ePrints.FRI - University of Ljubljana, Faculty of Computer and Information Science

Human factor in information security

Filip Božić (2016) Human factor in information security. MSc thesis.

[img]
Preview
PDF
Download (1872Kb)

    Abstract

    Increasing significance of information security is dictated primarily by technological advancement. Technical or IT solutions help greatly to increase key parameters of information security — confidentiality, integrity and availability. But this same technological advancement can often result in another factor being neglected — the human factor. Even if we secure information using IT solutions, it is installed, configured and maintained by — people. Numerous standards such as established ISO/IEC 27000 series for Information Security Management and ISO 22301 for Business Continuity Management focus increasingly on education and control of employees. This thesis will demonstrate the importance and effect of employees’ awareness in terms of establishing and maintaining information security at the workplace as well as in private environments. A social engineering experiment will serve to show the current state of information security awareness in several Slovenian organizations. Interviews will further demonstrate if any policies are in place and are being followed within these organizations. Furthermore, we will try to measure the effect an awareness workshop can have on increasing information security of key processes and other projects within an organization. And finally, a theoretical risk analysis will serve to demonstrate the weight of human factor regarding threats and vulnerabilities present in an organizational environment. We have found out that human factor is the key to ensuring an acceptable level of information security, but that employees in several Slovenian organizations are not sufficiently trained in information security. Therefore, it would be recommended to educate them properly and improve their awareness of the subject.

    Item Type: Thesis (MSc thesis)
    Keywords: information security, human factor, ISO/IEC 27001, risk assessment, information technology
    Number of Pages: 64
    Language of Content: Slovenian
    Mentor / Comentors:
    Name and SurnameIDFunction
    prof. dr. Denis Trček1121Mentor
    Link to COBISS: http://www.cobiss.si/scripts/cobiss?command=search&base=51012&select=(ID=1537124547)
    Institution: University of Ljubljana
    Department: Faculty of Computer and Information Science
    Item ID: 3538
    Date Deposited: 08 Sep 2016 19:53
    Last Modified: 21 Sep 2016 09:10
    URI: http://eprints.fri.uni-lj.si/id/eprint/3538

    Actions (login required)

    View Item