Defining Information Security As a Policy

Abstract: This report is a bachelor thesis created for the Technology Center as a part of the Software Engineering and Management programme at the IT University of Göteborg. The report deals with the problem of security issues in organizations with wast amounts of data. The question at issue asked what could be done to increase information security for the Technology Center at the IT University of Göteborg. While solving the problem the report presents the Technology Center and what their ITresources is and why they should be secured. The author describes the method used to gather data that was used in a risk assessment and analysis. The next part in the authors struggle to increase information security was to create an information security policy. The policy is a document that all members and users of the Technology Center should read and follow as it has rules and guidelines that can help the organization minimize the risks found in the analysis. The author recommends that the organization as future research creates more formal supporting policies that focus more on a single subject like network- or user management.