Riktlinjer för implementering av ISO 17799
An ongoing concern within the Intellectual Technological world is the issue of security. There are severe consequences if someone without permission searches a computer for secret information that was left unlocked. In order to prevent this situation from occurring, rules about password lengths or employees bringing personal flash drives into the company should be created and followed.As Internet become a worldwide phenomenon, the use of information technology is growing more than ever. With more use and accessibility to Internet, new threats against companies have also emerged. This report brings up the main issues that a company needs to regulate today.The standard for regulations and proposals for IT-security comes in a document called ISO 17799 and very complicated for those who are not experts in the field. Very few small companies manage to apply the standard since it too large and complex.The main goal with this thesis is to create a simplified version of ISO 17799 and to make it understandable by non experts. The thesis also gives focus on Conect AB through suggesting a template in which shall be adjusted for their customers to use and inform them of threats that may be of interest.This thesis is based on the following questions:How can we make the standard less difficult to understand?Does the material cover the necessary needs of network security?How often shall the material be updated to be up to date in the future?As a result, this thesis displays the ISO 17799 in the form of a suggested template and it presents explanations and consequences if a company/organisation does not have a particular function or a physical implementation.The method in which the template had been created was through the reading of the ISO 17799 standard for insight on what is included and the explanations in which certain parts are vital. Even if a standard should have proper information possible as well as contain the latest information, the project group processed other sources and explanations in order to get higher credibility and to see if there were new technology and facts about the subject.