Inlämning av Examensarbete / Submission of Thesis

Elina Larsson; Michael Olin MCS-2004:17, pp. 43. TEK/avd. för interaktion och systemdesign, 2004.

The work

Författare / Author: Elina Larsson, Michael Olin
Titel / Title: ISIT-modellen - Vägledning för att realisera en verksamhets informationssäkerhetsmål
Abstrakt Abstract:

The ISO standard ISO/IEC 17799/SS-627799-2 is a guidance for organizations to realize their information security goals. In spite of this standard, studies show flaws regarding information security in organizations. In particular flaws regarding overall view, knowledge and clear roles and responsibilities have been observed.

The ISIT (Information Security Integrated Three level) model and its guidelines, developed in this thesis, help organizations to identify the required processes and procedures as well as the logical process flow. The thesis is based on theoretical studies and a case study within a multinational company. The results of the case study show great lacks in defining roles and assigning responsibilities, but also in overall view and knowledge regarding processes and the process flow. The thesis develops a model to facilitate an organization’s initiation of the ISO standard and to help solving the identified flaws. The ISIT model is based on the ISO standard, but expands the PDCA model and integrates it with the controlling documents related to information security management. The expansion of the PDCA model gives a clearer flow, where all the processes related to a management system are included. This enables clarity and faster overall view regarding the information security organization. The integration of the controlling documents means that the processes can be divided into procedures at different levels of the organization. This provides a possible solution to the definition of roles and to the assignment of responsibilities.

Guidelines on the identification of processes and roles can not be found in the ISO standard. Therefor the ISIT model should be used as a complement to the ISO standard and will help organizations to reach their information security goals.

Ämnesord / Subject: Datavetenskap - Computer Science\General

Nyckelord / Keywords: ISO, Informationssäkerhet, LIS, Ledningssystem, Policy

Publication info

Dokument id / Document id:
Program:/ Programme Magisterprogram Datavetenskap, 40 poäng/Master programme Computer Science
Registreringsdatum / Date of registration: 09/16/2004
Uppsatstyp / Type of thesis: D-Uppsats/Magister/Master

Context

Handledare / Supervisor: Bengt Carlsson, Andreas Jacobsson
aja@bth.se
Examinator / Examiner: Rune Gustavsson
Organisation / Organisation: Blekinge Institute of Technology
Institution / School: TEK/avd. för interaktion och systemdesign
S-372 25 Ronneby
+46 455 38 50 00

Files & Access

Bifogad uppsats fil(er) / Files attached: isit-modellen.pdf (1036 kB, öppnas i nytt fönster)