diplomsko delo visokošolskega strokovnega študija Organizacija in management delovnih procesov

Abstract

V diplomskem delu smo raziskali področje informacijske varnosti. Namen raziskave je bil priprava strokovnih podlag, na osnovi katerih smo pridobili podporo vodstva za vpeljavo sistema upravljanja z informacijsko varnostjo v podjetju. V raziskavo smo vključili ključne koncepte informacijske varnosti, pregled novih tehnologij, opravljene lokalne in globalne raziskave s področja varnostnih incidentov in pregled pomembne področne zakonodaje. Ugotovitve smo nadgradili s pregledom ključnih področnih standardov in utemeljili ISO/IEC 27001 kot najprimernejši za uvedbo sistema za upravljanje informacijske varnosti. K načrtovanju uvedbe smo pristopili skladno s standardom ISO/IEC 27003, ki za načrtovanje uvedbe sistema upravljanja informacijske varnosti definira izvedbo petih faz. Za potrebe te naloge smo izvedli del predvidenih aktivnosti. Definirali smo poslovne cilje vpeljave sistema za upravljanje informacijske varnosti in izhodiščni obseg uvajanja. Določili smo organizacijski obseg, informacijsko komunikacijsko tehnološki obseg ter meje sistema za upravljanje informacijske varnosti. Izdelali smo krovno varnostno politiko in izvedli analizo stanja informacij. Na osnovi vseh ugotovitev smo vodstvu predlagali potrditev krovne varnostne politike.

Keywords

sistem managementa;informacijska varnost;SUIV;

Data

Language: Slovenian
Year of publishing:
Typology: 2.11 - Undergraduate Thesis
Organization: UM FOV - Faculty of Organizational Sciences
Publisher: [T. Tršelič]
UDC: 659.2
COBISS: 7285779 Link will open in a new window
Views: 1468
Downloads: 174
Average score: 0 (0 votes)
Metadata: JSON JSON-RDF JSON-LD TURTLE N-TRIPLES XML RDFA MICRODATA DC-XML DC-RDF RDF

Other data

Secondary language: English
Secondary title: SETTING PROFESSIONAL BASIS FOR THE INFORMATION SECURITY MANAGEMENT SYSTEM IMPLEMENTATION
Secondary abstract: The diploma thesis deals with the field of information security. The goal of research was to prepare an expert base through which we would obtain support of the Management to be able to implement an information security management system in the company. Our research included key concepts of information security, an overview of new technologies, completed local and global surveys on security incidents, and an overview of important applicable legislation. The findings were enhanced by a review of key information security related standards and the explanation why the ISO/IEC 27001 standard is most appropriate for the implementation of an information security management system. The implementation was planned in line with the ISO/IEC 27001 standard, which specifies that the process of planning the implementation of an information security management system must comprise five stages. For the purposes of this diploma thesis, we performed some of the predicted activities. We defined the business goals in the implementation of the information security management system and the initial extent of the implementation. We specified the organisational scope, information communication technology extent as well as the boundaries of the information security management system. We designed the top-level security policy and performed an information security assessment. On the basis of all findings, we suggested the management to confirm the top-level security policy.
Secondary keywords: management system;information security;ISO/IEC 27001;information security management system;ISMS;ISO/IEC 27003;
URN: URN:SI:UM:
Type (COBISS): Undergraduate thesis
Thesis comment: Univ. v Mariboru, Fak. za organizacijske vede
Pages: 73 f.
ID: 8729237
Recommended works:
, diplomsko delo visokošolskega strokovnega študija Organizacija in management delovnih procesov
, magistrsko delo podiplomskega študijskega programa