Enhancing cybersecurity awareness strategies to comply with ISO 27001:2022
Ladataan...
3.7 MB
suljettu
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
Lataukset1
Pysyvä osoite
Verkkojulkaisu
DOI
Tiivistelmä
This thesis presents a case study of ICT Group aimed at enhancing cybersecurity awareness throughout the organization by developing a role-based strategy aligned with the ISO 27001:2022 standard. Through a multi-method research approach, including literature review, organizational analysis, benchmarking, and data collection via interviews, surveys, and incident reports, the study identifies critical gaps in the current one-size-fits-all awareness program. The findings demonstrate the need for tailored, role-specific training that addresses the unique cybersecurity risks associated with different employee functions.
A comprehensive, modular awareness strategy is proposed, featuring detailed role-risk mapping, targeted training plans, and the integration of Learning Management Systems (LMS) to support scalable and engaging learning experiences. The strategy further incorporates the appointment of cybersecurity champions, a centralized communication platform, continuous microlearning, and a metrics-driven evaluation framework to monitor effectiveness and promote continuous improvement.
The LMS options were evaluated, recommending Docebo for its scalability and robust role-based capabilities, with Moodle and Nerds & Company as alternative solutions based on organizational needs. Finally, a phased implementation roadmap is outlined to guide ICT Group in transitioning to a sustainable, scalable, and ISO-aligned cybersecurity awareness program that fosters a proactive security culture.