Abstract:
The overall image of an organization is proven by the investments made in
security. As technology reaches other dimensions, so does cybersecurity.
“Continuous improvement is better than delayed perfection”. Leaders and employees
struggle with maturing their cyber and IT risk management practices. This happens for
the fact that the speed of change in IT area continues to increase. Risk becomes more
complex and far-reaching by trying to adopt modern IT delivery methods.
My thesis is conducted in a way to represent the main concerns of a cyber
strategy and the critical areas of improvements. Working in various DD (Due
Diligence) projects I havelearnt that organizations will always face security issues,
but the way organizations invest in minimizing risk, is in fact what really matters. The
theoretical part covers themethodology in use; occurring problems, prevention and
the right investments depending on the topology of each area within an organization,
rated from lower to higher risky. Furthermore, I will cover risk management,
common attacks, ransomware analysis and the practical part covering the execution of
machines on KaliLinux (Hack The Box platform) OS, to gain the essence of how an
attack could be conducted, for learning purposes.
