| | SLO | ENG | Cookies and privacy

Bigger font | Smaller font

Show document

Title:Implementiranje Splošne uredbe o varstvu podatkov z ISO/IEC 27001 : diplomsko delo visokošolskega študijskega programa Informacijska varnost
Authors:Majerle, Ida (Author)
Markelj, Blaž (Mentor) More about this mentor... New window
Files:.pdf VS_Majerle_Ida_2019.pdf (1,54 MB)
 
Language:Slovenian
Work type:Bachelor thesis/paper (mb11)
Typology:2.11 - Undergraduate Thesis
Organization:FVV - Faculty of Criminal Justice and Security
Abstract:GDPR, ki se uporablja kot kratica za Splošno uredbo o varstvu podatkov, je maja 2018 stopil v veljavo in dvignil veliko prahu med upravljavci, obdelovalci in posamezniki. Zaradi slabega poznavanja področja in abstraktnosti določb so nekateri težko postavili celotno uredbo v smiseln kontekst, zato je pri implementaciji nastalo veliko odprtih vprašanj. Standard ISO/IEC 27001 pa ureja sistem varovanja upravljanja informacij in je podan precej podrobno, poudarek ima tako na organiziranosti, ocenjevanju, pregledovanju itn. kot tudi na določanju primernih kontrol za zagotavljanje nenehnega varovanja informacij. Zaključno delo se usmerja v pregled njunih skupnih točk, s ciljem, da bi organizacije največ pridobile pri zagotavljanju skladnosti tako stroškovno kot tudi z vidika zmanjševanja tveganj. GDPR in standard ISO/IEC 27001 pokrivata različna področja, vendar imata veliko skupnih točk, na primer obema je skupno, da zmanjšujeta tveganja zlorabe osebnih podatkov, spodbujata k ureditvi formalnih postopkov, predpisanemu sporočanju o kršitvi itn. Na eni strani se standard ukvarja z zmanjševanjem informacijsko-varnostnih tveganj z vpeljavo sistema v organizacijo, katerega cilj je nenehno izboljševanje in temelji na zagotavljanju celovitosti, dostopnosti in zaupnosti informacij. Po drugi strani se GDPR osredotoča na zmanjševanje tveganj varstva osebnih podatkov, uresničevanje pravic posameznikom, zavarovanje podatkov, načelno upravljanje in obdelovanje osebnih podatkov ter subjektom nalaga odgovornost do upoštevanja zasebnosti in zakonitosti obdelave. Oba zahtevata določeno mero znanja odgovornih, podporo vodstva in ozaveščanje vseh zadevnih, kar smo tudi skozi raziskovalni del predstavili. Na podlagi odgovorov s strani strokovnjakov smo predstavili mnenja, izkušnje in dobre prakse pri implementiranju uredbe skupaj s standardom.
Keywords:diplomske naloge, GDPR, ISO/IEC 27001, zasebnost, varnost, ukrepi
Year of publishing:2019
Year of performance:2019
Place of performance:Ljubljana
Publisher:[I. Majerle]
Number of pages:IX, 57 str.
Source:Ljubljana
UDC:342.7(043.2)
COBISS_ID:3778538 Link is opened in a new window
NUK URN:URN:SI:UM:DK:QHVYRECA
Views:180
Downloads:51
Metadata:XML RDF-CHPDL DC-XML DC-RDF
Categories:FVV
:
  
Average score:(0 votes)
Your score:Voting is allowed only for logged in users.
Share:AddThis
AddThis uses cookies that require your consent. Edit consent...

Hover the mouse pointer over a document title to show the abstract or click on the title to get all document metadata.

Secondary language

Language:English
Title:Implementation of General Data Protection Regulation with ISO/IEC 27001
Abstract:On May 2018, the GDPR, which stands for General Data Protection Regulation, was signed into law and caused quite a stir among the operators, processors and individuals. Due to the poor understanding of the field and abstract provisions, some have found it hard to put the entire regulation into a reasonable context, which led to many open questions. The ISO/IEC 27001 controls the information security management system and is devised in great detail, with an emphasis on the organization, assessment, examination, etc. What is more, it also stresses the importance of determining the appropriate controls that would ensure continual data protection. The paper focuses on reviewing the points the two documents have in common with the aim to ensure that the organizations would gain the most in compliance assurance in terms of costs as well as risk reduction. The GDPR and the ISO/IEC 27001 cover different fields but also have a lot in common. For example, they both try to reduce the risk of personal data misuse and encourage the development of formal procedures and regulated notification system in case of violations, etc. On one hand, the ISO/IEC 27001 deals with the reduction of information-security risks by implementing a system into an organization that strives for continuous improvement and is based on providing integrity, availability and information confidentiality. On the other hand, the GDPR focuses on reducing the risks in personal data protection and exercising the data subject's rights. Furthermore, it emphasizes data protection, principled management, personal data processing and imposes responsibilities on the subject to consider the privacy and the lawfulness of the processing of personal data. Both demand a certain amount of knowledge from those responsible, management support and raising awareness among those involved; the latter was discussed in the empirical part. Based on the answers provided by experts, we presented the opinions, experience and examples of good practice in the implementation of the GDPR with the ISO/IEC 27001.
Keywords:GDPR, ISO/IEC 27001, privacy, security, measures


Comments

Leave comment

You have to log in to leave a comment.

Comments (0)
0 - 0 / 0
 
There are no comments!

Back
Logos of partners University of Maribor University of Ljubljana University of Primorska University of Nova Gorica