Partners is serious about privacy. Only necessary and licensed software and applications should be installed on the machines. So, it was hard to evaluate information security from an economic perspective. Many auditing firms extend a seal or certification proving that an organization has maintained an effective and stable ISMS at a certain point in time, and that it has complied with the ISO management standard. ISMS improvements – the organization must continually improve the ISMS by assessing and where necessary making changes to ensure its suitability and effectiveness, addressing nonconformance noncompliance and where possible preventing recurrent issues. Further research would involve identifying what the content of the On- going Effectiveness Evaluation should consist of. Key factors for the success of information security are senior management commitment and the spread of awareness across the organization.

Send us a message Step 2: A review of information security standard ISO Chi- square is useful for analyzing whether a frequency distribution for a categorical or nominal variable is consistent with expectations a goodness of fit test , or whether two categorical or nominal variables are related or associated with each other a test for independence. The organizations allocated too little time to invest in this research, due to other priorities. Coming up with meaningful content to estimate the cost-effectiveness of mitigation solutions was not a simple task.

I accept I decline.

iso 27002 thesis

This instrument was used to survey two separate populations to measure awareness capability of end users against the top 10 security categories of Awareness Importance determined in phase one. This is a big chance to get involved and influence the future direction of this well-respected information security standard! Any prudent householder whose house was built on the shores of a tidal river would, when facing the risk of floods, take urgent steps to improve the defences of the house against the water.

Information security requires security measurement in order to generate the feedback necessary.

The business viewed information security as a Cost Center; the traditional way to manage information security activities within all organizations participated in this survey. The sources of information used in this study comprises of both primary and secondary data. Here are the instructions how to enable JavaScript in your web browser. No prior knowledge in information security and ISO standards is needed.


ISO vs. ISO – What’s the difference?

Metrics for information security should be defined, measured, collected and communicated. In the second phase survey, situation awareness theory guided the development of an Awareness Capability instrument to capture the second component of ISACM. ISO gives a best practice management framework for implementing and maintaining security.

To extend the understanding obtained further, research is necessary in which a number of aspects in this research area are studied more closely. Therefore, we conducted semi-structured interviews.

All studies of organizations indicated that the proposed method was clear and complete. These are all large organizations implementing information security management systems at least compliant with, if not certified against, the international standard for information security management, ISO In a time where information has become its own currency, every above-and-beyond step you take to ensure security is likely to be rewarded with trust.

The standard has been in earlier versions foremost focusing on the protection of the confidentiality, integrity and availability of the information, but in the newer versions and in the current standard there is also focus on information from a business thesia, “Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize risk, maximize return on investments and business opportunities”.

However, organizations should meet some conditions to use the method and to evaluate information security from an economic perspective. The method’s steps were clear en logical.

iso 27002 thesis

Characteristics, implementations, benefits in global Supply Chains. Instead of conducting economic evaluations to justify the selected information mitigation solutions, within the case study organizations solutions were selected based on expert judgment thewis intuition. This research extends existing literature by contributing an approach and empirical model for measuring theeis required importance and capability of information security awareness within an organisation, thus identifying potential information security risks.


It provides a framework for the management of security within an organization, but does not provide a ‘Gold Standard’ for security, which, if implemented, ensures the security of an organization.

ISO 27001 vs ISO 27002: Which Standard Is Best for Your Organization?

The information itself can be written, spoken, electronic or visual. The analysis results support organizations and security managers at identifying systems they can use to achieve greater efficiency in the information security management process. It could be investigated why organizations isk at these low thesiw of maturity and how they can reach higher maturity levels.

Many of the regulations pertain to particular industries or types of data security so there is almost always a chance that other parts of an information system are left vulnerable. Review the methods used within the organization to obtain the relevant content Investigate how tooling can be used to record the relevant content.

Furthermore, scant research has been conducted on how successful or effective these education and training programs are on organisational awareness. Your information security manager, or some similarly iiso position, will serve as the point person for maintaining a smooth-running ISMS.

The scope generally comes down to understanding dependencies and interfaces.

iso 27002 thesis

For example, relevant past experience, statistical data and results of earlier inspections were lacking in these organizations. Below is a description of each recommendation. After this first step, the individual whose identity has been compromised would be 2002 liable for all activities carried out by the perpetrator under the assumed identity, until the true facts of the case are discovered.