Information Security Attributes & Securing Organizations
Loading...
URL
Journal Title
Journal ISSN
Volume Title
School of Business |
Bachelor's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.
Authors
Date
2020
Department
Major/Subject
Mcode
Degree programme
Tieto- ja palvelujohtaminen
Language
en
Pages
26 + 2
Series
Abstract
Information systems are evolving with rapid pace and it is easier and cheaper for organizations to acquire more systems and digitalize their business. Because of this, Information Security (InfoSec) is increasingly required in organizations. When there are more interconnected systems, databases and applications often accessible online, this leads to more attack vectors and possible security incidents. Incidents can be chained, leading from smaller initial incident into more critical ones, which could be avoided if the first incident did not occur, underlining the need for securing all assets. Regulators are also demanding security under penalty of fines as incentive to secure organizations. Security researches have continued to propose InfoSec attributes, which are elements of assets that need to be secured. Understanding these attributes helps organizations establish Information Security Management Systems, which are policies and guidelines for mitigating risks. These risks vary from malicious employees to natural disasters, and from espionage to cyber terrorism. Attacks towards humans in organizations are increasing, such as phising or impersonating another employee. Without proper tools and processes, organizations are not even able to tell whether they have had security incidents or not. With Information Security Management System it is possible to plan, implement, monitor and adjust security policies and controls. This system helps organizations to have comprehensive information security, including details of what security controls are being applied for each asset, how to monitor and detect incidents, and how to recover from them.Description
Thesis advisor
Yong, LiuKeywords
information security attributes, risk management, InfoSec, ISMS