Entwicklung eines Frameworks zur Förderung der Resilienz von KMU gegenüber Cyberattacken: Einsatz frei verfügbarer Tools zur Vermeidung häufiger IT-Sicherheitslücken

  • Josef Marold

    Student thesis: Master's Thesis

    Abstract

    This master's thesis develops a framework for increasing the resilience of small and
    medium-sized enterprises (SMEs) to cyberattacks. The focus is on Active Directory
    (AD) and EntraID, which were selected due to their widespread use and crucial
    importance as identity providers in SMEs. SMEs face specific challenges in terms of IT
    security, which are very individual due to their diversity and differ from those of larger
    organisations. The traditional implementation of a cybersecurity strategy and the
    resulting cyber resilience is difficult in SMEs due to a lack of human and financial
    resources. The framework shows how the IT security of SMEs can be increased with
    the help of freely available tools in conjunction with a process for continuous
    improvement using limited resources.
    To achieve this, a standardised procedure for selecting suitable assessment tools is
    developed in this work. Appropriate tools are compared and evaluated based on the
    criteria of user-friendliness, update frequency, recognition rate, quality of reports, type
    of software license and transparency of the source code. To take the requirements of
    SMEs into account, a weighted evaluation table developed in this thesis is used. The
    weighting is derived from the results of an online survey designed for this purpose. For
    the prototypical implementation of the framework, every step is described in this thesis,
    from the selection of the tools to their implementation with the help of a corresponding
    process. When selecting tools for the assessment of AD and EntraID from three
    suitable assessment tools, the tools PingCastle for AD assessments and 365Inspect for
    EntraID assessments came out on top. These tools were used for a prototype
    implementation of the framework in three SMEs to evaluate its practical applicability
    and effectiveness with the help of the maturity model also developed in this thesis. The
    results show that the framework enables significant improvements in IT security
    processes.
    The results of the work can serve as a basis for further development and implementation
    in practice to increase the IT security of SMEs. In the long term, the introduction of
    the framework supports the resilience of organizations by establishing
    Date of Award2024
    Original languageGerman (Austria)
    SupervisorEckehard Hermann (Supervisor)

    Cite this

    '