In this thesis we are examining organizational change management in the context of im- plementing information security policies or establishing a brand-new information man- agement department. Moreover, we are proposing an assessment model for such organi- zational changes.
Firstly, we are conducting literature review upon the change management theory. Hav- ing defined change and change management we are providing the reader with the main reasons for change as well as with the major success factors and barriers for change. Fi- nally, we are presenting broadly accepted approaches to change management.
In chapter three, we are conducting literature review upon information security man- agement. In order to support the necessity for modern organizations to implement in- formation security management we are providing with the definition and the value of information. Consequently, the need for implementing information security policies arises. Afterwards, we are presenting common threats for an organization, in terms of information security, as well broadly utilised countermeasures.
The major five information security tools and policies for organizations are presented, while we are elaborating upon each one in order to point out pros and cons, such as ap- plicability, benefits, costs and return on investment. Finally, we are presenting ne stan- dard under the ISO organization, including the subsequent organizational changes, which are implemented in numerous organizations globally.
In chapter four we are consolidating findings from the first two chapters in order to pro- duce results regarding the assessment of the organizational changes brought about by implementing information security policies. We are identifying implementation barriers especially for information security changes within an organization, such as infrastruc- ture and lack of training, for the successful implementation of the organizational change. Afterwards, we are presenting three commonly adopted change management models. These are initially presented as they are and are then tailored to the case of in- formation security related change.
In chapter five, we are presenting our research methodology. We are providing with all the needed information for every different research method and data collection strategy.
-iv-
The last chapter includes our conclusions regarding this research problem as well as some recommendations for future research.
Collections
Show Collections