. Comput. Secur. 8(1), 59–66 (1989)

    Article  Google Scholar 

  21. Fibikova, L., Müller, R.: A simplified approach for classifying applications. In: Pohlmann, N., Reimer, H., Schneider, W. (eds.) ISSE 2010 Securing Electronic Business Processes, chapter 4, pp. 39–49. Vieweg+Teubner (2011)

    Google Scholar 

  22. Freeman, E.: Information and computer security risk management. In: Ghosh, S., Turrini, E. (eds.) Cybercrimes: A Multidisciplinary Analysis, 8th edn, pp. 151–163. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  23. Gantz, S.D., Philpott, D.R.: FISMA and the Risk Management Framework. Syngress, Boston (2013)

    Google Scholar 

  24. Ghernaouti-Helie, S., Simms, D., Tashi, I.: Protecting information in a connected world: A question of security and of confidence in security. In: 14th International Conference on Network-Based Information Systems, pp. 208–212 (2011)

    Google Scholar 

  25. Glynn, S.: Getting to grips with data classification. Database Netw. J. 41(1), 8–9 (2011)

    Google Scholar 

  26. Gorge, M.: Are we being ‘greenwashed’ to the detriment of our organisations’ security? Comput. Fraud Secur. 2008(10), 14–18 (2008)

    Article  Google Scholar 

  27. Handel, M.J., Wang, E.Y.: I can’t tell you what i found: problems in multi-level collaborative information retrieval. In: Proceedings of the 3rd International Workshop on Collaborative Information Retrieval, pp. 1–6. ACM (2011)

    Google Scholar 

  28. Hayat, Z., Reeve, J., Boutle, C., Field, M.: Information security implications of autonomous systems. In: Military Communications Conference, pp. 897–903. IEEE Press (2006)

    Google Scholar 

  29. Heikkila, F.M.: E-discovery: Identifying and mitigating security risks during litigation. IT Prof. 10(4), 20–25 (2008)

    Article  MathSciNet  Google Scholar 

  30. Hilton, J.: Improving the secure management of personal data: privacy on-line is important, but it’s not easy. Inf. Secur. Tech. Rep. 14(3), 124–130 (2009)

    Article  Google Scholar 

  31. ISO, IEC 27002: Information technology -security techniques- code of practice for information security controls (2013)

    Google Scholar 

  32. Johnson, M.E., Goetz, E., Pfleeger, S.L.: Security through information risk management. IEEE Secur. Priv. 7(3), 45–52 (2009)

    Article  Google Scholar 

  33. Kaiser, F.M.: The impact of overclassification on personnel and information security. Gov. Inf. Q. 3(3), 251–269 (1986)

    Article  Google Scholar 

  34. Kajava, J., Anttila, J., Varonen, R., Savola, R., Röning, J.: Senior executives commitment to information security – from motivation to responsibility. In: Wang, Y., Cheung, Y., Liu, H. (eds.) CIS 2006. LNCS (LNAI), vol. 4456, pp. 833–838. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  35. Kane, G., Koppel, L.: Information Protection Playbook. Elsevier, Boston (2013)

    Google Scholar 

  36. King, P.: In the new converged world are we secure enough? Inf. Secur. Tech. Rep. 12(2), 90–97 (2007)

    Article  Google Scholar 

  37. Kitchenham, B., Charters, S.: Guidelines for performing systematic literature reviews in software engineering. Report, Keele University and Durham University Joint Report (2007)

    Google Scholar 

  38. Ku, C.Y., Chang, Y.W., Yen, D.C.: National information security policy and its implementation: a case study in Taiwan. Telecommun. Policy 33(7), 371–384 (2009)

    Article  Google Scholar 

  39. Kumar, R., Logie, R.: Creating an information-centric organisation culture at SBI general insurance. In: Sadiq, S. (ed.) Handbook of Data Quality: Research and Practice, 16th edn, pp. 369–395. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  40. McCormick, M.: Data theft: A prototypical insider threat. In: Stolfo, S.J., Bellovin, S., Keromytis, A.D., Hershkop, S., Smith, S., Sinclair, S. (eds.) Insider Attack and Cyber Security: Beyond the Hacker. Advances in Information Security, vol. 39, 4th edn, pp. 53–68. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  41. Newman, A.R.: Confidence, pedigree, and security classification for improved data fusion. In: Proceeding of the Fifth International Conference on Information Fusion, vol. 2, pp. 1408–1415 (2002)

    Google Scholar 

  42. Onwubiko, C.: Security issues to cloud computing. In: Antonopoulos, N., Gillam, L. (eds.) Cloud Computing: Principles, Systems and Applications. Computer Communications and Networks, 16th edn, pp. 271–288. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  43. Oscarson, P., Karlsson, F.: A national model for information classification. In: Workshop on Information Security and Privacy (2009)

    Google Scholar 

  44. Parker, D.B.: The classification of information to protect it from loss. Inf. Sys. Secur. 5(2), 9–15 (1996)

    Google Scholar 

  45. Parker, D.B.: The strategic values of information security in business. Comput. Secur. 16(7), 572–582 (1997)

    Article  Google Scholar 

  46. Photopoulos, C.: Managing Catastrophic Loss of Sensitive Data. Syngress, Burlington (2008)

    Google Scholar 

  47. Puhakainen, P., Siponen, M.: Improving employees’ compliance through information systems security training: an action research study. MIS Q. 34(4), 757–778 (2010)

    Google Scholar 

  48. Rakers, J.: Managing professional and personal sensitive information. In: Proceedings of ACM SIGUCCS Fall Conf.: Navigation and Discovery, pp. 9–14. ACM (2010)

    Google Scholar 

  49. Saxby, S.: News and comment on recent developments from around the world. Comput. Law Secur. Rev. 24(2), 95–110 (2008)

    Article  Google Scholar 

  50. Smith, E., Eloff, J.H.P.: Security in health-care information systems current trends. Int. J. Med. Inform. 54(1), 39–54 (1999)

    Article  Google Scholar 

  51. Solms, R., Solms, S.H.: Information security governance: a model based on the direct-control cycle. Comput. Secur. 25(6), 408–412 (2006)

    Article  Google Scholar 

  52. Strauss, A., Corbin, J.: Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory. Sage Publications Inc, Thousand Oaks (1998)

    Google Scholar 

  53. Tsai, W.T., Wei, X., Chen, Y., Paul, R., Chung, J.Y., Zhang, D.: Data provenance in soa: security, reliability, and integrity. SOCA 1(4), 223–247 (2007)

    Article  Google Scholar 

  54. Virtanen, T.: Design criteria to classified information systems numerically. In: Dupuy, M., Paradinas, P. (eds.) Trusted Information: The New Decade Challenge Part 8. IFIP, vol. 65, 22nd edn, pp. 317–325. Springer, Heidelberg (2001)

    Google Scholar 

  55. Wiles, J., Gudaitis, T., Jabbusch, J., Rogers, R., Lowther, S.: Low Tech Hacking. Syngress, Boston (2012)

    Google Scholar 

  56. Wilson, P.: Positive perspectives on cloud security. Inf. Secur. Tech. Rep. 16(3–4), 97–101 (2011)

    Article  Google Scholar 

  57. Wrona, K., Hallingstad, G.: Controlled information sharing in NATO operations. In: Military Communications Conference, pp. 1285–1290 (2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Informatics Research Centre, University of Skövde, 541 28, Skövde, Sweden

    Erik Bergström & Rose-Mharie Åhlfeldt

Authors
  1. Erik Bergström
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rose-Mharie Åhlfeldt
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Erik Bergström .

Editor information

Editors and Affiliations

  1. Télécom SudParis, Evry, France

    Joaquin Garcia-Alfaro

  2. School of Computer Science, Carleton University, Ottawa, Ontario, Canada

    Evangelos Kranakis

  3. École des Mines de Nancy, Université de Lorraine, Nancy Cedex, France

    Guillaume Bonfante

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Bergström, E., Åhlfeldt, RM. (2016). Information Classification Enablers. In: Garcia-Alfaro, J., Kranakis, E., Bonfante, G. (eds) Foundations and Practice of Security. FPS 2015. Lecture Notes in Computer Science(), vol 9482. Springer, Cham. https://doi.org/10.1007/978-3-319-30303-1_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-30303-1_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-30302-4

  • Online ISBN: 978-3-319-30303-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics