Information Classification Enablers

This paper presents a comprehensive systematic literature review of information classification (IC) enablers. We propose a classification based on the well-known levels of management: strategic, tactical and operational. The results reveal that a large number of enablers could be adopted to increase the applicability of IC in organizations. The results also indicate that there is not one single enabler solving the problem, but rather several enablers can influence the adoption.

[1]  Shari Lawrence Pfleeger,et al.  Security through Information Risk Management , 2009, IEEE Security & Privacy.

[2]  Jason Rakers,et al.  Managing professional and personal sensitive information , 2010, SIGUCCS '10.

[3]  Stephen Saxby News and comment on recent developments from around the world , 1992, Comput. Law Secur. Rev..

[4]  Sebastian K. Boell,et al.  Are systematic reviews better, less biased and of higher quality? , 2011, ECIS.

[5]  M. Field,et al.  Information Security Implications of Autonomous Systems , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[6]  A. R. Newman Confidence, pedigree, and security classification for improved data fusion , 2002, Proceedings of the Fifth International Conference on Information Fusion. FUSION 2002. (IEEE Cat.No.02EX5997).

[7]  Faith M. Heikkila E-Discovery: Identifying and Mitigating Security Risks during Litigation , 2008, IT Professional.

[8]  Raymond A. Paul,et al.  Data provenance in SOA: security, reliability, and integrity , 2007, Service Oriented Computing and Applications.

[9]  Jennifer Bayuk,et al.  Data-centric security , 2009 .

[10]  Anselm L. Strauss,et al.  Basics of qualitative research : techniques and procedures for developing grounded theory , 1998 .

[11]  Piers Wilson,et al.  Positive perspectives on cloud security , 2011, Inf. Secur. Tech. Rep..

[12]  Mikko T. Siponen,et al.  Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study , 2010, MIS Q..

[13]  Paul King In the new converged world are we secure enough? , 2007, Inf. Secur. Tech. Rep..

[14]  Jeremy Hilton Improving the secure management of personal data: Privacy on-line IS important, but it's not easy , 2009, Inf. Secur. Tech. Rep..

[15]  Juha Röning,et al.  Senior Executives Commitment to Information Security - from Motivation to Responsibility , 2006, 2006 International Conference on Computational Intelligence and Security.

[16]  Guy Bunker Technology is not enough: Taking a holistic view for information assurance , 2012, Inf. Secur. Tech. Rep..

[17]  T. Ager,et al.  Policy-Based Management and Sharing of Sensitive Information Among Government Agencies , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[18]  Hein S. Venter,et al.  Social engineering attack detection model: SEADM , 2010, 2010 Information Security for South Africa.

[19]  Rose-Mharie Åhlfeldt,et al.  Information Classification Issues , 2014, NordSec.

[20]  Robert Logie,et al.  Creating an Information-Centric Organisation Culture at SBI General Insurance , 2013, Handbook of Data Quality.

[21]  Konrad S. Wrona,et al.  Controlled information sharing in NATO operations , 2011, 2011 - MILCOM 2011 Military Communications Conference.

[22]  David C. Yen,et al.  National information security policy and its implementation: A case study in Taiwan , 2009 .

[23]  Solange Ghernaouti-Helie,et al.  Protecting Information in a Connected World: A Question of Security and of Confidence in Security , 2011, 2011 14th International Conference on Network-Based Information Systems.

[24]  Cyril Onwubiko,et al.  Security Issues to Cloud Computing , 2010, Cloud Computing.

[25]  Edvard Tijan,et al.  Information security as utilization tool of enterprise information capital , 2011, 2011 Proceedings of the 34th International Convention MIPRO.

[26]  Fredrik Karlsson,et al.  A National Model for Information Classification , 2009 .

[27]  Cath Everett Building solid foundations: the case for data classification , 2011 .

[28]  Roland Müller,et al.  A Simplified Approach for Classifying Applications , 2010, ISSE.

[29]  Sabah S. Al-Fedaghi On Information Lifecycle Management , 2008, 2008 IEEE Asia-Pacific Services Computing Conference.

[30]  J. Feuerlicht,et al.  The role of classification of information in controlling data proliferation in end-user personal computer environment , 1989, Comput. Secur..

[31]  Shawn R. Chaput,et al.  Cloud Compliance: A Framework for Using Cloud Computing in a Regulated World , 2010, Cloud Computing.

[32]  Saša Baškarada,et al.  Analysis of Data , 2009 .

[33]  Teemupekka Virtanen Design Criteria to Classified Information Systems Numerically , 2001, SEC.

[34]  Jan H. P. Eloff,et al.  Security in health-care information systems - current trends , 1999, Int. J. Medical Informatics.

[35]  Rossouw von Solms,et al.  Information Security Governance: A model based on the Direct-Control Cycle , 2006, Comput. Secur..

[36]  S. Adiraju Security Considerations in Integrating the Fragmented, Outsourced, ITSM Processes , 2012, 2012 Third International Conference on Services in Emerging Markets.

[37]  Mark J. Handel,et al.  I can't tell you what i found: problems in multi-level collaborative information retrieval , 2011, CIR '11.

[38]  Mathieu Gorge Are we being ‘greenwashed’ to the detriment of our organisations' security? , 2008 .

[39]  Pete Burnap,et al.  Self Protecting Data for De-perimeterised Information Sharing , 2009, 2009 Third International Conference on Digital Society.

[40]  Donn B. Parker,et al.  The strategic values of information security in business , 1997, Comput. Secur..

[41]  Ray Bernard,et al.  Information Lifecycle Security Risk Assessment: A tool for closing security gaps , 2007, Comput. Secur..

[42]  Michael McCormick,et al.  Data Theft: A Prototypical Insider Threat , 2008, Insider Attack and Cyber Security.

[43]  Aljoa Jerman Blaic,et al.  Confidentiality Labeling Using Structured Data Types , 2010, ICDS 2010.