• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 1
  • Tagged with
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Ett anpassat ledningssystem för informationssäkerhet : - Hur gör en liten organisation med hög personalomsättning?

Magnus, Crafoord, Henrik, Sahlin January 2014 (has links)
This paper aims to find out how to implement an information security management (ISMS) system that is based on ISO/IEC 27001-standard into a small organization with high employee turnover. The standard employs the PDCA-method as a course of action for implementing the standard. The reason for implementing such a system is to introduce information security to the organization and to maintain it despite the changes in management. The paper based it’s survey on a case study of a student nation in Uppsala, Sweden. Data was gathered from documents, organization charts, direct observation and by studying physical artifacts. The result of this study showed that it is possible to base an ISMS on the ISO/IEC 27001-standard and that the PDCA-method of implementing the system works if careful adaptation of the two is applied during its establishment into the organization. This paper concludes that certain aspects has to be considered when using the standard and PDCA-method when working with these kinds of organizations. The leadership has to play an active role in maintaining the work related to information security in order to enable continuity in a high employee turnover-organization. Organization members working on a non-profit basis can enable a higher level of security policy compliance since the relationship between employee and the organization stems from a voluntary basis. Build the ISMS so that it focuses on the core operations of the organization. If the ISMS is made to comprehensive there is a risk of it becoming too big for the organization to manage. There should be no doubts regarding who is responsible for the ISMS. The continuity of the system depends on well-established means of knowledge transfer from the departing responsibility holder to his or her successor.

Page generated in 0.0856 seconds