magistrsko delo Organizacija in management informacijskih sistemov
Darinka Trček (Author), Alenka Brezavšček (Mentor)

Abstract

V magistrskem delu smo predstavili model vzpostavitve sistema upravljanja informacijske varnosti v štirih fazah, pri čemer smo zasledovali procesni pristop z uporabo temeljnih faz Demingovega kroga – načrtovanje, uvedba, preverjanje in ukrepanje, ki jih priporoča tudi ISO/IEC družina standardov 27000 za področje informacijske varnosti. Model je apliciran na konkretno organizacijo – Javni štipendijski, razvojni, invalidski in preživninski sklad Republike Slovenije. Podrobneje smo se v magistrskem delu usmerili v prvo fazo vzpostavitve – načrtovanje. Poleg pregleda trenutnega stanja smo izvedli popis ključnih procesov, ovrednotili dobrine in opredelili grožnje ter pripravili oceno tveganj. Ta je bila podlaga za pripravo načrta varovalnih ukrepov, ki skupaj s predlogom krovne politike informacijske varnosti in načrtom implementacije SUIV tvori predlog načrta uvedbe SUIV, ki ga potrdi poslovodstvo. Za nadaljnje tri faze – uvedbo SUIV, vzpostavitev sistema kontrol in nadzora SUIV ter analizo odstopanj SUIV z izvajanjem korektivnih ukrepov - so podana priporočila. Ker so zaposleni pogosto eden najšibkejših členov pri zagotavljanju informacijske varnosti, so podana tudi priporočila glede dviga ozaveščenosti, usposabljanja in izobraževanja zaposlenih na področju informacijske varnosti.

Keywords

varnost;informacijski sistem;upravljanje;

Data

Language: Slovenian
Year of publishing:
Typology: 2.09 - Master's Thesis
Organization: UM FOV - Faculty of Organizational Sciences
Publisher: [D. Trček]
UDC: 004
COBISS: 8066323 Link will open in a new window
Views: 1186
Downloads: 176
Average score: 0 (0 votes)
Metadata: JSON JSON-RDF JSON-LD TURTLE N-TRIPLES XML RDFA MICRODATA DC-XML DC-RDF RDF

Other data

Secondary language: English
Secondary title: Implementation of information security management system in a public fund
Secondary abstract: The master’s thesis presents a model for implementation of information security management system (ISMS) in four phases, using the process approach based on Deming circle – plan, do, check, act. This process is also recommended by the ISO/IEC 27000 family of standards on information security. The model is applied on a specific organisation – Slovene Scholarship, Development, Disability and Maintenance Fund of the Republic of Slovenia. The thesis focuses primarily on the first phase of the process – planning. After the review of the current state of the information security in the organisation we identified key business processes, evaluated the information assets, defined threats and conducted a risk assessment. Based on that we prepared an action plan to address major information security threats. We also prepared a proposal of the general information security policy and ISMS implementation plan. Together they form a proposal to the management regarding ISMS implementation. Recommendations are given for next three phases of ISMS implementation – ISMS introduction, verification and corrective actions. Considering employees are one of the weakest links in ensuring information security, recommendations regarding programmes for raising awareness, training and education of employees on information security are given.
Secondary keywords: Security;Information systems;Management;ISMS;Public sector;
URN: URN:SI:UM:
Type (COBISS): Master's thesis/paper
Thesis comment: Univ. v Mariboru, Fak. za organizacijske vede
Pages: 121 str.
ID: 10962150
Recommended works:
, magistrsko delo Organizacija in management informacijskih sistemov
, no subtitle data available
, no subtitle data available
, magistrsko delo Organizacija in management informacijskih sistemov
, diplomsko delo univerzitetenga študija