Cybersecurity development and business continuity plan for car dealership
Valasvuo, Santeri (2022)
2022
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2022082219551
https://urn.fi/URN:NBN:fi:amk-2022082219551
Tiivistelmä
The purpose of this thesis was to investigate the capability of the case company to meet the challenges of current and growing security threats and to come up with a development plan to increase the level of cyber security and its active monitoring. There was also need for business continuity plan if security will fail.
As a result of the research, the technical and human capabilities to protect against cyber-attacks in business will be determined. The General Data Protection Regulation (GDPR EU 2016/679) generally defines standard requirements for the protection of personal data at EU level, but there are currently no legal requirements for security. But for the GDPR regulation itself to be compliant with the law, it requires good data security.
Process analysis revealed two main threats for cybersecurity in the case company, which are social engineering and ransomware. As data collection methods, the study uses the mapping of relevant systems, analysis together with the IT team, interviews and Traficom's self-assessment tool.
In this study, the company’s strengths and weaknesses in cybersecurity were discovered and the development plan was created. Development plan was divided to three stages that forms security layers from foundation to critical processes and key activities.
The case company also wanted to know, what would it cost to improve cybersecurity, so a approximate budget was created by using the request for proposals from possible partner companies. To ensure business continuity we made plan for some manual procedures that will take place if ever needed.
As a result of the research, the technical and human capabilities to protect against cyber-attacks in business will be determined. The General Data Protection Regulation (GDPR EU 2016/679) generally defines standard requirements for the protection of personal data at EU level, but there are currently no legal requirements for security. But for the GDPR regulation itself to be compliant with the law, it requires good data security.
Process analysis revealed two main threats for cybersecurity in the case company, which are social engineering and ransomware. As data collection methods, the study uses the mapping of relevant systems, analysis together with the IT team, interviews and Traficom's self-assessment tool.
In this study, the company’s strengths and weaknesses in cybersecurity were discovered and the development plan was created. Development plan was divided to three stages that forms security layers from foundation to critical processes and key activities.
The case company also wanted to know, what would it cost to improve cybersecurity, so a approximate budget was created by using the request for proposals from possible partner companies. To ensure business continuity we made plan for some manual procedures that will take place if ever needed.