A simplified ISMS: Investigating how an ISMS for a smaller organization can be implemented
2021 (English)Independent thesis Advanced level (degree of Master (One Year)), 10 credits / 15 HE credits
Student thesis
Abstract [en]
Over the past year, cyber threats have been growing tremendously, which has led to an essential need to strengthen the organization's security. One way of strengthening security is to implement an information security management system (ISMS). Although an ISMS will help improve the information security work within the business, organizations struggle with its implementation, and significantly smaller organizations. That results in smaller organization's information being potentially less protected.This thesis investigates how an ISMS based on MSB can be simplified to make it suitable for a small organization to implement. This thesis aims to open for further research about how it can be simplified and if it has a value of doing it.The study is based on a qualitative approach where semi-structured interviews with experts were conducted. This thesis concludes that it is possible to simplify an ISMS based on MSB for a small organization by removing external analysis, information classification, information classification model, continuity management for information assets, and incident management. In addition, the study provides tips on what a small organization should think about before and during implementation.
Place, publisher, year, edition, pages
2021. , p. 31
Keywords [en]
Information security management system, ISMS, Information security, ISO/IEC 27001, Simplify, ISO/IEC 27000, MSB, Method support for systematic information security work.
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:his:diva-20238OAI: oai:DiVA.org:his-20238DiVA, id: diva2:1580053
Subject / course
Informationsteknologi
Educational program
Privacy, Information and Cyber Security - Master's Programme 60 ECTS
Supervisors
Examiners
2021-07-132021-07-132021-07-13Bibliographically approved