Is human the weakest link in information security? systematic literature review

Tämä pro gradu -tutkielma tutkii ihmisen roolia tietoturvassa sekä esittää tunnetuimpia tietoturvaheikkouksia. Tutkielma on toteutettu systemaattisen kirjallisuuskatsauksen keinoin ja siinä etsitään vastausta tutkimuskysymykseen ”onko ihminen tietoturvan heikoin lenkki”. Tutkielma koostuu 31...

Full description

Bibliographic Details
Main Author:	Jalkanen, Jaakko
Other Authors:	Informaatioteknologian tiedekunta, Faculty of Information Technology, Informaatioteknologia, Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Format:	Master's thesis
Language:	eng
Published:	2019
Subjects:	information security weakest link information security threat Tietojärjestelmätiede Information Systems Science 601 systemaattiset kirjallisuuskatsaukset ihminen tietoturva systematic reviews human being data security
Online Access:	https://jyx.jyu.fi/handle/123456789/64186

_version_	1826225754798555136
author	Jalkanen, Jaakko
author2	Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet	Jalkanen, Jaakko Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä Jalkanen, Jaakko Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort	Jalkanen, Jaakko
datasource_str_mv	jyx
description	Tämä pro gradu -tutkielma tutkii ihmisen roolia tietoturvassa sekä esittää tunnetuimpia tietoturvaheikkouksia. Tutkielma on toteutettu systemaattisen kirjallisuuskatsauksen keinoin ja siinä etsitään vastausta tutkimuskysymykseen ”onko ihminen tietoturvan heikoin lenkki”. Tutkielma koostuu 31 pääartikkelin, sekä niiden lähteiden analyysistä, joiden pohjalta on tutkittu väitettä tai oletusta, jonka mukaan ”ihminen on tietoturvan heikoin lenkki”. Tutkimuksen johtopäätöksissä todetaan, että kyseistä väitettä, sekä sen eri versioita on käytetty hyvin laajamittaisesti tietoturvakirjallisuudessa, vaikka tieteellistä näyttöä ihmisen roolista heikoimpana lenkkinä ei tutkimuksessa löydetty tai edes pyritty löytämään. Tämän tiedon avulla organisaatiot pystyvät yhä paremmin näkemään, missä organisaatioiden ”heikoin lenkki” mahdollisesti sijaitsee, sekä myös suhtautumaan tietoturvakirjallisuuden yleistyksiin pienellä varauksella. Tässä tutkielmassa esitellään myös esimerkki tietomurtoja, sekä analysoidaan niiden kompleksisuutta. This master’s thesis examines the role of human in the information security and presents the most known information security threats. Based on a systematic literature review, this thesis tries to find an answer to the research question: ”is human the weakest link in information security”. The thesis consists of an analysis of 31 main articles and their sources on the basis of which the claim or assumption “human is the weakest link in information security” has been studied. The study concludes that this phrase, as well as its various versions, has been used extensively in security literature, although scientific evidence on the role of human as the weakest link was not found in the research. With this information, organizations are increasingly more capable to see where the organizations' weakest link might actually be located, and also to take a general view of the generalization of information security literature. This thesis also introduces an example of data breaches, and analyzes their complexity.
first_indexed	2019-09-20T09:14:10Z
format	Pro gradu
free_online_boolean	1
fullrecord	[{"key": "dc.contributor.advisor", "value": "Siponen, Mikko", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Jalkanen, Jaakko", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2019-05-24T11:11:11Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2019-05-24T11:11:11Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2019", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/64186", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Ta\u0308ma\u0308 pro gradu -tutkielma tutkii ihmisen roolia tietoturvassa seka\u0308 esitta\u0308a\u0308 tunnetuimpia tietoturvaheikkouksia. Tutkielma on toteutettu systemaattisen kirjallisuuskatsauksen keinoin ja siina\u0308 etsita\u0308a\u0308n vastausta tutkimuskysymykseen \u201donko ihminen tietoturvan heikoin lenkki\u201d. Tutkielma koostuu 31 pa\u0308a\u0308artikkelin, seka\u0308 niiden la\u0308hteiden analyysista\u0308, joiden pohjalta on tutkittu va\u0308itetta\u0308 tai oletusta, jonka mukaan \u201dihminen on tietoturvan heikoin lenkki\u201d. Tutkimuksen johtopa\u0308a\u0308to\u0308ksissa\u0308 todetaan, etta\u0308 kyseista\u0308 va\u0308itetta\u0308, seka\u0308 sen eri versioita on ka\u0308ytetty hyvin laajamittaisesti tietoturvakirjallisuudessa, vaikka tieteellista\u0308 na\u0308ytto\u0308a\u0308 ihmisen roolista heikoimpana lenkkina\u0308 ei tutkimuksessa lo\u0308ydetty tai edes pyritty lo\u0308yta\u0308ma\u0308a\u0308n. Ta\u0308ma\u0308n tiedon avulla organisaatiot pystyva\u0308t yha\u0308 paremmin na\u0308kema\u0308a\u0308n, missa\u0308 organisaatioiden \u201dheikoin lenkki\u201d mahdollisesti sijaitsee, seka\u0308 myo\u0308s suhtautumaan tietoturvakirjallisuuden yleistyksiin pienella\u0308 varauksella. Ta\u0308ssa\u0308 tutkielmassa esitella\u0308a\u0308n myo\u0308s esimerkki tietomurtoja, seka\u0308 analysoidaan niiden kompleksisuutta.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "This master\u2019s thesis examines the role of human in the information security and presents the most known information security threats. Based on a systematic literature review, this thesis tries to find an answer to the research question: \u201dis human the weakest link in information security\u201d. The thesis consists of an analysis of 31 main articles and their sources on the basis of which the claim or assumption \u201chuman is the weakest link in information security\u201d has been studied. The study concludes that this phrase, as well as its various versions, has been used extensively in security literature, although scientific evidence on the role of human as the weakest link was not found in the research. With this information, organizations are increasingly more capable to see where the organizations' weakest link might actually be located, and also to take a general view of the generalization of information security literature. This thesis also introduces an example of data breaches, and analyzes their complexity.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2019-05-24T11:11:11Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2019-05-24T11:11:11Z (GMT). No. of bitstreams: 0\n Previous issue date: 2019", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "61", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "information security", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "weakest link", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "information security threat", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Is human the weakest link in information security? : systematic literature review", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-201905242795", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietoj\u00e4rjestelm\u00e4tiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Information Systems Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "systemaattiset kirjallisuuskatsaukset", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "ihminen", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "systematic reviews", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "human being", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "data security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
id	jyx.123456789_64186
language	eng
last_indexed	2025-02-18T10:55:29Z
main_date	2019-01-01T00:00:00Z
main_date_str	2019
online_boolean	1
online_urls_str_mv	{"url":"https:\/\/jyx.jyu.fi\/bitstreams\/b206d6b5-8a6a-4089-8854-c752039c0d22\/download","text":"URN:NBN:fi:jyu-201905242795.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate	2019
record_format	qdc
source_str_mv	jyx
spellingShingle	Jalkanen, Jaakko Is human the weakest link in information security? : systematic literature review information security weakest link information security threat Tietojärjestelmätiede Information Systems Science 601 systemaattiset kirjallisuuskatsaukset ihminen tietoturva systematic reviews human being data security
title	Is human the weakest link in information security? : systematic literature review
title_full	Is human the weakest link in information security? : systematic literature review
title_fullStr	Is human the weakest link in information security? : systematic literature review Is human the weakest link in information security? : systematic literature review
title_full_unstemmed	Is human the weakest link in information security? : systematic literature review Is human the weakest link in information security? : systematic literature review
title_short	Is human the weakest link in information security?
title_sort	is human the weakest link in information security systematic literature review
title_sub	systematic literature review
title_txtP	Is human the weakest link in information security? : systematic literature review
topic	information security weakest link information security threat Tietojärjestelmätiede Information Systems Science 601 systemaattiset kirjallisuuskatsaukset ihminen tietoturva systematic reviews human being data security
topic_facet	601 Information Systems Science Tietojärjestelmätiede data security human being ihminen information security information security threat systemaattiset kirjallisuuskatsaukset systematic reviews tietoturva weakest link
url	https://jyx.jyu.fi/handle/123456789/64186 http://www.urn.fi/URN:NBN:fi:jyu-201905242795
work_keys_str_mv	AT jalkanenjaakko ishumantheweakestlinkininformationsecuritysystematicliteraturereview

Is human the weakest link in information security? systematic literature review

Similar Items