uu.seUppsala University Publications
Change search
ReferencesLink to record
Permanent link

Direct link
Ett anpassat ledningssystem för informationssäkerhet: - Hur gör en liten organisation med hög personalomsättning?
Uppsala University, Disciplinary Domain of Humanities and Social Sciences, Faculty of Social Sciences, Department of Informatics and Media.
Uppsala University, Disciplinary Domain of Humanities and Social Sciences, Faculty of Social Sciences, Department of Informatics and Media.
2014 (Swedish)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

This paper aims to find out how to implement an information security management (ISMS) system that is based on ISO/IEC 27001-standard into a small organization with high employee turnover. The standard employs the PDCA-method as a course of action for implementing the standard. The reason for implementing such a system is to introduce information security to the organization and to maintain it despite the changes in management. The paper based it’s survey on a case study of a student nation in Uppsala, Sweden. Data was gathered from documents, organization charts, direct observation and by studying physical artifacts. The result of this study showed that it is possible to base an ISMS on the ISO/IEC 27001-standard and that the PDCA-method of implementing the system works if careful adaptation of the two is applied during its establishment into the organization. This paper concludes that certain aspects has to be considered when using the standard and PDCA-method when working with these kinds of organizations. The leadership has to play an active role in maintaining the work related to information security in order to enable continuity in a high employee turnover-organization. Organization members working on a non-profit basis can enable a higher level of security policy compliance since the relationship between employee and the organization stems from a voluntary basis. Build the ISMS so that it focuses on the core operations of the organization. If the ISMS is made to comprehensive there is a risk of it becoming too big for the organization to manage. There should be no doubts regarding who is responsible for the ISMS. The continuity of the system depends on well-established means of knowledge transfer from the departing responsibility holder to his or her successor.

Place, publisher, year, edition, pages
2014. , 38 p.
Keyword [en]
Implementing ISMS, PDCA-model, information security, small organization, high employee turnover
Keyword [sv]
Införa ledningssystem för informationssäkerhet, PDCA-modellen, informationssäkerhet, små organisationer, hög personalomsättning
National Category
Information Systems
URN: urn:nbn:se:uu:diva-226672OAI: oai:DiVA.org:uu-226672DiVA: diva2:726841
Subject / course
Computer Systems Sciences
Educational program
Bachelor programme in Information Systems
Available from: 2014-06-23 Created: 2014-06-18 Last updated: 2014-06-23Bibliographically approved

Open Access in DiVA

fulltext(796 kB)224 downloads
File information
File name FULLTEXT01.pdfFile size 796 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
Department of Informatics and Media
Information Systems

Search outside of DiVA

GoogleGoogle Scholar
Total: 224 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 555 hits
ReferencesLink to record
Permanent link

Direct link