• norsk
    • English
  • English 
    • norsk
    • English
  • Login
View Item 
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi
  • View Item
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

The Norwegian Downsizing Approach in Terms of the Insider Threat - An interpretive study

Benjaminsen, Terje
Master thesis
Thumbnail
View/Open
17974_FULLTEXT.pdf (851.9Kb)
17974_COVER.pdf (1.639Mb)
URI
http://hdl.handle.net/11250/2448947
Date
2017
Metadata
Show full item record
Collections
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi [1563]
Abstract
This research examined how the Norwegian organizations approach a downsizing in terms of the insider threat. Ten subject matter experts in large Norwegian enterprises were interviewed. These subject matter experts serve in various industry sectors such as; petroleum and energy, climate and environment, agriculture and food, defense, finance, and maritime. The size of the organizations varies from around 400 to more than 10,000 employees. The results of these interviews have been discussed and partially compared with international practice. Then, authorities within the field of security management have commented on the findings and the suggested improvements. This is a qualitative study that describes and interprets the Norwegian approach, which provides strong rights for the employees, and does not examine cause and effect relationships.

The analysis has identified management as a key element to mitigate the insider threat in downsizing processes. Starting with top management in the planning phase, then transferring more responsibility on the middle management in the execution phase. Managers might not be aware of having such responsibility concerning the insider threat. The managers are additionally key players in building a healthy security culture. Given this important role, there seem to be a surprisingly low level of education and training aimed at personnel security management. Additionally, one must consider both the dismissed and the remaining employees. As a foundation, enterprises should have established policies, procedures, and holistic risk management, including the insider threat. Further, some enterprises could transform their approach from reactive towards proactive, and mitigate the insider threat by combined social and technical controls throughout the employment life-cycle. However, with adherence to rules and regulations, such as the EU General Data Protection Regulation (GDPR) concerning privacy.

Neither the Norwegian National Security Authority (NSM), the Norwegian Center for Information Security (NorSIS), or the Norwegian Business and Industry Security Council (NSR), with their background and expertise, question the findings.

To the authors knowledge, there have not been similar previous research, on how Norwegian organizations approach a downsizing in terms of the insider threat.
Publisher
NTNU

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit
 

 

Browse

ArchiveCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsDocument TypesJournalsThis CollectionBy Issue DateAuthorsTitlesSubjectsDocument TypesJournals

My Account

Login

Statistics

View Usage Statistics

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit