Over the last decade or so, there has been a great push from the government to implement Information Security Management Systems (ISMS), usually based on the ISO27001-standard. However, little is known about the success and failures associated with implementing and ISMS, and overall if these systems actually lead to improved information security in an organisation.
The purpose of this master project is to collect empirical data (through surveys, interviews and/or case/studies) about the experiences of implementing ISMS in Norwegian organisations, in order to identify valuable knowledge and lessons learned.
To reduce the scope of the project, we will select a set of organisations, probably within one sector, to study. This will be decided in the initial phase of the project.
This project may be selected by more than one student, who will work on different groups of organizations and/or sectors.