Adapting ISO/ IEC 27001 Information Security Management Standard to SMEs
2022 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE credits
Student thesis
Abstract [en]
Information security management standards play an essential role when it comes to enabling organizations to manage information security controls of various operations. There are a number of standards and guidelines that can be implemented to support such activity. Somehow this is where SMEs and IT non security professionals began to face challenges to select and implement the meaningful standard. Evidence shows that if Small and Medium Enterprises (SMEs) fail to implement security standards effectively there is a high possibility that SMEs will not be able to manage their Information Security Systems (ISMSs) effectively. However, the implementation of information security standards is not an easy task. Since the majority of the standards especially ISO 27001 provide the requirements on what is required but not how to implement them.
In this research, we are going to discuss in depth the role of ISO/IEC 27001 to SMEs as well as suggest relevant frameworks which will be useful to any kind of SMEs during the implementation of ISO 27001. This research is a complete useful package for SMEs since it provides a clear understanding of the information security management standards domain, as well as what it means when authorities and audit requirements express requirement standards, guideline standards, and sector-specific industry standards.
Since some of the organization and business professionals are familiar with quality control standards for other industrial processes such as manufacturing and customer services, this research will prove that information security standard have almost the same goals of demonstrating in a methodical and certifiable manner that an organization conforms to industry best practices and procedures. This research has been demonstrated by utilizing a Design Science Research (DSR) methodology. DSR seeks knowledge from real-life problems or opportunities that have significant practical relevance. Therefore, during the data collection and analysis, two organizations that are operating within the travel industry were involved.
Place, publisher, year, edition, pages
2022. , p. 78
Keywords [en]
ISO/IEC 27001, Information Security Management, Security Management
National Category
Information Systems
Identifiers
URN: urn:nbn:se:ltu:diva-91495OAI: oai:DiVA.org:ltu-91495DiVA, id: diva2:1670976
Educational program
Information Security, master's level (120 credits)
Presentation
2022-06-02, Zoom, Luleå, 13:35 (English)
Supervisors
Examiners
2022-06-162022-06-162022-06-16Bibliographically approved