Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
ISIT-modellen: Vägledning för att realisera en verksamhets informationssäkerhetsmål
Blekinge Institute of Technology, School of Engineering, Department of Interaction and System Design.
Blekinge Institute of Technology, School of Engineering, Department of Interaction and System Design.
2004 (Swedish)Independent thesis Advanced level (degree of Master (One Year))Student thesis
Abstract [sv]

The ISO standard ISO/IEC 17799/SS-627799-2 is a guidance for organizations to realize their information security goals. In spite of this standard, studies show flaws regarding information security in organizations. In particular flaws regarding overall view, knowledge and clear roles and responsibilities have been observed. The ISIT (Information Security Integrated Three level) model and its guidelines, developed in this thesis, help organizations to identify the required processes and procedures as well as the logical process flow. The thesis is based on theoretical studies and a case study within a multinational company. The results of the case study show great lacks in defining roles and assigning responsibilities, but also in overall view and knowledge regarding processes and the process flow. The thesis develops a model to facilitate an organization’s initiation of the ISO standard and to help solving the identified flaws. The ISIT model is based on the ISO standard, but expands the PDCA model and integrates it with the controlling documents related to information security management. The expansion of the PDCA model gives a clearer flow, where all the processes related to a management system are included. This enables clarity and faster overall view regarding the information security organization. The integration of the controlling documents means that the processes can be divided into procedures at different levels of the organization. This provides a possible solution to the definition of roles and to the assignment of responsibilities. Guidelines on the identification of processes and roles can not be found in the ISO standard. Therefor the ISIT model should be used as a complement to the ISO standard and will help organizations to reach their information security goals.

Place, publisher, year, edition, pages
2004. , p. 43
Keywords [sv]
ISO, Informationssäkerhet, LIS, Ledningssystem, Policy
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:bth-3819Local ID: oai:bth.se:arkivex990C0CCB2B588437C1256ED3003FB131OAI: oai:DiVA.org:bth-3819DiVA, id: diva2:831132
Uppsok
Technology
Supervisors
Available from: 2015-04-22 Created: 2004-07-16 Last updated: 2018-01-11Bibliographically approved

Open Access in DiVA

fulltext(1012 kB)166 downloads
File information
File name FULLTEXT01.pdfFile size 1012 kBChecksum SHA-512
2d5bfb94577a38cbeacbae13b8ab328b3471be3bc9a03d2808851bf6ca2b59f53fa81e449498470f617467e016283632b08042dd9d200e530ae16f2499f407f9
Type fulltextMimetype application/pdf

By organisation
Department of Interaction and System Design
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 166 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 159 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf