The PhD defence will be partially digital, in Kristen Nygaards sal (5370), Ole-Johan Dahls hus and streamed directly using Zoom. The host of the session will moderate the technicalities while the chair of the defence will moderate the disputation.
Ex auditorio questions: the chair of the defence will invite the attending audience at Kristen Nygaards sal to ask ex auditorio questions.
Trial lecture
"KPIs for monitoring and measuring an organization's information security posture"
Time and place: December 14, 2023 11:15 AM, Kristen Nygaards sal (5370), Ole-Johan Dahls hus/Zoom
Main research findings
-
The main findings indicate that the existing literature on Information Security Governance (ISG) primarily focuses on "what" to implement, rather than providing guidance on "how" to do it. Another finding is the lack of emphasis on methods to gain oversight of the information security posture (ISP). This study highlights the inconsistent interpretation of ISP within the literature. It typically adopts an information security perspective rather than considering a holistic approach. To address this gap, this study proposes a new definition and conceptualisation of ISP that covers holistically and provides ideas on how to organise an ISG program. Additionally, the study introduces strategies for assessing and managing positive risks, which deviate from the conventional emphasis on threats or "what can go wrong," thereby supporting a holistic approach to information security. Furthermore, this study analyses existing research on the communication and reporting of information security activities. The main findings emphasise the significance of effective communication with the business, utilising a business language. However, there is limited discussion on how to learn this language. To bridge this gap, this study presents a theoretical framework for learning Business Language for Information Security (BLIS) and published a textbook as a resource for learning these domains.
Adjudication committee:
- Associate Professor Karin Bernsmed, NTNU, Norway
- Associate Professor Christian D. Jensen, Technical University of Denmark
- Associate Professor Egil Øvrelid, University of Oslo, Department of Informatics, UIO, Norway
Supervisors
- Professor Audun Jøsang, Department of Informatics, UIO, Norway
-
Associate Professor Janne Hagen, The Norwegian Water Resources and Energy Directorate (NVE)
Chair of defence:
Candidate contact information: www.linkedin.com/in/uydinhtran
Contact information at Department: Mozhdeh Sheibani Harat