There is an awareness in Sweden that the society critically depends on various information and knowledge systems. These systems are vulnerable and subject to disruptions, which may lead to the collapse of the fundamental societal infrastructure. To respond to the needs for protection and preserving the information infrastructure, DSV established a comprehensive research and education program in Cyber security. The program combines the two intertwined and mutually dependent areas of information security and digital forensics.

Information security

Traditional information security starts with basic computer and networking security issues such as protection from numerous threats and attacks, usually termed as risks, and in general the protection of societal public and private information assets. The integrity of digital services is addressed with different policy and management strategies, which also require a multidisciplinary approach to the design, implementation, and operation of secure systems. Due to the nature of the today's societal and physical landscape, a broad spectrum of challenges such as hacker attacks, cyber invasions, natural calamities, human errors and others must be met with solutions based on the technology and science, policy, management, culture, and education. The range of topics studied are business organizations, data networks, clouds, the Internet of Things, software security, management and organizational frameworks and systems, risk analysis, security policies, legal aspects, and societal concerns.

The research revolves around the following topics:

  • Methods and strategies for information security management in organizations
  • Models of human behaviour in security environments
  • Secure software and software for security
  • Data protection and stewardship including privacy
  • Information infrastructures resilience and sustainability on security
  • Structural and organizational aspects of Cyber defence
  • Development of National cyber security strategies and national readiness
  • Cyber trust
  • e-Government security and privacy

Digital forensics

The diversity of unwanted activities in the Digital Society ranges from viruses and botnets to distributed denials of service, cyber conflicts, attempts to disrupt the power grids or to establish "dark nets" as sinister infrastructures for massive frauds and terrorist plots. To study the best ways to keep the Cyberspace open, friendly, creative, and collaborative, we need to identify the digital footprints behind the illicit deeds that should be subject to scientific examination and analysis of recovered data which will eventually produce probative evidence admissible in the court of law. Digital forensics, which includes its computer, network and cyber instances is also about data archaeology and mining, intelligent algorithms, and correlating seemingly unrelated events.

The research focuses, among other things, on the following areas:

  • Developing models for digital forensics investigations including human rights and data protection
  • Using formalisms to identify and evaluate the tools for forensics investigations
  • Studying the best security algorithms to protect digital evidence
  • Platforms for intelligent creation of cases, discovery, and analysis
  • Virtualizations and simulation techniques for digital forensic training and learning
  • Policing the Tor network (and in general the Dark and the Deep web) through forensically complete, sound and ethical methods and techniques
  • Developing Swedish terminology in the area of digital forensics

Foundations, integration, and cooperation

The research philosophy is based on the holistic approach that overreaches various disciplines such as computer science, mathematics, artificial intelligence, data science information systems, business, economics, psychology, sociology, and anthropology. The idea is to address the challenges of the complex problems generated in the Digital society in an integrative way between the humans and the technology. It includes appropriate socio-technical models considering timely policies, risk assessment, mitigation procedures, economic and organizational aspects of using novel technologies to decrease the attack surfaces and reduce the impact of the attacks.

The research group has an intensive cooperation within Stockholm University, as well as other Swedish universities. Furthermore, there are links to international academic institutions, evidenced through the partnerships in various EU projects. For instance, the contribution to the EU electronic identity development has been through two projects done with the eGov lab at DSV.

The members of the group have a continuous presence in the international standard organizations. ISO stands out as a forum where they have played a substantial role in developing a series of standards such as ISO/IEC 27001 and 27002.

The fervent ties to the Swedish business community and public institutions result in mutual participation in research, education and application projects. Occasionally, the involvement results in the formation of national policies, strategies and white papers both for the public and private communities.