Organisatoriska effekter och hanteringen av Informationssäkerhet : En studie av tre olika organisationer

Information technology (IT) can be used to empower an organization to enable it to continue evolving. One aspect in which an organization can evolve is in the form of information security. Previously, information security has been seen as a concern only for the IT-department. However, as the number of threats towards information has rapidly grown over the years, the concern for information security has also increased. The issue on how to keep information safe from unauthorized people has become more important as well as questioned over the years. During the last decades, the concept of information security has evolved to become a multi-dimensional concern affecting entire communities, societies, and organizations. This means that information security has been managed differently in the past, but today, new and other measures are required to ensure the secrecy of certain information. Due to this, organizations are forced to implement certain measures to counter these threats, but what are the effects of this? This thesis compares three different organizations over three different sectors and the purpose is to investigate the effects information security might have within an organization as well as how these effects are managed. With a focus on policies, training, and education of employees as well as the employee awareness, this thesis aims to answer how organizations see information security. Further, it aims to find out what consequences these effects have on their daily work. The results from this study have shown that increased security measures need to be highly motivated and in continuous dialogue with the employees to bring incentives for further use of the measures. An increase in information security can have a damaging effect on efficiency. Therefore, it is important that the organization is able to ensure the desired effect of increased security. With larger openness and accessibility, employees will have easier and quicker access to the information needed, which is essential for the effectivity within the organization, as well as higher incentives for attacks and malpractice of information.Denna uppsats jämför tre olika organisationer verksamma i olika sektorer, syftet är att undersöka effekterna informationssäkerhet kan ha på en organisation men även hur dessa effkter är hanterade. Med fokus på policy, träning av anställda men också medvetenheten så siktar denna uppsats på att svara på hur organisationer ser informationssäkerhet. Den kommer också att försöka hitta vad konsekvenserna av informationssäkerhet i det dagliga arbetet. Resultatet från denna studie visar att ökad informationssäkerhet måste vara motiverat och i konstant dialog med användarna och implementera incitament för att öka motivet. Ökad informationssäkerhet kan ha en skadande effekt på effektiviteten, därför är det viktigt att organisationerna får den önskade effekten de vill av den ökade säkerheten. Genom mer transparans och tillgänglighet så medför det också att anställda har lättare att hitta rätt information som behös vilket är nödvändigt för effektivitet inom organisationen, men detta ökar även incitament för olika typer av attacker och misskötsel av information.