The implementation of an Information Security Management System (ISMS) helps enterprises to systematically deal with information security risks that might tamper with the confidentiality, integrity, availability or privacy of their data and services. While larger enterprises typically operate an ISMS, smaller enterprises do not always have the capabilities to start such an initiative. Current statutory developments, however, will demand more enterprises – including small and medium enterprises (SME) – to operate such an ISMS in the next years.
Typical challenges for SMEs trying to establish an ISMS are
- Identification of suitable information security goals and measures to counteract threats
- Missing documentation of relevant assets (e.g., information objects, applications, services, hardware components)
- Lack of (technical) knowledge to reliably check security controls
Implementation of a one-stop ISMS solution for SMEs running on a Raspberry Pi (or equivalent). This ISMS in a Box should provide all means for SMEs to quickly establish their own ISMS by offering a predefined set of security goals, controls and policies derived from standards and best practices. The ISMS in a Box should automatically create and maintain an asset catalogue via network/service discovery. Furthermore, suitable security controls should be automatically checked for identified assets (e.g., ensure that non-required ports are closed on all servers).
- Identification of suitable information security goals and controls for SMEs
- Elicitation of tools to automatically
- derive relevant assets (e.g., servers, workstations, mobile clients, software, services, …)
- check compliance with identified security controls
- Configuration of Raspberry Pi (or equivalent)
- Preparation of ADAMANT instance for SME-sized ISMS
- Evaluation in SME setting
This project can be tackled by a single student or a team of up to two students (with additional tasks).
Contact: Michael Brunner (firstname.lastname@example.org)