Entwicklung eines Frameworks zur Förderung der Resilienz von KMU gegenüber Cyberattacken: Einsatz frei verfügbarer Tools zur Vermeidung häufiger IT-Sicherheitslücken

  • Josef Marold

Student thesis: Master's Thesis

Abstract

This master's thesis develops a framework for increasing the resilience of small and
medium-sized enterprises (SMEs) to cyberattacks. The focus is on Active Directory
(AD) and EntraID, which were selected due to their widespread use and crucial
importance as identity providers in SMEs. SMEs face specific challenges in terms of IT
security, which are very individual due to their diversity and differ from those of larger
organisations. The traditional implementation of a cybersecurity strategy and the
resulting cyber resilience is difficult in SMEs due to a lack of human and financial
resources. The framework shows how the IT security of SMEs can be increased with
the help of freely available tools in conjunction with a process for continuous
improvement using limited resources.
To achieve this, a standardised procedure for selecting suitable assessment tools is
developed in this work. Appropriate tools are compared and evaluated based on the
criteria of user-friendliness, update frequency, recognition rate, quality of reports, type
of software license and transparency of the source code. To take the requirements of
SMEs into account, a weighted evaluation table developed in this thesis is used. The
weighting is derived from the results of an online survey designed for this purpose. For
the prototypical implementation of the framework, every step is described in this thesis,
from the selection of the tools to their implementation with the help of a corresponding
process. When selecting tools for the assessment of AD and EntraID from three
suitable assessment tools, the tools PingCastle for AD assessments and 365Inspect for
EntraID assessments came out on top. These tools were used for a prototype
implementation of the framework in three SMEs to evaluate its practical applicability
and effectiveness with the help of the maturity model also developed in this thesis. The
results show that the framework enables significant improvements in IT security
processes.
The results of the work can serve as a basis for further development and implementation
in practice to increase the IT security of SMEs. In the long term, the introduction of
the framework supports the resilience of organizations by establishing
Date of Award2024
Original languageGerman (Austria)
SupervisorEckehard Hermann (Supervisor)

Cite this

'