Säkerhetsstyrning inom den Finansiella Sektorn : En Studie på Best Practice hos Tre Svenska Banker

Sammanfattning: For organizations that handle sensitive information, IT governance and information security are necessities in order to maintain credibility and to conduct its business efficiently. There are several known processes to increase security governance – which is a fusion of information security and IT governance. This master thesis examines if organizations use recognized processes and if it in that case would lead to higher security. The study is qualitative and conducted in the financial sector and based on Best Practice frameworks of the security governance in Swedish banks. Data collection was done through interviews and surveys that were triangulated to get a gathered picture of the quality of the security governance activities. The questionnaire surveys were graded according to the Likert scale. This work shows that banks use the processes described in the theory section, Chapter 3, and that they have adapted them to the business. The results from both the interviews and questionnaires show that Bank 3 has a high degree of security governance in the organization. This bank also had good cooperation and communication between the business and the IT side - they worked well aligned. There are clear indications that show that the banks take the methods and processes described in the study into consideration, but that they were adapted to the banks' operations. It is important that business and IT find meeting places - both parties need to contribute with their expertise to achieve the best possible outcome - a safe basis for security governance.