Thesis topic:

Conceptual model of the Estonian Information Security Standard

Supervisor: Mari Seeba
- contact: mari.seeba@ut.ee
E-ITS is an Estonian information security standard (eits.ria.ee) designed for all Estonian organisations with either a statutory obligation or a contractual need to implement information security measures in a verifiable manner. Due to its large volume, E-ITS has a significant entry barrier for users. Therefore its simplification with explanatory models will help to support the understanding of E-ITS and, thus, its implementation. The work aims to create a conceptual model for the essence of E-ITS and the scope of the security baseline catalogue. The conceptual model would help to classify measures using characteristics (e.g. daily activities vs one-off activities, implementation roles, documentation needs) and formalise the model as a class diagram. The result of the work would be a tool for implementing E-ITS and for the management team of E-ITS in planning further developments in RIA. The model would also contribute to the creation of new management tools to support the implementation of E-ITS (but why not also other security standards). The prerequisite for the work is the knowledge of the Estonian language, an interest in information security management and an understanding of both procedural and technical security measures (security awareness).