Cyber Secruity Concept Risk Managment in a Swiss Small Enterprise
A swiss micro enterprise active in the technology sector must review their cyber security measures and adjust these measures where required. With a risk assessment their current vulnerabilities were evaluated and actions to mitigate the risks were recommended.
Victoria Villar, 2019
Bachelor Thesis, Digital Improvments
Betreuende Dozierende: Bettina Schneider
Keywords: Information Security, Cybersecurity, Riskmanagment
With the impending growth in number of employees and potential for new contracts, the client company has become more aware of their cyber security processes. Therefore they require recommendations on the necessary measures to be undertaken.
With the means of an literature analysis the procedure was chosen. An As-Is analysis was conducted in the form of an interview, resulting in the derivation of the company’s assets. The interview questions were based on the MELANI Framework. By means of a workshop a risk analysis was done to determine the threats and vulnerabilities of the assets. As a next step the risks were assessed in regard to their likelihood of occurrence and impact on the company. Based on the results the most pressing risks were addressed and mitigations were defined.
This project resulted in more transparency in regard to the company’s cyber security measures. The three most pressing concerns were addressed which were the lack of a proper identity and access management processes, employee cyber security awareness and insufficient use of the companies password management tool. The client received three recommendations on how to mitigate these risks. The end product resulted in a User Manual for their Password Manager Keeper, security guidelines for the employees and recommendations for tools that ensure the automation of their access management process. By implementing these measures the company will further imbed cybersecurity into their company culture as well as automate processed thus saving time and effort however keeping a high level of cyber security.
Studiengang: Business Information Technology (Bachelor)
Fachbereich der Arbeit: Wirtschaftsinformatik & IT-Management