Information Security Governance: An action plan for a non-profit organization based in the Nordics

This thesis examined the gaps in the Information Security Governance process of a non-profit organization based in the Nordics and identified important actions required to close the existing gaps. The maturity level of seven (7) perspectives from the ISO 27002 relevant to the non-profit organization...

Full description

Bibliographic Details
Main Author: Olundegun, Luqman
Other Authors: Laurea-ammattikorkeakoulu
Format: Bachelor Thesis
Language:English
Published: Laurea-ammattikorkeakoulu 2018
Subjects:
information security governance
strategic alignment
maturity
information security organizational structure
fi=Turvallisuusala|sv=Säkerhetsbranschen|en=Security Management|
Degree Programme in Security Management
Norway
Iceland
Online Access:http://www.theseus.fi/handle/10024/147149
Description
Summary:This thesis examined the gaps in the Information Security Governance process of a non-profit organization based in the Nordics and identified important actions required to close the existing gaps. The maturity level of seven (7) perspectives from the ISO 27002 relevant to the non-profit organization was assessed using the COBIT maturity model to determine the gap between the current and desired level of the organization’s governance process. Five (5) Country representatives and three (3) Managers from 5 countries (Finland, Sweden, Denmark, Norway, and Iceland) were interviewed using a structured questionnaire developed based on ISO 27002 and COBIT maturity model. The thesis adopted a combination of qualitative and quantitative research method. The data collected from the interviews were used as the primary data source and a statistical representation of the data was depicted using a Radar chart to show the current level, desired level specified by the non-profit organization and the desired level specified by the respondents during the interview. The result of this thesis shows that the non-profit organization’s supplier service delivery management, incident management and information security risk management procedures were not in place while other perspectives such as information security policy, asset classification, continuity planning and personnel security were not standardized based on COBIT maturity model. In addition, the thesis shows the gap margin between the current and the organization’s desired maturity levels. The widest gap measured was in the organization’s supplier service delivery management procedures while the lowest gap measured was in the organization’s personnel security manage-ment procedures. This thesis provided a prioritized list of needed actions to close the identified gaps in the organization’s information security governance process to achieve its desired maturity level. The conclusion drawn from this thesis was that the non-profit organization is vulnerable to potential breaches ...

Similar Items