Tietoturvaohjeiden ja työympäristön ristiriita

Tässä tutkimuksessa luodaan ensin katsaus alan aihepiiriin, eli tietoturvaohjeistuksiin ja standardeihin. Tämän jälkeen tarkastellaan tutkimuksen tärkeintä osiota, joka on tietoturvaohjeiden ja työympäristön välillä tunnistettu potentiaalinen ristiriita. Potentiaalinen ristiriita on merkittävä ilmi...

Full description

Bibliographic Details
Main Author: Ketola, Tuomas
Other Authors: Faculty of Information Technology, Informaatioteknologian tiedekunta, Tietojenkäsittelytieteiden laitos, Department of Computer Science and Information Systems, University of Jyväskylä, Jyväskylän yliopisto
Format: Master's thesis
Language:fin
Published: 2016
Subjects:
Online Access: https://jyx.jyu.fi/handle/123456789/49286
_version_ 1826225738987077632
author Ketola, Tuomas
author2 Faculty of Information Technology Informaatioteknologian tiedekunta Tietojenkäsittelytieteiden laitos Department of Computer Science and Information Systems University of Jyväskylä Jyväskylän yliopisto
author_facet Ketola, Tuomas Faculty of Information Technology Informaatioteknologian tiedekunta Tietojenkäsittelytieteiden laitos Department of Computer Science and Information Systems University of Jyväskylä Jyväskylän yliopisto Ketola, Tuomas Faculty of Information Technology Informaatioteknologian tiedekunta Tietojenkäsittelytieteiden laitos Department of Computer Science and Information Systems University of Jyväskylä Jyväskylän yliopisto
author_sort Ketola, Tuomas
datasource_str_mv jyx
description Tässä tutkimuksessa luodaan ensin katsaus alan aihepiiriin, eli tietoturvaohjeistuksiin ja standardeihin. Tämän jälkeen tarkastellaan tutkimuksen tärkeintä osiota, joka on tietoturvaohjeiden ja työympäristön välillä tunnistettu potentiaalinen ristiriita. Potentiaalinen ristiriita on merkittävä ilmiö, koska toteutuessaan se aiheuttaa merkittäviä työajallisia ja taloudellisia menetyksiä, pahimmllaan jopa estäen yksittäisten työtehtävien suorittamisen. Tämän jälkeen siirrytään tutkimuksen varsinaiseen empiiriseen osuuteen valitussa terveydenhuollon kohdeorganisaatiossa. Tutkimuksessa tutkitaan kohdeorganisaation tietoturvapolitiikan soveltuvuus kyseisen organisaation ruohonjuuritason työtilanteisiin, sekä tietoturvapolitiikan mahdollisesti kohdeorganisaation työntekijöille aiheuttamiin ristiriitatilanteisiin työympäristössä. Tutkimuksen aineisto kerättiin tutustumalla kohdeorganisaation tietoturvaohjeistuksiin, keskustelemalla organisaation tietoturvasta vastaavien henkilöiden kanssa, sekä teemahaastattelemalla organisaation työntekijöitä. Tutkimusten tulosten perusteella esiin nousi ristiriita kohdeorganisaation tietoturvaohjeiden ja työympäristön välillä. Tämä ristiriita aiheuttaa merkittäviä hidasteita ja haittoja eri työtehtävien päivittäisessä hoitamisessa. Tutkimuksessa ilmenneet pääongelmakohdat olivat käyttäjien huono tietoturvaohjeiden tuntemus, kohdeorganisaation työasemien hidas avautuminen ja sulkeutuminen, sekä ongelmat potilastietojen käsittelyssä ja siirrossa. Tutkimusmenetelmänä oli grounded theory ja tutkimuksen tuloksena syntyi käsitejärjestelmä, joka kuvaa tietoturvaohjeiden ja työympäristön potentiaalista ristiriitaa. Tutkimuksen tuloksia voidaan hyödyntää tulevaisuudessa laadittaessa tietoturvaohjeistuksia ja -koulutuksia optimaalisiksi kuhunkin työyhteisöön. Lisäksi se antaa pohjaa aiheen jatkotutkimukselle. The purpose of this study is first to review the topics of this field which are information security policies and information security standards. Next, the study proceeds to the most important part which recognizes potential conflict between information security policies and the work environment. This potential conflict is a significant phenomenon when considering it causes considerable losses involving work hours and an economical situation of the organization. In the worst case it can even hinder an employee to complete his/her work assignment. The next phase of this study is the empirical part which will take place at chosen healthcare organization. The main aim of this field study is to find out if the information security policy of the healthcare organization is suit-able for all the daily working tasks of the organization. The study attempts to find out any potential conflict situations between the information security policy and the work environment. All the data of the study is collected by studying the information security instructions of the organization, discussing with people who are responsible for information security of the organization and theme-interviewing the employees of the organization. The results of this study emerged a conflict between the information security policy and work environment of the target organization. This conflict causes significant delays and harm to many employees while they are performing their daily work tasks. The first main concern was the lack of information security knowledge of the employees. Second major concern was the slowness of the workstations within the organization. It took a long time to open and close them with employees’ own user name. The third main concern was the handling and transferring of the patient records. The research method that was used was grounded theory, and as a result of this study a concept system was created. The system describes the potential conflict between the information security policy and the work environment. The outcome of this research can be utilized in the future when planning information security policies and information security trainings; and can be optimized into organizations. This study has important implications for both research and practice.
first_indexed 2023-03-22T09:57:58Z
format Pro gradu
fullrecord [{"key": "dc.contributor.advisor", "value": "Siponen, Mikko.", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Ketola, Tuomas", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2016-04-08T11:02:30Z", "language": "", "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2016-04-08T11:02:30Z", "language": "", "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2016", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.other", "value": "oai:jykdok.linneanet.fi:1525403", "language": null, "element": "identifier", "qualifier": "other", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/49286", "language": "", "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "T\u00e4ss\u00e4 tutkimuksessa luodaan ensin katsaus alan aihepiiriin, eli tietoturvaohjeistuksiin ja standardeihin. T\u00e4m\u00e4n j\u00e4lkeen tarkastellaan tutkimuksen t\u00e4rkeint\u00e4 osiota, joka on tietoturvaohjeiden ja ty\u00f6ymp\u00e4rist\u00f6n v\u00e4lill\u00e4 tunnistettu potentiaalinen ristiriita. Potentiaalinen ristiriita on merkitt\u00e4v\u00e4 ilmi\u00f6, koska toteutuessaan se aiheuttaa merkitt\u00e4vi\u00e4 ty\u00f6ajallisia ja taloudellisia menetyksi\u00e4, pahimmllaan jopa est\u00e4en yksitt\u00e4isten ty\u00f6teht\u00e4vien suorittamisen. T\u00e4m\u00e4n j\u00e4lkeen siirryt\u00e4\u00e4n tutkimuksen varsinaiseen empiiriseen osuuteen valitussa terveydenhuollon kohdeorganisaatiossa. Tutkimuksessa tutkitaan kohdeorganisaation tietoturvapolitiikan soveltuvuus kyseisen organisaation ruohonjuuritason ty\u00f6tilanteisiin, sek\u00e4 tietoturvapolitiikan mahdollisesti kohdeorganisaation ty\u00f6ntekij\u00f6ille aiheuttamiin ristiriitatilanteisiin ty\u00f6ymp\u00e4rist\u00f6ss\u00e4. Tutkimuksen aineisto ker\u00e4ttiin tutustumalla kohdeorganisaation tietoturvaohjeistuksiin, keskustelemalla organisaation tietoturvasta vastaavien henkil\u00f6iden kanssa, sek\u00e4 teemahaastattelemalla organisaation ty\u00f6ntekij\u00f6it\u00e4. Tutkimusten tulosten perusteella esiin nousi ristiriita kohdeorganisaation tietoturvaohjeiden ja ty\u00f6ymp\u00e4rist\u00f6n v\u00e4lill\u00e4. T\u00e4m\u00e4 ristiriita aiheuttaa merkitt\u00e4vi\u00e4 hidasteita ja haittoja eri ty\u00f6teht\u00e4vien p\u00e4ivitt\u00e4isess\u00e4 hoitamisessa. Tutkimuksessa ilmenneet p\u00e4\u00e4ongelmakohdat olivat k\u00e4ytt\u00e4jien huono tietoturvaohjeiden tuntemus, kohdeorganisaation ty\u00f6asemien hidas avautuminen ja sulkeutuminen, sek\u00e4 ongelmat potilastietojen k\u00e4sittelyss\u00e4 ja siirrossa. Tutkimusmenetelm\u00e4n\u00e4 oli grounded theory ja tutkimuksen tuloksena syntyi k\u00e4sitej\u00e4rjestelm\u00e4, joka kuvaa tietoturvaohjeiden ja ty\u00f6ymp\u00e4rist\u00f6n potentiaalista ristiriitaa. Tutkimuksen tuloksia voidaan hy\u00f6dynt\u00e4\u00e4 tulevaisuudessa laadittaessa tietoturvaohjeistuksia ja -koulutuksia optimaalisiksi kuhunkin ty\u00f6yhteis\u00f6\u00f6n. Lis\u00e4ksi se antaa pohjaa aiheen jatkotutkimukselle.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "The purpose of this study is first to review the topics of this field which are information security policies and information security standards. Next, the study proceeds to the most important part which recognizes potential conflict between information security policies and the work environment. This potential conflict is a significant phenomenon when considering it causes considerable losses involving work hours and an economical situation of the organization. In the worst case it can even hinder an employee to complete his/her work assignment. The next phase of this study is the empirical part which will take place at chosen healthcare organization. The main aim of this field study is to find out if the information security policy of the healthcare organization is suit-able for all the daily working tasks of the organization. The study attempts to find out any potential conflict situations between the information security policy and the work environment. All the data of the study is collected by studying the information security instructions of the organization, discussing with people who are responsible for information security of the organization and theme-interviewing the employees of the organization. The results of this study emerged a conflict between the information security policy and work environment of the target organization. This conflict causes significant delays and harm to many employees while they are performing their daily work tasks. The first main concern was the lack of information security knowledge of the employees. Second major concern was the slowness of the workstations within the organization. It took a long time to open and close them with employees\u2019 own user name. The third main concern was the handling and transferring of the patient records. The research method that was used was grounded theory, and as a result of this study a concept system was created. The system describes the potential conflict between the information security policy and the work environment. The outcome of this research can be utilized in the future when planning information security policies and information security trainings; and can be optimized into organizations. This study has important implications for both research and practice.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted using Plone Publishing form by Tuomas Ketola (jutupeke) on 2016-04-08 11:02:30.133894. Form: Pro gradu -lomake (https://kirjasto.jyu.fi/julkaisut/julkaisulomakkeet/pro-gradu-lomake). JyX data: [jyx_publishing-allowed (fi) =True]", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by jyx lomake-julkaisija (jyx-julkaisija.group@korppi.jyu.fi) on 2016-04-08T11:02:30Z\r\nNo. of bitstreams: 2\r\nURN:NBN:fi:jyu-201604082032.pdf: 764894 bytes, checksum: 39101d00cef34f8ad0e7d78f09baea79 (MD5)\r\nlicense.html: 4804 bytes, checksum: 14df1429d0da9c6265611bc762a9d5ad (MD5)", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2016-04-08T11:02:30Z (GMT). No. of bitstreams: 2\r\nURN:NBN:fi:jyu-201604082032.pdf: 764894 bytes, checksum: 39101d00cef34f8ad0e7d78f09baea79 (MD5)\r\nlicense.html: 4804 bytes, checksum: 14df1429d0da9c6265611bc762a9d5ad (MD5)\r\n Previous issue date: 2016", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "1 verkkoaineisto (67 s.)", "language": null, "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "tietoturva", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "tietoturvaohjeistus", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "tietoturvastandardi", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "ty\u00f6ymp\u00e4rist\u00f6", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "ristiriita", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "grounded theory", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Tietoturvaohjeiden ja ty\u00f6ymp\u00e4rist\u00f6n ristiriita", "language": null, "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-201604082032", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master's thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Tietojenk\u00e4sittelytieteiden laitos", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Department of Computer Science and Information Systems", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Information Systems Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietoj\u00e4rjestelm\u00e4tiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.method", "value": "Grounded theory", "language": null, "element": "subject", "qualifier": "method", "schema": "dc"}, {"key": "dc.date.updated", "value": "2016-04-08T11:02:31Z", "language": "", "element": "date", "qualifier": "updated", "schema": "dc"}, {"key": "yvv.contractresearch.collaborator", "value": "public", "language": "", "element": "contractresearch", "qualifier": "collaborator", "schema": "yvv"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "yvv.contractresearch.initiative", "value": "student", "language": "", "element": "contractresearch", "qualifier": "initiative", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "restrictedAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": null, "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturvapolitiikka", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "ohjeet", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "standardit", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "ty\u00f6ymp\u00e4rist\u00f6", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "ristiriidat", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "<br><br>The author has not given permission to make the work publicly available electronically. Therefore the material can be read only at the archival <a href=\"https://kirjasto.jyu.fi/collections/archival-workstation\">workstation</a> at Jyv\u00e4skyl\u00e4 University Library reserved for the use of archival materials.", "language": "en", "element": "rights", "qualifier": "accessrights", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "Tekij\u00e4 ei ole antanut lupaa avoimeen julkaisuun, joten aineisto on luettavissa vain Jyv\u00e4skyl\u00e4n yliopiston kirjaston <a href=\"https://kirjasto.jyu.fi/kokoelmat/arkistotyoasema\">arkistoty\u00f6asemalta</a>.", "language": "fi", "element": "rights", "qualifier": "accessrights", "schema": "dc"}]
id jyx.123456789_49286
language fin
last_indexed 2025-02-18T10:54:43Z
main_date 2016-01-01T00:00:00Z
main_date_str 2016
publishDate 2016
record_format qdc
source_str_mv jyx
spellingShingle Ketola, Tuomas Tietoturvaohjeiden ja työympäristön ristiriita tietoturva tietoturvaohjeistus tietoturvastandardi työympäristö ristiriita grounded theory Information Systems Science Tietojärjestelmätiede Grounded theory 601 tietoturvapolitiikka ohjeet standardit ristiriidat
title Tietoturvaohjeiden ja työympäristön ristiriita
title_full Tietoturvaohjeiden ja työympäristön ristiriita
title_fullStr Tietoturvaohjeiden ja työympäristön ristiriita Tietoturvaohjeiden ja työympäristön ristiriita
title_full_unstemmed Tietoturvaohjeiden ja työympäristön ristiriita Tietoturvaohjeiden ja työympäristön ristiriita
title_short Tietoturvaohjeiden ja työympäristön ristiriita
title_sort tietoturvaohjeiden ja työympäristön ristiriita
title_txtP Tietoturvaohjeiden ja työympäristön ristiriita
topic tietoturva tietoturvaohjeistus tietoturvastandardi työympäristö ristiriita grounded theory Information Systems Science Tietojärjestelmätiede Grounded theory 601 tietoturvapolitiikka ohjeet standardit ristiriidat
topic_facet 601 Grounded theory Information Systems Science Tietojärjestelmätiede grounded theory ohjeet ristiriidat ristiriita standardit tietoturva tietoturvaohjeistus tietoturvapolitiikka tietoturvastandardi työympäristö
url https://jyx.jyu.fi/handle/123456789/49286 http://www.urn.fi/URN:NBN:fi:jyu-201604082032
work_keys_str_mv AT ketolatuomas tietoturvaohjeidenjatyöympäristönristiriita