| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Siponen, Mikko", "language": null, "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Suhonen, Tatu", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2019-10-02T06:42:59Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2019-10-02T06:42:59Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2019", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/65721", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "ISO/IEC 27001 -sertifikaatti on vapaaehtoinen tietoturvan johtamisj\u00e4rjestelm\u00e4sertifikaatti, joka voidaan my\u00f6nt\u00e4\u00e4 standardin vaatimukset t\u00e4ytt\u00e4v\u00e4lle organisaatiolle. Sertifikaatilla organisaatio voi osoittaa, ett\u00e4 sen toimintatavat tietoturvan osalta ovat johdettuja, suunniteltuja ja jatkuvia. ISO/IEC 27001 -standardi on yksi tunnetuimmista tietoturvaan liittyvist\u00e4 standardeista, mutta siihen liittyv\u00e4 tutkimus on ollut melko v\u00e4h\u00e4ist\u00e4, etenkin sertifioinnin osalta. Sen vuoksi t\u00e4ss\u00e4 tutkimuksessa selvitettiin syit\u00e4 sille, miksi erilaiset organisaatiot p\u00e4\u00e4tt\u00e4v\u00e4t hankkia ISO/IEC 27001 -sertifikaatin ja yll\u00e4pit\u00e4\u00e4 sit\u00e4. Lis\u00e4ksi pyrittiin selvitt\u00e4m\u00e4\u00e4n tekij\u00f6it\u00e4, jotka vaikuttavat sertifioinnin suorittavan sertifiointielimen valintaan, sill\u00e4 aihe on viel\u00e4 k\u00e4yt\u00e4nn\u00f6ss\u00e4 tutkimaton. Tutkimus toteutettiin laadullisena monitapaustutkimuksena, jonka avulla pyrittiin l\u00f6yt\u00e4m\u00e4\u00e4n tekij\u00f6it\u00e4, jotka vaikuttavat tutkimuskysymyksiss\u00e4 viitattuihin ilmi\u00f6ihin. Sertifioinnin hankintaperusteissa ongelmaa oli k\u00e4yt\u00e4nn\u00f6llist\u00e4 l\u00e4hesty\u00e4 etsim\u00e4ll\u00e4 sertifioinnista saatavia hy\u00f6tyj\u00e4 ja haasteita, kun taas sertifiointielimen valintaperusteissa keskityttiin etsim\u00e4\u00e4n tekij\u00f6it\u00e4 ja kevyesti vertailemaan niit\u00e4. Tiedon ker\u00e4\u00e4minen toteutettiin haastattelemalla jo sertifioituja organisaatioita k\u00e4ytt\u00e4en semistrukturoitua haastattelumenetelm\u00e4\u00e4. Analysointi toteutettiin vertailemalla tuloksia aiempiin julkaisuihin aiheista. \r\nTulosten mukaan sertifioinnin hankintaan ja yll\u00e4pitoon vaikuttavat p\u00e4\u00e4asiallisesti tietoturva- ja taloushy\u00f6dyt, ja n\u00e4it\u00e4 t\u00e4ydent\u00e4v\u00e4t erilaiset muut hy\u00f6dyt, kuten lains\u00e4\u00e4d\u00e4nt\u00f6\u00f6n liittyv\u00e4t hy\u00f6dyt. Hy\u00f6dyt ovat monissa tapauksissa l\u00e4heisesti yhtenev\u00e4isi\u00e4 monien muiden hy\u00f6tyjen kanssa. Tietoturvan\u00e4k\u00f6kulmasta suurin hy\u00f6ty on tietoturvan tason kokonaisvaltainen parantuminen, kun taas taloudellisesti sertifikaatti edist\u00e4\u00e4 organisaation luottamusta, helpottaa myynti\u00e4 ja mahdollistaa s\u00e4\u00e4st\u00f6j\u00e4. Lis\u00e4ksi sertifioiutumalla organisaatio voi t\u00e4ytt\u00e4\u00e4 lains\u00e4\u00e4d\u00e4nn\u00f6llisi\u00e4 vaatimuksia, kuten EU:n tietosuoja-asetuksen vaatimuksia.\r\nSertifiointielimen valintaan liittyvi\u00e4 tekij\u00f6it\u00e4 l\u00f6ytyi useita. Hinnan ja kilpailutuksen merkitys ovat pienempi\u00e4 kuin auditoijan ammattitaidon ja sertifiointielimen k\u00e4yt\u00e4nn\u00f6llisyystekij\u00f6iden, mutta niill\u00e4 on kuitenkin vaikutusta. Lis\u00e4ksi vaikuttavia tekij\u00f6it\u00e4 voivat olla my\u00f6s palvelutarjonnan m\u00e4\u00e4r\u00e4, maine sek\u00e4 olemassa olevat suhteet sertifiointielimeen.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "ISO/IEC 27001 -certificate is a voluntary information security management system certificate which can be granted to an organization upon complying with the standard\u2019s requirements. Certification acts as a proof that the organization\u2019s procedures in terms of information security are managed, planned and continuous. ISO/IEC 27001 is one of the most recognized information security standards, but little research on the subject has been done, especially in the field of certification. Therefore, this study aimed to find factors that affect organizations\u2019 decision to aim for a certificate and maintain it. Furthermore, factors affecting the selection of the certification body conducting the certification audits were inspected since practically no research has been made on the subject. The re-search was conducted as a qualitative multiple case study where factors answering to the research questions were looked for. Factors affecting the decision to certify were identified through benefits of certification whereas factors affecting the selection of the certification body were inspected as such and by comparing them to each other. Information was collected by interviewing certified organizations by using a semi-structured interview method. Analysis was based on comparison between existing literature and results from this study.\r\nThe results show that factors affecting the decision to obtain and maintain the certificate are divided into information security and financial benefits which are supplemented with additional benefits, such as legal benefits. Benefits are often closely related and overlapping. From security perspective the main benefit is the overall increase in the level of security while financially the certificate increases trust, increases sales and provides chances for cost savings. Addition-ally, the certificate might help cover legislative requirements such as the EU General Data Protection Regulation.\r\nThe selection of certification body was found to have multiple affecting factors. Price and tendering are affecting the selection but may not be playing a significant role when compared to auditor\u2019s competence and practicality matters regarding the certification body. Additionally, the following factors were found in the study: service portfolio coverage, reputation and existing relationship with a certification body.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2019-10-02T06:42:59Z\r\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2019-10-02T06:42:59Z (GMT). No. of bitstreams: 0\r\n Previous issue date: 2019", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "85", "language": null, "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "ISO/IEC 27001", "language": null, "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "tietoturvan johtamisj\u00e4rjestelm\u00e4", "language": null, "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "sertifiointielin", "language": null, "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "ISO/IEC 27001 -sertifioinnin hankintaperusteet ja sertifiointielimen valintaperusteet", "language": null, "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-201910024309", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietojenk\u00e4sittelytiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Computer Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.collaborator", "value": "business", "language": null, "element": "contractresearch", "qualifier": "collaborator", "schema": "yvv"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": null, "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "yvv.contractresearch.initiative", "value": "student", "language": null, "element": "contractresearch", "qualifier": "initiative", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": null, "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "sertifiointi", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "sertifikaatit", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "auditointi", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "standardit", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
|