Information security assessment in a start-up

Abstract

Information security currently generates a significant coverage and discussion in media worldwide. Even relatively few security breaches affect vast numbers of people, making it one of the biggest problems companies face today. As a result, more pressure is put on emerging suppliers of innovative processes and products, start-ups. However, there is no established framework that assesses the information security of a start-up. One possible solution is to use frameworks already created for established companies, even though such frameworks do not consider the peculiarities of start-ups. In this work, the author considers studying how to assess the level of information security in a start-up by elaborating a model which can be matched with the well-known start-up lifecycle. The main result of this thesis is a new model that will be a significant contribution to understanding how information security evolves at different stages of a start-up lifecycle.