Ψηφιακό Τεκμήριο

Abstract
An organization/service in order to have the ability to achieve its objectives, should
among all, reassure the required security of its calculating infrastructure as well as
sensitive data (based on legal obligations or due to the nature of the organization)
which is stored or transmitted in it. The implementation of a security plan today,
according to international standards and practices, is faced as an important
management process and not just as a technical one. The present project deals with
the development, concretization and support of security strategies according to
modern standard ISO27001. The advantages for the organization are summarised in
the followings:
• With the description of certification process of base on ISO27001 and
incidentally with automated methods management of strategies safety
• Creation and management tools for security policies . As with web pages or
other sources for finding policies
• Registration of policies for equitable use of infrastructures
• Presentation of policies and directives on training and awareness of personnel
on security issues.
The result of this project is possible to be applied in the frames of TEI of Crete at
Heraklion. It should be mentioned that security policies are referred to a total of rules
and guidelines which delimit and organize internal processes (provided that they are
related to information security). The objective of this effort is to apply secure
practices in respect to the culture that characterizes an educational/researching
organization. In order to achieve the above, it will be needed collaboration from all,
which is coded as administrative direction and commitment as regards the roles and
the responsibilities of members of the institution.
4