Logo Politecnico di Torino
ITEN
WebThesis

Towards standardization of audit procedures for the new version of ISO/IEC 27002

Maria Luisa Morello

Towards standardization of audit procedures for the new version of ISO/IEC 27002.

Rel. Cataldo Basile, Fabio Guasconi. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2022

[thumbnail of Tesi_di_laurea]
Preview
 PDF (Tesi_di_laurea) - Tesi
Licenza: Creative Commons Attribution Non-commercial No Derivatives.
Download (5MB) | Preview
[thumbnail of Documenti_allegati] Archive (ZIP) (Documenti_allegati) - Altro
Licenza: Creative Commons Attribution Non-commercial No Derivatives.
Download (1MB)

Abstract

The integration of information technology as a fundamental part of the operational core of organizations has increased their exposure to information security risks and, consequently, has introduced the need for adequate security measures. The implementation of an Information Security Management System is covered by several international standards belonging to the ISO/IEC 27000 family, some of which can be used for certification purposes. This process requires that an accredited certification body reviews the entire documentation and verifies the related controls' implementation by carrying out the audit. Since it is a complex activity with a remarkable subjectivity margin, a guidance such as ISO/IEC 27008 (Guidelines for the assessment of information security controls) is essential.

However, this document does not provide a detailed procedure for each security control to be verified so this could lead to different evaluations' accuracy

Relatori

Cataldo Basile, Fabio Guasconi

Tipo di pubblicazione

Elettronica

URI

https://webthesis.biblio.polito.it/id/eprint/22811
Modifica (riservato agli operatori) Modifica (riservato agli operatori)
Logo Politecnico di Torino