For organizations that handle sensitive information, IT governance and Information security are necessities in order to maintain credibility and to conduct its business efficiently. There are several known processes to increase security governance ? which is a fusion of Information security and IT governance.This master thesis examines if organizations use recognized processes and if it in that case would lead to higher security. The study is qualitative and conducted in the financial sector and based on Best Practice frameworks of the security governance in Swedish banks. Data collection was done through interviews and surveys that were triangulated to get a gathered picture of the quality of the security governance activities.

This report was made for the company HordaGruppen AB to investigate how Information security was handled. This report fits in the Master program of Internet Technology at School of Engineering in Jönköping University in Sweden.The question at issue was how you protect your information against different threats. One question was how to make an Information security policy and which guidelines you can follow in the Swedish Standard, SS-ISO/IEC 17799:2000.Another question was to investigate the information sources at the company and which threats there are against it.The work begins with a presentation about Information security for the chief of information and the chief of quality in the company. The next thing was to do a survey of as thing are at present with a tool from Länsteknikcentrum called ?Infosäkpulsen?.

The systems environments of today are often distributed and heterogeneous. These kind of systems have several advantages but also disadvantages. One problem is how to keep them secure.The security problems in these environments are mainly due to the communication between the connected computers. It is relatively easy to tap these communication channels from information. There is also a need for the possibility to secure these channels from modification of sent information and to be able to verify the sender and receiver of information in a secure manner.

Systems development methods mirror different organizational perspectives, and not all methods are formalised, but what they have in common is the purpose of structuring and supporting systems development processes. Which method would be the most suitable may be determined by the systems development context at hand, because every systems development context is unique. Information is a valuable asset in today?s organizations, and it needs to be protected against both internal and external security threats. In our essay we aspired to find and present suggestions as to how systems developers can include security in the very design based on formalised systems development methods to create systems that are better prepared to meet the security challenges of today.

In this essay I analyze the concepts security and security policy from a critical, feministic point of view. The traditional way of thinking security is state-centred and narrow with its military oriented threatening pictures and solutions.I advocate that the two concepts need a more feministic and holistic approach to be able to cope with the threats of our time and include the security for women explicitly.To suggest how this can be done I introduce a model; security-sphere, which should be seen as a way to constructively connect my objections to the existing research with a new approach to security problems. The security-sphere is based on two analytical parts; the private security sub-sphere and the public security sub-sphere, in order to make new images of security problems visible.It is a fact that most of the threats against women specifically, take place in the private sphere where no traditional analytical tools reach in - these threats have not been seen as 'real' security problems. My aim is therefore to integrate these issues into the agenda of security policy..

This bachelor thesis looks at developers knowledge about web security both regarding their own view on their knowledge and their actual knowledge about vulnerabilities and how you mitigate against them. Web developers knowledge regarding web security are becoming more and more important as more applications and services moves to the web and more and more items become connected to the internet. We are doing this by conducting a survey among developers that are currently studying in the field or are working in the field to get a grip on how the knowledge is regarding the most common security concepts. What we saw was that the result varies between the different concepts and many lack much of the knowledge in web security that is getting increasingly more important to have..

Background: Risk Management plays an important part of the enterprises strategic business activity. Efficient Risk Management will secure the businesses survival, assets and creates market advantages. The interest of Information security has consequently gained in Swedish corporations. Corporations have realized the importance of the information which is stored in the IT systems. IT is the tool for businesses future progress and growth and therefore a source of risks.

???Information Technology is an essential part of the society today, not least in large ???organisations dealing with sensitive information. An example of such an organisation is the Swedish Armed Forces which indeed is in the need of ways to ensure Information security in their Information Technology systems. The means which is used is an authorisation and accreditation process.All Information Technology systems go through a life cycle which includes realisation, usage, development and liquidation. In the Swedish Armed Forces the lifecycle is an authorisation process.

This bachelor thesis looks at developers knowledge about web security both regarding their own view on their knowledge and their actual knowledge about vulnerabilities and how you mitigate against them. Web developers knowledge regarding web security are becoming more and more important as more applications and services moves to the web and more and more items become connected to the internet. We are doing this by conducting a survey among developers that are currently studying in the field or are working in the field to get a grip on how the knowledge is regarding the most common security concepts. What we saw was that the result varies between the different concepts and many lack much of the knowledge in web security that is getting increasingly more important to have..

ABSTRACTThe aim of this study is to analyse if the UN today constructs the water issue as a security issue and to argue about in which way the organization in that case does so alternatively why it can be said that the UN doesn?t construct the water issue as a security issue.In order to reach this purpose the following questions will be answered:?Does the UN construct the water issue as a security issue today?-If yes, in which way?-If no, why can it be said that the organisation doesn?t?The methods used are qualitative literature studies of policy documents on water from the UN. The focus is to analyze the ideas about water and to apply my theory on the concept of security, which is Barry Buzan?s framework on security, to these ideas.The main results showed that the UN strongly constructs the water issue as an environmental security issue for environments and species and in relatively strong terms also constructs it as an environmental security issue for civilisations. In rare cases the organisation constructs it as a societal security issue, but the UN doesn?t construct the water issue as a military, political or economic security issue..

Big dangerous Russia, environmental thief or house warmer? The Nord Stream pipelines are a highly debated theme in Europe and the EU. A number of different countries will be subject to the pipelines direct or indirect. This paper aims to figure out what kind of threats and possibilities Denmark, Finland, Sweden and Germany consider to be the consequences with the pipelines.The study takes as a standpoint the area of security studies and the widened of the same. The three standpoints within the security study that will be used are military security, environmental security and energy security.

ABSTRACT The main purpose of IT security policies is to protect companies against intrusion and unwanted spread of information. Statistics show that IT related crimes tend to increase and because of that it is important, from the company?s side of view, to be well prepared. The IT security policy is an important part of that preparation. A lot of the crimes related to IT can be deduced indirectly to employees at the companies where the crime takes place.

Information security is an essential part of all information systems; especially in large organizations and companies dealing with classified material. Every large information system has an architecture that includes many parts that together form an Enterprise Architecture. The aim of this thesis is to study how to describe several security functions in an Enterprise Architecture and also how to ensure accountability between requirements and the implementation of the security functions. The description is for stakeholders on a conceptual level rather than a technical level. The study has been carried out by comparing the theoretical framework that has been formed by a study of the literature, and the empirical framework that has been formed by a group discussion and interviews with Information security Consultants from Combitech AB.

???Information Technology is an essential part of the society today, not least in large ???organisations dealing with sensitive information. An example of such an organisation is the Swedish Armed Forces which indeed is in the need of ways to ensure Information security in their Information Technology systems. The means which is used is an authorisation and accreditation process.All Information Technology systems go through a life cycle which includes realisation, usage, development and liquidation. In the Swedish Armed Forces the lifecycle is an authorisation process.

ABSTRACT The main purpose of IT security policies is to protect companies against intrusion and unwanted spread of information. Statistics show that IT related crimes tend to increase and because of that it is important, from the company?s side of view, to be well prepared. The IT security policy is an important part of that preparation. A lot of the crimes related to IT can be deduced indirectly to employees at the companies where the crime takes place.