Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Open Access Guideline
Open Access Guideline
Postgraduate Thesis Guideline
Postgraduate Thesis Guideline
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
AN INFORMATION SECURITY ASSESSMENT MODEL FOR VERY SMALL ENTITIES
Download
10364076.pdf
Date
2024-6-7
Author
Bitlisli Erdivan, Halime Eda
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
171
views
136
downloads
Cite This
In today’s digital landscape, the significance of information security is undeniable for Very Small Entities (VSEs) just like larger corporations. Despite their size, VSEs handle sensitive data and must safeguard their assets. Therefore, information security is crucial for their sustainability and success. It is obvious that VSEs face challenges in meeting the costs, time constraints, and resource limitations required for certification against complex information security standards such as ISO/IEC 27001, CIS Controls, and NIST SP 800-53. Considering that the majority of organizations in the sector are VSEs, it becomes evident that there is a demand for information security standards specifically tailored to address the unique needs and challenges of small-scale organizations. The literature review conducted revealed a substantial gap in the assessment of information security concerning VSEs. Due to these reasons, this thesis aims to analyze and harmonize ISO/IEC 27001 standard, CIS Controls, CMMC framework, Information and Communication Security Guide, NIST IR 7621, and NIST Special Publication (SP) 800-53 security and privacy control framework in order to develop an information security assessment model for VSEs. This model, named SecureVSE, comprises 15 processes and a total of 52 associated practices specifically designed to cater to the needs of VSEs. The applicability and usefulness of this study have been confirmed through expert reviews conducted with five lead auditors who have extensive experience in the security domain, as well as through detailed case studies conducted in three VSEs.
Subject Keywords
Information Security, Very Small Entities, ISO/IEC 27001, NIST IR 7621
URI
https://hdl.handle.net/11511/110104
Collections
Graduate School of Informatics, Thesis
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
H. E. Bitlisli Erdivan, “AN INFORMATION SECURITY ASSESSMENT MODEL FOR VERY SMALL ENTITIES,” M.S. - Master of Science, Middle East Technical University, 2024.