Maria Luisa Morello
Towards standardization of audit procedures for the new version of ISO/IEC 27002.
Rel. Cataldo Basile, Fabio Guasconi. Politecnico di Torino, Master of science program in Computer Engineering, 2022
|
Preview |
PDF (Tesi_di_laurea)
- Thesis
Licence: Creative Commons Attribution Non-commercial No Derivatives. Download (5MB) | Preview |
![[thumbnail of Documenti_allegati]](https://webthesis.biblio.polito.it/style/images/fileicons/application_zip.png "Documenti_allegati")
|
Archive (ZIP) (Documenti_allegati)
- Other
Licence: Creative Commons Attribution Non-commercial No Derivatives. Download (1MB) |
Abstract
The integration of information technology as a fundamental part of the operational core of organizations has increased their exposure to information security risks and, consequently, has introduced the need for adequate security measures. The implementation of an Information Security Management System is covered by several international standards belonging to the ISO/IEC 27000 family, some of which can be used for certification purposes. This process requires that an accredited certification body reviews the entire documentation and verifies the related controls' implementation by carrying out the audit. Since it is a complex activity with a remarkable subjectivity margin, a guidance such as ISO/IEC 27008 (Guidelines for the assessment of information security controls) is essential.
However, this document does not provide a detailed procedure for each security control to be verified so this could lead to different evaluations' accuracy
Relators
Academic year
Publication type
Number of Pages
Course of studies
Classe di laurea
Aziende collaboratrici
URI
 |
Modify record (reserved for operators) |
