Informationssäkerhet är ett område som kommit att sättas alltmer i fokus hos organisationer. Tidigare har främst tekniska lösningar för att skydda viktig information fått uppmärksamhet, det är först på senare tid som informationssäkerhet har börjat uppfattas som ett komplext område som innefattar såväl tekniska, som organisatoriska och mänskliga faktorer. För att eftersträva en god informationssäkerhet inom organisationen bör ett grundligt arbete läggas på att utveckla informationssäkerhetspolicys och säkerhetsansvariga måste kontinuerligt utbilda och skapa medvetenhet hos anställda kring vilka hot som finns mot organisationen ifall informationssäkerhetsbestämmelser inte efterlevs.Huvudsyftet i föreliggande studie har varit att undersöka vilka faktorer som styr anställdas efterlevnad av informationssäkerhetspolicys. Ytterligare delsyfte har varit att undersöka hur den faktiska efterlevnaden av informationssäkerhetsbestämmelser avspeglar sig inom två vårdverksamheter i Landstinget i Östergötland. För att uppfylla studiens syfte har fallstudier genomförts där såväl observationer som intervjuer med personal legat till grund för datainsamlingen.Resultatet visar att säkerhetsmedvetandet och efterlevnaden av säkerhetsbestämmelser inom de undersökta organisationerna är tämligen god, men det finns skillnader i graden av efterlevnad.

This report was made for the company HordaGruppen AB to investigate how information security was handled. This report fits in the Master program of Internet Technology at School of Engineering in Jönköping University in Sweden.The question at issue was how you protect your information against different threats. One question was how to make an information security policy and which guidelines you can follow in the Swedish Standard, SS-ISO/IEC 17799:2000.Another question was to investigate the information sources at the company and which threats there are against it.The work begins with a presentation about information security for the chief of information and the chief of quality in the company. The next thing was to do a survey of as thing are at present with a tool from Länsteknikcentrum called ?Infosäkpulsen?.

Background: Risk Management plays an important part of the enterprises strategic business activity. Efficient Risk Management will secure the businesses survival, assets and creates market advantages. The interest of information security has consequently gained in Swedish corporations. Corporations have realized the importance of the information which is stored in the IT systems. IT is the tool for businesses future progress and growth and therefore a source of risks.

For organizations that handle sensitive information, IT governance and information security are necessities in order to maintain credibility and to conduct its business efficiently. There are several known processes to increase security governance ? which is a fusion of information security and IT governance.This master thesis examines if organizations use recognized processes and if it in that case would lead to higher security. The study is qualitative and conducted in the financial sector and based on Best Practice frameworks of the security governance in Swedish banks. Data collection was done through interviews and surveys that were triangulated to get a gathered picture of the quality of the security governance activities.

During 2001-2002 a prototype, IMIS (Integrated Mobile Information System) was developed at BTH (Blekinge University of Technology) to demonstrate how mobile IT-systems can be used in healthcare. The prototype was based on the activity theory of Engeström. An ongoing project started in spring 2003. The purpose of the project is further development of IMIS with special focus in the diabetes healthcare. Participants in the project are scientists and students at BTH, ALMI Företagspartner, Blekinge FoU-enhet, Barndiabetesförbundet Blekinge, Blekinge Diabetesförening, Vårdcentralen Ronneby and Vårdcentralen Sölvesborg.

???Information Technology is an essential part of the society today, not least in large ???organisations dealing with sensitive information. An example of such an organisation is the Swedish Armed Forces which indeed is in the need of ways to ensure information security in their Information Technology systems. The means which is used is an authorisation and accreditation process.All Information Technology systems go through a life cycle which includes realisation, usage, development and liquidation. In the Swedish Armed Forces the lifecycle is an authorisation process.

This report presents a method for modelling a computer system from a security perspective. The questions that are going to be treated are:? What defines a secure system and how does the company relate to these factors?? What are the threats today based on hardware/software, human factors and company routines/policies?? What measures should be taken for the organisation to reach a higher level of security for their systems?? How do we develop a method for classification of security and what components should it contain?? What changes are reasonable and necessary with the respect to the company?s resources?The report has been done through interviews and analysis of existing systems on Fla?kt Woods AB. From analysis of material, the aspects judged relevant to the subject and to the company?s needs, have been compiled to a document.

The systems environments of today are often distributed and heterogeneous. These kind of systems have several advantages but also disadvantages. One problem is how to keep them secure.The security problems in these environments are mainly due to the communication between the connected computers. It is relatively easy to tap these communication channels from information. There is also a need for the possibility to secure these channels from modification of sent information and to be able to verify the sender and receiver of information in a secure manner.

This paper aims to find out how to implement an information security management (ISMS) system that is based on ISO/IEC 27001-standard into a small organization with high employee turnover. The standard employs the PDCA-method as a course of action for implementing the standard. The reason for implementing such a system is to introduce information security to the organization and to maintain it despite the changes in management. The paper based it?s survey on a case study of a student nation in Uppsala, Sweden.

During 2001-2002 a prototype, IMIS (Integrated Mobile Information System) was developed at BTH (Blekinge University of Technology) to demonstrate how mobile IT-systems can be used in healthcare. The prototype was based on the activity theory of Engeström. An ongoing project started in spring 2003. The purpose of the project is further development of IMIS with special focus in the diabetes healthcare. Participants in the project are scientists and students at BTH, ALMI Företagspartner, Blekinge FoU-enhet, Barndiabetesförbundet Blekinge, Blekinge Diabetesförening, Vårdcentralen Ronneby and Vårdcentralen Sölvesborg.

The aim of this report is to discuss computer security in handheld computers and to find out the appropriate security level that must be implemented to be able to use handheld computers within the Swedish healthcare system. Most healthcare centers are using some kind of electronic journals for their patient´s data today, but there are still a number of clinics that are usingthe old paper-system. On a few places in Sweden the use of handheld computers at the clinics has already started, but in the United States the use of handheld computers in the medical area is already widespread and from this we can see a lot of different situations where it is useful and effective to work with handheld computers. The security demands on patient´s journals are high and regulated in both Swedish law and regulations from the National Swedish Board of Health and Welfare. The law does not have any substantial demands, but states that there should be an adequate security level based on the nature of the information and the costs.

Systems development methods mirror different organizational perspectives, and not all methods are formalised, but what they have in common is the purpose of structuring and supporting systems development processes. Which method would be the most suitable may be determined by the systems development context at hand, because every systems development context is unique. Information is a valuable asset in today?s organizations, and it needs to be protected against both internal and external security threats. In our essay we aspired to find and present suggestions as to how systems developers can include security in the very design based on formalised systems development methods to create systems that are better prepared to meet the security challenges of today.

ABSTRACT The main purpose of IT security policies is to protect companies against intrusion and unwanted spread of information. Statistics show that IT related crimes tend to increase and because of that it is important, from the company?s side of view, to be well prepared. The IT security policy is an important part of that preparation. A lot of the crimes related to IT can be deduced indirectly to employees at the companies where the crime takes place.

???Information Technology is an essential part of the society today, not least in large ???organisations dealing with sensitive information. An example of such an organisation is the Swedish Armed Forces which indeed is in the need of ways to ensure information security in their Information Technology systems. The means which is used is an authorisation and accreditation process.All Information Technology systems go through a life cycle which includes realisation, usage, development and liquidation. In the Swedish Armed Forces the lifecycle is an authorisation process.

ABSTRACT The main purpose of IT security policies is to protect companies against intrusion and unwanted spread of information. Statistics show that IT related crimes tend to increase and because of that it is important, from the company?s side of view, to be well prepared. The IT security policy is an important part of that preparation. A lot of the crimes related to IT can be deduced indirectly to employees at the companies where the crime takes place.