A simplified ISMS: Investigating how an ISMS for a smaller organization can be implemented
2021 (Engelska) Självständigt arbete på avancerad nivå (magisterexamen), 10 poäng / 15 hp
Studentuppsats (Examensarbete)
Abstract [en]
Over the past year, cyber threats have been growing tremendously, which has led to an essential need to strengthen the organization's security. One way of strengthening security is to implement an information security management system (ISMS). Although an ISMS will help improve the information security work within the business, organizations struggle with its implementation, and significantly smaller organizations. That results in smaller organization's information being potentially less protected.This thesis investigates how an ISMS based on MSB can be simplified to make it suitable for a small organization to implement. This thesis aims to open for further research about how it can be simplified and if it has a value of doing it.The study is based on a qualitative approach where semi-structured interviews with experts were conducted. This thesis concludes that it is possible to simplify an ISMS based on MSB for a small organization by removing external analysis, information classification, information classification model, continuity management for information assets, and incident management. In addition, the study provides tips on what a small organization should think about before and during implementation.
Ort, förlag, år, upplaga, sidor 2021. , s. 31
Nyckelord [en]
Information security management system, ISMS, Information security, ISO/IEC 27001, Simplify, ISO/IEC 27000, MSB, Method support for systematic information security work.
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer URN: urn:nbn:se:his:diva-20238 OAI: oai:DiVA.org:his-20238 DiVA, id: diva2:1580053
Ämne / kurs Informationsteknologi
Utbildningsprogram Integritet, informationssäkerhet och cybersäkerhet - magisterprogram
Handledare
Examinatorer
2021-07-132021-07-132021-07-13 Bibliografiskt granskad