Improving the Information Security Model by using TFI

AHLFELDT, Rose-Mharie and Spagnoletti, Paolo and Sindre, Guttorm (2007) Improving the Information Security Model by using TFI. In: New Approaches for Security, Privacy and Trust in Complex Environments. Springer, BOSTON -- USA, p. 73-84. ISBN ISBN 978-0-387-72366-2.

Corporate Creators

University of Skovde, Sweden, CeRSI - LUISS Guido Carli, NTNU, Trondheim, Norway

PDF (post-print)
Download (250kB)


In the context of information systems and information technology, information security is a concept that is becoming widely used. The European Network of Excellence INTEROP classifies information security as a nonfunctional aspect of interoperability and as such it is an integral part of the design process for interoperable systems. In the last decade, academics and practitioners have shown their interest in information security, for example by developing security models for evaluating products and setting up security specifications in order to safeguard the confidentiality, integrity, availability and accountability of data. Earlier research has shown that measures to achieve information security in the administrative or organisational level are missing or inadequate. Therefore, there is a need to improve information security models by including vital elements of information security. In this paper, we introduce a holistic view of information security based on a Swedish model combined with a literature survey. Furthermore we suggest extending this model using concepts based on semiotic theory and adopting the view of an information system as constituted of the technical, formal and informal (TFI) parts. The aim is to increase the understanding of the information security domain in order to develop a well-founded theoretical framework, which can be used both in the analysis and the design phase of interoperable systems. Finally, we describe and apply the Information Security (InfoSec) model to the results of three different case studies in the healthcare domain. Limits of the model will be highlighted and an extension will be proposed.


[1] Björck, F., 2005a. Knowledge Security [on line]. Available from: [Accessed 1 November, 2005]. [2] Oscarsson, P., 2002. Information Security, Data Security, IT Security, Computer Security, IS Security ... - What Makes the Difference? In Proceedings of Promote IT, pp. 649-655. Skövde, Sweden. 22-24 April 2002. [3] NE 2005. National Encyclopedia [on-line]. Available from: [Accessed 28 October 2005]. [4] U.S. National Information Systems Security Glossary, 2006. Available from: [Accessed 25 October 2006]. [5] Wikipedia, 2006. Information Security. Available from: [Accessed 29 May, 2006]. [6] SIS, 2003. SIS Handbok 550. Terminologi för informationssäkerhet. SIS Förlag AB. Stockholm (in Swedish). [7] Åhlfeldt, R-M., 2006. Information Security in a Distributed Healthcare Domain – Exploring the Problems and Needs of Different Healthcare Providers. Licentiate Dissertation. Report series No. 06-003. ISSN 1101-8526. [8] Firesmith D.G., 2005. “Analyzing the Security Significance of System Requirements,” Requirements Engineering’2005 (RE’05) Symposium on Requirements Engineering for Information Security (SREIS), IEEE Computer Society, Washington, D.C., September 2005. [9] Jain, A. & Raja, M K 2006. An Exploratory Assessment of Information Security Principles & Practices: An Insight from a Financial Services company, Proceedings of the 5th Security Conference, Las Vegas. [10] Liebenau and Backhouse 1990 Understanding Information: an Introduction, Macmillan, London. [11] Stamper R., Liu K., Hafkamp M. and Ades Y. 2000 Understanding the Roles of Signs and Norms in Organisations - A semiotic approach to information systems design. Journal of Behaviour & Information Technology, vol. 19 (1), pp 15-27. [12] Dhillon, G. 1997. Managing information system security. London: Macmillan. [13] Harris, M. & Mishra, S. 2006 Human Behavior Aspects in Information Systems Security. Proceedings of the 5th Security Conference, Las Vegas. [14] Lee, A.S. (1999). Inaugural Editor’s Comments, MIS Quarterly, 23(1), v-xi. [15] Dhillon, G. and Backhouse J. 2001 Current Directions in IS Security Research: Toward Socio-Organisational Perspectives. Information Systems Journal 11(2): 127-153.

Item Type: Monograph Section
Research documents and activity classification: Book Sections > Monograph's chapters
Divisions: Department of Business and Management > CeRSI (Information Systems Research Centre)
Uncontrolled Keywords: Information Security Management, semiotics
MIUR Scientific Area: Area 13 - Economics and Statistics > SECS-P/10 Business Organisation
Deposited by: Paolo Spagnoletti
Date Deposited: 31 Aug 2011 17:52
Last Modified: 21 Apr 2015 23:14


Downloads per month over past year

Repository Staff Only

View Item View Item