Tietoturvastrategiat terveydenhuollon organisaatioissa

The role of information systems in today’s organization’s business processes is increasing. At the same time the role of information security as business enabler and protector is increasing. Continually evolving technologies and attack methods creates a need to think the information security as a st...

Full description

Bibliographic Details
Main Author: Turunen, Timo
Other Authors: Informaatioteknologian tiedekunta, Faculty of Information Technology, Informaatioteknologia, Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Format: Master's thesis
Language:fin
Published: 2018
Subjects:
Online Access: https://jyx.jyu.fi/handle/123456789/57998
_version_ 1828193089399816192
author Turunen, Timo
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet Turunen, Timo Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä Turunen, Timo Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort Turunen, Timo
datasource_str_mv jyx
description The role of information systems in today’s organization’s business processes is increasing. At the same time the role of information security as business enabler and protector is increasing. Continually evolving technologies and attack methods creates a need to think the information security as a strategic problem, as organizations aims to protect their business within their available resources. The concept of information security strategy is fairly new concept and it has been given multiple different definition in prior literature and practice. This research aims to clarify the concept and study information security strategies in healthcare context. The objectives of information security can differ in healthcare sector when compared to other sectors. In healthcare employees’ values, legal requirements and the aim to improve the well-being of citizens can create challenges for strategic information security planning. This study used case study as a research method to understand this phenomenon in its natural setting in public healthcare organizations. Based on the findings, information security has important role in the study cases, but information security strategies are not being used to plan and maintain organizations’ information security practices, although prior information security literature has highlighted the possible benefits of the strategies. The lack of clear benefits compared to information security policies and risk management could explain why organizations have not created these strategies. Based on the findings and prior literature this thesis proposed factors (i.e. business needs, risks, culture, legal compliance and information systems) that organizations need to consider while creating information security strategy. Despite the lack of clear benefits, the proposed model of this research could help organizations to move toward strategic approach to information security and improve and maintain their overall security posture. Tietojärjestelmien roolin kasvaessa tämän päivän organisaatioiden liiketoiminnassa, myös tietoturvan merkitys liiketoiminnan turvaajana ja mahdollistajana kasvaa. Teknologian ja hyökkäysmenetelmien kehityksen seurauksena tietoturvan rooli strategisena ongelmana korostuu, organisaatioiden pyrkiessä turvaamaan omat liiketoimintaprosessit käytössä olevien resurssien puitteissa. Tietoturvastrategia on kuitenkin suhteellisen uusi konsepti tietoturvakirjallisuudessa ja se on voinut saada hyvinkin erilaisia määritelmä niin kirjallisuudessa kuin käytännössä. Tämä tutkimus pyrkii selkeyttämään tätä konseptia ja selvittämään tietoturvastrategioiden roolia terveydenhuolto-organisaatioissa, joiden toiminnan tavoitteet voivat erota suuresti muiden alojen vastaavista. Terveydenhuolto alalla muun muassa henkilöstön ammatilliset arvot, alan tarkka säätely ja pyrkimys väestön terveyden edistämiseen voi luoda oman haasteensa tietoturvan strategiselle suunnittelulle. Tutkimuksessa hyödynnettiin tutkimusmenetelmänä tapaustutkimusta, joka mahdollisti ilmiön tutkimisen sen luonnollisessa kontekstissa julkisen terveydenhuollon organisaatioissa. Tutkimuksen tulosten perusteella tietoturvalla oli keskeinen rooli tapauksissa, mutta tietoturvastrategiaa ei hyödynnetty tietoturvan suunnittelussa ja kehityksessä, vaikka tietoturvakirjallisuus on nostanut esille strategiasta mahdollisesti saatavia hyötyjä. Tietoturva- strategioiden puute voi johtua niiden selkeiden hyötyjen puutteella suhteessa esimerkiksi tietoturvapolitiikkaan ja riskienhallintaan. Tutkimuksen tulosten ja aiemman tietoturvastrategiaan keskittyvän kirjallisuuden pohjalta tutkimuksessa esitettiin huomioitavia tekijöitä, kuten liiketoiminnalliset tarpeet, riskit, kulttuuri, lainsäädäntö ja tietojärjestelmät, jotka terveydenhuolto-organisaation tulisi ottaa huomioon päättäessään kehittää tietoturvastrategia. Puutuvista selkeistä tietoturvastrategian hyödyistä huolimatta, tässä tutkimuksessa esitetty viitekehys voi auttaa organisaatiota kohti strategisempaa lähestymistapaa tietoturvan suunnitteluun ja toteutukseen.
first_indexed 2019-08-19T08:21:31Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "Siponen, Mikko", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Turunen, Timo", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2018-05-17T11:11:04Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2018-05-17T11:11:04Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2018", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/57998", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "The role of information systems in today\u2019s organization\u2019s business processes is\nincreasing. At the same time the role of information security as business enabler\nand protector is increasing. Continually evolving technologies and attack methods\ncreates a need to think the information security as a strategic problem, as\norganizations aims to protect their business within their available resources. The\nconcept of information security strategy is fairly new concept and it has been\ngiven multiple different definition in prior literature and practice. This research\naims to clarify the concept and study information security strategies in healthcare\ncontext. The objectives of information security can differ in healthcare sector\nwhen compared to other sectors. In healthcare employees\u2019 values, legal requirements\nand the aim to improve the well-being of citizens can create challenges for\nstrategic information security planning. This study used case study as a research\nmethod to understand this phenomenon in its natural setting in public healthcare\norganizations. Based on the findings, information security has important role in\nthe study cases, but information security strategies are not being used to plan and\nmaintain organizations\u2019 information security practices, although prior information\nsecurity literature has highlighted the possible benefits of the strategies.\nThe lack of clear benefits compared to information security policies and risk management\ncould explain why organizations have not created these strategies.\nBased on the findings and prior literature this thesis proposed factors (i.e. business\nneeds, risks, culture, legal compliance and information systems) that organizations\nneed to consider while creating information security strategy. Despite\nthe lack of clear benefits, the proposed model of this research could help organizations\nto move toward strategic approach to information security and improve\nand maintain their overall security posture.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Tietoj\u00e4rjestelmien roolin kasvaessa t\u00e4m\u00e4n p\u00e4iv\u00e4n organisaatioiden liiketoiminnassa, my\u00f6s tietoturvan merkitys liiketoiminnan turvaajana ja mahdollistajana kasvaa. Teknologian ja hy\u00f6kk\u00e4ysmenetelmien kehityksen seurauksena tietoturvan rooli strategisena ongelmana korostuu, organisaatioiden pyrkiess\u00e4 turvaamaan omat liiketoimintaprosessit k\u00e4yt\u00f6ss\u00e4 olevien resurssien puitteissa. Tietoturvastrategia on kuitenkin suhteellisen uusi konsepti tietoturvakirjallisuudessa ja se on voinut saada hyvinkin erilaisia m\u00e4\u00e4ritelm\u00e4 niin kirjallisuudessa kuin k\u00e4yt\u00e4nn\u00f6ss\u00e4. T\u00e4m\u00e4 tutkimus pyrkii selkeytt\u00e4m\u00e4\u00e4n t\u00e4t\u00e4 konseptia ja selvitt\u00e4m\u00e4\u00e4n tietoturvastrategioiden roolia terveydenhuolto-organisaatioissa, joiden toiminnan tavoitteet voivat erota suuresti muiden alojen vastaavista. Terveydenhuolto alalla muun muassa henkil\u00f6st\u00f6n ammatilliset arvot, alan tarkka s\u00e4\u00e4tely ja pyrkimys v\u00e4est\u00f6n terveyden edist\u00e4miseen voi luoda oman haasteensa tietoturvan strategiselle suunnittelulle. Tutkimuksessa hy\u00f6dynnettiin tutkimusmenetelm\u00e4n\u00e4 tapaustutkimusta, joka mahdollisti ilmi\u00f6n tutkimisen sen luonnollisessa kontekstissa julkisen terveydenhuollon organisaatioissa. Tutkimuksen tulosten perusteella tietoturvalla oli keskeinen rooli tapauksissa, mutta tietoturvastrategiaa ei hy\u00f6dynnetty tietoturvan suunnittelussa ja kehityksess\u00e4, vaikka tietoturvakirjallisuus on nostanut esille strategiasta mahdollisesti saatavia hy\u00f6tyj\u00e4. Tietoturva- strategioiden puute voi johtua niiden selkeiden hy\u00f6tyjen puutteella suhteessa esimerkiksi tietoturvapolitiikkaan ja riskienhallintaan. Tutkimuksen tulosten ja aiemman tietoturvastrategiaan keskittyv\u00e4n kirjallisuuden pohjalta tutkimuksessa esitettiin huomioitavia tekij\u00f6it\u00e4, kuten liiketoiminnalliset tarpeet, riskit, kulttuuri, lains\u00e4\u00e4d\u00e4nt\u00f6 ja tietoj\u00e4rjestelm\u00e4t, jotka terveydenhuolto-organisaation tulisi ottaa huomioon p\u00e4\u00e4tt\u00e4ess\u00e4\u00e4n kehitt\u00e4\u00e4 tietoturvastrategia. Puutuvista selkeist\u00e4 tietoturvastrategian hy\u00f6dyist\u00e4 huolimatta, t\u00e4ss\u00e4 tutkimuksessa esitetty viitekehys voi auttaa organisaatiota kohti strategisempaa l\u00e4hestymistapaa tietoturvan suunnitteluun ja toteutukseen.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Miia Hakanen (mihakane@jyu.fi) on 2018-05-17T11:11:04Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2018-05-17T11:11:04Z (GMT). No. of bitstreams: 0\n Previous issue date: 2018", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "63", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "tietoturvastrategia", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "tietoturvakulttuuri", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Tietoturvastrategiat terveydenhuollon organisaatioissa", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-201805172658", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietojenk\u00e4sittelytiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Computer Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturvapolitiikka", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "terveydenhuolto", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietosuoja", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
id jyx.123456789_57998
language fin
last_indexed 2025-03-31T20:02:02Z
main_date 2018-01-01T00:00:00Z
main_date_str 2018
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/ac6f3624-8f0f-402d-ab4d-b9a98a0b3cae\/download","text":"URN:NBN:fi:jyu-201805172658.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2018
record_format qdc
source_str_mv jyx
spellingShingle Turunen, Timo Tietoturvastrategiat terveydenhuollon organisaatioissa tietoturvastrategia tietoturvakulttuuri Tietojenkäsittelytiede Computer Science 601 tietoturvapolitiikka terveydenhuolto tietoturva tietosuoja
title Tietoturvastrategiat terveydenhuollon organisaatioissa
title_full Tietoturvastrategiat terveydenhuollon organisaatioissa
title_fullStr Tietoturvastrategiat terveydenhuollon organisaatioissa Tietoturvastrategiat terveydenhuollon organisaatioissa
title_full_unstemmed Tietoturvastrategiat terveydenhuollon organisaatioissa Tietoturvastrategiat terveydenhuollon organisaatioissa
title_short Tietoturvastrategiat terveydenhuollon organisaatioissa
title_sort tietoturvastrategiat terveydenhuollon organisaatioissa
title_txtP Tietoturvastrategiat terveydenhuollon organisaatioissa
topic tietoturvastrategia tietoturvakulttuuri Tietojenkäsittelytiede Computer Science 601 tietoturvapolitiikka terveydenhuolto tietoturva tietosuoja
topic_facet 601 Computer Science Tietojenkäsittelytiede terveydenhuolto tietosuoja tietoturva tietoturvakulttuuri tietoturvapolitiikka tietoturvastrategia
url https://jyx.jyu.fi/handle/123456789/57998 http://www.urn.fi/URN:NBN:fi:jyu-201805172658
work_keys_str_mv AT turunentimo tietoturvastrategiatterveydenhuollonorganisaatioissa