Towards an optimal self-assessment tool for information security investment decision-making

Towards an optimal self-assessment tool for information security investment decision-making

Show other versions (1)

Aikaisempi tutkimus keskittyi pääasiallisesti taloudellisiin malleihin, joiden tarkoituksena oli auttaa organisaatioita tunnistamaan kuinka paljon heidän tulisi sijoittaa tietoturvallisuuteen. Nämä mallit pyrkivät tuottojen maksimointiin ja keskittyivät tietoturvainvestointiprosessin tiettyihin osii...

Full description

Bibliographic Details
Main Author: Kokkonen, Mika
Other Authors: Informaatioteknologian tiedekunta, Faculty of Information Technology, Informaatioteknologia, University of Jyväskylä, Jyväskylän yliopisto
Format: Master's thesis
Language:eng
Published: 2017
Subjects:
self-assessment
tool
information security
investment
decision-making
Tietojenkäsittelytiede
601
itsearviointi
työvälineet
tietoturva
investoinnit
päätöksenteko
Online Access: https://jyx.jyu.fi/handle/123456789/56513
_version_ 1826225739561697280
author Kokkonen, Mika
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia University of Jyväskylä Jyväskylän yliopisto
author_facet Kokkonen, Mika Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia University of Jyväskylä Jyväskylän yliopisto Kokkonen, Mika Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia University of Jyväskylä Jyväskylän yliopisto
author_sort Kokkonen, Mika
datasource_str_mv jyx
description Aikaisempi tutkimus keskittyi pääasiallisesti taloudellisiin malleihin, joiden tarkoituksena oli auttaa organisaatioita tunnistamaan kuinka paljon heidän tulisi sijoittaa tietoturvallisuuteen. Nämä mallit pyrkivät tuottojen maksimointiin ja keskittyivät tietoturvainvestointiprosessin tiettyihin osiin. Tästä johtuen, klassiset teoriat ja mallit ovat ongelmallisia tietoturvainvestointien päätösten teossa, jonka myötä tulisi omaksua kokonaisvaltaisempi lähestyminen tietoturvainvestointeihin. Tietoturvallisuuden tutkimuskentältä puuttuu tutkimusta tietoturvallisuuden itsearviointityökalujen käytöstä tietoturvainvestointien päätöksenteossa. Tämä tutkimus pyrki täyttämään tämän aukon tutkimalla olemassa olevaa kirjallisuutta ja luomalla käsitteellisen tietoturvatyökalun mallin suunnittelutieteen prosessin kautta. Alustava malli luotiin olemassa olevaan kirjallisuuteen perus-tuen, jonka jälkeen empiirinen tapaustutkimus havainnollisti työkalua työelämän edustajille, ja työkalun kehittämistä tehtiin tapaustutkimuksen tulosten pohjalta. Tapaustutkimuksen tulokset olivat linjassa viimeisimpien tutkimusten kanssa ja ne auttoivat vahvistamaan käsitteellistä työkalumallia. Kaiken kaikkiaan, tämä pro gradu-tutkielma myötävaikutti tietoturvallisuuden tutkimuskenttään luomalla käsitteellisen tietoturvallisuuden itsearviointityökalun mallin, joka auttaisi organisaatioita paremmin tunnistamaan mihin tietoturvallisuuden alueisiin heidän tulisi investoida. Empiirisesti perusteltu malli voi auttaa organisaatioita ja työkalujen kehittäjiä ymmärtämään minkälaisia työkaluja tarvitaan tietoturvallisuuden investoinneissa. Previous research has focused mainly on economic models that aim to help organizations to identify how much to invest in information security. These models aimed for benefit maximization and focused on certain parts of information se-curity investment process. Thus, the classical theories and models are problematic in information security investment decision-making, and more holistic approach should be taken in information security investments. Information security field lacks research on information security self-assessment tools in information security investment decision-making. This research attempted to fill this gap by studying the existing literature and creating a concep-tual information security tool model through design science research process. Preliminary conceptual tool model was developed based on literature study, after which empirical case study demonstrated the tool in working life, and refinement was conducted based on the case study findings. The results of the case study were in line with recent research and helped in the validation of the tool concept. Overall, this master thesis contributed to information security research by providing a blueprint for an information security self-assessment tool that would help organization to better identify to what information security area(s) to invest. The empirically-grounded model can help organizations and tool developers to understand what kind of tools are needed in information security investments.
first_indexed 2023-03-22T10:00:31Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "Soliman, Wael", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Kokkonen, Mika", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2017-12-21T10:49:03Z", "language": "", "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2017-12-21T10:49:03Z", "language": "", "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2017", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.other", "value": "oai:jykdok.linneanet.fi:1809783", "language": null, "element": "identifier", "qualifier": "other", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/56513", "language": "", "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Aikaisempi tutkimus keskittyi p\u00e4\u00e4asiallisesti taloudellisiin malleihin, joiden tarkoituksena oli auttaa organisaatioita tunnistamaan kuinka paljon heid\u00e4n tulisi sijoittaa tietoturvallisuuteen. N\u00e4m\u00e4 mallit pyrkiv\u00e4t tuottojen maksimointiin ja keskittyiv\u00e4t tietoturvainvestointiprosessin tiettyihin osiin. T\u00e4st\u00e4 johtuen, klassiset teoriat ja mallit ovat ongelmallisia tietoturvainvestointien p\u00e4\u00e4t\u00f6sten teossa, jonka my\u00f6t\u00e4 tulisi omaksua kokonaisvaltaisempi l\u00e4hestyminen tietoturvainvestointeihin.\r\n\r\nTietoturvallisuuden tutkimuskent\u00e4lt\u00e4 puuttuu tutkimusta tietoturvallisuuden itsearviointity\u00f6kalujen k\u00e4yt\u00f6st\u00e4 tietoturvainvestointien p\u00e4\u00e4t\u00f6ksenteossa. T\u00e4m\u00e4 tutkimus pyrki t\u00e4ytt\u00e4m\u00e4\u00e4n t\u00e4m\u00e4n aukon tutkimalla olemassa olevaa kirjallisuutta ja luomalla k\u00e4sitteellisen tietoturvaty\u00f6kalun mallin suunnittelutieteen prosessin kautta. Alustava malli luotiin olemassa olevaan kirjallisuuteen perus-tuen, jonka j\u00e4lkeen empiirinen tapaustutkimus havainnollisti ty\u00f6kalua ty\u00f6el\u00e4m\u00e4n edustajille, ja ty\u00f6kalun kehitt\u00e4mist\u00e4 tehtiin tapaustutkimuksen tulosten pohjalta. Tapaustutkimuksen tulokset olivat linjassa viimeisimpien tutkimusten kanssa ja ne auttoivat vahvistamaan k\u00e4sitteellist\u00e4 ty\u00f6kalumallia.\r\n\r\nKaiken kaikkiaan, t\u00e4m\u00e4 pro gradu-tutkielma my\u00f6t\u00e4vaikutti tietoturvallisuuden tutkimuskentt\u00e4\u00e4n luomalla k\u00e4sitteellisen tietoturvallisuuden itsearviointity\u00f6kalun mallin, joka auttaisi organisaatioita paremmin tunnistamaan mihin tietoturvallisuuden alueisiin heid\u00e4n tulisi investoida. Empiirisesti perusteltu malli voi auttaa organisaatioita ja ty\u00f6kalujen kehitt\u00e4ji\u00e4 ymm\u00e4rt\u00e4m\u00e4\u00e4n mink\u00e4laisia ty\u00f6kaluja tarvitaan tietoturvallisuuden investoinneissa.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Previous research has focused mainly on economic models that aim to help organizations to identify how much to invest in information security. These models aimed for benefit maximization and focused on certain parts of information se-curity investment process. Thus, the classical theories and models are problematic in information security investment decision-making, and more holistic approach should be taken in information security investments.\r\n\r\nInformation security field lacks research on information security self-assessment tools in information security investment decision-making. This research attempted to fill this gap by studying the existing literature and creating a concep-tual information security tool model through design science research process. Preliminary conceptual tool model was developed based on literature study, after which empirical case study demonstrated the tool in working life, and refinement was conducted based on the case study findings. The results of the case study were in line with recent research and helped in the validation of the tool concept.\r\n\r\nOverall, this master thesis contributed to information security research by providing a blueprint for an information security self-assessment tool that would help organization to better identify to what information security area(s) to invest. The empirically-grounded model can help organizations and tool developers to understand what kind of tools are needed in information security investments.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted using Plone Publishing form by Mika Kokkonen (mipekokk) on 2017-12-21 10:49:02.813118. Form: Pro gradu -lomake (https://kirjasto.jyu.fi/julkaisut/julkaisulomakkeet/pro-gradu-lomake). JyX data: [jyx_publishing-allowed (fi) =True]", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by jyx lomake-julkaisija (jyx-julkaisija.group@korppi.jyu.fi) on 2017-12-21T10:49:03Z\r\nNo. of bitstreams: 2\r\nURN:NBN:fi:jyu-201712214845.pdf: 1356834 bytes, checksum: 62c19366beb6149f9ca0dfcb37f50114 (MD5)\r\nlicense.html: 4848 bytes, checksum: 490a14fa88f32d0ef714fd0f96fe71da (MD5)", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2017-12-21T10:49:03Z (GMT). No. of bitstreams: 2\r\nURN:NBN:fi:jyu-201712214845.pdf: 1356834 bytes, checksum: 62c19366beb6149f9ca0dfcb37f50114 (MD5)\r\nlicense.html: 4848 bytes, checksum: 490a14fa88f32d0ef714fd0f96fe71da (MD5)\r\n Previous issue date: 2017", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "1 verkkoaineisto (71 sivua)", "language": null, "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "self-assessment", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "tool", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "information security", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "investment", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "decision-making", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Towards an optimal self-assessment tool for information security investment decision-making", "language": null, "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-201712214845", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietojenk\u00e4sittelytiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.date.updated", "value": "2017-12-21T10:49:03Z", "language": "", "element": "date", "qualifier": "updated", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": "fi", "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": null, "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "itsearviointi", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "ty\u00f6v\u00e4lineet", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "investoinnit", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "p\u00e4\u00e4t\u00f6ksenteko", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
id jyx.123456789_56513
language eng
last_indexed 2025-02-18T10:56:03Z
main_date 2017-01-01T00:00:00Z
main_date_str 2017
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/d8409e8c-4794-42d1-8bc9-9200b6ccd42a\/download","text":"URN:NBN:fi:jyu-201712214845.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2017
record_format qdc
source_str_mv jyx
spellingShingle Kokkonen, Mika Towards an optimal self-assessment tool for information security investment decision-making self-assessment tool information security investment decision-making Tietojenkäsittelytiede 601 itsearviointi työvälineet tietoturva investoinnit päätöksenteko
title Towards an optimal self-assessment tool for information security investment decision-making
title_full Towards an optimal self-assessment tool for information security investment decision-making
title_fullStr Towards an optimal self-assessment tool for information security investment decision-making Towards an optimal self-assessment tool for information security investment decision-making
title_full_unstemmed Towards an optimal self-assessment tool for information security investment decision-making Towards an optimal self-assessment tool for information security investment decision-making
title_short Towards an optimal self-assessment tool for information security investment decision-making
title_sort towards an optimal self assessment tool for information security investment decision making
title_txtP Towards an optimal self-assessment tool for information security investment decision-making
topic self-assessment tool information security investment decision-making Tietojenkäsittelytiede 601 itsearviointi työvälineet tietoturva investoinnit päätöksenteko
topic_facet 601 Tietojenkäsittelytiede decision-making information security investment investoinnit itsearviointi päätöksenteko self-assessment tietoturva tool työvälineet
url https://jyx.jyu.fi/handle/123456789/56513 http://www.urn.fi/URN:NBN:fi:jyu-201712214845
work_keys_str_mv AT kokkonenmika towardsanoptimalselfassessmenttoolforinformationsecurityinvestmentdecisionmaking

Similar Items