Change search
ReferencesLink to record
Permanent link

Direct link
Measuring Efficacy of Information Security Policies: A Case Study of UAE based company
KTH, School of Information and Communication Technology (ICT), Computer and Systems Sciences, DSV.
2012 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

Nowadays information security policies are operative in many organizations. Currently few organizations take the pain of verifying the efficacy of these policies. Different standards and procedures exist about methods of measuring efficacy of information security policies. Choosing and implementing them depends mainly on the key performance indicators (KPIs) and key risk indicators (KRIs) of any particular organization. This thesis is a case study of an organization in United Arab Emirates (UAE). The basic aim of the research is to inquire and analyze how the efficacy of the implemented security policies is being measured in this particular organization and to propose a method which is more suitable to the needs of organization. The research is based on theoretical study, an interview and a questionnaire. The results of this thesis indicate that there are no formal mechanisms for measuring the efficacy of information security policies in the organization under consideration. Moreover the employees of the organization are also not much satisfied with information security awareness in the company, which can be another reason for ensuring that the efficacy is measured on regular basis. Therefore, a technique from ISO27004 has been used to demonstrate how this efficacy can be measured. It is a step by step procedure for which the information has been extracted from the interview and survey questionnaire responses.

Place, publisher, year, edition, pages
2012. , 48 p.
Trita-ICT-EX, 2012:259
Keyword [en]
Information security policies, ISO27004, KPIs, KRIs
National Category
Engineering and Technology
URN: urn:nbn:se:kth:diva-103475OAI: diva2:560266
Subject / course
Information and Communication Technology
Educational program
Master of Science - Information and Communication Systems Security
2012-03-30, 510, Forum 100, SE-164 40, Kista, Sweden, 10:00 (English)
Available from: 2012-10-22 Created: 2012-10-12 Last updated: 2012-10-22Bibliographically approved

Open Access in DiVA

fulltext(844 kB)1226 downloads
File information
File name FULLTEXT01.pdfFile size 844 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Qureshi, Muhammad Sohail
By organisation
Computer and Systems Sciences, DSV
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar
Total: 1226 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 928 hits
ReferencesLink to record
Permanent link

Direct link