An automated tool for information security management system

Thesis Type: Postgraduate

Institution Of The Thesis: Orta Doğu Teknik Üniversitesi, Graduate School of Informatics, Information Systems, Turkey

Approval Date: 2006


Supervisor: ALİ ARİFOĞLU


This thesis focuses on automation of processes of Information Security Management System. In accordance with two International Standards, ISO/IEC 27001:2005 and ISO/IEC 17799:2005, to automate the activities required for a documented ISMS as much as possible helps organizations. Some of the well known tools in this scope are analyzed and a comparative study on them including “InfoSec Toolkit”, which is developed for this purpose in the thesis scope, is given. “InfoSec Toolkit” is based on ISO/IEC 27001:2005 and ISO 17799:2005. Five basic integrated modules constituting the “InfoSec Toolkit” are “Gap Analysis Module”, “Risk Module”, “Policy Management Module”, “Monitoring Module” and “Query and Reporting Module”. In addition a research framework is proposed in order to assess the public and private organizations’ information security situation in Turkey.