Integrated implementation of ISO/IEC 27001 and the NIST cybersecurity framework at PICadvanced
Autor(a) principal: | |
---|---|
Data de Publicação: | 2022 |
Tipo de documento: | Dissertação |
Idioma: | eng |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | http://hdl.handle.net/10773/36656 |
Resumo: | ISO/IEC 27001 is an information security standard increasingly present in the current global market. Lately, there has been a rise in the concern of companies with information security, whether it is fueled by the current pandemic, by the increase in attacks to all types of organizations or even by the legislation requirements of various countries. This thesis aims for the planning, execution and evaluation of an ISO/IEC 27001 implementation project at PICadvanced, an organization inserted in the Small and Medium-sized enterprises (SME) category, and founded at ’Incubadora da Universidade de Aveiro’ in 2014, operating in the telecommunications market. The possibility of integration of the NIST cybersecurity framework with the 27001 project will also be studied and implemented. Lastly, since PICadvanced has an ongoing ISO 9001 implementation project (relative to quality management) which may be integrated with the information security system, the 27001 project will include measures in that direction. |
id |
RCAP_5091a76ee94e99d30fd81b27a7c00192 |
---|---|
oai_identifier_str |
oai:ria.ua.pt:10773/36656 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
Integrated implementation of ISO/IEC 27001 and the NIST cybersecurity framework at PICadvancedISO/IEC 27001Information securityISMSNISTCSFSMEISO/IEC 27001 is an information security standard increasingly present in the current global market. Lately, there has been a rise in the concern of companies with information security, whether it is fueled by the current pandemic, by the increase in attacks to all types of organizations or even by the legislation requirements of various countries. This thesis aims for the planning, execution and evaluation of an ISO/IEC 27001 implementation project at PICadvanced, an organization inserted in the Small and Medium-sized enterprises (SME) category, and founded at ’Incubadora da Universidade de Aveiro’ in 2014, operating in the telecommunications market. The possibility of integration of the NIST cybersecurity framework with the 27001 project will also be studied and implemented. Lastly, since PICadvanced has an ongoing ISO 9001 implementation project (relative to quality management) which may be integrated with the information security system, the 27001 project will include measures in that direction.A ISO/IEC 27001 é uma norma de segurança de informação cada vez mais presente no mercado global dos dias de hoje. Nos últimos tempos, temos assistido ao crescimento da preocupação das empresas com a segurança da informação, seja pela situação pandémica vivida, pela crescente onda de ataques informáticos a todo o tipo de organizações ou mesmo pelas exigências normativas dos diferentes países. Esta dissertação visa o planeamento, execução e avaliação de um projeto de implementação da norma ISO/IEC 27001 na empresa PICadvanced, uma empresa atualmente pretencente ao grupo das Pequenas e Média Empresas (PME), e fundada na Incubadora da Universidade de Aveiro em 2014, operando no mercado das telecomunicações. A possibilidade de integração da framework de cibersegurança do NIST com o projeto da 27001 será também estudada e implementada. Por fim, como decorre atualmente na PICadvanced a implementação da ISO 9001 (referente à gestão de qualidade) e cuja implementação pode ser integrada com o sistema de segurança de informação, o projeto da 27001 irá incluir medidas nesse sentido.2024-12-28T00:00:00Z2022-12-16T00:00:00Z2022-12-16info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10773/36656engAmarante, André Gramata Ribauinfo:eu-repo/semantics/embargoedAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-02-22T12:10:39Zoai:ria.ua.pt:10773/36656Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T03:07:22.758430Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
Integrated implementation of ISO/IEC 27001 and the NIST cybersecurity framework at PICadvanced |
title |
Integrated implementation of ISO/IEC 27001 and the NIST cybersecurity framework at PICadvanced |
spellingShingle |
Integrated implementation of ISO/IEC 27001 and the NIST cybersecurity framework at PICadvanced Amarante, André Gramata Ribau ISO/IEC 27001 Information security ISMS NIST CSF SME |
title_short |
Integrated implementation of ISO/IEC 27001 and the NIST cybersecurity framework at PICadvanced |
title_full |
Integrated implementation of ISO/IEC 27001 and the NIST cybersecurity framework at PICadvanced |
title_fullStr |
Integrated implementation of ISO/IEC 27001 and the NIST cybersecurity framework at PICadvanced |
title_full_unstemmed |
Integrated implementation of ISO/IEC 27001 and the NIST cybersecurity framework at PICadvanced |
title_sort |
Integrated implementation of ISO/IEC 27001 and the NIST cybersecurity framework at PICadvanced |
author |
Amarante, André Gramata Ribau |
author_facet |
Amarante, André Gramata Ribau |
author_role |
author |
dc.contributor.author.fl_str_mv |
Amarante, André Gramata Ribau |
dc.subject.por.fl_str_mv |
ISO/IEC 27001 Information security ISMS NIST CSF SME |
topic |
ISO/IEC 27001 Information security ISMS NIST CSF SME |
description |
ISO/IEC 27001 is an information security standard increasingly present in the current global market. Lately, there has been a rise in the concern of companies with information security, whether it is fueled by the current pandemic, by the increase in attacks to all types of organizations or even by the legislation requirements of various countries. This thesis aims for the planning, execution and evaluation of an ISO/IEC 27001 implementation project at PICadvanced, an organization inserted in the Small and Medium-sized enterprises (SME) category, and founded at ’Incubadora da Universidade de Aveiro’ in 2014, operating in the telecommunications market. The possibility of integration of the NIST cybersecurity framework with the 27001 project will also be studied and implemented. Lastly, since PICadvanced has an ongoing ISO 9001 implementation project (relative to quality management) which may be integrated with the information security system, the 27001 project will include measures in that direction. |
publishDate |
2022 |
dc.date.none.fl_str_mv |
2022-12-16T00:00:00Z 2022-12-16 2024-12-28T00:00:00Z |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
format |
masterThesis |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10773/36656 |
url |
http://hdl.handle.net/10773/36656 |
dc.language.iso.fl_str_mv |
eng |
language |
eng |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/embargoedAccess |
eu_rights_str_mv |
embargoedAccess |
dc.format.none.fl_str_mv |
application/pdf |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799137729220444160 |