Student: Tasos Gkiouzepas
Affiliation: National Technical University of Athens/Athens University of Economics and Business
Thesis written in Greek
Computer Information Systems form the main body for the development of modern Businesses and Organizations, through the information that they hold, the communication and the transactions established, their daily operations, and even the functionality of the machinery and of the general infrastructure. This makes their security a critical need. The identification, evaluation and mitigation of cyber risk and the incorporation of the Computer Information Systems in the organization's risk management framework, poses a challenge for the middle and senior management.
This thesis aims at increasing the security of the organizations in the Cyber domain against cyber threats, through choosing an appropriate framework.
Additionally, this thesis also aims helping in the implementation of the framework, by guidance through the relevant steps of the risk assessment procedure. For obtaining the above aim, the following methodology was implemented:
• The differences between the 2 dominant Cyber Risk Management Frameworks (NIST and ISO) were examined, to assess the pros and cons of each and examine the adequacy of each or a combination of both depending on the nature of the organization. Additionally, a method for combining the two frameworks is proposed.
• Risks were evaluated with an appropriate questionnaire, by concentrating the experience of Greek organizations managers and field specialists.
• Mitigation strategies proposals were established, through interviews of experienced Greek managers operating in Cyber Security.
Through the above procedure, this thesis has the ambition in becoming a useful guide for Greek organizations' middle and senior management, in handling the cyber risk and improving their security.