magistrsko delo
Samo Tomažič (Author), Alenka Brezavšček (Mentor)

Abstract

V magistrskem delu je predstavljena zasnova modela sistema za upravljanje informacijske varnosti za slovensko državno upravo. Informacijski sistemi v državni upravi morajo namreč zaradi svoje ključne vloge, ki jo opravljajo, delovati brezhibno, saj ima lahko že majhen izpad hujše ekonomske ali drugovrstne posledice, ki jih državljani čutimo neposredno. V okviru sistematične vpeljave sistema za upravljanje informacijske varnosti (SUIV) v katerokoli organizacijo, se držimo štirih temeljnih faz po Demingovem krogu: načrtovanje – uvedba – preverjanje – ukrepanje (ang. Plan – Do – Check– Act); faz, ki jih uvaja standard ISO/IEC 27001:2005. Istih faz se drži tudi zasnovan model za slovensko državno upravo, na podlagi katerega se lahko informatiki ali zadolženi za informacijsko varnost, v katerem koli delu državne uprave, sistematično lotijo vpeljave SUIV tudi v praksi. Zasnova sledi metodologiji standarda ISO/IEC 27001:2005 in smernicam, ki jih podaja standard ISO/IEC 27003:2010. Model je nadalje apliciran v enega od organov v sestavi Ministrstva za okolje in prostor: v Upravo RS za jedrsko varnost. V aplikaciji modela je v celoti izvedena prva faza načrtovanja in vzpostavitve SUIV, ki vključuje pridobitev soglasja vodstva, določitev okvira SUIV, analizo tveganja ter pregled možnih varovalnih ukrepov in izdelavo ter sprejetje načrta s strani vodstva. Ostali trije koraki pri vzpostavitvi SUIV (uvedba, preverjanje in ukrepanje) so prikazani kot priporočila za nadaljnje delo organizacije.

Keywords

informacijski sistem;varnost;upravljanje;državna uprava;

Data

Language: Slovenian
Year of publishing:
Source: Kranj
Typology: 2.09 - Master's Thesis
Organization: UM FOV - Faculty of Organizational Sciences
Publisher: [S. Tomažič]
UDC: 659.2
COBISS: 7017747 Link will open in a new window
Views: 1899
Downloads: 176
Average score: 0 (0 votes)
Metadata: JSON JSON-RDF JSON-LD TURTLE N-TRIPLES XML RDFA MICRODATA DC-XML DC-RDF RDF

Other data

Secondary language: English
Secondary title: MODEL OF INFORMATION SECURITY MANAGEMENT SYSTEM IN PUBLIC ADMINISTRATION
Secondary abstract: The Master's thesis presents the design of the information security management system (ISMS) model for Slovenian public administration. Operation of the information systems in public administration must be flawless due to their critical role. Even a short system failure can result in serious economic loss or any other kind of consequences that affect the citizens directly. A systematic introduction of the ISMS into an organization is made in accordance with four basic phases of the Deming’s cycle: Plan - Do – Check – Act; the phases introduced by the standard ISO/IEC 27001:2005. These phases mean a basis in a hereby designed model for Slovenian public administration. The model that can be used as a guideline for IT or information security in any part of public administration to systematically introduce the ISMS in practice. The model design follows the methodology of ISO/IEC 27001:2005 and guidelines set by the standard ISO/IEC 27003:2010. The model is further applied in one of the agencies within public administration: the Slovenian Nuclear Safety Administration. The application of the model fully executes the first phase of planning and implementing the ISMS including: management concordance, definition of the ISMS’s framework, risk analysis, review of possible protective measures together with elaboration and admission of the plan by the management. The other three steps in establishing the ISMS (introduction, verification and measures taken) are presented as recommendations for future work in the organization.
Secondary keywords: information system;security;management;ISMS;public administration;
URN: URN:SI:UM:
Type (COBISS): Master's thesis/paper
Thesis comment: Univ. v Mariboru, Fak. za organizacijske vede
Pages: 122 f.
Keywords (UDC): applied sciences;medicine;technology;uporabne znanosti;medicina;tehnika;communication and transport industries;accountancy;business management;public relations;komunikacije in transport;knjigovodstvo;poslovni menedžment;stiki z javnostjo;publicity;information work;public relations;stiki z javnostjo;reklama;information work;advisory and consultancy services;informacije;informiranje;informacijski sistemi;
ID: 15923
Recommended works:
, diplomsko delo visokošolskega strokovnega študija
, magistrsko delo Organizacija in management informacijskih sistemov