Strengthening Cyber Resilience in a Small Enterprise
Small and medium-sized enterprises (SMEs) are often not equipped with the proper technologies and human resources (knowledge) to protect themselves from cyberthreats. An interior design company wants to better protect themselves and react appropriately in case of a cyber-attack.
Christine Dyan Aseral & Kenny Cheung & Leonardo Bollazzi & Morris Petrucci & Niklas Baumgartner, 2023
Projektarbeit/Praxisprojekt, An interieur design company
Betreuende Dozierende: Bettina Schneider
Keywords: IT-Security, KMU, Cybersecurity, Cybersecurity in small businesses, ICT Minimum standard, Preventive measures, plan of action, SME
SMEs are usually the main victim and the primary focus of cybercriminals. An interior design company has reported that multiple companies in their circle of acquaintances have at least experienced a cyberthreat before - some of which have suffered financial losses or damages to intellectual property. For this reason, the interior design company wants to develop a plan of action that allows them to react in case of a cyber-attack. Additionally, the company desires an as-is analysis of their current IT-security situation and to develop preventive measures meant to improve their cybersecurity.
The development of the desired solutions started by conducting an as-is analysis according to the ICT-Minimum standard to evaluate and acquire an accurate assessment of the IT-security of the company. Based on this assessment, preventive measures for the three most critical weak points of the company are developed. Furthermore, a plan of action was devised for the company to be able to stay in operation after a cyberattack, minimize potential damages, and react in a professional manner. It serves the employees of the company as a playbook in case of a cyberattack.
The first document, a preventive measurements plan, focuses on the interior design company's three most critical weak points describing preventive measures to support the company in improving these areas. By conducting the IT-security analysis using the ICT-Minimum standard, the aspects Asset Management, Awareness and Training and Information Protection Processes and Procedures were identified as being the lowest scoring areas of the company's existing IT-security. The document contains preventive measurements addressing each section individually, providing detailed information, knowledge, and instructions on how to improve them. The second document, a plan of action, focuses on the incident response processes and procedures. The plan of action is intended on guiding the company through the event of a cyberattack. To achieve this, the document contains a response plan that outlines the different actions and processes needed based on the severity level of the cyberattack. Furthermore, three actions/processes were further outlined in their own sections due to their complexity and importance. These being Cyber-Incident Analysis, IT-Recovery Plan and Public Relations Strategy.
Studiengang: Business Information Technology (Bachelor)
Fachbereich der Arbeit: