Skip to main content
SpringerLink
Log in
Book cover

Nordic Conference on Secure IT Systems

NordSec 2014: Secure IT Systems pp 27–41Cite as

Information Classification Issues

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8788))

Abstract

This paper presents an extensive systematic literature review with the aim of identifying and classifying issues in the information classification process. The classification selected uses human and organizational factors for grouping the identified issues. The results reveal that policy-related issues are most commonly described, but not necessarily the most crucial ones. Furthermore, gaps in the research field are identified in order to outline paths for further research.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Oscarson, P., Karlsson, F.: A National Model for Information Classification. In: AIS SIGSEC Workshop on Information Security & Privacy (WISP 2009), Phoenix, AZ, USA (2009)

    Google Scholar 

  2. ISO/IEC 27000: Information technology – Security techniques – Information security management systems – Overview and vocabulary. ISO/IEC (2014)

    Google Scholar 

  3. ISO/IEC 27002: Information technology – Security techniques – Code of practice for information security controls. ISO/IEC (2013)

    Google Scholar 

  4. Axelrod, C.W., Bayuk, J.L., Schutzer, D.: Enterprise Information Security and Privacy. Artech House (2009)

    Google Scholar 

  5. Bayuk, J.: The utility of security standards. In: 2010 IEEE International Carnahan Conference on Security Technology (ICCST), pp. 1–6 (2010)

    Google Scholar 

  6. Park, W.-S., Seo, S.-W., Son, S.-S., Lee, M.-J., Kim, S.-H., Choi, E.-M., Bang, J.-E., Kim, Y.-E., Kim, O.-N.: Analysis of Information Security Management Systems at 5 Domestic Hospitals with More than 500 Beds. Healthc. Inform. Res. 16, 89–99 (2010)

    Article  Google Scholar 

  7. Luethi, M., Knolmayer, G.F.: Security in Health Information Systems: An Exploratory Comparison of U.S. and Swiss Hospitals. In: 42nd Hawaii International Conference on System Sciences, HICSS 2009, pp. 1–10 (2009)

    Google Scholar 

  8. Glynn, S.: Getting To Grips With Data Classification. Database and Network Journal 41, 8–9 (2011)

    Google Scholar 

  9. Ghernaouti-Helie, S., Simms, D., Tashi, I.: Protecting Information in a Connected World: A Question of Security and of Confidence in Security. In: 14th International Conference on Network-Based Information Systems (NBiS), pp. 208–212 (2011)

    Google Scholar 

  10. Collette, R.: Overcoming obstacles to data classification [information security]. Computer Economics Report (International Edition) 28, 8–11 (2006)

    Google Scholar 

  11. Hayes, J.: Have data will travel - [IT security]. Engineering & Technology 3, 60–61 (2008)

    Article  Google Scholar 

  12. Kane, G., Koppel, L.: Information Protection Function One: Governance. In: Kane, G.K., Lorna (eds.) Information Security, ch. 1, pp. 1–11. Elsevier, Boston (2013)

    Google Scholar 

  13. Kitchenham, B., Charters, S.: Guidelines for performing Systematic Literature Reviews in Software Engineering. Keele University and Durham University Joint Report (2007)

    Google Scholar 

  14. Virtanen, T.: Design Criteria to Classified Information Systems Numerically. In: Dupuy, M., Pierre, P. (eds.) Trusted Information. IFIP, vol. 65, pp. 317–325. Springer, Boston (2001)

    Chapter  Google Scholar 

  15. DuraiPandian, N., Chellappan, C.: Dynamic information security level reclassification. In: 2006 IFIP International Conference on Wireless and Optical Communications Networks, Bangalore, India (2006)

    Google Scholar 

  16. Hayat, Z., Reeve, J., Boutle, C., Field, M.: Information security implications of autonomous systems. In: Proceedings of the 2006 IEEE Conference on Military Communications, pp. 897–903. IEEE Press, Washington, D.C. (2006)

    Google Scholar 

  17. Eloff, J.H.P., Holbein, L.R., Teufel, S.: Security classification for documents. Computers & Security 15, 55–71 (1996)

    Article  Google Scholar 

  18. Feuerlicht, J., Grattan, P.: The role of classification of information in controlling data proliferation in end-user personal computer environment. Computers & Security 8, 59–66 (1989)

    Article  Google Scholar 

  19. Parker, D.B.: The classification of information to protect it from loss. Information Systems Security 5, 9–15 (1996)

    Google Scholar 

  20. Kwo-Jean, F., Shu-Kuo, L., Chi-Chun, L.: A study on e-Taiwan information system security classification and implementation. Computer Standards & Interfaces 30, 1–7 (2008)

    Article  Google Scholar 

  21. Fernando, D., Zavarsky, P.: Secure decommissioning of confidential electronically stored information (CESI): A framework for managing CESI in the disposal phase as needed. In: 2012 World Congress on Internet Security (WorldCIS), pp. 218–222 (2012)

    Google Scholar 

  22. Fibikova, L., Müller, R.: A Simplified Approach for Classifying Applications. In: Pohlmann, N., Reimer, H., Schneider, W. (eds.) ISSE 2010 Securing Electronic Business Processes, pp. 39–49. Vieweg+Teubner (2011)

    Google Scholar 

  23. Everett, C.: Building solid foundations: the case for data classification. Computer Fraud & Security 2011, 5–8 (2011)

    Google Scholar 

  24. Wohlin, C., Runeson, P., da Mota Silveira Neto, P.A., Engström, E., do Carmo Machado, I., de Almeida, E.S.: On the reliability of mapping studies in software engineering. Journal of Systems and Software 86, 2594–2610 (2013)

    Article  Google Scholar 

  25. Boell, S., Cezec-Kecmanovic, D.: Are systematic reviews better, less biased and of higher quality? In: European Conference on Information Systems (2011)

    Google Scholar 

  26. Lin, J.: Is searching full text more effective than searching abstracts? BMC Bioinformatics 10, 1–15 (2009)

    Article  Google Scholar 

  27. Kraemer, S., Carayon, P., Clem, J.: Human and organizational factors in computer and information security: Pathways to vulnerabilities. Computers & Security 28, 509–520 (2009)

    Article  Google Scholar 

  28. Strauss, A., Corbin, J.: Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory. Sage Publications, Inc., Thousand Oaks (1998)

    Google Scholar 

  29. Gantz, S.D., Philpott, D.R.: Federal Information Security Fundamentals. In: Gantz, S.D.P., Daniel, R. (eds.) FISMA and the Risk Management Framework, ch. 2, pp. 23–52. Syngress (2013)

    Google Scholar 

  30. Grandison, T., Bilger, M., O’Connor, L., Graf, M., Swimmer, M., Schunter, M., Wespi, A., Zunic, N.: Elevating the Discussion on Security Management: The Data Centric Paradigm. In: 2nd IEEE/IFIP International Workshop on Business-Driven IT Management, BDIM, pp. 84–93 (2007)

    Google Scholar 

  31. Jafari, M., Fathian, M.: Management Advantages of Object Classification in Role-Based Access Control (RBAC). In: Cervesato, I. (ed.) ASIAN 2007. LNCS, vol. 4846, pp. 95–110. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  32. Lindup, K.R.: A new model for information security policies. Computers & Security 14, 691–695 (1995)

    Article  Google Scholar 

  33. Parker, D.B.: The strategic values of information security in business. Computers & Security 16, 572–582 (1997)

    Article  Google Scholar 

  34. Ramasamy, H.V., Schunter, M.: Multi-Level Security for Service-Oriented Architectures. In: Military Communications Conference, MILCOM 2006, pp. 1–7. IEEE (2006)

    Google Scholar 

  35. Bunker, G.: Technology is not enough: Taking a holistic view for information assurance. Information Security Technical Report 17, 19–25 (2012)

    Article  Google Scholar 

  36. Winkler, V.: Chapter 3 - Security Concerns, Risk Issues, and Legal Aspects. In: Winkler, V. (ed.) Securing the Cloud, pp. 55–88. Syngress, Boston (2011)

    Chapter  Google Scholar 

  37. Baškarada, S.: Analysis of Data. In: Information Quality Management Capability Maturity Model, pp. 139–221. Vieweg+Teubner (2009)

    Google Scholar 

  38. Booysen, H.A.S., Eloff, J.H.P.: Classification of objects for improved access control. Computers & Security 14, 251–265 (1995)

    Article  Google Scholar 

  39. Ku, C.-Y., Chang, Y.-W., Yen, D.C.: National information security policy and its implementation: A case study in Taiwan. Telecommunications Policy 33, 371–384 (2009)

    Article  Google Scholar 

  40. Puhakainen, P., Siponen, M.: Improving employees’ compliance through information systems security training: an action research study. MIS Q. 34, 757–778 (2010)

    Google Scholar 

  41. Janczewski, L., Xinli Shi, F.: Development of Information Security Baselines for Healthcare Information Systems in New Zealand. Computers & Security 21, 172–192 (2002)

    Article  Google Scholar 

  42. Al-Fedaghi, S.: On Information Lifecycle Management. In: Asia-Pacific Services Computing Conference, APSCC 2008, pp. 335–342. IEEE (2008)

    Google Scholar 

  43. Aksentijevic, S., Tijan, E., Agatic, A.: Information security as utilization tool of enterprise information capital. In: MIPRO, 2011 Proceedings of the 34th International Convention, pp. 1391–1395 (2011)

    Google Scholar 

  44. Ager, T., Johnson, C., Kiernan, J.: Policy-Based Management and Sharing of Sensitive Information Among Government Agencies. In: Military Communications Conference, MILCOM 2006, pp. 1–9. IEEE (2006)

    Google Scholar 

  45. Arutyunov, V.V.: Identification and authentication as the basis for information protection in computer systems. Sci. Tech. Inf. Proc. 39, 133–138 (2012)

    Article  MathSciNet  Google Scholar 

  46. Seifert, J.W., Relyea, H.C.: Do you know where your information is in the homeland security era? Government Information Quarterly 21, 399–405 (2004)

    Article  Google Scholar 

  47. Saxby, S.: News and comment on recent developments from around the world. Computer Law & Security Review 24, 95–110 (2008)

    Article  Google Scholar 

  48. Feinberg, L.E.: FOIA, federal information policy, and information availability in a post-9/11 world. Government Information Quarterly 21, 439–460 (2004)

    Article  Google Scholar 

  49. Velev, D., Zlateva, P.: Cloud Infrastructure Security. In: Camenisch, J., Kisimov, V., Dubovitskaya, M. (eds.) iNetSec 2010. LNCS, vol. 6555, pp. 140–148. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  50. Wilson, P.: Positive perspectives on cloud security. Information Security Technical Report 16, 97–101 (2011)

    Google Scholar 

  51. Freeman, E.: Information and Computer Security Risk Management. In: Ghosh, S., Turrini, E. (eds.) Cybercrimes: A Multidisciplinary Analysis, pp. 151–163. Springer, Heidelberg (2011)

    Google Scholar 

  52. Everett, C.: Building solid foundations: the case for data classification. Computer Fraud & Security 2011(6), 5–8 (2011)

    Article  Google Scholar 

  53. Adiraju, S.K.: Security Considerations in Integrating the Fragmented, Outsourced, ITSM Processes. In: 2012 Third International Conference on Services in Emerging Markets (ICSEM), pp. 175–182 (2012)

    Google Scholar 

  54. Chaput, S., Ringwood, K.: Cloud Compliance: A Framework for Using Cloud Computing in a Regulated World. In: Antonopoulos, N., Gillam, L. (eds.) Cloud Computing, pp. 241–255. Springer, London (2010)

    Chapter  Google Scholar 

  55. Hilton, J.: Improving the secure management of personal data: Privacy on-line IS important, but it’s not easy. Information Security Technical Report 14, 124–130 (2009)

    Article  Google Scholar 

  56. Wang, W., Peng, G., Lu, G.: Agricultural Informationization in China. In: Ordóñez de Pablos, P.L., Miltiadis, D. (eds.) The China Information Technology Handbook, pp. 271–297. Springer US (2009)

    Google Scholar 

  57. Boonstra, D., Schotanus, H.A., Verkoelen, C.A.A., Smulders, A.C.M.: A methodology for the structured security analysis of interconnections. In: Military Communications Conference - MILCOM 2011, pp. 1267–1272 (2011)

    Google Scholar 

  58. Wrona, K., Hallingstad, G.: Controlled information sharing in NATO operations. In: Military Communications Conference - MILCOM 2011, pp. 1285–1290 (2011)

    Google Scholar 

  59. Karat, J., Karat, C.-M., Brodie, C., Feng, J.: Privacy in information technology: Designing to enable privacy policy management in organizations. International Journal of Human-Computer Studies 63, 153–174 (2005)

    Article  Google Scholar 

  60. Vrhovec, G.: Beating the privacy challenge. Computer Fraud & Security 2011, 5–8 (2011)

    Article  Google Scholar 

  61. Kulkarni, A., Williams, E., Grimaila, M.R.: Mitigating Security Risks for End User Computing Application (EUCA) Data. In: 2010 IEEE Second International Conference on Social Computing (SocialCom), pp. 1171–1176 (2010)

    Google Scholar 

  62. Tsai, W.T., Wei, X., Chen, Y., Paul, R., Chung, J.-Y., Zhang, D.: Data provenance in SOA: security, reliability, and integrity. SOCA 1, 223–247 (2007)

    Article  Google Scholar 

  63. Newman, A.R.: Confidence, pedigree, and security classification for improved data fusion. In: Proceedings of the Fifth International Conference on Information Fusion, vol. 2, 1402, pp. 1408–1415 (2002)

    Google Scholar 

  64. Taylor, L.P.: Chapter 8 - Categorizing Data Sensitivity. In: Taylor, L.P. (ed.) FISMA Compliance Handbook, 2nd edn., pp. 63–78. Syngress, Boston (2013)

    Chapter  Google Scholar 

  65. Wei, W., Shengzhong, Y., Hong, H.: Design of Portal-Based Uniform Identity Authentication System in Campus Network. In: 2010 International Conference on Multimedia Communications (Mediacom),, pp. 112-115 (2010)

    Google Scholar 

  66. Blyth, A., Kovacich, G.L.: IA and Software. Information Assurance, pp. 191–212. Springer, London (2006)

    Google Scholar 

  67. Demsky, B.: Cross-application data provenance and policy enforcement. ACM Trans. Inf. Syst. Secur. 14, 1–22 (2011)

    Article  Google Scholar 

  68. Ashley, P., Vandenwauver, M., Siebenlist, F.: Applying authorization to intranets: architectures, issues and APIs. Computer Communications 23, 1613–1620 (2000)

    Article  Google Scholar 

  69. Burnap, P., Hilton, J.: Self Protecting Data for De-perimeterised Information Sharing. In: Third International Conference on Digital Society, ICDS 2009, pp. 65–70 (2009)

    Google Scholar 

  70. Alqudah, B.I., Nair, S.: Toward Multi-Service Electronic Medical Records Structure. In: Suh, S.C., Gurupur, V.P., Tanik, M.M. (eds.) Biomedical Engineering, pp. 243–254. Springer, New York (2011)

    Chapter  Google Scholar 

  71. Etges, R., McNeil, K.: Understanding data classification based on business and security requirements. ISACA Information Systems Control Journal 5 (2006)

    Google Scholar 

  72. Fomin, V.V., de Vries, H.J., Barlette, Y.: ISO/IEC 27001 information systems security management standard: exploring the reasons for low adoption. In: EUROMOT 2008 Conference, Nice, France (2008)

    Google Scholar 

  73. Siponen, M., Willison, R.: Information security management standards: Problems and solutions. Information & Management 46, 267–270 (2009)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Informatics Research Centre, University of Skövde, 541 28, Skövde, Sweden

    Erik Bergström & Rose-Mharie Åhlfeldt

Authors
  1. Erik Bergström
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rose-Mharie Åhlfeldt
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Erik Bergström .

Editor information

Editors and Affiliations

  1. SINTEF ICT, Trondheim, Norway

    Karin Bernsmed

  2. Karlstad University, Karlstad, Sweden

    Simone Fischer-Hübner

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Bergström, E., Åhlfeldt, RM. (2014). Information Classification Issues. In: Bernsmed, K., Fischer-Hübner, S. (eds) Secure IT Systems. NordSec 2014. Lecture Notes in Computer Science(), vol 8788. Springer, Cham. https://doi.org/10.1007/978-3-319-11599-3_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-11599-3_2

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-11598-6

  • Online ISBN: 978-3-319-11599-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation