Today, security strategy has a crucial role in society, which does not imply only to large companies, but also and especially to Small Medium Enterprises (SME’s).
The intention of this thesis is to provide instructions and help enterprises that need assistance in applying proper security strategy. This thesis comprises the most crucial areas of security within an enterprise.
Its aim is to study more deeply the situation of the current security strategy, of a telecom and a software development enterprise, by which the enterprise can extract enough information to provide a proper system. The purpose is to study, analyze, explore and bring some conclusions with new ideas on how to improve and propose a new security strategy that can fit and that can be appropriate for this enterprise.
Regarding the exploration and research for the enterprise, “fragile assets” are the target to be taken in consideration such as “software”, “databases” and “important data”.
The method which is used in this thesis, is the case study method, which has best suited the purpose of this thesis by covering the logic of design, data collection techniques and data analysis. As a theory the OCTAVE-sm approach was applied.
This approach has three phases which each contains its own processes. These processes were followed and used for the evaluation of the current state in one Small Medium Enterprise (SME) called InterAdria. The use of OCTAVE-sm approach in this thesis can be a guide to all other Small Medium Enterprises (SME’s) that struggle with their security strategy same as the enterprise mentioned above.
The conclusion was based on the entire data gathering that was done by following the steps of the Octave-sm approach.
Source: Växjö University
Author: Kajtazi, Ariana