Information Security Governance: An action plan for a non-profit organization based in the Nordics

This thesis examined the gaps in the Information Security Governance process of a non-profit organization based in the Nordics and identified important actions required to close the existing gaps. The maturity level of seven (7) perspectives from the ISO 27002 relevant to the non-profit organization...

Full description

Bibliographic Details
Main Author: Olundegun, Luqman
Other Authors: Laurea-ammattikorkeakoulu
Format: Bachelor Thesis
Language:English
Published: Laurea-ammattikorkeakoulu 2018
Subjects:
information security governance
strategic alignment
maturity
information security organizational structure
fi=Turvallisuusala|sv=Säkerhetsbranschen|en=Security Management|
Degree Programme in Security Management
Norway
Iceland
Online Access:http://www.theseus.fi/handle/10024/147149
id fttheseus:oai:www.theseus.fi:10024/147149
record_format openpolar
spelling fttheseus:oai:www.theseus.fi:10024/147149 2024-02-11T10:05:15+01:00 Information Security Governance: An action plan for a non-profit organization based in the Nordics Olundegun, Luqman Laurea-ammattikorkeakoulu 2018 http://www.theseus.fi/handle/10024/147149 eng eng Laurea-ammattikorkeakoulu URN:NBN:fi:amk-201805188912 http://www.theseus.fi/handle/10024/147149 10024/77341 All rights reserved information security governance strategic alignment maturity information security organizational structure fi=Turvallisuusala|sv=Säkerhetsbranschen|en=Security Management| Degree Programme in Security Management fi=AMK-opinnäytetyö|sv=YH-examensarbete|en=Bachelor's thesis| 2018 fttheseus 2024-01-25T00:14:50Z This thesis examined the gaps in the Information Security Governance process of a non-profit organization based in the Nordics and identified important actions required to close the existing gaps. The maturity level of seven (7) perspectives from the ISO 27002 relevant to the non-profit organization was assessed using the COBIT maturity model to determine the gap between the current and desired level of the organization’s governance process. Five (5) Country representatives and three (3) Managers from 5 countries (Finland, Sweden, Denmark, Norway, and Iceland) were interviewed using a structured questionnaire developed based on ISO 27002 and COBIT maturity model. The thesis adopted a combination of qualitative and quantitative research method. The data collected from the interviews were used as the primary data source and a statistical representation of the data was depicted using a Radar chart to show the current level, desired level specified by the non-profit organization and the desired level specified by the respondents during the interview. The result of this thesis shows that the non-profit organization’s supplier service delivery management, incident management and information security risk management procedures were not in place while other perspectives such as information security policy, asset classification, continuity planning and personnel security were not standardized based on COBIT maturity model. In addition, the thesis shows the gap margin between the current and the organization’s desired maturity levels. The widest gap measured was in the organization’s supplier service delivery management procedures while the lowest gap measured was in the organization’s personnel security manage-ment procedures. This thesis provided a prioritized list of needed actions to close the identified gaps in the organization’s information security governance process to achieve its desired maturity level. The conclusion drawn from this thesis was that the non-profit organization is vulnerable to potential breaches ... Bachelor Thesis Iceland Theseus.fi (Open Repository of the Universities of Applied Sciences) Norway
institution Open Polar
collection Theseus.fi (Open Repository of the Universities of Applied Sciences)
op_collection_id fttheseus
language English
topic information security governance
strategic alignment
maturity
information security organizational structure
fi=Turvallisuusala|sv=Säkerhetsbranschen|en=Security Management|
Degree Programme in Security Management
spellingShingle information security governance
strategic alignment
maturity
information security organizational structure
fi=Turvallisuusala|sv=Säkerhetsbranschen|en=Security Management|
Degree Programme in Security Management
Olundegun, Luqman
Information Security Governance: An action plan for a non-profit organization based in the Nordics
topic_facet information security governance
strategic alignment
maturity
information security organizational structure
fi=Turvallisuusala|sv=Säkerhetsbranschen|en=Security Management|
Degree Programme in Security Management
description This thesis examined the gaps in the Information Security Governance process of a non-profit organization based in the Nordics and identified important actions required to close the existing gaps. The maturity level of seven (7) perspectives from the ISO 27002 relevant to the non-profit organization was assessed using the COBIT maturity model to determine the gap between the current and desired level of the organization’s governance process. Five (5) Country representatives and three (3) Managers from 5 countries (Finland, Sweden, Denmark, Norway, and Iceland) were interviewed using a structured questionnaire developed based on ISO 27002 and COBIT maturity model. The thesis adopted a combination of qualitative and quantitative research method. The data collected from the interviews were used as the primary data source and a statistical representation of the data was depicted using a Radar chart to show the current level, desired level specified by the non-profit organization and the desired level specified by the respondents during the interview. The result of this thesis shows that the non-profit organization’s supplier service delivery management, incident management and information security risk management procedures were not in place while other perspectives such as information security policy, asset classification, continuity planning and personnel security were not standardized based on COBIT maturity model. In addition, the thesis shows the gap margin between the current and the organization’s desired maturity levels. The widest gap measured was in the organization’s supplier service delivery management procedures while the lowest gap measured was in the organization’s personnel security manage-ment procedures. This thesis provided a prioritized list of needed actions to close the identified gaps in the organization’s information security governance process to achieve its desired maturity level. The conclusion drawn from this thesis was that the non-profit organization is vulnerable to potential breaches ...
author2 Laurea-ammattikorkeakoulu
format Bachelor Thesis
author Olundegun, Luqman
author_facet Olundegun, Luqman
author_sort Olundegun, Luqman
title Information Security Governance: An action plan for a non-profit organization based in the Nordics
title_short Information Security Governance: An action plan for a non-profit organization based in the Nordics
title_full Information Security Governance: An action plan for a non-profit organization based in the Nordics
title_fullStr Information Security Governance: An action plan for a non-profit organization based in the Nordics
title_full_unstemmed Information Security Governance: An action plan for a non-profit organization based in the Nordics
title_sort information security governance: an action plan for a non-profit organization based in the nordics
publisher Laurea-ammattikorkeakoulu
publishDate 2018
url http://www.theseus.fi/handle/10024/147149
geographic Norway
geographic_facet Norway
genre Iceland
genre_facet Iceland
op_relation URN:NBN:fi:amk-201805188912
http://www.theseus.fi/handle/10024/147149
10024/77341
op_rights All rights reserved
_version_ 1790602175353716736

Similar Items