Hide/Show Apps

An automated tool for information security management system

Erkan, Ahmet
This thesis focuses on automation of processes of Information Security Management System. In accordance with two International Standards, ISO/IEC 27001:2005 and ISO/IEC 17799:2005, to automate the activities required for a documented ISMS as much as possible helps organizations. Some of the well known tools in this scope are analyzed and a comparative study on them including “InfoSec Toolkit”, which is developed for this purpose in the thesis scope, is given. “InfoSec Toolkit” is based on ISO/IEC 27001:2005 and ISO 17799:2005. Five basic integrated modules constituting the “InfoSec Toolkit” are “Gap Analysis Module”, “Risk Module”, “Policy Management Module”, “Monitoring Module” and “Query and Reporting Module”. In addition a research framework is proposed in order to assess the public and private organizations’ information security situation in Turkey.