VGTU talpykla >
Doktorantūros skyrius / Department for Doctoral Studies >
Technologijos mokslų daktaro disertacijos ir jų santraukos >
Please use this identifier to cite or link to this item:
|Title: ||Information security management framework for small and medium enterprise|
|Other Titles: ||Informacijos saugos valdymo karkasas smulkiam ir vidutiniam verslui|
|Authors: ||Kaušpadienė, Laima|
|Issue Date: ||22-Jul-2019|
|Publisher: ||VGTU leidykla „Technika“|
|Citation: ||Kaušpadienė, L. Information security management framework for small and medium enterprise: doctoral dissertation. Vilnius: Technika, 140 p.|
|Abstract: ||Information security is one of the concerns any organization or person faces. The list of new threats appears, and information security management mechanisms have to be established and continuously updated to be able to fight against possible security issues. To be up to date with existing information technology threats and prevention, protection, maintenance possibilities, more significant organizations establish positions or even departments, to be responsible for the information security management. However, small and medium enterprise (SME) does not have enough capacities. Therefore, the information security management situation in SMEs is fragmented and needs improvement.
In this thesis, the problem of information security management in the small and medium enterprise is analyzed. It aims to simplify the information security management process in the small and medium enterprise by proposing concentrated information and tools in information security management framework. Existence of an information security framework could motivate SME to use it in practice and lead to an increase of SME security level.
The dissertation consists of an introduction, four main chapters and general conclusions. The first chapter introduces the problem of information security management and its’ automation. Moreover, state-of-the-art frameworks for information security management in SME are analyzed and compared.
The second chapter proposes a novel information security management framework and guidelines on its adoption. The framework is designed based on existing methodologies and frameworks.
A need for a model for security evaluation based on the organization’s management structure noticed in chapter two; therefore, new probability theory-based model for organizations information flow security level estimation presented in chapter three. The fourth chapter presents the validation of proposed security evaluation models by showing results of a case study and experts ranking of the same situations. The multi-criteria analysis was executed to evaluate the ISMF suitability to be applied in a small and medium enterprise. In this chapter, we also analyze the opinion of information technology employees in an SME on newly proposed information security management framework as well as a new model for information security level estimation.
The thesis is summarized by the general conclusions which confirm the need of newly proposed framework and associated tools as well as its suitability to be used in SME to increase the understanding of current information security threat situation.|
|Appears in Collections:||Technologijos mokslų daktaro disertacijos ir jų santraukos|
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.