Relevant bibliographies by topics / ISO 27001

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Books
  4. Book chapters
  5. Conference papers

Academic literature on the topic 'ISO 27001'

Author: Grafiati
Published: 4 June 2021
Last updated: 12 June 2025

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'ISO 27001.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "ISO 27001"

1

Topa, Ioanna, and Maria Karyda. "From theory to practice: guidelines for enhancing information security management." Information & Computer Security 27, no. 3 (2019): 326–42. http://dx.doi.org/10.1108/ics-09-2018-0108.

Full text
Abstract:
Purpose This study aims to identify the implications of security behaviour determinants for security management to propose respective guidelines which can be integrated with current security management practices, including those following the widely adopted information security standards ISO 27001, 27002, 27003 and 27005. Design/methodology/approach Based on an exhaustive analysis of related literature, the authors identify critical factors influencing employee security behaviour and ISP compliance. The authors use these factors to perform a gap analysis of widely adopted information security standards ISO 27001, 27002, 27003 and 27005 and identify issues not covered or only partially addressed. Drawing on the implications of security behaviour determinants and the identified gaps, the authors provide guidelines which can enhance security management practices. Findings The authors uncover the factors shaping security behaviour barely or partly considered in the ISO information security standards ISO 27001, 27002, 27003 and 27005, including top management participation, accommodating individual characteristics, embracing the cultural context, encouraging employees to comply out of habit and considering the cost of compliance. Furthermore, the authors provide guidelines to security managers on enhancing their security management practices when implementing the above ISO Standards. Practical implications This study offers guidelines on how to create and design security management practices whilst implementing ISO standards (ISO 27001, ISO 27002, ISO 27003, ISO 27005) so as to enhance ISP compliance. Originality/value This study analyses the role and implications of security behaviour determinants, discusses discrepancies and conflicting findings in related literature, provides a gap analysis of commonly used information security standards (ISO 27001, 27002, 27003 and 27005) and proposes guidelines on enhancing security management practices towards improving ISP compliance.
APA, Harvard, Vancouver, ISO, and other styles
2

Disterer, Georg. "ISO/IEC 27000, 27001 and 27002 for Information Security Management." Journal of Information Security 04, no. 02 (2013): 92–100. http://dx.doi.org/10.4236/jis.2013.42011.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Diamantopoulou, Vasiliki, Aggeliki Tsohou, and Maria Karyda. "From ISO/IEC27001:2013 and ISO/IEC27002:2013 to GDPR compliance controls." Information & Computer Security 28, no. 4 (2020): 645–62. http://dx.doi.org/10.1108/ics-01-2020-0004.

Full text
Abstract:
Purpose This paper aims to identify the controls provisioned in ISO/IEC 27001:2013 and ISO/IEC 27002:2013 that need to be extended to adequately meet, data protection requirements set by the General Data Protection Regulation (GDPR); it also indicates security management actions an organisation needs to perform to fulfil GDPR requirements. Thus, ISO/IEC 27001:2013 compliant organisations, can use this paper as a basis for extending the already existing security control modules towards data protection; and as guidance for reaching compliance with the regulation. Design/methodology/approach This study has followed a two-step approach; first, synergies between ISO/IEC 27001:2013 modules and GDPR requirements were identified, by analysing all 14 control modules of the ISO/IEC 27001:2013 and proposing the appropriate actions towards the satisfaction of data protection requirements. Second, this paper identified GDPR requirements not addressed by ISO/IEC 27001:2013. Findings The findings of this work include the identification of the common ground between the security controls that ISO/IEC 27001:2013 includes and the requirements that the GDPR imposes; the actions that need to be performed based on these security controls to adequately meet the data protection requirements that the GDPR imposes; and the identification of the remaining actions an ISO/IEC 27001 compliant organisation needs to perform to be able to adhere with the GDPR. Originality/value This paper provides a gap analysis and a further steps identification regarding the additional actions that need to be performed to allow an ISO/IEC 27001:2013 certified organisation to be compliant with the GDPR.
APA, Harvard, Vancouver, ISO, and other styles
4

Crespo-Martínez, Esteban, and Geovanna Cordero-Torres. "ESTUDIO COMPARATIVO ENTRE LAS METODOLOGÍAS CRAMM Y MAGERIT PARA LA GESTIÓN DE RIESGO DE TI EN LAS MPYMES." UDA AKADEM, no. 1 (June 13, 2018): 38–47. http://dx.doi.org/10.33324/udaakadem.vi1.129.

Full text
Abstract:
Lograr el objetivo de proponer una metodología de seguridad de la información para la gestión del riesgoinformático, aplicable al entorno empresarial y organizacional, del sector MPYME ecuatoriano, requiere del análisis de las metodologías Magerit y CRAMM (CCTA Risk Analysis and Management Method), las mismas que son internacionalmente utilizadas en la gestión del riesgo de información; contemplando los marcos de referencia que contienen las mejores prácticas de la industria: ISO 27001, 27002, 27005 y 31000.Palabras clave: riesgos, gestión, Magerit, CRAMM, tecnologías de información, TI, seguridad, información, SGSI.AbstractThis paper aims to study the CRAMM (CCTA Risk Analysis and Manage ment Method) and Magerit methodologies used in information risk management. It contemplates international reference frames that contain the best practices in the industry: ISO 27001, 27002, 27005 and 31000.This research is part of a project proposal of “Methodology for information security risk management, applicable to MSMEs” applicable to the Ecuadorian environment. Keywords: Risk, Management, Magerit, CRAMM, Information Technology, IT, Information Security, ISMS.
APA, Harvard, Vancouver, ISO, and other styles
5

ال فيحان, اثير عبد الهادي, та عامر حمدي عبد غريب. "تقييم نظام أدارة امن المعلومات في الهيئة العراقية للحاسبات والمعلوماتية على وفق المواصفة الدولية (ISO/IEC 27001:2013". Journal of Economics and Administrative Sciences 21, № 86 (2015): 1. http://dx.doi.org/10.33095/jeas.v21i86.764.

Full text
Abstract:
تضمّن البحث الحالي (تقييم نظام ادارة امن المعلومات على وفق المواصفة الدولية (ISO/IEC 27001:2013) في الهيئة العراقية للحواسيب والمعلوماتية) , اذ يعد وضع نظام اداري لامن المعلومات من الأولويات في الوقت الحاضر, وفي ظل اعتماد المنظمات على الحواسيب وتقانة المعلومات في العمل والتواصل مع الاخرين , تبقى الشرعية الدولية (والمتمثلة بمنظمة التقييس الدولية (ISO)) اساساً للمطابقة والالتزام, وتتجلى اهمية تطبيق نظام ادارة امن المعلومات على وفق المواصفة الدولية (ISO/IEC 27001:2013) في حماية موجودات المنظمات وبخاصة المعلومات وقواعد البيانات بشكل منهجي ومستمر.
 هدف البحث اجراء تقييم ما بين نظام ادارة امن المعلومات القائم حالياً في الهيئة العراقية للحواسيب والمعلوماتية (موقع اجراء البحث) وبين نظام ادارة امن المعلومات على وفق المواصفة الدولية (ISO/IEC 27001:2013) وباستعمال قوائم فحص تدقيقية من اجل تشخيص فجوات عدم المطابقة مع المواصفة الدولية.
 وتوصل البحث الى استنتاج مهم الا وهو (ان النظام الإداري لأمن المعلومات والمتبع في الهيئة العراقية للحواسيب والمعلوماتية وعلى الرغم من اعتماده التقانة الحديثة والملاك الكفوء الا انه يفتقر الى حسن التوثيق والتطبيق لكثير من المتطلبات التي جاءت بها المواصفة الدولية (ISO/IEC 27001:2013) , وبحاجة الى اعادة بناء هيكل تنظيمي ووظائف تنسجم مع ما جاءت به المواصفة الداعمة (ISO/IEC 27003:2010).
 واختتم البحث بأهم توصية (تشكيل فريق عمل يتبنى تهيئة مستلزمات تطبيق المواصفة (ISO/IEC 27001:2013), ويعمل على تلبية متطلباتها ومتطلبات نظم الادارة الاخرى (نظام ادارة الجودة وغير ذلك) , وترتبط بالادارة العليا لتيسير الدعم بالموارد والصلاحيات
APA, Harvard, Vancouver, ISO, and other styles
6

Everett, Cath. "Is ISO 27001 worth it?" Computer Fraud & Security 2011, no. 1 (2011): 5–7. http://dx.doi.org/10.1016/s1361-3723(11)70005-7.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Musyarofah, Sitta Rif’atul, and Rahadian Bisma. "Analisis kesenjangan sistem manajemen keamanan informasi (SMKI) sebagai persiapan sertifikasi ISO/IEC 27001:2013 pada institusi pemerintah." Teknologi 11, no. 1 (2021): 1–15. http://dx.doi.org/10.26594/teknologi.v11i1.2152.

Full text
Abstract:
The Madiun City Communication and Informatics Service (Diskominfo) is a government institution that has the responsibility for managing information and communication technology in the Madiun city government. As a government institution to serving and providing information to the public, Diskominfo Madiun City is vulnerable to information security threats that can hinder its performance. Information Security Management System ISO / IEC 2701: 2013 is a system that expected to be able to provide effectiveness and efficiency of information security management at Diskominfo Madiun city. This research aims to determine the current conditions and how the readiness of Diskominfo Madiun City to achieve ISO/IEC 27001:2013 certification. From the results of the gap analysis, it can be seen that the percentage of readiness of Diskominfo Madiun City is 71%, with a readiness range between 19% - 100%. The highest level of readiness is 100% on the requirements of clause 4 concerning the organizational context and clause 10 concerning improvements, where all information security requirements have been met. While the lowest readiness percentage is 19% which is shown in the requirements of clause 6 regarding planning. The gap analysis method is used to determine how far the ISO/IEC 27001:2013 requirements are fulfilled. The results of the gap analysis show the extent of the readiness of Diskominfo Madiun City to carry out ISO/IEC 27001:2013 certification. The results of the research indicate that Diskominfo Madiun City must improve its readiness for ISO/IEC 27001:2013 certification by fulfill the requirements of the required information security documents based on ISO/IEC 27001:2013 standards.
APA, Harvard, Vancouver, ISO, and other styles
8

Setyawan, Ervin, and Farid Sukmana. "Penilaian Standar Mutu Pada Aplikasi Tiket Bioskop dengan ISO 27001 dan Fishbone Analisis." JTIM : Jurnal Teknologi Informasi dan Multimedia 2, no. 4 (2021): 214–22. http://dx.doi.org/10.35746/jtim.v2i4.110.

Full text
Abstract:
Cinema ticket application services make it easy to purchase movie tickets. Various applications, especially in the business sector, certainly require information security that has been guaranteed to be applied and international information security certificates in ISO 27001 quality standards. Therefore, the requirements for obtaining information security certificates in international quality ISO 27001 need to be analyzed first. It requires a lot of preparedness that must be requested in meeting ISO 27001 quality standards. The purpose of this study is to analyze the application of cinema tickets for ISO 27001 eligibility. Analytical research methods used include clauses, checklists, Likert scales, maturity levels, and fishbone diagrams. The authors' references were based on the writer's team's analysis that the authors made, including graphs, charts, clause scores, checklist scores, Likert scales, maturity levels, and fishbone diagrams. Based on the author's analysis results, the cinema ticket application system does not meet ISO 27001 standards, so much needs to be improved in the system. Likert scale scores are still 19%, while to meet ISO 27001 standards, Likert scale scores must reach at least 60%. The overall problem with assessing this analysis, which results in cinema tickets being inappropriate or not passing ISO 27001 quality standards, is the lack of Likert scale scores and fishbone diagrams. This analytical research hypothesis can be the basis for future research that the application can meet the feasibility test of ISO 27001 quality standards.
APA, Harvard, Vancouver, ISO, and other styles
9

Sundari, Piski, and Wella Wella. "SNI ISO/IEC 27001 dan Indeks KAMI: Manajemen Risiko PUSDATIN (PUPR)." Ultima InfoSys : Jurnal Ilmu Sistem Informasi 12, no. 1 (2021): 35–42. http://dx.doi.org/10.31937/si.v12i1.1701.

Full text
Abstract:
Pusdatin of the Ministry of Public Works and Public Housing is an institution that manages data and information to support management within the ministry of public works. This research was conducted to evaluate the maturity of agencies prior to conducting an external audit of ISO 27001: 2013 certification. The method used in this research is PDCA (Plan-Do-Check-Act) using our index and ISO 27001, the technicality of this research starts from a check for analysis of current conditions, Act is carried out for assessment of the WE index, Plan compares our index results with ISO 27001, and Do control recommendations for improvement. The results of this evaluation show that PUSDATIN stopped at level I + in yellow area and overall PUSDATIN stated, "Needs improvement". In conclusion, Pusdatin is not ready for an external audit of ISO 27001: 2013 certification. The aforementioned results form the basis for the recommendations made from the findings of the WE index and compared with the ISO 27001 control.
 
 Index Terms—audit keamanan informasi; indeks KAMI; ISO 27001:2013; tingkat kematangan SMKI
APA, Harvard, Vancouver, ISO, and other styles
10

Mantra, IGN. "Implementation: Information Security Management System (ISMS) ISO 27001:2005 at Perbanas University." ACMIT Proceedings 1, no. 1 (2014): 46–58. http://dx.doi.org/10.33555/acmit.v1i1.18.

Full text
Abstract:
There is a need for an Information Security Management System Standard (ISO 27001:2005) at Perbanas University in general. Particularly ABFII Perbanas needs IT governance on Information Security. ISO 27001:2005 is an Information Security Standard that widely used as Information Security Management System (ISMS). IT Governance approach is the main interest within ISO 27001:2005 for Perbanas University.
APA, Harvard, Vancouver, ISO, and other styles

Dissertations / Theses on the topic "ISO 27001"

1

Peroutka, Tomáš. "Integrace ISMS/ISO 27001/ISO 27002 do společnosti RWE." Master's thesis, Vysoká škola ekonomická v Praze, 2011. http://www.nusl.cz/ntk/nusl-114299.

Full text
Abstract:
The main theme of this diploma thesis is Information Security Management System (ISMS) which is based on security standard ISO 27001 and ISO 27002. This thesis is one part of the project of integration ISMS to company RWE. First goal is analysis of actual documentation of RWE. Second goal is proposal of ideal structure of ISMS documentation. Third goal is assignment the parts of RWE documentation to ideal structure of ISMS documentation. Analysis of actual documentation used knowledge about RWE documentation to create overview table with all documents and their relations. Ideal structure of ISMS documentation was based on selected parts of ISO 27001 and multicriterial analysis. Third goal of this thesis was reached by assignment parts of RWE documentation to selected parts of ISO 27001 from the second goal. Contribution of this diploma thesis is the ideal structure of ISMS documentation and form of old RWE documentation assignment, because these goals are usual steps of PDCA cycle of ISMS but they are described briefly and sparsely in security standards and works related to ISMS.
APA, Harvard, Vancouver, ISO, and other styles
2

Doubková, Veronika. "Bezpečnostní rizika podle standardu ISO 27001." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2020. http://www.nusl.cz/ntk/nusl-412984.

Full text
Abstract:
This diploma thesis deals with the management of security information, according to ISO/IEC 27005 and it is implementation in the Verinice software environment. The risk information management process is applied to a critical infrastructure, that is connected to a optical fiber network. The work focuses on incidents aimed at threatening data from optical threats and active network elements in transmission systems. The result of the work is defined as a risk file in the .VNA format containing identified risks, for which appropriate measures are implemented in connection with the requirements of ISO/IEC 27001, for the protection of critical infrastructures and transmitted data in the transmission system.
APA, Harvard, Vancouver, ISO, and other styles
3

Šumbera, Adam. "Zavedení managementu bezpečnosti informací v podniku dle ISO 27001." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2013. http://www.nusl.cz/ntk/nusl-224217.

Full text
Abstract:
This diploma thesis deals with implementation of the information security management system in company. The theoretical part of thesis summarizes the theoretical knowledge in the field of information security and describes a set of standards ISO/IEC 27000. In the following section the specific company is analysed, and to this company there are then applied theoretical knowledge during the implementation of information security management system.
APA, Harvard, Vancouver, ISO, and other styles
4

Ljunggren, Viktor, and Emil Freid. "Effekterna av en ISO/IEC 27001-certifiering : Upplevda förändringar bland små svenska organisationer." Thesis, Tekniska Högskolan, Jönköping University, JTH, Datateknik och informatik, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:hj:diva-49716.

Full text
Abstract:
Samhället idag är mer uppkopplat och hanterar större mängder information än tidigare. Informationen hanteras i större omfattning av IT-system där kraven på säker hantering av information blir allt större. För att hantera informationssäkerhet kan organisationer implementera ett ledningssystem för informationssäkerhet (LIS). Det tar både tid och resurser att designa och implementera ett LIS. För att denna investering ska vara lönsam bör den också ge ett mervärde för organisationer. För att standardisera och specificera uppbyggnaden av LIS har ISO/IEC 27001 (standard för LIS) utvecklats och implementerats av organisationer världen över. Syftet med denna studie är att identifiera vilka förändringar som en ISO/IEC 27001-certifiering leder till hos små organisationer i Sverige. En intervjustudie har utförts med en semistrukturerad intervju som datainsamlingsmetod. Utifrån den insamlade empirin har sex kategorier identifierats och beskrivs tematiskt utifrån varje informant. Studien visar att organisationer får en bättre process och kontroll över informationssäkerhet och en stärkt informationssäkerhetskultur. Utöver detta uppges informationssäkerhet ha förbättrats bland organisationer genom olika säkerhetsåtgärder. Dessutom har kommunikationen med kunder förenklats, när informationssäkerhet diskuteras. Studien undersöker ISO/IEC 27001-certifierings påverkan hos flera organisationer, för att få en diversitet på den insamlade empirin. Detta genomfördes med en informant per organisation, med överblick över både organisationen och certifieringen. Studien undersöker organisationer som redan är certifierade, då organisationen ska ha implementerat ISO/IEC 27001-standarden. Varken certifieringsprocessen, säkerhetsåtgärder, implementationen av eller tillämpningen av ledningssystemet har undersökts i denna studie.<br>Society today is more connected and handles more information than ever before. The information is handled to a greater extent by IT systems, where the requirements for secure information management have increased. To manage this increase in information flow, organization can implement an information security management system (ISMS). It takes both time and resources to design and implement an ISMS. For this investment to be profitable, it should also provide additional value for companies. In order to standardize and specify the structure of ISMS, ISO/IEC 27001 (Standard for ISMS) has been developed and implemented by companies all over the world. The purpose of this study is to identify the changes that an ISO/IEC 27001-certification leads to for small organisations in Sweden. An interview study has been conducted and semi-structured interviews has been used for data collection. Based on the collected empirical evidence, six categories have been identified and described thematically for each informant. The study shows that organisations get a better process and control over information security and a strengthened information security culture. In addition, information security is said to have improved among organisations through various security measures. In addition communications with customers have been simplified, whenever information security is discussed. The study examines the impact of ISO/IEC 27001-certification on four organisations, in order to ensure diversity of the empirical evidence collected. This was done with one informant per organisation, with an overview of both the organisation and the certification. The study examines organisations that are already certified, since the organisation need to have implemented the ISO/IEC 27001 standard. Neither the certification process, the security measures, the implementation nor the application of the management system have been investigated in this study.
APA, Harvard, Vancouver, ISO, and other styles
5

Palička, Jan. "Systémové řešení bezpečnosti informací v organizaci." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2017. http://www.nusl.cz/ntk/nusl-316954.

Full text
Abstract:
This diploma thesis deals with ISMS implementation in Netcope Technologies, a. s., which is involved in the production of network cards for high speed acceleration. This thesis is divided into two logical parts. In the first part the theoretical basis information is presented, including selected methods for implementing information security. In the second part, the analysis of the company and the proposed measures are presented.
APA, Harvard, Vancouver, ISO, and other styles
6

Zrcek, Tomáš. "Zhodnocení připravenosti podniku na zavedení ISO 27001 pomocí GAP analýzy." Master's thesis, Vysoká škola ekonomická v Praze, 2016. http://www.nusl.cz/ntk/nusl-203907.

Full text
Abstract:
The aim of the thesis is to evaluate the preparedness of an information security management system (ISMS) in a logistic company JASA s.r.o. for a certification by standard ISO/IEC 27001:2013. This enterprise oscillates between small and medium enterprise. It has already implemented the certificate on quality management ISO 9001:2008. For this reason, in the thesis there are presented advantages for a company that already has implemented one of ISO standards and decides to implement another. First of all, the present state of information security management system in Jasa s.r.o was compared to other businesses functioning in the Czech and European market. Then the company control environment was evaluated accordingly to the requirements of standard ISO/IEC 27001:2013. Furthermore, a scheme was created in order to evaluate specific controls based on the impact risk that could arise in case of ignoring the suggested recommendations. In the last part, the controls were evaluated accordingly to difficulty, so that the company can find cheap and fast solutions with adequate impact. The main contribution of the thesis is the evaluation of the approach to solve information security in one of many enterprises that are afraid or are starting to notice the increasing amount of security threats. This approach may be chosen by other companies that decide to go the similar way.
APA, Harvard, Vancouver, ISO, and other styles
7

Coetzer, Christo. "An investigation of ISO/IEC 27001 adoption in South Africa." Thesis, Rhodes University, 2015. http://hdl.handle.net/10962/d1018669.

Full text
Abstract:
The research objective of this study is to investigate the low adoption of the ISO/IEC 27001 standard in South African organisations. This study does not differentiate between the ISO/IEC 27001:2005 and ISO/IEC 27001:2013 versions, as the focus is on adoption of the ISO/IEC 27001 standard. A survey-based research design was selected as the data collection method. The research instruments used in this study include a web-based questionnaire and in-person interviews with the participants. Based on the findings of this research, the organisations that participated in this study have an understanding of the ISO/IEC 27001 standard; however, fewer than a quarter of these have fully adopted the ISO/IEC 27001 standard. Furthermore, the main business objectives for organisations that have adopted the ISO/IEC 27001 standard were to ensure legal and regulatory compliance, and to fulfil client requirements. An Information Security Management System management guide based on the ISO/IEC 27001 Plan-Do-Check-Act model is developed to help organisations interested in the standard move towards ISO/IEC 27001 compliance.
APA, Harvard, Vancouver, ISO, and other styles
8

Santos, Valdeci Otacilio dos. "Um modelo de sistema de gestão da segurança da informação baseado nas normas ABNT NBR ISO/IEC 27001:2006, 27002:2005 e 27005:2008." [s.n.], 2012. http://repositorio.unicamp.br/jspui/handle/REPOSIP/259797.

Full text
Abstract:
Orientador: Renato Baldini Filho<br>Dissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação<br>Made available in DSpace on 2018-08-21T18:11:43Z (GMT). No. of bitstreams: 1 Santos_ValdeciOtaciliodos_M.pdf: 1681366 bytes, checksum: 4ed0e181fcbc30a368afc34e5d374cec (MD5) Previous issue date: 2012<br>Resumo: O crescimento constante de ameaças e vulnerabilidades nos sistemas de informação faz com que a preocupação por parte dos administradores sobre a segurança desses sistemas também seja intensificada. Na busca de um nível adequado de segurança da informação, estão sendo criadas e aperfeiçoadas, não somente no Brasil, mas em escala mundial, legislações e normatizações que tratam sobre esse tema tão importante nos dias atuais. Este trabalho tem como objetivo propor um modelo de sistema de gestão da segurança da informação, com modelagem de processos e descrição das atividades, que contemple as principais diretrizes preconizadas nas normas ABNT NBR ISO/IEC 27001:2006, 27002:2005 e 27005:2008. O modelo proposto visa guiar a implementação de um novo sistema de gestão da segurança da informação em uma organização ou verificar a conformidade de um sistema já existente. O trabalho compreende uma aplicação prática do modelo proposto, em que foi executado um levantamento do nível de aderência das atividades desenvolvidas nos diversos processos que compõem um sistema de gestão da segurança da informação de uma organização, com o que está previsto no modelo e, consequentemente, nas normas utilizadas como referência. Na avaliação dos resultados da verificação realizada foi possível obter uma visão geral da situação em que se encontra a gestão da segurança da informação da organização, bem como a verificação dos pontos que estão de acordo com a normatização e daqueles que necessitam aprimoramentos<br>Abstract: The steady growth of threats and vulnerabilities in the information systems causes an intensified concern among administrators about the security of these systems. In search of an appropriate level of information security are being created and improved, not only in Brazil but worldwide, laws and regulations that deal with this important issue. This work aims to propose a model of information security management system with process modeling and description of activities, covering the main guidelines recommended in the standards ABNT NBR ISO/IEC 27001:2006, 27002:2005 e 27005:2008. The proposed model aims to guide the implementation of a new system for managing information security in an organization or verify the conformity of an existing system. The work includes a practical application of the proposed model, that was carried out a survey on the level of activities adhesion in the various processes that comprise a information security management system within an organization, what is envisaged in the model and consequently, the standards used as reference. In assessing the results of the verification carried out was possible to obtain an overview of the situation in which the information security management system of the organization is, as well as the verification of the points that are in accordance with norms and those that need improvement<br>Mestrado<br>Telecomunicações e Telemática<br>Mestre em Engenharia Elétrica
APA, Harvard, Vancouver, ISO, and other styles
9

Vicen, Šimon. "Zavedení standardu ISO 27701 do firmy využitím Gap analýzy." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2020. http://www.nusl.cz/ntk/nusl-417718.

Full text
Abstract:
This thesis analyses current state of the system for implementation of standard ISO 27701: 2019 extention. This standard extends already established standard ISO 27001. The thesis evaluates set of controls to the requirements of standard ISO 27701: 2019. Theoretical part contains information regarding the information security, describes a set of ISO 27000 standards as well as European and Czech legal acts related to information security. Following analysis of the company is performed with the application of security measures while implementing the extension standard ISO 27701. Contribution of this thesis is evaluation of the analysis which results from implementation of recommended standard to address the increased number of security threats and the protection of security information.
APA, Harvard, Vancouver, ISO, and other styles
10

Kryštof, Tomáš. "Návrh na zavedení nutných oblastí ISMS na základní škole." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2016. http://www.nusl.cz/ntk/nusl-241476.

Full text
Abstract:
This master thesis is concerned with the information security on a specific primary school. In the first and second part of this thesis there is an endeavor to provide basic theoretical starting points about ISMS issues, and to get an overview about the current state of the information security at the primary school. This is followed by the practical part where there is the proposal of suitable security steps and recommendation for solution of the most important tasks from the ICT management security perspective.
APA, Harvard, Vancouver, ISO, and other styles

Books on the topic "ISO 27001"

1

Brenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. Praxisbuch ISO/IEC 27001. Carl Hanser Verlag GmbH & Co. KG, 2011. http://dx.doi.org/10.3139/9783446430563.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

1970-, Watkins Steve, ed. IT governance: A manager's guide to data security and ISO 27001/ISO 27002. 4th ed. Kogan Page Limited, 2008.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
3

Kersten, Heinrich, Jürgen Reuter, and Klaus-Werner Schröder. IT-Sicherheitsmanagement nach ISO 27001 und Grundschutz. Edited by Heinrich Kersten and Klaus-Dieter Wolfenstetter. Springer Fachmedien Wiesbaden, 2013. http://dx.doi.org/10.1007/978-3-658-01724-8.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Kersten, Heinrich, Gerhard Klett, Jürgen Reuter, and Klaus-Werner Schröder. IT-Sicherheitsmanagement nach der neuen ISO 27001. Springer Fachmedien Wiesbaden, 2020. http://dx.doi.org/10.1007/978-3-658-27692-8.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Kersten, Heinrich, Jürgen Reuter, and Klaus-Werner Schröder. IT-Sicherheitsmanagement nach ISO 27001 und Grundschutz. Vieweg+Teubner, 2011. http://dx.doi.org/10.1007/978-3-8348-8165-6.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Kersten, Heinrich, Gerhard Klett, Jürgen Reuter, and Klaus-Werner Schröder. IT-Sicherheitsmanagement nach der neuen ISO 27001. Springer Fachmedien Wiesbaden, 2016. http://dx.doi.org/10.1007/978-3-658-14694-8.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Jürgen, Reuter, and Schröder Klaus-Werner, eds. IT-Sicherheitsmanagement nach ISO 27001 und Grundschutz: Der Weg zur Zertifizierung. 4th ed. Springer Vieweg, 2013.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
8

Kersten, Heinrich. IT-Sicherheitsmanagement nach ISO 27001 und Grundschutz: Der Weg zur Zertifizierung. Vieweg, 2008.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
9

Otter, Martine. Guide des certifications SI: Comparatif, analyse et tendances : ITIL, CobiT, ISO 27001, eSCM... 2nd ed. Dunod, 2009.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
10

Information security policy development for compliance: ISO/IEC 27001, NIST SP 800-53, HIPAA standard, PCI DSS V2.0, and AUP V5.0. CRC Press, Taylor & Francis Group, 2013.

Find full text
APA, Harvard, Vancouver, ISO, and other styles

Book chapters on the topic "ISO 27001"

1

Calder, Alan. "ISO 27001 and ISO 17799." In Governance, Risk, and Compliance Handbook. John Wiley & Sons, Inc., 2012. http://dx.doi.org/10.1002/9781118269213.ch12.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Kersten, Heinrich, Jürgen Reuter, and Klaus-Werner Schröder. "Das ISMS nach ISO 27001." In IT-Sicherheitsmanagement nach ISO 27001 und Grundschutz. Vieweg+Teubner, 2011. http://dx.doi.org/10.1007/978-3-8348-8165-6_3.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Kersten, Heinrich, Jürgen Reuter, and Klaus-Werner Schröder. "Das ISMS nach ISO 27001." In IT-Sicherheitsmanagement nach ISO 27001 und Grundschutz. Springer Fachmedien Wiesbaden, 2013. http://dx.doi.org/10.1007/978-3-658-01724-8_3.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Brenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "Zertifizierungsmöglichkeiten nach ISO/IEC 27000." In Praxisbuch ISO/IEC 27001. Carl Hanser Verlag GmbH & Co. KG, 2019. http://dx.doi.org/10.3139/9783446462762.007.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Brenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "Begriffsbildung nach ISO/IEC 27000." In Praxisbuch ISO/IEC 27001. Carl Hanser Verlag GmbH & Co. KG, 2019. http://dx.doi.org/10.3139/9783446462762.008.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Brenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "Zertifizierungsmöglichkeiten nach ISO/IEC 27000." In Praxisbuch ISO/IEC 27001. Carl Hanser Verlag GmbH & Co. KG, 2017. http://dx.doi.org/10.3139/9783446452602.007.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Brenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "Begriffsbildung nach ISO/IEC 27000." In Praxisbuch ISO/IEC 27001. Carl Hanser Verlag GmbH & Co. KG, 2017. http://dx.doi.org/10.3139/9783446452602.008.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Brenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "ISO/IEC 27001 – Spezifikationen und Mindestanforderungen." In Praxisbuch ISO/IEC 27001. Carl Hanser Verlag GmbH & Co. KG, 2019. http://dx.doi.org/10.3139/9783446462762.004.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Brenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "Abdruck der DIN ISO/IEC 27001." In Praxisbuch ISO/IEC 27001. Carl Hanser Verlag GmbH & Co. KG, 2019. http://dx.doi.org/10.3139/9783446462762.009.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Brenner, Michael, Nils gentschen Felde, Wolfgang Hommel, Stefan Metzger, Helmut Reiser, and Thomas Schaaf. "ISO/IEC 27001 – Spezifikationen und Mindestanforderungen." In Praxisbuch ISO/IEC 27001. Carl Hanser Verlag GmbH & Co. KG, 2017. http://dx.doi.org/10.3139/9783446452602.004.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "ISO 27001"

1

Monev, Veselin. "Organisational Information Security Maturity Assessment Based on ISO 27001 and ISO 27002." In 2020 International Conference on Information Technologies (InfoTech). IEEE, 2020. http://dx.doi.org/10.1109/infotech49733.2020.9211066.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Shrivastava, Ankur Kumar, Abhinav Kumar, Anant Kumar Rai, Nitisha Payal, and Amod Tiwari. "ISO 27001 Compliance via Artificial Neural Network." In 2013 5th International Conference on Computational Intelligence and Communication Networks (CICN). IEEE, 2013. http://dx.doi.org/10.1109/cicn.2013.77.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Talib, Manar Abu, Adel Khelifi, and Tahsin Ugurlu. "Using ISO 27001 in teaching information security." In IECON 2012 - 38th Annual Conference of IEEE Industrial Electronics. IEEE, 2012. http://dx.doi.org/10.1109/iecon.2012.6389395.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Carvalho, Carla, and Eduardo Marques. "Adapting ISO 27001 to a Public Institution." In 2019 14th Iberian Conference on Information Systems and Technologies (CISTI). IEEE, 2019. http://dx.doi.org/10.23919/cisti.2019.8760870.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Mattes, Icaro Valente, and Sérgio Murilo Petri. "ACCOUNTING INFORMATION SECURITY: PROCEDURES FOR THE PREPARATION OF A SECURITY POLICY BASED ON ISO 27001 And ISO 27002." In 10th CONTECSI International Conference on Information Systems and Technology Management. TECSI, 2013. http://dx.doi.org/10.5748/9788599693094-10contecsi/ps-205.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Evans, Rhys, Aggeliki Tsohou, Theo Tryfonas, and Thea Morgan. "Engineering secure systems with ISO 26702 and 27001." In 2010 5th International Conference on System of Systems Engineering (SoSE). IEEE, 2010. http://dx.doi.org/10.1109/sysose.2010.5544065.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Lopes, Isabel Maria, Teresa Guarda, and Pedro Oliveira. "How ISO 27001 Can Help Achieve GDPR Compliance." In 2019 14th Iberian Conference on Information Systems and Technologies (CISTI). IEEE, 2019. http://dx.doi.org/10.23919/cisti.2019.8760937.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Hsu, Carol, Tawei Wang, and Ang Lu. "The Impact of ISO 27001 Certification on Firm Performance." In 2016 49th Hawaii International Conference on System Sciences (HICSS). IEEE, 2016. http://dx.doi.org/10.1109/hicss.2016.600.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

AlKilani, Hamzeh, and Abdallah Qusef. "OSINT Techniques Integration with Risk Assessment ISO/IEC 27001." In DATA'21: International Conference on Data Science, E-learning and Information Systems 2021. ACM, 2021. http://dx.doi.org/10.1145/3460620.3460736.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Pecina, Koldo, Ricardo Estremera, Alfonso Bilbao, and Enrique Bilbao. "Physical and Logical Security management organization model based on ISO 31000 and ISO 27001." In 2011 International Carnahan Conference on Security Technology (ICCST). IEEE, 2011. http://dx.doi.org/10.1109/ccst.2011.6095894.

Full text
APA, Harvard, Vancouver, ISO, and other styles
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography