Integrated implementation of ISO/IEC 27001 and the NIST cybersecurity framework at PICadvanced

Bibliographic Details
Main Author: Amarante, André Gramata Ribau
Publication Date: 2022
Format: Master thesis
Language: eng
Source: Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Download full: http://hdl.handle.net/10773/36656
Summary: ISO/IEC 27001 is an information security standard increasingly present in the current global market. Lately, there has been a rise in the concern of companies with information security, whether it is fueled by the current pandemic, by the increase in attacks to all types of organizations or even by the legislation requirements of various countries. This thesis aims for the planning, execution and evaluation of an ISO/IEC 27001 implementation project at PICadvanced, an organization inserted in the Small and Medium-sized enterprises (SME) category, and founded at ’Incubadora da Universidade de Aveiro’ in 2014, operating in the telecommunications market. The possibility of integration of the NIST cybersecurity framework with the 27001 project will also be studied and implemented. Lastly, since PICadvanced has an ongoing ISO 9001 implementation project (relative to quality management) which may be integrated with the information security system, the 27001 project will include measures in that direction.
id RCAP_5091a76ee94e99d30fd81b27a7c00192
oai_identifier_str oai:ria.ua.pt:10773/36656
network_acronym_str RCAP
network_name_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str https://opendoar.ac.uk/repository/7160
spelling Integrated implementation of ISO/IEC 27001 and the NIST cybersecurity framework at PICadvancedISO/IEC 27001Information securityISMSNISTCSFSMEISO/IEC 27001 is an information security standard increasingly present in the current global market. Lately, there has been a rise in the concern of companies with information security, whether it is fueled by the current pandemic, by the increase in attacks to all types of organizations or even by the legislation requirements of various countries. This thesis aims for the planning, execution and evaluation of an ISO/IEC 27001 implementation project at PICadvanced, an organization inserted in the Small and Medium-sized enterprises (SME) category, and founded at ’Incubadora da Universidade de Aveiro’ in 2014, operating in the telecommunications market. The possibility of integration of the NIST cybersecurity framework with the 27001 project will also be studied and implemented. Lastly, since PICadvanced has an ongoing ISO 9001 implementation project (relative to quality management) which may be integrated with the information security system, the 27001 project will include measures in that direction.A ISO/IEC 27001 é uma norma de segurança de informação cada vez mais presente no mercado global dos dias de hoje. Nos últimos tempos, temos assistido ao crescimento da preocupação das empresas com a segurança da informação, seja pela situação pandémica vivida, pela crescente onda de ataques informáticos a todo o tipo de organizações ou mesmo pelas exigências normativas dos diferentes países. Esta dissertação visa o planeamento, execução e avaliação de um projeto de implementação da norma ISO/IEC 27001 na empresa PICadvanced, uma empresa atualmente pretencente ao grupo das Pequenas e Média Empresas (PME), e fundada na Incubadora da Universidade de Aveiro em 2014, operando no mercado das telecomunicações. A possibilidade de integração da framework de cibersegurança do NIST com o projeto da 27001 será também estudada e implementada. Por fim, como decorre atualmente na PICadvanced a implementação da ISO 9001 (referente à gestão de qualidade) e cuja implementação pode ser integrada com o sistema de segurança de informação, o projeto da 27001 irá incluir medidas nesse sentido.2024-12-28T00:00:00Z2022-12-16T00:00:00Z2022-12-16info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/10773/36656engAmarante, André Gramata Ribauinfo:eu-repo/semantics/embargoedAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2024-05-06T04:43:41Zoai:ria.ua.pt:10773/36656Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-28T14:18:09.328896Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv Integrated implementation of ISO/IEC 27001 and the NIST cybersecurity framework at PICadvanced
title Integrated implementation of ISO/IEC 27001 and the NIST cybersecurity framework at PICadvanced
spellingShingle Integrated implementation of ISO/IEC 27001 and the NIST cybersecurity framework at PICadvanced
Amarante, André Gramata Ribau
ISO/IEC 27001
Information security
ISMS
NIST
CSF
SME
title_short Integrated implementation of ISO/IEC 27001 and the NIST cybersecurity framework at PICadvanced
title_full Integrated implementation of ISO/IEC 27001 and the NIST cybersecurity framework at PICadvanced
title_fullStr Integrated implementation of ISO/IEC 27001 and the NIST cybersecurity framework at PICadvanced
title_full_unstemmed Integrated implementation of ISO/IEC 27001 and the NIST cybersecurity framework at PICadvanced
title_sort Integrated implementation of ISO/IEC 27001 and the NIST cybersecurity framework at PICadvanced
author Amarante, André Gramata Ribau
author_facet Amarante, André Gramata Ribau
author_role author
dc.contributor.author.fl_str_mv Amarante, André Gramata Ribau
dc.subject.por.fl_str_mv ISO/IEC 27001
Information security
ISMS
NIST
CSF
SME
topic ISO/IEC 27001
Information security
ISMS
NIST
CSF
SME
description ISO/IEC 27001 is an information security standard increasingly present in the current global market. Lately, there has been a rise in the concern of companies with information security, whether it is fueled by the current pandemic, by the increase in attacks to all types of organizations or even by the legislation requirements of various countries. This thesis aims for the planning, execution and evaluation of an ISO/IEC 27001 implementation project at PICadvanced, an organization inserted in the Small and Medium-sized enterprises (SME) category, and founded at ’Incubadora da Universidade de Aveiro’ in 2014, operating in the telecommunications market. The possibility of integration of the NIST cybersecurity framework with the 27001 project will also be studied and implemented. Lastly, since PICadvanced has an ongoing ISO 9001 implementation project (relative to quality management) which may be integrated with the information security system, the 27001 project will include measures in that direction.
publishDate 2022
dc.date.none.fl_str_mv 2022-12-16T00:00:00Z
2022-12-16
2024-12-28T00:00:00Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10773/36656
url http://hdl.handle.net/10773/36656
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/embargoedAccess
eu_rights_str_mv embargoedAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron:RCAAP
instname_str FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str RCAAP
institution RCAAP
reponame_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv info@rcaap.pt
_version_ 1833594482778439680

Similar Items