Enhancing cybersecurity awareness strategies to comply with ISO 27001:2022
Uka, Fitore (2025-06-12)
Enhancing cybersecurity awareness strategies to comply with ISO 27001:2022
(12.06.2025)
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
suljettu
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2025070377415
https://urn.fi/URN:NBN:fi-fe2025070377415
Tiivistelmä
This thesis presents a case study of ICT Group aimed at enhancing cybersecurity awareness throughout the organization by developing a role-based strategy aligned with the ISO 27001:2022 standard. Through a multi-method research approach, including literature review, organizational analysis, benchmarking, and data collection via interviews, surveys, and incident reports, the study identifies critical gaps in the current one-size-fits-all awareness program. The findings demonstrate the need for tailored, role-specific training that addresses the unique cybersecurity risks associated with different employee functions.
A comprehensive, modular awareness strategy is proposed, featuring detailed role-risk mapping, targeted training plans, and the integration of Learning Management Systems (LMS) to support scalable and engaging learning experiences. The strategy further incorporates the appointment of cybersecurity champions, a centralized communication platform, continuous microlearning, and a metrics-driven evaluation framework to monitor effectiveness and promote continuous improvement.
The LMS options were evaluated, recommending Docebo for its scalability and robust role-based capabilities, with Moodle and Nerds & Company as alternative solutions based on organizational needs. Finally, a phased implementation roadmap is outlined to guide ICT Group in transitioning to a sustainable, scalable, and ISO-aligned cybersecurity awareness program that fosters a proactive security culture.
A comprehensive, modular awareness strategy is proposed, featuring detailed role-risk mapping, targeted training plans, and the integration of Learning Management Systems (LMS) to support scalable and engaging learning experiences. The strategy further incorporates the appointment of cybersecurity champions, a centralized communication platform, continuous microlearning, and a metrics-driven evaluation framework to monitor effectiveness and promote continuous improvement.
The LMS options were evaluated, recommending Docebo for its scalability and robust role-based capabilities, with Moodle and Nerds & Company as alternative solutions based on organizational needs. Finally, a phased implementation roadmap is outlined to guide ICT Group in transitioning to a sustainable, scalable, and ISO-aligned cybersecurity awareness program that fosters a proactive security culture.