Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Adapting ISO/ IEC 27001 Information Security Management Standard to SMEs
Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering.
Luleå University of Technology, Department of Computer Science, Electrical and Space Engineering.
2022 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Information security management standards play an essential role when it comes to enabling organizations to manage information security controls of various operations. There are a number of standards and guidelines that can be implemented to support such activity. Somehow this is where SMEs and IT non security professionals began to face challenges to select and implement the meaningful standard. Evidence shows that if Small and Medium Enterprises (SMEs) fail to implement security standards effectively there is a high possibility that SMEs will not be able to manage their Information Security Systems (ISMSs) effectively. However, the implementation of information security standards is not an easy task. Since the majority of the standards especially ISO 27001 provide the requirements on what is required but not how to implement them.

In this research, we are going to discuss in depth the role of ISO/IEC 27001 to SMEs as well as suggest relevant frameworks which will be useful to any kind of SMEs during the implementation of ISO 27001. This research is a complete useful package for SMEs since it provides a clear understanding of the information security management standards domain, as well as what it means when authorities and audit requirements express requirement standards, guideline standards, and sector-specific industry standards. 

Since some of the organization and business professionals are familiar with quality control standards for other industrial processes such as manufacturing and customer services, this research will prove that information security standard have almost the same goals of demonstrating in a methodical and certifiable manner that an organization conforms to industry best practices and procedures. This research has been demonstrated by utilizing a Design Science Research (DSR) methodology. DSR seeks knowledge from real-life problems or opportunities that have significant practical relevance. Therefore, during the data collection and analysis, two organizations that are operating within the travel industry were involved. 

Place, publisher, year, edition, pages
2022. , p. 78
Keywords [en]
ISO/IEC 27001, Information Security Management, Security Management
National Category
Information Systems
Identifiers
URN: urn:nbn:se:ltu:diva-91495OAI: oai:DiVA.org:ltu-91495DiVA, id: diva2:1670976
Educational program
Information Security, master's level (120 credits)
Presentation
2022-06-02, Zoom, Luleå, 13:35 (English)
Supervisors
Examiners
Available from: 2022-06-16 Created: 2022-06-16 Last updated: 2022-06-16Bibliographically approved

Open Access in DiVA

attachment(13595 kB)2844 downloads
File information
File name ATTACHMENT01.pdfFile size 13595 kBChecksum SHA-512
d9ca8d740af9f98cd46362b0602ff93f62024a3a5a6db500b33ab3189bb3c5fac709b8688a5af52a67f9b096373a9dc52327488cd071b92136876396e2e06b54
Type attachmentMimetype application/pdf

By organisation
Department of Computer Science, Electrical and Space Engineering
Information Systems

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 414 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf