Ett anpassat ledningssystem för informationssäkerhet: - Hur gör en liten organisation med hög personalomsättning?
Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
This paper aims to find out how to implement an information security management (ISMS) system that is based on ISO/IEC 27001-standard into a small organization with high employee turnover. The standard employs the PDCA-method as a course of action for implementing the standard. The reason for implementing such a system is to introduce information security to the organization and to maintain it despite the changes in management. The paper based it’s survey on a case study of a student nation in Uppsala, Sweden. Data was gathered from documents, organization charts, direct observation and by studying physical artifacts. The result of this study showed that it is possible to base an ISMS on the ISO/IEC 27001-standard and that the PDCA-method of implementing the system works if careful adaptation of the two is applied during its establishment into the organization. This paper concludes that certain aspects has to be considered when using the standard and PDCA-method when working with these kinds of organizations. The leadership has to play an active role in maintaining the work related to information security in order to enable continuity in a high employee turnover-organization. Organization members working on a non-profit basis can enable a higher level of security policy compliance since the relationship between employee and the organization stems from a voluntary basis. Build the ISMS so that it focuses on the core operations of the organization. If the ISMS is made to comprehensive there is a risk of it becoming too big for the organization to manage. There should be no doubts regarding who is responsible for the ISMS. The continuity of the system depends on well-established means of knowledge transfer from the departing responsibility holder to his or her successor.
Place, publisher, year, edition, pages
2014. , 38 p.
Implementing ISMS, PDCA-model, information security, small organization, high employee turnover
Införa ledningssystem för informationssäkerhet, PDCA-modellen, informationssäkerhet, små organisationer, hög personalomsättning
IdentifiersURN: urn:nbn:se:uu:diva-226672OAI: oai:DiVA.org:uu-226672DiVA: diva2:726841
Subject / course
Computer Systems Sciences
Bachelor programme in Information Systems