Implementacija informacijsko varnostne politike in zagotavljanje ozaveščenosti zaposlenih v UKC Maribor

magistrsko delo

Alem Jahić (Author), Alenka Brezavšček (Mentor)

Abstract

Magistrsko delo obravnava zagotavljanje informacijske varnosti v UKC Maribor z namenom zagotavljanja neprekinjenega poslovanja in zmanjšanja možnosti varnostnih incidentov s poudarkom na skrbnem varovanju podatkov o pacientih. Informacijska varnost v zdravstvu sloni predvsem na zaposlenih, saj prav oni vsak dan delajo s podatki pacientov. Problem zagotavljanja informacijske varnosti v UKC Maribor na eni strani rešujemo s tehničnimi rešitvami, kot so požarnimi zidovi, protivirusna zaščita, posodobljena strojna in programska oprema itd. Na drugi strani so neozaveščeni uporabniki, ki so lahko vstopna točka za kibernetske napade, zato je ozaveščanje uporabnikov eden ključnih dejavnikov pri zagotavljanju informacijske varnosti. Za raziskavo smo pripravili anketni vprašalnik, ki je bil anketirancem deljen s pomočjo orodja za spletno anketiranje 1KA. Statistično obdelavo podatkov smo izvedli s pomočjo programskih paketov Excel in SPSS. Druga faza raziskave je obsegala simulacijo napada na osnovi socialnega inženiringa, ki je bil izveden z uporabo namensko pripravljenih USB ključkov. Poglavitni rezultati raziskave kažejo, da je na podlagi samoocene poznavanja obstoječe varnostne politike in ozaveščenosti na področju informacijske varnosti zaposlenih v UKC Maribor stanje sprejemljivo. Nadaljnji rezultati anketne raziskave in simulacije napada z USB ključki pa kažejo, da je stanje ravno nasprotno. Na podlagi teh rezultatov smo pripravili portal za ozaveščanje o informacijski/kibernetski varnosti, s katerim bomo izboljšali informacijsko ozaveščenost.

Keywords

informacijska varnost;varnostna politika;zdravstvo;socialni inženiring;

Data

Language:	Slovenian
Year of publishing:	2025
Typology:	2.09 - Master's Thesis
Organization:	UM FOV - Faculty of Organizational Sciences
Publisher:	[A. Jahić]
UDC:	004
COBISS:	231876611
Views:	0
Downloads:	7
Average score:	0 (0 votes)
Metadata:

Other data

Secondary language:	English
Secondary title:	Implementation of information security policy and ensuring employee awareness in UKC Maribor
Secondary abstract:	The master's thesis addresses the provision of information security in UKC Maribor with the aim of ensuring business continuity and reducing the possibility of security incidents with an emphasis on the careful protection of patient data. Information security in healthcare relies primarily on employees, as they are the ones who work with patient data every day. The problem of ensuring information security at UKC Maribor is solved on the one hand with technical solutions such as firewalls, anti-virus protection, updated hardware and software, etc. On the other hand, there are uninformed users who can thus enter the point for cyberattacks, making user awareness one of the key factors in ensuring information security. For the research, we prepared a survey questionnaire, which was distributed to the respondents using 1KA online survey tools. Statistical data processing was conducted using Excel and SPSS software packages. The second phase of the research involved a simulation of a social engineering attack, which was executed using specially prepared USB sticks. The main results of the research show that, based on the self-assessed knowledge of the existing security policy and awareness in the field of information security of the employees of UKC Maribor, the situation is acceptable. Further results of the survey and the simulation of an attack with USB sticks show that the situation is exactly the opposite. Based on the results, we developed a portal for information/cyber security awareness, which will improve information awareness.
Secondary keywords:	Varnost računalniških sistemov;Univerzitetna in visokošolska dela;
Type (COBISS):	Master's thesis/paper
Thesis comment:	Univ. v Mariboru, Fak. za organizacijske vede
Pages:	VI, 74 f.
ID:	25685036