magistrsko delo
Luka Jelovčan (Author), Kaja Prislan (Mentor), Anže Mihelič (Co-mentor)

Abstract

Start-up podjetja predstavljajo pomemben del podjetniškega okolja, saj na trg nenehno prinašajo nove rešitve, izdelke in pristope. Hkrati je start-up okolje izpostavljeno številnim tveganjem, ki nenehno ogrožajo nadaljnji razvoj ali celo obstoj posameznih start-up podjetij. Med glavna tveganja, ki so jim start-up podjetja izpostavljena, zagotovo sodijo tudi informacijskovarnostne grožnje, saj podatki in intelektualna lastnina predstavljajo temelj njihovega uspeha. Za start-up podjetja je tako ključnega pomena učinkovito upravljanje informacijske varnosti in s tem optimalno razpolaganje z omejenimi sredstvi. Ne glede na to je upravljanje informacijske varnosti med slovenskimi start-up podjetji popolnoma neraziskano področje. Da bi bila naslovljena vrzel v literaturi so bili v okviru izdelave magistrskega dela izvedeni intervjuji s predstavniki 18 slovenskih star-up podjetij. Cilj raziskave je bil ugotoviti, kako start-up podjetja razumejo koncept informacijske varnosti, kakšen odnos imajo do tega področja in kako k upravljanju informacijske varnosti pristopajo. Pri tem delo izhaja iz teoretičnega modela znanja, odnosa in vedenja, medtem ko sta upravljanje in izvajanje informacijskovarnostnih ukrepov presojani s pomočjo standarda ISO/IEC 27001. Rezultati raziskave kažejo, da se slovenska start-up podjetja zavedajo informacijskovarnostnih groženj in jih prepoznavajo kot pomemben dejavnik tveganja, ki lahko ogrozi razvoj podjetja, večina informacijsko varnost prepoznava kot pomembno za poslovni uspeh podjetja. K izvajanju informacijskovarnostnih ukrepov start-up podjetja pristopajo pragmatično, skladno s svojimi potrebami, znanjem in omejenimi sredstvi. S tem so povezani tudi informacijskovarnostni ukrepi, ki jih start-up podjetja izvajajo, saj največ pozornosti namenijo varnosti človeških virov, razdeljevanju dostopov in sledenju osnovnim dobrim praksam, pri čemer tehnološka start-up podjetja več pozornosti namenijo informacijski varnosti v dobavnih verigah in pri sodelovanju s partnerskimi podjetji. Rezultati raziskave ponujajo prvi vpogled v stanje informacijske varnosti med slovenskimi start-up podjetji ter omogočajo pripravo priporočil in prilagojenih ukrepov, ki bodo start-up podjetjem omogočali celovitejši in sistematičen pristop k upravljanju informacijske varnosti.

Keywords

informacijska varnost;start-up podjetja;ISO/IEC 27001;diplomske naloge;

Data

Language: Slovenian
Year of publishing:
Typology: 2.09 - Master's Thesis
Organization: UM FVV - Faculty of Criminal Justice
Publisher: [L. Jelovčan]
UDC: 004.056(043.2)
COBISS: 151301123 Link will open in a new window
Views: 40
Downloads: 12
Average score: 0 (0 votes)
Metadata: JSON JSON-RDF JSON-LD TURTLE N-TRIPLES XML RDFA MICRODATA DC-XML DC-RDF RDF

Other data

Secondary language: English
Secondary title: Information security in Slovenian start-up environment
Secondary abstract: Start-ups represent an important part of business environment, as they constantly bring new solutions, products, and business models to the market. At the same time, start-up environment is exposed to many risks that constantly threaten the further development and even existence of start-up companies. One of the risk areas that start-ups are most exposed in are information security related risks. Effective information security management is thus crucial for start-up companies, as it allows them to achieve the highest possible level of information security with the optimal allocation of limited resources. Nevertheless, information security management among Slovenian start-up companies is entirely unexplored field. To fill the gap in literature, we conducted interviews representatives of 18 Slovenian start-up companies. The main goal of this research was to gain insight into start-ups’ knowledge of information security, their attitude towards the subject and their approaches towards information security management. We have based our research on the theoretical model knowledge, attitude and behavior, while ISO/IEC 27001 was used to determine the level of information security management and established security controls. The results of this research show that Slovenian start-ups are aware of information security threats and recognise them as an important risk factor of further business development. Majority of Slovenian start-ups also recognise information security as a crucial factor for further success of their company. Their approach towards information security management is pragmatic, as Slovenian start-up companies mostly implement information solutions that they find necessary and can be implemented using their limited resources and know-how. This is why Slovenian start-ups mostly focus on human resource security, access control and following recommended basic information security measures, with technological start-ups also paying attention to information security management in the supply chain and with their business partners. The results of this research not only offer the first insight into information security management in Slovenian start-up companies but can also be used to prepare further recommendations and specialised measures, which would enable start-up companies to manage information security holistically and systematically.
Secondary keywords: Varstvo podatkov (računalništvo);Nova podjetja;Tveganje;Univerzitetna in visokošolska dela;
Type (COBISS): Master's thesis/paper
Thesis comment: Univ. v Mariboru, Fak. za varnostne vede, Ljubljana
Pages: V, [65] f.
ID: 18841103
Recommended works:
, magistrsko delo
, diplomsko delo univerzitetnega študijskega programa Varstvoslovje
, diplomsko delo visokošolskega študijskega programa Informacijska varnost
, diplomsko delo visokošolskega študijskega programa Informacijska varnost
, diplomsko delo visokošolskega študijskega programa Informacijska varnost