This Bachelor Thesis is part of a larger study conducted in collaboration with KTH Stockholm. The goal of this collaboration is to analyse information flows in organizations related with tasks in information security management.
The study design consists of several steps. First, we will identify the tools used by organizations to gather security related information. In this step we will decide which security tools are relevant to the scope of this study and then categorize them. With an explorative/snowballing approach we identify possible tools using public sources. Furthermore, information provided by vendors and obtained from interviews with security professionals will be used.
In the second phase we will identify the information sources and sinks of the security tools. Furthermore, we will identify the communication patterns between tools and the protocols used. Furthermore, we will collect data on the organizational layers the tools are used and to which organizational layers they provide information to.
Within this context the specific task of the Bachelor Thesis will be to investigate various security tools (e.g. anti virus software, GRC, monitoring tools, etc.) according to the study design and to analyze their capabilities.