Security Policy Development and Deployment: a Case Study

Janez Pirc (2010) Security Policy Development and Deployment: a Case Study. EngD thesis.

Abstract

The diploma thesis describes the development and deployment of three security policies for a company with more than thousand employees and several locations throughout Slovenia. The thesis begins with a detailed description of the company's environment and the perception of security – related problems. After that, the fundamental characteristics of information security and security policies are reviewed. A special focus is given on the meaning of effectiveness and deployment of security policies in a company’s practice. In this sense, the possible reasons and consequences of an unsuccessful deployment are also presented, followed by a review of two international standards dealing with security policies. In the last part of the thesis, the core ideas of proposed security policies are explained together with their relation to existing documentation in the company. Additionally, we include a short discussion on more restrictive rules, which would probably make the policy less efficient. A step by step description of the necessary activities for deploying the security policies and additions to the existing documentation is given at the end.

Item Type:

Thesis (EngD thesis)

Keywords:

security policy, standard ISO 27002:2005, The Standard of Good Practice for Information Security, policy architecture, risk assessment, information security

Number of Pages:

Language of Content:

Slovenian

Mentor / Comentors:

Name and Surname	ID	Function
doc. dr. Mojca Ciglarič	256	Mentor

Link to COBISS:

http://www.cobiss.si/scripts/cobiss?command=search&base=50070&select=(ID=7687764)

Institution:

University of Ljubljana

Department:

Faculty of Computer and Information Science

Item ID:

1059

Date Deposited:

15 Apr 2010 11:03

Last Modified:

13 Aug 2011 00:37

URI:

http://eprints.fri.uni-lj.si/id/eprint/1059

Actions (login required)

View Item