Change search
ReferencesLink to record
Permanent link

Direct link
ISIT-modellen: Vägledning för att realisera en verksamhets informationssäkerhetsmål
Blekinge Institute of Technology, School of Engineering, Department of Interaction and System Design.
Blekinge Institute of Technology, School of Engineering, Department of Interaction and System Design.
2004 (Swedish)Independent thesis Advanced level (degree of Master (One Year))Student thesis
Abstract [sv]

The ISO standard ISO/IEC 17799/SS-627799-2 is a guidance for organizations to realize their information security goals. In spite of this standard, studies show flaws regarding information security in organizations. In particular flaws regarding overall view, knowledge and clear roles and responsibilities have been observed. The ISIT (Information Security Integrated Three level) model and its guidelines, developed in this thesis, help organizations to identify the required processes and procedures as well as the logical process flow. The thesis is based on theoretical studies and a case study within a multinational company. The results of the case study show great lacks in defining roles and assigning responsibilities, but also in overall view and knowledge regarding processes and the process flow. The thesis develops a model to facilitate an organization’s initiation of the ISO standard and to help solving the identified flaws. The ISIT model is based on the ISO standard, but expands the PDCA model and integrates it with the controlling documents related to information security management. The expansion of the PDCA model gives a clearer flow, where all the processes related to a management system are included. This enables clarity and faster overall view regarding the information security organization. The integration of the controlling documents means that the processes can be divided into procedures at different levels of the organization. This provides a possible solution to the definition of roles and to the assignment of responsibilities. Guidelines on the identification of processes and roles can not be found in the ISO standard. Therefor the ISIT model should be used as a complement to the ISO standard and will help organizations to reach their information security goals.

Place, publisher, year, edition, pages
2004. , 43 p.
Keyword [sv]
ISO, Informationssäkerhet, LIS, Ledningssystem, Policy
National Category
Computer Science
URN: urn:nbn:se:bth-3819Local ID: diva2:831132
Available from: 2015-04-22 Created: 2004-07-16 Last updated: 2015-06-30Bibliographically approved

Open Access in DiVA

fulltext(1012 kB)13 downloads
File information
File name FULLTEXT01.pdfFile size 1012 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
Department of Interaction and System Design
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 13 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 27 hits
ReferencesLink to record
Permanent link

Direct link