Implementation of ISO 27002:2017 Cyber Security Risk Management guide

Abstract

The utilization of cyber dimensions in the operational activities of organizations has grown exponentially in recent years. As functions are networked, their dependence on the functionality of cyber environments is also increasing. Protecting the cyber environment is paramount to business continuity, and the integrity of corporate information. Efforts are often made to protect the cyber environment with technical resources, and the weakest link, the user of the systems might be forgotten. Human error is the cause of over 95 % of data breaches and the weakest aspect of cyber security. Employee awareness of cyber security risks and vulnerabilities should be promoted, and the capacity of cyber security expertise should be increased through training. The objective of this thesis was to produce a Cyber Security Risk Management guide for a certain Data Center. The guide is based on the ISO 27002 standard. The purpose of the guide is to serve as a tool for increasing the cyber security awareness and competence development of the employees of the organization.