izpis_h1_title_alt

Človeški dejavnik pri zagotavljanju informacijske varnosti
ID BOŽIĆ, FILIP (Author), ID Trček, Denis (Mentor) More about this mentor... This link opens in a new window

.pdfPDF - Presentation file, Download (1,83 MB)
MD5: 3BE959FA6B7C6E672B89FEAB47369BCD
PID: 20.500.12556/rul/0d926a76-f61b-458f-a904-778b08b66bfc

Abstract
Velik pomen, ki ga družba namenja varovanju informacij, narekuje predvsem hiter razvoj tehnologije. Tehnološke rešitve v veliki meri omogočajo varovanje informacij, to je zaupnosti, celovitosti in razpoložljivosti. Ravno zaradi napredka tehnologije pa je čedalje bolj izpostavljen (ali celo zapostavljen) človeški dejavnik, ne nazadnje mora tudi s tehnologijo ravnati — človek. Številni standardi, npr. splošno uveljavljena standarda obvladovanja varovanja informacij ISO/IEC 27001 [1] in obvladovanja neprekinjenega poslovanja ISO 22301 [3], zato posebno pozornost posvečajo delu z zaposlenimi, njihovemu ozaveščanju in tudi nadzoru. V magistrski nalogi smo s pomočjo raziskave predstavili učinek in pomen ozaveščanja zaposlenih pri vzpostavljanju in izvajanju varovanja informacij tako na področju dela v organizaciji kot v domačem okolju. Ob uporabi analitične raziskave smo poskušali ugotoviti delež človeškega dejavnika in pokazati, da so ozaveščanje, izobraževanje in delo z zaposlenimi na splošno ključnega pomena pri zagotavljanju informacijske varnosti. Udejanjenje omenjenih priporočil v organizaciji lahko v praksi doprinese k vrsti dodatnih izboljšav na področju informacijske varnosti tako ključnih procesov kot drugih obsežnejših nalog in projektov. Ugotovili smo, da je človeški dejavnik ključen za zagotavljanje varovanja informacij, a je v slovenskih organizacijah slabo poučen o aktualnih grožnjah, zato je za organizacije priporočljiva izvedba ustreznih izobraževanj oz. ozaveščanj.

Language:Slovenian
Keywords:varovanje informacij, informacijska varnost, človeški dejavnik, ISO/IEC 27001, ocena tveganj, informacijska tehnologija
Work type:Master's thesis
Organization:FRI - Faculty of Computer and Information Science
Year:2016
PID:20.500.12556/RUL-85522 This link opens in a new window
Publication date in RUL:15.09.2016
Views:2214
Downloads:865
Metadata:XML DC-XML DC-RDF
:
Copy citation
Share:Bookmark and Share

Secondary language

Language:English
Title:Human factor in information security
Abstract:
Increasing significance of information security is dictated primarily by technological advancement. Technical or IT solutions help greatly to increase key parameters of information security — confidentiality, integrity and availability. But this same technological advancement can often result in another factor being neglected — the human factor. Even if we secure information using IT solutions, it is installed, configured and maintained by — people. Numerous standards such as established ISO/IEC 27000 series for Information Security Management and ISO 22301 for Business Continuity Management focus increasingly on education and control of employees. This thesis will demonstrate the importance and effect of employees’ awareness in terms of establishing and maintaining information security at the workplace as well as in private environments. A social engineering experiment will serve to show the current state of information security awareness in several Slovenian organizations. Interviews will further demonstrate if any policies are in place and are being followed within these organizations. Furthermore, we will try to measure the effect an awareness workshop can have on increasing information security of key processes and other projects within an organization. And finally, a theoretical risk analysis will serve to demonstrate the weight of human factor regarding threats and vulnerabilities present in an organizational environment. We have found out that human factor is the key to ensuring an acceptable level of information security, but that employees in several Slovenian organizations are not sufficiently trained in information security. Therefore, it would be recommended to educate them properly and improve their awareness of the subject.

Keywords:information security, human factor, ISO/IEC 27001, risk assessment, information technology

Similar documents

Similar works from RUL:
Similar works from other Slovenian collections:

Back