Defining Information Security

Björn Lundgren, Niklas Möller

Research output: Contribution to journalArticleAcademicpeer-review

Abstract

This article proposes a new definition of information security, the ‘Appropriate Access’ definition. Apart from providing the basic criteria for a definition—correct demarcation and meaning concerning the state of security—it also aims at being a definition suitable for any information security perspective. As such, it bridges the conceptual divide between so-called ‘soft issues’ of information security (those including, e.g., humans, organizations, culture, ethics, policies, and law) and more technical issues. Because of this it is also suitable for various analytical purposes, such as analysing possible security breaches, or for studying conflicting attitudes on security in an organization. The need for a new definition is demonstrated by pointing to a number of problems for the standard definition type of information security—the so-called CIA definition. Besides being too broad as well as too narrow, it cannot properly handle the soft issues of information security, nor recognize the contextual and normative nature of security.
Original languageEnglish
Pages (from-to)419-441
JournalScience and Engineering Ethics
Volume25
DOIs
Publication statusPublished - 15 Apr 2019
Externally publishedYes

Fingerprint

Dive into the research topics of 'Defining Information Security'. Together they form a unique fingerprint.

Cite this