Implementing Security Monitoring at Small and Medium sized Businesses
Haakila, Aki (2022)
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2022053113583
https://urn.fi/URN:NBN:fi:amk-2022053113583
Tiivistelmä
The internet is not a safe place, threat actors are exploiting vulnerabilities to compromise companies and either stealing their data or demanding ransom to release encryption keys to crypto locked files. This is an all too true situation to many a company, regardless of size or reputation. The threat actors range from opportunistic script kiddies in poor nations looking to bring food to the family table to nation state groups with seemingly endless budgets and technical resources.
Luckily security monitoring is becoming more and more ubiquitous. The aim of security monitoring is to detect the first steps of an intrusion, to be able to act before the attempt becomes a breach. And if that fails, to detect the successful breach before irreversible damage can happen.
Planning and implementing a security monitoring project with no previous experience can be a hard and daunting task. Consultants and Managed Service Providers (MSP) will likely be involved, and this thesis aims to balance the knowledge gap between the SMB and MSP, so that the reader will be able to discuss the topic on an even footing and make better decisions. Resulting in a security monitoring system that will best suit the company’s environment and risk appetite.
Luckily security monitoring is becoming more and more ubiquitous. The aim of security monitoring is to detect the first steps of an intrusion, to be able to act before the attempt becomes a breach. And if that fails, to detect the successful breach before irreversible damage can happen.
Planning and implementing a security monitoring project with no previous experience can be a hard and daunting task. Consultants and Managed Service Providers (MSP) will likely be involved, and this thesis aims to balance the knowledge gap between the SMB and MSP, so that the reader will be able to discuss the topic on an even footing and make better decisions. Resulting in a security monitoring system that will best suit the company’s environment and risk appetite.