• norsk
    • English
  • English 
    • norsk
    • English
  • Login
View Item 
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi
  • View Item
  •   Home
  • Fakultet for informasjonsteknologi og elektroteknikk (IE)
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

Positioning the roles, interfaces and processes in the information security scene

Papadopoulos, Dimitrios
Master thesis
Thumbnail
View/Open
DPapadopoulos.pdf (13.93Mb)
URI
http://hdl.handle.net/11250/143968
Date
2013
Metadata
Show full item record
Collections
  • Institutt for informasjonssikkerhet og kommunikasjonsteknologi [1564]
Abstract
All information security professionals around the globe acknowledge that "everyone is

responsible for information security" in a company. This trivial statement looks clever

but hides core challenges, "Who is everyone? How does everyone contribute or challenge

information security?" In our researched project we researched in-depth roles, processes

and interaction in the corporate information security, by creating a framework for crystal

clear defined roles and its associated security obligations and responsibilities. 20 corporate

roles are analysed from management and security perspective; classical interactions

between information security roles leveraging and turning down security are given in

case studies. Furthermore we generated structured tasks descriptions of the roles and

open the road to the fulfilment of an information security consultants dream by creating

Job descriptions including its security responsibilities! We justified the necessity of

defining roles and by introducing benefits of this approach:

1. Avoiding unnecessary conflicts and internal politics by establishing security organization

with inclusion of all employee’s duties.

2. Increasing security-level, efficiency and productivity by assigning clearly responsibilities.

3. Achieving good information security governance by encouraging coordinated team

effort and mutual control.

Illustrative corporate examples demonstrate the need to supplement traditional corporate

information security governance frameworks with roles and responsibilities for all

positions. Templates for both security obligations and task description are provided for

being used in corporations.

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit
 

 

Browse

ArchiveCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsDocument TypesJournalsThis CollectionBy Issue DateAuthorsTitlesSubjectsDocument TypesJournals

My Account

Login

Statistics

View Usage Statistics

Contact Us | Send Feedback

Privacy policy
DSpace software copyright © 2002-2019  DuraSpace

Service from  Unit