Information security is about managing risks that unintentionally affects information contained in and provided by information systems, the technology and infrastructure we use and rely on. Whether it be at home, at work, or in society at large.
However, implementation of security controls (technical as well as administrative in nature) for effective risk mitigation is based on a sound, strategic understanding of the relevant context and what to protect, as well as current threats and vulnerabilities. To this end, theories, methods, and tools for operational management are needed, along with knowledge on how to systematically and continuously work with reducing risks down to an acceptable level by employing tactical security controls. Information security is therefore more than just security controls, and needs to be understood as a socio-technical system that includes people, technology and infrastructure.
The Information Security research at the division of Digital Services and Systems crosses a strategic, operational, and tactical perspective. The research aims to better understand, develop, and disseminate knowledge about socio-technical factors that affect information security from these three perspectives, on an individual, organizational, as well as societal level. The group conducts research primarily on the development of theories, methods, and tools with emphasis on application, preservation, and evaluation of confidentiality, integrity, and availability for both private and public organizations’ information and communication technologies (ICTs).
Examples of our research include management of information security in the form of risk management, knowledge development in the form of simulation and gamification around incident response and continuity planning, but also development and analysis of security controls, such as blockchain-based solutions and security in networks and critical infrastructure.
Our research is based on three challenge areas that also bring together our expertise in information security:
- Strategic - Research on information security governance, such as the development and implementation of information security policies, roles, responsibilities and standards to protect and enable an organization’s goals and vision.
- Operational - Research on the management of and processes for information security, such as training and awareness, evaluation and prioritization of critical information assets, as well as evaluation and communication of physical, administrative and technical security controls.
- Tactical - Research on security controls, detection, response, and analysis of threats and vulnerabilities in networks and systems, both technical and social.
Cybernode: Human aspects
We are already members of the Swedish Cybernode, which was formed in 2020 to create a promising innovation climate for the cyber security industry. The members come from, among other, public actors, business, and universities. Relatively immediately, the need to address human aspects in a specific w...
ISSUES - Information Security and digital Services for sUstainablE designS
The project engages companies and researchers in collaboration to support development and internationalisation through information-secure digital services. The challenge is to bring together user experience and information security in the early development of services, and to improve the usability o...
Secure information flows with at digital platform for biofuels
The project aims to investigate safety aspects and whether blockchains can be used to meet users' demands for safety, tr...
Secure information flows with a digital platform for trading in biofuels
To have established a digital platform for trading in solid biofuels that is used by a significant proportion of market ...
Digital security for the Internet of Things
The project aims to shed light on digital trust from both developers 'and users' perspectives, ie. companies / organizat...
Focus on circular economy and sustainable business models
In a new project, funded by the Kamprad Family Foundation, Luleå University of Technology's researchers Thomas Zobel and...
The project, which consists of representatives from the process industry, IT companies and academia, examines human and ...
CYNIC – Cyber security in Innovation and Business Communication
The project has identified that information security is an obstacle for SMEs in order to dare to invest in new business ...