ePrints.FRI - University of Ljubljana, Faculty of Computer and Information Science

Implementation of information security in fast growing enterprises – from startup to large enterprise

Matjaž Škoda (2016) Implementation of information security in fast growing enterprises – from startup to large enterprise. MSc thesis.

Download (2720Kb)


    IT security and security policies in organizations as well as information security (IS) on the state level have been widely discussed in the last years. Standards and laws hardly keep up with the rapid progress in the field of information and communication technology (ICT). Organisations and states are expected to ensure the security and privacy of their ICT systems. In the first part of this master's thesis, I present basic terminology and standards from the field of ICT security. I describe the ISO/IEC 27000 family of standards for introduction and management of information security management systems (ISMS), which can be in line with the guidelines implemented in start-up companies as well as in large organizations. For many organizations a business continuity is a key to growth and existence on the market. Bearing that in mind, I present the standards in the field of business continuity management, including ICT disaster recovery plan strategy for cases of disruptions. At todays rapid pace, change management is important process of which organizations are not sufficiently aware of. Further, I present key steps for successful implementation of change management into the organizations. The key to successful long-term management of IS is also in the transformation of the organizational culture into the security organizational culture. On the basis of simple six-step plan I make a recommendation for successful implementation of the security organizational culture. In the central part of the thesis, I analyse statistical data collected by the Statistical Office of the Republic of Slovenia (SURS) related to ICT security in Slovenian enterprises. The review covers ramifications of ICT related security incidents, formally defined ICT security policies and reviews, informing of the staff of their obligations in ICT related issues, usage of internal security facilities or procedures, usage of (open source) software in enterprises and provision of portable devices with mobile Internet access by type and purpose in enterprises. In order to help me with the analysis, I also created a tool (CVE-analyzer) to help me with the analysis of software vulnerabilities according to data from NVD CVE database. On the basis of obtained data and statistical analysis I check four hypotheses related to ramifications of ICT related security incidents and the use of open source software in Slovenian enterprises. Further on, I present the most common mistakes in software development process and introduce the proposals for increasing of software security in development and maintenance process. In the last part, I introduce world-wide statistical data from the field of data security incidents and on their basis I propose additional recommendations for the Slovenian economy.

    Item Type: Thesis (MSc thesis)
    Keywords: information security, business continuity, organizational security culture, security incidents, change management, NVD CVE, startup companies, statistical review of security, Slovenian enterprises
    Number of Pages: 129
    Language of Content: Slovenian
    Mentor / Comentors:
    Name and SurnameIDFunction
    prof. dr. Denis Trček1121Mentor
    Link to COBISS: http://www.cobiss.si/scripts/cobiss?command=search&base=51012&select=(ID=1537124035)
    Institution: University of Ljubljana
    Department: Faculty of Computer and Information Science
    Item ID: 3537
    Date Deposited: 08 Sep 2016 19:11
    Last Modified: 21 Sep 2016 08:28
    URI: http://eprints.fri.uni-lj.si/id/eprint/3537

    Actions (login required)

    View Item