Abstract
This master’s thesis focuses on the development of a standards-based survey instrumentfor a comprehensive assessment of corporate security, with particular emphasis on how
this instrument can appropriately evaluate the information security of companies.
The central research question examines which standards and criteria can be used
in assessing information security to provide a comprehensive view of the information
security status of companies. Both theoretical concepts and practical applications are
considered to develop a deeper understanding of the requirements for information security in companies. Specifically, it examines whether standards-based questions are better
predictors of corporate security than non-standards-based questions.
Additionally, the validity and reliability of the survey instrument are evaluated, and
potential differences in the implementation of standards across various industries are
investigated. The study also considers whether there are specific requirements for the
development of the survey instrument and whether demographic aspects such as age and
work experience affect the implementation of the ISO/IEC 27002:2013[17] standard in
companies.
By developing this standardized survey instrument, companies will be better
equipped to accurately assess their individual security needs and risks. The findings
of this thesis contribute to raising awareness of the importance of a thorough evaluation
of information security in companies.
| Date of Award | 2024 |
|---|---|
| Original language | German (Austria) |
| Supervisor | Johannes Edler (Supervisor) |