| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Siponen, Mikko", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Ali-Kovero, Jouni", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2020-04-30T05:34:40Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2020-04-30T05:34:40Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2020", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/68778", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "T\u00e4m\u00e4n Pro gradu \u2013tutkielman tarkoitus on tutkia yritysten tapoja suojautua k\u00e4ytt\u00e4j\u00e4n manipulointiin (eng. Social Engineering) pyrkivilt\u00e4 hy\u00f6kk\u00e4yksilt\u00e4. Tutkielma toteutettiin kirjallisuuskatsauksen ja haastatteluihin perustuvan kvalitatiivisen tutkimuksen keinoin. Tutkimuksen haastateltavat edustavat Suomen suurimpien yritysten tietoturvajohtoa. Ty\u00f6n kirjallisuuskatsaus tarkastelee k\u00e4ytt\u00e4j\u00e4n manipulointia ilmi\u00f6n\u00e4 eri n\u00e4k\u00f6kulmista. Ensin m\u00e4\u00e4ritell\u00e4\u00e4n k\u00e4ytt\u00e4j\u00e4n manipulointi k\u00e4sitteen\u00e4, mink\u00e4 j\u00e4lkeen tarkastellaan erilaisia k\u00e4ytt\u00e4j\u00e4n manipulointiin t\u00e4ht\u00e4\u00e4vi\u00e4 hy\u00f6kk\u00e4ysmalleja ja metodeja. Hy\u00f6kk\u00e4ysmetodit luokitellaan taksonomisesti aiempaan kirjallisuuteen perustuen. Lopuksi tarkastellaan erilaisia keinoja suojautua k\u00e4ytt\u00e4j\u00e4n manipulointiin t\u00e4ht\u00e4\u00e4vilt\u00e4 hy\u00f6kk\u00e4yksilt\u00e4. Kirjallisuuskatsaus luo pohjan ty\u00f6n empiiriselle tutkimukselle, jossa tarkastellaan keinoja, joita yritykset ovat k\u00e4ytt\u00f6\u00f6nottaneet sosiaaliselta manipuloinnilta suojautumiseen reaalimaailmassa. Tehdyn tutkimuksen perusteella k\u00e4ytt\u00e4j\u00e4n manipulointi voidaan m\u00e4\u00e4ritell\u00e4 toiminnaksi, jossa ihmismielen heikkouksia hyv\u00e4ksik\u00e4ytt\u00e4m\u00e4ll\u00e4 pyrit\u00e4\u00e4n manipuloimaan uhria siten, ett\u00e4 saataisiin t\u00e4m\u00e4 joko luovuttamaan arkaluontoista tietoa, tai sallimaan siihen p\u00e4\u00e4sy. Tutkimuksen perusteella vaikuttaa silt\u00e4, ett\u00e4 suomalaiset organisaatiot ovat suojautuneet k\u00e4ytt\u00e4j\u00e4n manipuloinnilta melko hyvin. Kehityskohteita vaikuttaa kuitenkin olevan erityisesti k\u00e4ytt\u00e4jien koulutuksessa ja fyysisen turvallisuuden kontrolleissa.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "The purpose of this Master\u2019s thesis is to study the means of protecting against social engineering attacks in a corporate environment. The work is carried out by means of a literature review and a qualitative study, consisting of interviews with cybersecurity leaders in some of the biggest companies in Finland. The literature review part of this work discusses the phenomenon of Social Engineering (SE) from different viewpoints. At first, a definition for SE is formed. After that, an overview of different attack models and methods is discussed. Based on earlier research, a taxonomy of different attack methods is formed. Finally, protective measures against social engineering attacks are discussed. The literature review acts as a foundation for empirical research, which studies the actual protective measures organizations have implemented to protect themselves from social engineering attacks. Based on the conducted research, social engineering can be defined as the act of exploiting weaknesses in human psychology and thereby manipulating victims to either divulging or granting access to confidential information or data. Finnish organizations seem to have protected themselves against SE quite well, but there seems to be room for improvement especially in security training of personnel and physical security controls.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2020-04-30T05:34:40Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2020-04-30T05:34:40Z (GMT). No. of bitstreams: 0\n Previous issue date: 2020", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "78", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "social engineering", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "security control", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "information security", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "security awareness", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Protecting against social engineering attacks in a corporate environment", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202004302985", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietoj\u00e4rjestelm\u00e4tiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Information Systems Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "turvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "verkkourkinta", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "data security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "safety and security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "phishing", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
|