Information security in an organizational environment
Hokkanen, Roope (2020)
2020
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2020052814680
https://urn.fi/URN:NBN:fi:amk-2020052814680
Tiivistelmä
In this thesis the approach was learning about information security in an organizational environment through research, statistics and examination. Studying the security methods organizations currently take to combat the issue of cybersecurity. Using data gathered from real life events, surveys and research papers to analyze where information security lacks most in organizations. Another focus point of this thesis was studying how organizations currently fight to prevent breaches from happening and making observations on where security procedures need to focus more going forward. To understand how and why the breaches happen, understanding of the methods and strategies hackers use is key.
Studying 3 major incidents from past years on how the hackers were able to find vulnerabilities from a major organization to leverage unauthorized access to their systems. All 3 incidents caused massive financial damages for the organization. The 3 cases of data breaches studied in this thesis were among the biggest we have had in the past 15 years. All against well established organizations expected to be able to handle information securely.
The practical part of this thesis was to set up a real penetration testing environment used by professionals alike around the world. Using Kali linux and metasploitable 2 to create a safe virtual environment for research, practice and training purposes. With the environment 2 example hacking tools are showcased as a proof-of-concept to the theory part. A packet sniffing hack shows the vulnerability of an unsafe network and how easy it could possibly be to capture sensitive data over an untrusted connection. A web server analyzer is a tool that searches vulnerabilities from the protocols and technologies used in a web server. A tool like this was used find the vulnerability in one of the study cases.
Observations from the thesis conclude that the cybersecurity threats are an ever-growing issue and the development in steps to prevent attacks are not keeping up with the demand. Human error is the weakest link of most organizations that causes the most
Studying 3 major incidents from past years on how the hackers were able to find vulnerabilities from a major organization to leverage unauthorized access to their systems. All 3 incidents caused massive financial damages for the organization. The 3 cases of data breaches studied in this thesis were among the biggest we have had in the past 15 years. All against well established organizations expected to be able to handle information securely.
The practical part of this thesis was to set up a real penetration testing environment used by professionals alike around the world. Using Kali linux and metasploitable 2 to create a safe virtual environment for research, practice and training purposes. With the environment 2 example hacking tools are showcased as a proof-of-concept to the theory part. A packet sniffing hack shows the vulnerability of an unsafe network and how easy it could possibly be to capture sensitive data over an untrusted connection. A web server analyzer is a tool that searches vulnerabilities from the protocols and technologies used in a web server. A tool like this was used find the vulnerability in one of the study cases.
Observations from the thesis conclude that the cybersecurity threats are an ever-growing issue and the development in steps to prevent attacks are not keeping up with the demand. Human error is the weakest link of most organizations that causes the most