ISO gives a best practice management framework for implementing and maintaining security. The passwords should be kept secured and user accounts should not be shared. An information security risk assessment is to identify the security requirements of the organization, and to then identify the security controls needed to bring that risk within an acceptable level for the organization. Every workstation should be equipped with the best available antivirus software and the virus definition files should be kept updated at all times. A key issue is that ISO is a management standard, not a security standard. The key findings illustrate that the required importance of awareness of information security controls differs from control to control, and differs depending on which stakeholder is involved.

First of all, you cannot get certified against ISO because it is not a management standard. Enter the email address you signed up with and we’ll email you a reset link. Every workstation should be kept updated with the latest operating system patches and updates. Content of the ISO Standard The standard encompasses 11 control objectives and a total of 39 controls within of the standard. Currently, there is ISO certified organizations worldwide. Involve business management in information security.

The confidence interval approach is used to determine the sample size. Leave a Reply Cancel reply Your email address will not be published. July 17, at It was developed as a “Code of practice” for guidance to organizations and did not have the scheme that could allow a third party certification. Request a Quote Get hassle-free pricing in 3 easy steps: Organizations should collect information security incidents data prior to thseis post implementation of the security control, theis well as the related business loss and cost data.

As a consequence, information security was often used too heavily costly within the IT organization. Business management support may take the form of guidance during planning, participation during design or involvement during deployment.


ISO vs. ISO – What’s the difference?

Management responsibility – management must demonstrate their commitment to the ISMS, principally by allocating adequate resources to implement and operate it. Internal ISMS audits – the organization must conduct periodic internal audits to ensure the ISMS incorporate adequate controls, which operate effectively.

Implementing ISO in an organization delivers substantial financial growth and benefits to the business operations of the organization. However, compliance or external certification to ISO does not mean are secure – it means that are managing security in line with the standard, and to the level think is appropriate to the organization.

ISO vs ISO Which Standard Is Best for Your Organization?

Click here to sign up. ISO is an effective protective system against information security incidents having critical consequences. This category of consequences have a high negative rhesis on employee morale and motivation and hence productivity. This research extends existing literature by contributing an approach and empirical model for measuring the required importance and capability of information security awareness within an organisation, thus identifying potential information security risks.

iso 27002 thesis

Statistics for this ePrint Item. Key factors for the success of information security are senior management commitment and the spread of awareness across the organization. Your choice regarding cookies on this site This website stores cookies sio your computer. The researcher concludes that the model developed will assist organisations in identifying awareness gaps and associated risks for specific information security control objectives across an organisation.

iso 27002 thesis

It was difficult to assess the cost-effectiveness of the security controls due to unavailability of the relevant content. Instead of conducting economic evaluations to justify the selected information mitigation solutions, within the participated organizations solutions were selected based on expert judgment and yhesis.


Moreover, do they raise the perception, comprehension thwsis decision-making of individuals and organisations in relation to potential threats? Information security was delivered based on a supply strategy, and not based on a demand strategy in all case study organizations.

For the sake of maintaining privacy and confidentiality, installing desktop sharing tools and software 27002 any of the company resources should not be allowed.

To enhance compliance efforts, internal auditors can help companies identify their primary business objectives and implementation scope.

A key issue is that ISO is a management standard, not a security standard. The aim of the interview was to get valuable information related to the topic of the thesis and research questions.

ISO 27001 vs. ISO 27002

The business viewed information security as a Cost Center; the traditional way to manage information security activities within all organizations participated in this survey.

It is due to these as well as the reasons stated earlier, that ISO has become the de facto global standard for information security management.

Log In Sign Up. With more than 4 billion people plugged into the internet worldwide—all working, surfing, playing and socializing within a continually evolving digital landscape—the risks are everywhere and largely unpredictable. Implementing ISO can take time and consume unforeseen resources, especially if companies don’t have an implementation plan early in the compliance process.

The chi-square goodness of fit test and test for independence are available on SPSS. User and system level passwords should be changed frequently.

Remember me on this computer.