Information Classification Enablers

  • Erik BergströmEmail author
  • Rose-Mharie Åhlfeldt
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9482)


This paper presents a comprehensive systematic literature review of information classification (IC) enablers. We propose a classification based on the well-known levels of management: strategic, tactical and operational. The results reveal that a large number of enablers could be adopted to increase the applicability of IC in organizations. The results also indicate that there is not one single enabler solving the problem, but rather several enablers can influence the adoption.


Information classification Systematic literature review ISMS 


  1. 1.
    Adiraju, S.K.: Security considerations in integrating the fragmented, outsourced, ITSM processes. In: Third International Conference on Services in Emerging Markets, pp. 175–182 (2012)Google Scholar
  2. 2.
    Ager, T., Johnson, C., Kiernan, J.: Policy-based management and sharing of sensitive information among government agencies. In: Military Communications Conference, pp. 1–9 (2006)Google Scholar
  3. 3.
    Aksentijevic, S., Tijan, E., Agatic, A.: Information security as utilization tool of enterprise information capital. In: Proceedings of the 34th International Convention, pp. 1391–1395 (2011)Google Scholar
  4. 4.
    Al-Fedaghi, S.: On information lifecycle management. In: Asia-Pacific Services Computing Conference, pp. 335–342 (2008)Google Scholar
  5. 5.
    Ayres, L.: Thematic Coding and Analysis. The Sage encyclopedia of qualitative research methods, Thousand Oaks (2008). pp. 868–869CrossRefGoogle Scholar
  6. 6.
    Baškarada, S.: Analysis of data. Information Quality Management Capability Maturity Model, pp. 139–221. Vieweg+Teubner, Wiesbaden (2009)CrossRefGoogle Scholar
  7. 7.
    Bayuk, J.: Data-centric security. Comput. Fraud Secur. 2009(3), 7–11 (2009)CrossRefGoogle Scholar
  8. 8.
    Bergström, E., Åhlfeldt, R.-M.: Information classification issues. In: Bernsmed, K., Fischer-Hübner, S. (eds.) NordSec 2014. LNCS, vol. 8788, pp. 27–41. Springer, Heidelberg (2014)Google Scholar
  9. 9.
    Bernard, R.: Information lifecycle security risk assessment: A tool for closing security gaps. Comput. Secur. 26(1), 26–30 (2007)CrossRefGoogle Scholar
  10. 10.
    Bezuidenhout, M., Mouton, F., Venter, H.S.: Social engineering attack detection model: Seadm. In: Information Security for South Africa, pp. 1–8 (2010)Google Scholar
  11. 11.
    Blazic, A.J., Saljic, S.: Confidentiality labeling using structured data types. In: Fourth International Conference on Digital Society, pp. 182–187 (2010)Google Scholar
  12. 12.
    Boell, S., Cezec-Kecmanovic, D.: Are systematic reviews better, less biased and of higher quality? In: European Conference on Information Systems (2011)Google Scholar
  13. 13.
    Bunker, G.: Technology is not enough: taking a holistic view for information assurance. Inf. Secur. Tech. Rep. 17(1–2), 19–25 (2012)CrossRefGoogle Scholar
  14. 14.
    Burnap, P., Hilton, J.: Self protecting data for de-perimeterised information sharing. In: Third International Conference on Digital Society, pp. 65–70 (2009)Google Scholar
  15. 15.
    Chaput, S., Ringwood, K.: Cloud compliance: A framework for using cloud computing in a regulated world. In: Antonopoulos, N., Gillam, L. (eds.) Cloud Computing: Principles, Systems and Applications. Computer Communications and Networks, 14th edn, pp. 241–255. Springer, Heidelbreg (2010)CrossRefGoogle Scholar
  16. 16.
    Clark Iii, C., Chaffin, L., Chuvakin, A., Dunkel, D., Fogie, S., Gregg, M., Grossman, J., Hansen, R., Petkov, P.D., Rager, A., Schiller, C.A., Paladino, S.: InfoSecurity 2008 Threat Analysis. Syngress, Burlington (2008)Google Scholar
  17. 17.
    Collette, R.: Overcoming obstacles to data classification [information security]. Computer Economics Report 28(4), 8–11 (2006). (Int. Ed.)MathSciNetGoogle Scholar
  18. 18.
    Escalante, D., Korty, A.J.: Cloud services: policy and assessment. EDUCAUSE Rev. 46(4), 60–61 (2011)Google Scholar
  19. 19.
    Everett, C.: Building solid foundations: the case for data classification. Comput. Fraud Secur. 2011(6), 5–8 (2011)CrossRefGoogle Scholar
  20. 20.
    Feuerlicht, J., Grattan, P.: The role of classification of information in controlling data proliferation in end-user personal computer environment. Comput. Secur. 8(1), 59–66 (1989)CrossRefGoogle Scholar
  21. 21.
    Fibikova, L., Müller, R.: A simplified approach for classifying applications. In: Pohlmann, N., Reimer, H., Schneider, W. (eds.) ISSE 2010 Securing Electronic Business Processes, chapter 4, pp. 39–49. Vieweg+Teubner (2011)Google Scholar
  22. 22.
    Freeman, E.: Information and computer security risk management. In: Ghosh, S., Turrini, E. (eds.) Cybercrimes: A Multidisciplinary Analysis, 8th edn, pp. 151–163. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  23. 23.
    Gantz, S.D., Philpott, D.R.: FISMA and the Risk Management Framework. Syngress, Boston (2013)Google Scholar
  24. 24.
    Ghernaouti-Helie, S., Simms, D., Tashi, I.: Protecting information in a connected world: A question of security and of confidence in security. In: 14th International Conference on Network-Based Information Systems, pp. 208–212 (2011)Google Scholar
  25. 25.
    Glynn, S.: Getting to grips with data classification. Database Netw. J. 41(1), 8–9 (2011)Google Scholar
  26. 26.
    Gorge, M.: Are we being ‘greenwashed’ to the detriment of our organisations’ security? Comput. Fraud Secur. 2008(10), 14–18 (2008)CrossRefGoogle Scholar
  27. 27.
    Handel, M.J., Wang, E.Y.: I can’t tell you what i found: problems in multi-level collaborative information retrieval. In: Proceedings of the 3rd International Workshop on Collaborative Information Retrieval, pp. 1–6. ACM (2011)Google Scholar
  28. 28.
    Hayat, Z., Reeve, J., Boutle, C., Field, M.: Information security implications of autonomous systems. In: Military Communications Conference, pp. 897–903. IEEE Press (2006)Google Scholar
  29. 29.
    Heikkila, F.M.: E-discovery: Identifying and mitigating security risks during litigation. IT Prof. 10(4), 20–25 (2008)CrossRefMathSciNetGoogle Scholar
  30. 30.
    Hilton, J.: Improving the secure management of personal data: privacy on-line is important, but it’s not easy. Inf. Secur. Tech. Rep. 14(3), 124–130 (2009)CrossRefGoogle Scholar
  31. 31.
    ISO, IEC 27002: Information technology -security techniques- code of practice for information security controls (2013)Google Scholar
  32. 32.
    Johnson, M.E., Goetz, E., Pfleeger, S.L.: Security through information risk management. IEEE Secur. Priv. 7(3), 45–52 (2009)CrossRefGoogle Scholar
  33. 33.
    Kaiser, F.M.: The impact of overclassification on personnel and information security. Gov. Inf. Q. 3(3), 251–269 (1986)CrossRefGoogle Scholar
  34. 34.
    Kajava, J., Anttila, J., Varonen, R., Savola, R., Röning, J.: Senior executives commitment to information security – from motivation to responsibility. In: Wang, Y., Cheung, Y., Liu, H. (eds.) CIS 2006. LNCS (LNAI), vol. 4456, pp. 833–838. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  35. 35.
    Kane, G., Koppel, L.: Information Protection Playbook. Elsevier, Boston (2013)Google Scholar
  36. 36.
    King, P.: In the new converged world are we secure enough? Inf. Secur. Tech. Rep. 12(2), 90–97 (2007)CrossRefGoogle Scholar
  37. 37.
    Kitchenham, B., Charters, S.: Guidelines for performing systematic literature reviews in software engineering. Report, Keele University and Durham University Joint Report (2007)Google Scholar
  38. 38.
    Ku, C.Y., Chang, Y.W., Yen, D.C.: National information security policy and its implementation: a case study in Taiwan. Telecommun. Policy 33(7), 371–384 (2009)CrossRefGoogle Scholar
  39. 39.
    Kumar, R., Logie, R.: Creating an information-centric organisation culture at SBI general insurance. In: Sadiq, S. (ed.) Handbook of Data Quality: Research and Practice, 16th edn, pp. 369–395. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  40. 40.
    McCormick, M.: Data theft: A prototypical insider threat. In: Stolfo, S.J., Bellovin, S., Keromytis, A.D., Hershkop, S., Smith, S., Sinclair, S. (eds.) Insider Attack and Cyber Security: Beyond the Hacker. Advances in Information Security, vol. 39, 4th edn, pp. 53–68. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  41. 41.
    Newman, A.R.: Confidence, pedigree, and security classification for improved data fusion. In: Proceeding of the Fifth International Conference on Information Fusion, vol. 2, pp. 1408–1415 (2002)Google Scholar
  42. 42.
    Onwubiko, C.: Security issues to cloud computing. In: Antonopoulos, N., Gillam, L. (eds.) Cloud Computing: Principles, Systems and Applications. Computer Communications and Networks, 16th edn, pp. 271–288. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  43. 43.
    Oscarson, P., Karlsson, F.: A national model for information classification. In: Workshop on Information Security and Privacy (2009)Google Scholar
  44. 44.
    Parker, D.B.: The classification of information to protect it from loss. Inf. Sys. Secur. 5(2), 9–15 (1996)Google Scholar
  45. 45.
    Parker, D.B.: The strategic values of information security in business. Comput. Secur. 16(7), 572–582 (1997)CrossRefGoogle Scholar
  46. 46.
    Photopoulos, C.: Managing Catastrophic Loss of Sensitive Data. Syngress, Burlington (2008)Google Scholar
  47. 47.
    Puhakainen, P., Siponen, M.: Improving employees’ compliance through information systems security training: an action research study. MIS Q. 34(4), 757–778 (2010)Google Scholar
  48. 48.
    Rakers, J.: Managing professional and personal sensitive information. In: Proceedings of ACM SIGUCCS Fall Conf.: Navigation and Discovery, pp. 9–14. ACM (2010)Google Scholar
  49. 49.
    Saxby, S.: News and comment on recent developments from around the world. Comput. Law Secur. Rev. 24(2), 95–110 (2008)CrossRefGoogle Scholar
  50. 50.
    Smith, E., Eloff, J.H.P.: Security in health-care information systems current trends. Int. J. Med. Inform. 54(1), 39–54 (1999)CrossRefGoogle Scholar
  51. 51.
    Solms, R., Solms, S.H.: Information security governance: a model based on the direct-control cycle. Comput. Secur. 25(6), 408–412 (2006)CrossRefGoogle Scholar
  52. 52.
    Strauss, A., Corbin, J.: Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory. Sage Publications Inc, Thousand Oaks (1998)Google Scholar
  53. 53.
    Tsai, W.T., Wei, X., Chen, Y., Paul, R., Chung, J.Y., Zhang, D.: Data provenance in soa: security, reliability, and integrity. SOCA 1(4), 223–247 (2007)CrossRefGoogle Scholar
  54. 54.
    Virtanen, T.: Design criteria to classified information systems numerically. In: Dupuy, M., Paradinas, P. (eds.) Trusted Information: The New Decade Challenge Part 8. IFIP, vol. 65, 22nd edn, pp. 317–325. Springer, Heidelberg (2001)Google Scholar
  55. 55.
    Wiles, J., Gudaitis, T., Jabbusch, J., Rogers, R., Lowther, S.: Low Tech Hacking. Syngress, Boston (2012)Google Scholar
  56. 56.
    Wilson, P.: Positive perspectives on cloud security. Inf. Secur. Tech. Rep. 16(3–4), 97–101 (2011)CrossRefGoogle Scholar
  57. 57.
    Wrona, K., Hallingstad, G.: Controlled information sharing in NATO operations. In: Military Communications Conference, pp. 1285–1290 (2011)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Informatics Research CentreUniversity of SkövdeSkövdeSweden

Personalised recommendations