Information Security Attributes & Securing Organizations

Loading...
Thumbnail Image

URL

Journal Title

Journal ISSN

Volume Title

School of Business | Bachelor's thesis

Date

2020

Major/Subject

Mcode

Degree programme

Tieto- ja palvelujohtaminen

Language

en

Pages

26 + 2

Series

Abstract

Information systems are evolving with rapid pace and it is easier and cheaper for organizations to acquire more systems and digitalize their business. Because of this, Information Security (InfoSec) is increasingly required in organizations. When there are more interconnected systems, databases and applications often accessible online, this leads to more attack vectors and possible security incidents. Incidents can be chained, leading from smaller initial incident into more critical ones, which could be avoided if the first incident did not occur, underlining the need for securing all assets. Regulators are also demanding security under penalty of fines as incentive to secure organizations. Security researches have continued to propose InfoSec attributes, which are elements of assets that need to be secured. Understanding these attributes helps organizations establish Information Security Management Systems, which are policies and guidelines for mitigating risks. These risks vary from malicious employees to natural disasters, and from espionage to cyber terrorism. Attacks towards humans in organizations are increasing, such as phising or impersonating another employee. Without proper tools and processes, organizations are not even able to tell whether they have had security incidents or not. With Information Security Management System it is possible to plan, implement, monitor and adjust security policies and controls. This system helps organizations to have comprehensive information security, including details of what security controls are being applied for each asset, how to monitor and detect incidents, and how to recover from them.

Description

Thesis advisor

Yong, Liu

Keywords

information security attributes, risk management, InfoSec, ISMS

Other note

Citation