Research Area:  Digital Forensics

Abstract:

   The research reference consists of global cyber security practices surveys published by consulting companies such as E&Y, PwC, Deloitte, KPMG and security institutions such as SANS, McAfee Labs, CERT and so on. The analysis of each year topics also combined relevant academic researches and industrial studies.
   The research has found nine sections that global enterprises have per-formed less than expected: risk management, security policy, organization of information security, human resource security, communication and operational management, access control, information security incidence management, business continuity management and compliance.These sections we re extracted based onISO/IEC27002 standard.The finding part has analyzed origins, components, obstacles and improvement of these topics.
   As for the contribution, this thesis has filled the gap between existing knowledge of organizational security practices and suggestions for further improvement.It highlights the problems in information security management during the past nine years and gives directions for organization to assess their vulnerabilities and improve practices with specific focus. Meanwhile, the extensive review also provides detailed figures in each year that can be served as reference for generating further cyber security investigation.

Name of the Researcher:  Yang, Yaping

Name of the Supervisor(s):  Siponen Mikko

Year of Completion:  2018

University:  University of Jyvaskyla

Thesis Link:   Home Page Url