| dc.description.abstract | Technological development affects most of the industries in the world, and the Norwegian financial sector is no exception. We use our digital tools every day, and these tools make footsteps of personal information. Norway is one of the most digitalized countries, and digitalization has brought new ways of thinking and made the sector more effective. However, this also brings new challenges with new vulnerabilities and risks. All this has made a need for understanding and managing cyber-risk.
This thesis investigates how the Norwegian financial sector handles the risk of losing personal information when drawing on cyber-attacks by performing a content analysis based on relevant documents and articles. Discussion and analysis of the dominant documents and articles contribute to achieving the thesis goal of answering the research question. We do this intending to generate awareness of the cyber-risk in the sector when it comes to handling personal information. Additionally, we aim to create an understanding and knowledge base of the topic to understand the development better and be capable of being resilient to this type of risk.
The content analysis of cyber-risk and cyber-threat in this thesis reveals that the risk of losing personal information is in constant flux. The reason is compound, but the analysis shows that our main findings can summarize it; Implementation and enactment of complexity in existing material, Speedy development and an arduous environment, and Endorsement of robustness, relicense, and redundancy.
We were especially boggled over the neglection of integrating complexity as a risk in both the current NIST-framework and the ISO27001 standard. Also, the rapid development of technology and different types of actors may force the sector to take measures, but the long value chains increase the complexity. | |
