Vis enkel innførsel

dc.contributor.authorNakrem, Are
dc.date.accessioned2007-10-09T10:10:40Z
dc.date.issued2007
dc.identifier.urihttp://hdl.handle.net/11250/136081
dc.descriptionMasteroppgave i informasjonssystemer 2007 - Høgskolen i Agder, Kristiansanden
dc.description.abstractDuring a participation in a security project in an enterprise in Norway, I have been able to get knowledge about the field of information security. The project leader told me that the method he was using has not been documented. The ideas of the way of handling information security has been used with another company in Norway, in a earlier project that he had also been project leader of. The main theme of the method was organizing the IT department into processes and roles, with tasks and responsibilities. In my literature research I have found several ways of handling information security. There is no grounded theory in the field of information security, but there are several guidelines, frameworks and standards, and there is a lot of research about these. Most of these frameworks and standards are based on commercial use and not free of charge. I have also done research about the human factor, to verify that the topic is valid. I have done a CASE study of the enterprise; to get detailed information of how they handled information security. I found that the method that has been used and has parallels to frameworks and standards I found in the literature research. By my findings in the literature research and the CASE study, I have been able to develop a simple framework for handling information security in organizations. The framework is suited especially to medium organizations, with less ability to implement several frameworks and standards. Large companies can use frameworks like Cobit, ITIL and ISO standards. The key elements of the framework is a three dimensional cube containing the elements of business requirements, IT resources and information security requirements. I have not found any framework in literature that has linked this combination together.en
dc.format.extent748311 bytes
dc.format.mimetypeapplication/pdf
dc.language.isoengen
dc.publisherHøgskolen i Agder
dc.publisherAgder University College
dc.subject.classificationIS501
dc.titleManaging information security in organizations : a case studyen
dc.typeMaster thesisen
dc.subject.nsiVDP::Samfunnsvitenskap: 200::Statsvitenskap og organisasjonsteori: 240::Offentlig og privat administrasjon: 242
dc.subject.nsiVDP::Matematikk og naturvitenskap: 400::Informasjons- og kommunikasjonsvitenskap: 420::Sikkerhet og sårbarhet: 424


Tilhørende fil(er)

Thumbnail

Denne innførselen finnes i følgende samling(er)

Vis enkel innførsel