• A
  • A
  • A
  • ABC
  • ABC
  • ABC
  • А
  • А
  • А
  • А
  • А
Regular version of the site
For visually-impairedFor visually-impairedUser profile (HSE staff only)Search
Advanced search
Menu
HSE University
  • HSE University
  • Student Theses
  • Analysis of Information Security Risks of Personal Data Processing Using the Example of the Customer Contracting Module and the Selection of Goods for the Sales Department

Analysis of Information Security Risks of Personal Data Processing Using the Example of the Customer Contracting Module and the Selection of Goods for the Sales Department

Student: Frolova Anna

Supervisor: Vladimir Elin

Faculty: Graduate School of Business

Educational Programme: Information Security Management (Master)

Final Grade: 10

Year of Graduation: 2021

In connection with the active development of information technologies, the transfer of documentation from paper to electronic, the trend towards the automation of business processes of companies on the market, various software products are becoming more and more popular in terms of storing and processing personal data. The final qualifying work analyzes the information security risks of personal data processing using the example of the customer contracting module for the sales department. Based on the results of this analysis, recommendations were developed for a specific company in terms of increasing the level of security of storage and processing of personal data for the sales department. In the first chapter of the final qualifying work, a list of information security problems in terms of storage and processing of personal data is formulated on the basis of regulatory legal acts. A preliminary analysis of the existing level of information security of a particular organization was carried out on the basis of determining the types of possible threats, building a portrait of a potential intruder, assessing assets, and performing effective analytics in the MSAT software toolkit. Based on the analytics carried out, a list of recommendations was formed to increase the level of information security in terms of storing and processing personal data in the client contracting module of the sales department. In the second chapter of the work, based on the formed recommendations, was carried out a comparative analysis of possible solutions in terms of CRM systems, backup data storage systems, the formation of a separate information security department and the preparation of a company's policy of information security. After a specific list of recommendations for a specific company was formed, a re-analysis was carried out using the MSAT software toolkit to compare changes because of implementation of solutions. In the work, the calculation of the economic efficiency of the implementation of the recommendations was carried out, as well as the procedure for the implementation of solutions in the organization was determined. Calculations were made using the Hurwitz method.

Full text (added May 20, 2021)

Student Theses at HSE must be completed in accordance with the University Rules and regulations specified by each educational programme.

Summaries of all theses must be published and made freely available on the HSE website.

The full text of a thesis can be published in open access on the HSE website only if the authoring student (copyright holder) agrees, or, if the thesis was written by a team of students, if all the co-authors (copyright holders) agree. After a thesis is published on the HSE website, it obtains the status of an online publication.

Student theses are objects of copyright and their use is subject to limitations in accordance with the Russian Federation’s law on intellectual property.

In the event that a thesis is quoted or otherwise used, reference to the author’s name and the source of quotation is required.

Search all student theses