Date of Award
12-2021
Document Type
Project
Degree Name
Master of Science in Information Systems and Technology
Department
Information and Decision Sciences
First Reader/Committee Chair
Conrad Shayo
Abstract
Technology has become an essential component of enterprises, driving productivity, innovation, and defining entire processes and product categories. However, these advances come with additional risk; the devices that drive an enterprise can fail at any time or be attacked by malicious actors. Larger enterprises have learned to deal with these risks, but small and medium-sized enterprises (SMEs) have been largely left behind. This project sought to investigate the cybersecurity-related problems SMEs experience and what SMEs can do to solve them. In addition, the project examines the types of information security incidents that occur within SMEs and their financial preparedness for such security incidents. The literature findings are that SMEs lack financial preparedness for information security and natural disasters, lack an effective company culture that generates and keeps, and need a more technical or operational approach to improve information security performance. Given these observations, cost-effective solutions are presented for Incident Response Testing, Business Continuity Planning, Employee Training, and DevSecOps Automation. Suggested areas of future research include developing Infrastructure Automation strategies for SMEs, focusing on employee training and validation processes. Additional real-world data about information security breaches must also be brought forward and analyzed to assess business risk correctly.
Recommended Citation
Chamberlain, Aaron, "BEGINNING THE INFORMATION SECURITY JOURNEY FOR SMALL AND MEDIUM ENTERPRISES THROUGH BUSINESS CONTINUITY PLANNING AND INFRASTRUCTURE AUTOMATION" (2021). Electronic Theses, Projects, and Dissertations. 1364.
https://scholarworks.lib.csusb.edu/etd/1364