Case study of why information security investment fail?

Case study of why information security investment fail?

Show other versions (1)

Tämä tutkielma keskittyy tietoturvainvestointien päätöksentekoprosessiin. Ta- voitteena on tutkia miksi tietoturvainvestointipäätös hylätään. Tutkimuksen teoreettinen tausta perustuu aiemmin suoritettuun tutkimukseen, mikä on pää- osin käsitellyt tietoturvainvestointeja joko optimaalisen investointi...

Full description

Bibliographic Details
Main Author: Toivanen, Hanna
Other Authors: Faculty of Information Technology, Informaatioteknologian tiedekunta, Tietojenkäsittelytieteiden laitos, Department of Computer Science and Information Systems, University of Jyväskylä, Jyväskylän yliopisto
Format: Master's thesis
Language:eng
Published: 2015
Subjects:
Information security
information security investment
decision making
knowledge
capability
method.
Information Systems Science
Tietojärjestelmätiede
601
tietoturva
osaaminen
investoinnit
päätöksenteko
Online Access: https://jyx.jyu.fi/handle/123456789/46669
_version_ 1826225781495300096
author Toivanen, Hanna
author2 Faculty of Information Technology Informaatioteknologian tiedekunta Tietojenkäsittelytieteiden laitos Department of Computer Science and Information Systems University of Jyväskylä Jyväskylän yliopisto
author_facet Toivanen, Hanna Faculty of Information Technology Informaatioteknologian tiedekunta Tietojenkäsittelytieteiden laitos Department of Computer Science and Information Systems University of Jyväskylä Jyväskylän yliopisto Toivanen, Hanna Faculty of Information Technology Informaatioteknologian tiedekunta Tietojenkäsittelytieteiden laitos Department of Computer Science and Information Systems University of Jyväskylä Jyväskylän yliopisto
author_sort Toivanen, Hanna
datasource_str_mv jyx
description Tämä tutkielma keskittyy tietoturvainvestointien päätöksentekoprosessiin. Ta- voitteena on tutkia miksi tietoturvainvestointipäätös hylätään. Tutkimuksen teoreettinen tausta perustuu aiemmin suoritettuun tutkimukseen, mikä on pää- osin käsitellyt tietoturvainvestointeja joko optimaalisen investointitason näkö- kulmasta, tai tehokkaan investointitason näkökulmasta. Aiempi tutkimus ei ole käsitellyt tietoturvainvestointeja epäonnistuneen päätöksenteon näkökulmasta, eikä siten voi esittää perusteluita päätöksenteolle. Tämän tutkielman tuloksena esitetään teoreettisia väittämiä, jotka tarjoavat mahdollisia vastauksia tutki- muskysymykseen. Tämä tutkimus täydentää osaltaan akateemista kirjallisuutta, ja tarjoaa käytännön tietoa organisaatioille tietoturvainvestointien päätöksente- koprosessiin vaikuttavista tekijöistä. Tutkimuksessa käytettiin tutkimusstrategiaa, missä uutta teoriaa luodaan case-tutkimuksen pohjalta. Tutkimus toteutettiin kvalitatiivisena case- tutkimuksena, jossa oli mukana neljä eri case-yritystä. Empiirinen osuus toteu- tettiin avoimina haastatteluina, joiden tulokset analysoitiin hyödyntäen induk- tiivista sisällönanalyysia. Tutkimustuloksia analysoitiin edelleen taso-teoria mallin avulla. Tämän tutkimuksen löydökset osoittavat, että haasteet tietoturvainves- tointien suhteen ovat moninaiset. Tämä tutkielma määritteli kolme teoreettisista väittämää ja niihin liittyvät ala-väittämät. Määriteltyjen teoreettisten väittämien mukaan tietoturvainvestointihankkeen hylkääminen liittyy organisaation me- todeihin ja kyvykkyyksiin määritellä ja perustella investointihankkeita, sekä johdon tietotaidon tasoon tietoturvaan liittyen. Myös organisaation tapa toimia, organisaation kulttuuri sekä asenne tietoturvaan liittyen vaikuttavat päätöksen- tekoprosessiin, kuten myös johdon sitoutuminen ja tuki, sekä poliittiset tekijät. This thesis focuses on information security investment decision making process, and the object is to investigate why decisions fail. The theoretical background of the research consist of previous research, which are mainly conducted from the optimal information security investment, and the efficiency of information se- curity investment perspectives. Previous research have not addressed the prob- lem why information security investment decisions fail, and thus cannot ex- plain the reasoning. A key outcome of the thesis is to provide theory proposi- tions which offers a feasible answer to the research question. This research fills the research gap in the academic literature, and provides guidance to organiza- tions about affecting drivers in the field of information security investment management. This research utilized a research strategy where theory is built from case studies, including four case companies. The study material was gathered with open interviews, and material was analyzed with the inductive content analysis method. Analyzed material was further processed with stage model. This study findings indicated, that the challenge of information security investment management is multilateral. This thesis defined theory propositions and related sub-propositions. According to the defined theory propositions the likelihood of getting the information security investment proposal rejected re- lates to organizations’ methods and capabilities to define and argue an invest- ment proposal, and to sufficient level of knowledge about information security in management level. The organizational way of working and organizational culture and attitude affect to decision making, as well as the management commitment and support, and political aspects.
first_indexed 2023-03-22T09:59:37Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "Siponen, Mikko.", "language": null, "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.advisor", "value": "Tuunanen, Tuure.", "language": null, "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.advisor", "value": "Karjalainen, Mari.", "language": null, "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Toivanen, Hanna", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2015-08-21T08:04:49Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2015-08-21T08:04:49Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2015", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.other", "value": "oai:jykdok.linneanet.fi:1493061", "language": null, "element": "identifier", "qualifier": "other", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/46669", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "T\u00e4m\u00e4 tutkielma keskittyy tietoturvainvestointien p\u00e4\u00e4t\u00f6ksentekoprosessiin. Ta- voitteena on tutkia miksi tietoturvainvestointip\u00e4\u00e4t\u00f6s hyl\u00e4t\u00e4\u00e4n. Tutkimuksen teoreettinen tausta perustuu aiemmin suoritettuun tutkimukseen, mik\u00e4 on p\u00e4\u00e4- osin k\u00e4sitellyt tietoturvainvestointeja joko optimaalisen investointitason n\u00e4k\u00f6- kulmasta, tai tehokkaan investointitason n\u00e4k\u00f6kulmasta. Aiempi tutkimus ei ole k\u00e4sitellyt tietoturvainvestointeja ep\u00e4onnistuneen p\u00e4\u00e4t\u00f6ksenteon n\u00e4k\u00f6kulmasta, eik\u00e4 siten voi esitt\u00e4\u00e4 perusteluita p\u00e4\u00e4t\u00f6ksenteolle. T\u00e4m\u00e4n tutkielman tuloksena esitet\u00e4\u00e4n teoreettisia v\u00e4itt\u00e4mi\u00e4, jotka tarjoavat mahdollisia vastauksia tutki- muskysymykseen. T\u00e4m\u00e4 tutkimus t\u00e4ydent\u00e4\u00e4 osaltaan akateemista kirjallisuutta, ja tarjoaa k\u00e4yt\u00e4nn\u00f6n tietoa organisaatioille tietoturvainvestointien p\u00e4\u00e4t\u00f6ksente- koprosessiin vaikuttavista tekij\u00f6ist\u00e4.\nTutkimuksessa k\u00e4ytettiin tutkimusstrategiaa, miss\u00e4 uutta teoriaa luodaan case-tutkimuksen pohjalta. Tutkimus toteutettiin kvalitatiivisena case- tutkimuksena, jossa oli mukana nelj\u00e4 eri case-yrityst\u00e4. Empiirinen osuus toteu- tettiin avoimina haastatteluina, joiden tulokset analysoitiin hy\u00f6dynt\u00e4en induk- tiivista sis\u00e4ll\u00f6nanalyysia. Tutkimustuloksia analysoitiin edelleen taso-teoria mallin avulla.\nT\u00e4m\u00e4n tutkimuksen l\u00f6yd\u00f6kset osoittavat, ett\u00e4 haasteet tietoturvainves- tointien suhteen ovat moninaiset. T\u00e4m\u00e4 tutkielma m\u00e4\u00e4ritteli kolme teoreettisista v\u00e4itt\u00e4m\u00e4\u00e4 ja niihin liittyv\u00e4t ala-v\u00e4itt\u00e4m\u00e4t. M\u00e4\u00e4riteltyjen teoreettisten v\u00e4itt\u00e4mien mukaan tietoturvainvestointihankkeen hylk\u00e4\u00e4minen liittyy organisaation me- todeihin ja kyvykkyyksiin m\u00e4\u00e4ritell\u00e4 ja perustella investointihankkeita, sek\u00e4 johdon tietotaidon tasoon tietoturvaan liittyen. My\u00f6s organisaation tapa toimia, organisaation kulttuuri sek\u00e4 asenne tietoturvaan liittyen vaikuttavat p\u00e4\u00e4t\u00f6ksen- tekoprosessiin, kuten my\u00f6s johdon sitoutuminen ja tuki, sek\u00e4 poliittiset tekij\u00e4t.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "This thesis focuses on information security investment decision making process, and the object is to investigate why decisions fail. The theoretical background of the research consist of previous research, which are mainly conducted from the optimal information security investment, and the efficiency of information se- curity investment perspectives. Previous research have not addressed the prob- lem why information security investment decisions fail, and thus cannot ex- plain the reasoning. A key outcome of the thesis is to provide theory proposi- tions which offers a feasible answer to the research question. This research fills the research gap in the academic literature, and provides guidance to organiza- tions about affecting drivers in the field of information security investment management.\nThis research utilized a research strategy where theory is built from case studies, including four case companies. The study material was gathered with open interviews, and material was analyzed with the inductive content analysis method. Analyzed material was further processed with stage model.\nThis study findings indicated, that the challenge of information security investment management is multilateral. This thesis defined theory propositions and related sub-propositions. According to the defined theory propositions the likelihood of getting the information security investment proposal rejected re- lates to organizations\u2019 methods and capabilities to define and argue an invest- ment proposal, and to sufficient level of knowledge about information security in management level. The organizational way of working and organizational culture and attitude affect to decision making, as well as the management commitment and support, and political aspects.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted using Plone Publishing form by Hanna Toivanen (hanmarto) on 2015-08-21 08:04:49.311527. Form: Pro gradu -lomake (https://kirjasto.jyu.fi/julkaisut/julkaisulomakkeet/pro-gradu-lomake). JyX data: [jyx_publishing-allowed (fi) =True]", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by jyx lomake-julkaisija (jyx-julkaisija.group@korppi.jyu.fi) on 2015-08-21T08:04:49Z\nNo. of bitstreams: 2\nURN:NBN:fi:jyu-201508212719.pdf: 1668080 bytes, checksum: 7a086fe03c1c6e7e42cdb88919a7536e (MD5)\nlicense.html: 4813 bytes, checksum: 366ba7b735df0229565e0a82266aefbd (MD5)", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2015-08-21T08:04:49Z (GMT). No. of bitstreams: 2\nURN:NBN:fi:jyu-201508212719.pdf: 1668080 bytes, checksum: 7a086fe03c1c6e7e42cdb88919a7536e (MD5)\nlicense.html: 4813 bytes, checksum: 366ba7b735df0229565e0a82266aefbd (MD5)\n Previous issue date: 2015", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "1 verkkoaineisto (76 sivua)", "language": null, "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "Information security", "language": null, "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "information security investment", "language": null, "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "decision making", "language": null, "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "knowledge", "language": null, "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "capability", "language": null, "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "method.", "language": null, "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Case study of why information security investment fail?", "language": null, "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-201508212719", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Tietojenk\u00e4sittelytieteiden laitos", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Department of Computer Science and Information Systems", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Information Systems Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietoj\u00e4rjestelm\u00e4tiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.date.updated", "value": "2015-08-21T08:04:50Z", "language": null, "element": "date", "qualifier": "updated", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": null, "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": "fi", "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": null, "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "osaaminen", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "investoinnit", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "p\u00e4\u00e4t\u00f6ksenteko", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
id jyx.123456789_46669
language eng
last_indexed 2025-02-18T10:55:37Z
main_date 2015-01-01T00:00:00Z
main_date_str 2015
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/da79f40d-4d1c-467a-ad26-4fcefdb58848\/download","text":"URN:NBN:fi:jyu-201508212719.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2015
record_format qdc
source_str_mv jyx
spellingShingle Toivanen, Hanna Case study of why information security investment fail? Information security information security investment decision making knowledge capability method. Information Systems Science Tietojärjestelmätiede 601 tietoturva osaaminen investoinnit päätöksenteko
title Case study of why information security investment fail?
title_full Case study of why information security investment fail?
title_fullStr Case study of why information security investment fail? Case study of why information security investment fail?
title_full_unstemmed Case study of why information security investment fail? Case study of why information security investment fail?
title_short Case study of why information security investment fail?
title_sort case study of why information security investment fail
title_txtP Case study of why information security investment fail?
topic Information security information security investment decision making knowledge capability method. Information Systems Science Tietojärjestelmätiede 601 tietoturva osaaminen investoinnit päätöksenteko
topic_facet 601 Information Systems Science Information security Tietojärjestelmätiede capability decision making information security investment investoinnit knowledge method. osaaminen päätöksenteko tietoturva
url https://jyx.jyu.fi/handle/123456789/46669 http://www.urn.fi/URN:NBN:fi:jyu-201508212719
work_keys_str_mv AT toivanenhanna casestudyofwhyinformationsecurityinvestmentfail

Similar Items