First Advisor

Mason, Robert

Thesis Committee Member(s)

Plantz-Masters, Shari


Likarish, Daniel


College for Professional Studies

Degree Name

MS Information Technology Management


School of Computer & Information Science

Document Type

Thesis - Open Access

Number of Pages

56 pages


One of the most significant challenges faced by senior business and technology managers is securing organizational data in light of rising threats and compliance requirements. The use of vulnerability assessments has stood out as one strategy to help protect against malicious computer attacks. Vulnerability assessments are conducted to identify security holes within information systems, including networks, servers, and applications. These assessments can be performed by an organization's internal staff or outsourced to a third-party vendor. Outsourcing is especially important for small organizations who typically do not have the resources or expertise to conduct their own vulnerability assessment. This thesis will investigate vulnerability assessments and the security of data in small organizations. Although the literature on information systems security is immense, little seems to exist on the security weaknesses of small organizations and the safeguards that vulnerability assessments can provide. This thesis will examine the literature, develop a methodology, and present the results of survey responses from at least five third-party vulnerability assessment organizations. The study intends to show the common weaknesses faced by small organizations and make recommendations on common countermeasures.

Date of Award

Summer 2013

Location (Creation)

Denver, Colorado

Rights Statement

All content in this Collection is owned by and subject to the exclusive control of Regis University and the authors of the materials. It is available only for research purposes and may not be used in violation of copyright laws or for unlawful purposes. The materials may not be downloaded in whole or in part without permission of the copyright holder or as otherwise authorized in the “fair use” standards of the U.S. copyright laws and regulations.