ISMS Implementation and Maintenance in Compliance with Finland’s National Cybersecurity Requirements
Kim, Svetlana (2022)
2022
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2022060214576
https://urn.fi/URN:NBN:fi:amk-2022060214576
Tiivistelmä
The thesis is dedicated to the research of common information security standards, regulations, and frameworks with the focus on Information Security Management System (ISMS) implementation and maintenance in compliance with the security requirements laid out on international and national levels.
The theoretical part includes research on development and operation of ISMS and presents an overview of the international and national cybersecurity requirements frameworks and regulations.
The empirical part is comprised by the comparative analysis of the international ISO/IEC 27002:2022 standard on information security and Katakri 2020 information security audit tool published by the National Security Authority of Finland. It also proposes a strategic approach to enhancing an existing ISMS with the purpose of reaching compliance with additional security requirements.
The research has revealed a strong common baseline security benchmark for information systems sustained by both ISO/IEC 27002 and Katakri with some differences in approach, focus areas, and individual controls. The work also reflects the developments in the information security field in comparison to the older publications.
The results can be used by organisations who want to improve their ISMS and reach compliance with new regulations, as well as anyone interested in gaining knowledge about management of information security and familiarizing themselves with common requirements, standards, and industry best practices.
The theoretical part includes research on development and operation of ISMS and presents an overview of the international and national cybersecurity requirements frameworks and regulations.
The empirical part is comprised by the comparative analysis of the international ISO/IEC 27002:2022 standard on information security and Katakri 2020 information security audit tool published by the National Security Authority of Finland. It also proposes a strategic approach to enhancing an existing ISMS with the purpose of reaching compliance with additional security requirements.
The research has revealed a strong common baseline security benchmark for information systems sustained by both ISO/IEC 27002 and Katakri with some differences in approach, focus areas, and individual controls. The work also reflects the developments in the information security field in comparison to the older publications.
The results can be used by organisations who want to improve their ISMS and reach compliance with new regulations, as well as anyone interested in gaining knowledge about management of information security and familiarizing themselves with common requirements, standards, and industry best practices.