| Summary: | Abstract. Information security has begun to receive an increasing amount of intention. The importance of information security has started to be recognized among organizations and the work to comply with the increased requirements has been started. One essential method of managing information security is an information security policy, that is created and managed to suit the needs of each organization.
Managing information security policies can be viewed a tedious task and thus easily dismissed or done quickly. There are several aspects to cover and components to manage, including technical aspects and the human factors. The purpose of this thesis is to provide an insight to the managerial aspect of information security and the policies through a literary review.
This thesis is not intended to be a guide on how to create an information security policy. It rather is providing a view of the studies concerning information security management and, in some instances, how information security is managed in some organizations. The results of this thesis can be used in creating a list of aspects that are valuable in managing information security and policy creation.
|
|---|
