Improving cybersecurity through ISO/IEC 27001 information security standard in the context of SMEs
Renvall, Aleksi (2018)
Metropolia Ammattikorkeakoulu
2018
All rights reserved
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2018121020694
https://urn.fi/URN:NBN:fi:amk-2018121020694
Tiivistelmä
This Master’s Thesis targets to several goals. Ambition is to introduce cybersecurity related topics, which are all attached to each other in the big picture and improve information security.
The first section of the research enlightens some of the existing cybersecurity threats and fundamentals of information security. Understanding threats, risks and protection of information have become more important for small and medium-sized enterprises (SME) than ever before.
The second section introduces ISO/IEC 27001 information security standard and its structure. Some of the other popular information security standards and best practices are shortly introduced as well, as they complete use of ISO/IEC 27001 and generally improve cybersecurity.
The last section demonstrates what needs to be taken into account, when enhancing the information security policy from ISO/IEC 27001 point of view. This section also gives insight, what ISO/IEC 27001 standard certification means, demands and how to prepare for ISO/IEC 27001 certification process.
The research does not detail exact technics or instructions how to mitigate threats and build information security management system (ISMS). Instead, the central idea is to raise awareness about the challenges of securing information and how ISO/IEC 27001 standard can be used for improvements in the protection processes.
The main goal of this Master’s Thesis becomes fulfilled if SMEs explore this study and begin to consider, what is their individual level of risk management and how cybersecurity could be improved with ISO/IEC 27001 standard. The ultimate goal actualizes if the study manages to point SMEs to get interested achieving ISO certification.
Purpose of the research, besides mentioned objectives, is to educate myself about cybersecurity, information security, ISO/IEC 27001 and other information security standards. Motive for the thesis comes from my own curiosity towards the world of cybersecurity. Method for completing this project is selfstudy through multiple articles, researches and educational material available on internet and books. Voluminous amount of sources made possible to finalize the Master’s Thesis in advance defined time frame and with planned procedures.
The first section of the research enlightens some of the existing cybersecurity threats and fundamentals of information security. Understanding threats, risks and protection of information have become more important for small and medium-sized enterprises (SME) than ever before.
The second section introduces ISO/IEC 27001 information security standard and its structure. Some of the other popular information security standards and best practices are shortly introduced as well, as they complete use of ISO/IEC 27001 and generally improve cybersecurity.
The last section demonstrates what needs to be taken into account, when enhancing the information security policy from ISO/IEC 27001 point of view. This section also gives insight, what ISO/IEC 27001 standard certification means, demands and how to prepare for ISO/IEC 27001 certification process.
The research does not detail exact technics or instructions how to mitigate threats and build information security management system (ISMS). Instead, the central idea is to raise awareness about the challenges of securing information and how ISO/IEC 27001 standard can be used for improvements in the protection processes.
The main goal of this Master’s Thesis becomes fulfilled if SMEs explore this study and begin to consider, what is their individual level of risk management and how cybersecurity could be improved with ISO/IEC 27001 standard. The ultimate goal actualizes if the study manages to point SMEs to get interested achieving ISO certification.
Purpose of the research, besides mentioned objectives, is to educate myself about cybersecurity, information security, ISO/IEC 27001 and other information security standards. Motive for the thesis comes from my own curiosity towards the world of cybersecurity. Method for completing this project is selfstudy through multiple articles, researches and educational material available on internet and books. Voluminous amount of sources made possible to finalize the Master’s Thesis in advance defined time frame and with planned procedures.