Disputation: Dinh Uy Tran

Doctoral candidate Dinh Uy Tran at the Department of Informatics, Faculty of Mathematics and Natural Sciences, is defending the thesis Holistic Understanding of Information Security Posture for the degree of Philosophiae Doctor.

    Time and place: , Kristen Nygaards sal (5370), Ole-Johan Dahls hus /Zoom
    Picture of the candidate

    Photo: UiO

    The PhD defence will be partially digital, in Kristen Nygaards sal (5370), Ole-Johan Dahls hus and streamed directly using Zoom. The host of the session will moderate the technicalities while the chair of the defence will moderate the disputation.

    Ex auditorio questions: the chair of the defence will invite the attending audience at Kristen Nygaards sal to ask ex auditorio questions. 

    Trial lecture

    "KPIs for monitoring and measuring an organization's information security posture"

    Time and place: December 14,  2023 11:15 AM, Kristen Nygaards sal (5370), Ole-Johan Dahls hus/Zoom

    Main research findings

    • The main findings indicate that the existing literature on Information Security Governance (ISG) primarily focuses on "what" to implement, rather than providing guidance on "how" to do it. Another finding is the lack of emphasis on methods to gain oversight of the information security posture (ISP). This study highlights the inconsistent interpretation of ISP within the literature. It typically adopts an information security perspective rather than considering a holistic approach. To address this gap, this study proposes a new definition and conceptualisation of ISP that covers holistically and provides ideas on how to organise an ISG program. Additionally, the study introduces strategies for assessing and managing positive risks, which deviate from the conventional emphasis on threats or "what can go wrong," thereby supporting a holistic approach to information security. Furthermore, this study analyses existing research on the communication and reporting of information security activities. The main findings emphasise the significance of effective communication with the business, utilising a business language. However, there is limited discussion on how to learn this language. To bridge this gap, this study presents a theoretical framework for learning Business Language for Information Security (BLIS) and published a textbook as a resource for learning these domains.

    Adjudication committee:

    • Associate Professor Karin Bernsmed, NTNU, Norway
    • Associate Professor Christian D. Jensen, Technical University of Denmark
    • Associate Professor Egil Øvrelid, University of Oslo, Department of Informatics, UIO, Norway

    Supervisors

    • Professor Audun Jøsang, Department of Informatics, UIO, Norway

    • Associate Professor Janne Hagen, The Norwegian Water Resources and Energy Directorate (NVE)

    Chair of defence:

    Professor Carsten Griwodz

    Candidate contact information: www.linkedin.com/in/uydinhtran

    Contact information at Department: Mozhdeh Sheibani Harat 

    Published Nov. 30, 2023 10:29 AM - Last modified Dec. 13, 2023 9:59 AM
    E-mail this page