Information Security Management System Implementation for a CERT
Laukka, Lasse Petteri (2015)
2015
Tietotekniikan koulutusohjelma
Tieto- ja sähkötekniikan tiedekunta - Faculty of Computing and Electrical Engineering
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2015-06-03
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tty-201505181293
https://urn.fi/URN:NBN:fi:tty-201505181293
Tiivistelmä
This thesis is about implementing an ISMS (Information Security Management System) for a CERT (Computer Emergency Response Team). In this thesis the ISMS is based on the ISO 27000 standard family which is an internationally recognized standard developed by the International Organization for Standardization.
This thesis will provide a clear guideline on how to implement the ISO 27001 requirements for ISMS in an effective way for a CERT. A CERT is a team that is responsible for being the single point of contact when something goes wrong. A CERT usually handles vulnerability coordination, incident response and other information security related areas. It is very important that the level of information security inside the CERT is at a decent level.
The ISO 27001 is a general level standard meant for every organization there is, so it has to be tailored for the use of the target organization. The implementation of the ISMS requires a lot of research and effort if one wants to implement that for a CERT. This thesis provides one way to have the ISMS successfully implemented. However the actual certification is not in the scope of this thesis as it is not often required for a CERT.
This thesis will provide a clear guideline on how to implement the ISO 27001 requirements for ISMS in an effective way for a CERT. A CERT is a team that is responsible for being the single point of contact when something goes wrong. A CERT usually handles vulnerability coordination, incident response and other information security related areas. It is very important that the level of information security inside the CERT is at a decent level.
The ISO 27001 is a general level standard meant for every organization there is, so it has to be tailored for the use of the target organization. The implementation of the ISMS requires a lot of research and effort if one wants to implement that for a CERT. This thesis provides one way to have the ISMS successfully implemented. However the actual certification is not in the scope of this thesis as it is not often required for a CERT.