Ethical hacking to mitigate cybersecurity risks

As the digitalization is advancing very quickly, attacks by hackers or malware on digitalized companies are also increasing. Especially small- and medium-sized enterprises (SMEs) are affected by such cyber attacks because they often do not have the workforce, budget or knowledge to fill a position dedicated to cyber security as larger enterprises usually do. Well-known IT Frameworks such as ITIL v3 or COBIT 5 only cover few aspects of cybersecurity. Additionally, there are a number of cybersecurity-related documents such as the NIST cyber security Framework or theISO 27000 Standard. However, these frameworks are usually too extensive, costly and complicated to be applied by an SME. The aim of this master thesis was to develop a cybersecurity framework, called “ETHICS”(Ethical Hacking Best Practices for SMEs) which covers many aspects of ethical hacking and can be implemented by middle-sized companies in Switzerland. The basis for this framework was a review of the literature regarding cybersecurity frameworks, recommendations, as well as theoretical and practical approaches to mitigate cybersecurity risks. Furthermore, resources like blogs of ethical hackers, literature from cybersecurity companies and description pages of hacking tools were used to develop this practical oriented framework. The framework (the artifact of thist hesis) was evaluated by cybersecurity experts, and their feedback was used to eliminate as obstacles many as possible for a practical applicability....