Information Risk Management A Case Study of Major Swedish Banks Concerning the Concept of Information Risk Management

Abstract

Given the information- and knowledge-intense characteristics of the modern world, there is no surprise that information risks and security is a growing concern among most companies. The managing of these risks is therefore increasing in significance. In this thesis we addressed issues concerning information risk management, which is about managing risks associated with disclosure, modification, unavailability or destruction of information. The research was conducted in order to clarify the perceptions along with the involvement and awareness of information risk management. Our investigation approach consisted of qualitative interviews, in the form of case studies, with risk managers at four major banks in Sweden. The work, which was carried out in cooperation with KPMG, resulted in a better understanding of how information risk management is structured and organised as well as which information risk areas are considered to be included in the concept of information risk management. The main conclusions drawn from our research firstly, emphasised the importance of reducing information risk by securing the availability, confidentiality, integrity and traceability of the information, and secondly, showed great awareness and commitment for these issues among top management as well as among employees within the organisations.