Top Management Collaboration with Cybersecurity Governance

Kyberturvallisuus on kokonaisvaltainen ilmiö, joka vaatii yhteistyötä yritysten kaikilla tasolla. Erityisesti kriittistä on yritysten ylimmän johdon ja kyberturvallisuuden hallinnon (engl. cybersecurity governance / information security governance) välinen yhteistyö. Tämän yhteistyön on toimittava m...

Full description

Bibliographic Details
Main Author: Vidgren, Jiri
Other Authors: Informaatioteknologian tiedekunta, Faculty of Information Technology, Informaatioteknologia, Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Format: Master's thesis
Language:eng
Published: 2020
Subjects:
Online Access: https://jyx.jyu.fi/handle/123456789/69927
_version_ 1826225750424944640
author Vidgren, Jiri
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet Vidgren, Jiri Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä Vidgren, Jiri Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort Vidgren, Jiri
datasource_str_mv jyx
description Kyberturvallisuus on kokonaisvaltainen ilmiö, joka vaatii yhteistyötä yritysten kaikilla tasolla. Erityisesti kriittistä on yritysten ylimmän johdon ja kyberturvallisuuden hallinnon (engl. cybersecurity governance / information security governance) välinen yhteistyö. Tämän yhteistyön on toimittava molempiin suuntiin ja kyberturvallisuus tulee sisällyttää kaikkiin strategisiin toimiin, joita ylin johto ajaa. Vastineeksi yhteistyö tarjoaa näkyvyyden toimien seurauksiin. Aiheesta saatavilla oleva kirjallisuus taustoitti tutkielman kaksiosaista kirjallisuuskatsausta kattavasti. Kyberturvallisuuden hallinnon käytännön toteutuksiin liittyy kuitenkin empiirisen tutkimuksen vaje. Tutkielman tavoitteena oli täyttää tätä vajetta selvittämällä, kuinka ylimmän johdon ja kyberturvallisuuden hallinnon välinen yhteistyö toimii yrityksessä. Lisäksi tutkimuksen tavoitteena oli selvittää, mitkä asiat ohjaavat kyberturvallisuuden hallintoa yrityksissä ja kuinka organisaation eri tasot tuottavat yrityksen kyberturvallisuutta. Nämä kyberturvallisuuden käytännön ilmentymät sisältävät implementoinnin, mittaamisen, arvioinnin ja raportoinnin ylimmälle johdolle. Tutkimuksen metodologinen lähestyminen oli laadullinen, ja sen empiirinen tutkimus suoritettiin monitapaustutkimuksena. Empiirinen aineisto kerättiin haastattelemalla viittä (5) kyberturvallisuusalan ammattilaista teemahaastattelun mukaisesti. Haastatteluaineisto analysoitiin käyttäen teoriaohjattua temaattista sisällönanalyysia. Tutkimuksen päätulos viittaa siihen, että ylimmän johdon ja kyberturvallisuuden välisen yhteistyön ajurina näyttäisi olevan kokonaisvaltainen ja jatkuva kyberturvallisuuden kypsyystason kehittäminen. Tutkimuksen näkemyksiin perustuu myös suositus, että yritysten tulisi harkita parhaisiin käytäntöihin perustuvan viitekehyksen hyödyntämistä täysmääräisesti, kuten esimerkiksi pyrkimällä tietoisemmin informaatioturvallisuuden hallintajärjestelmän jatkuvaan parantamiseen yrityksen turvallisuushallinnon tavoitteiden tukemiseksi. Cybersecurity is a holistic field, which demands cooperation from all levels in the companies. Notably, the collaboration between the top management and cybersecurity governance is in a critical position. This collaboration must work in both directions, and the companies need to embed the cybersecurity in strategic actions and decisions that top management drives. In return, the collaboration essentially delivers control and visibility to the actions’ results as a response from the company. The literature about the topic grounded the two-part literature review in the study comprehensively. However, there is an empirical research gap concerning real implementations of cybersecurity governance. The study aimed to fill this gap by examining how the collaboration between the top management and the cybersecurity governance works in a company. The study also aimed to determine which aspects drive cybersecurity governance in the company and how the different levels of the organization produce the company’s cybersecurity. These practical manifestations of cybersecurity governance include implementation, measurement, assessing, and reporting to the top management. The overarching methodology of the study was a qualitative research design, and the empirical research was conducted as a multiple-case study. Empirical data was gathered via thematic interviews from five (5) cybersecurity professionals and analyzed utilizing theory-guided thematic content analysis. As the main result of the research, the study suggests that the collaboration between top management and cybersecurity governance appears to be driven by a holistic and continual cybersecurity maturity development. The study also revealed insights indicating that companies should consider utilizing their chosen best practice framework to the full extent to support the company’s cybersecurity governance pursuits, like addressing the aspect of the continual improvement more deliberately.
first_indexed 2024-09-11T08:49:39Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "Niemimaa, Marko", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Vidgren, Jiri", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2020-06-15T07:17:29Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2020-06-15T07:17:29Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2020", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/69927", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Kyberturvallisuus on kokonaisvaltainen ilmi\u00f6, joka vaatii yhteisty\u00f6t\u00e4 yritysten kaikilla tasolla. Erityisesti kriittist\u00e4 on yritysten ylimm\u00e4n johdon ja kyberturvallisuuden hallinnon (engl. cybersecurity governance / information security governance) v\u00e4linen yhteisty\u00f6. T\u00e4m\u00e4n yhteisty\u00f6n on toimittava molempiin suuntiin ja kyberturvallisuus tulee sis\u00e4llytt\u00e4\u00e4 kaikkiin strategisiin toimiin, joita ylin johto ajaa. Vastineeksi yhteisty\u00f6 tarjoaa n\u00e4kyvyyden toimien seurauksiin. Aiheesta saatavilla oleva kirjallisuus taustoitti tutkielman kaksiosaista kirjallisuuskatsausta kattavasti. Kyberturvallisuuden hallinnon k\u00e4yt\u00e4nn\u00f6n toteutuksiin liittyy kuitenkin empiirisen tutkimuksen vaje. Tutkielman tavoitteena oli t\u00e4ytt\u00e4\u00e4 t\u00e4t\u00e4 vajetta selvitt\u00e4m\u00e4ll\u00e4, kuinka ylimm\u00e4n johdon ja kyberturvallisuuden hallinnon v\u00e4linen yhteisty\u00f6 toimii yrityksess\u00e4. Lis\u00e4ksi tutkimuksen tavoitteena oli selvitt\u00e4\u00e4, mitk\u00e4 asiat ohjaavat kyberturvallisuuden hallintoa yrityksiss\u00e4 ja kuinka organisaation eri tasot tuottavat yrityksen kyberturvallisuutta. N\u00e4m\u00e4 kyberturvallisuuden k\u00e4yt\u00e4nn\u00f6n ilmentym\u00e4t sis\u00e4lt\u00e4v\u00e4t implementoinnin, mittaamisen, arvioinnin ja raportoinnin ylimm\u00e4lle johdolle. Tutkimuksen metodologinen l\u00e4hestyminen oli laadullinen, ja sen empiirinen tutkimus suoritettiin monitapaustutkimuksena. Empiirinen aineisto ker\u00e4ttiin haastattelemalla viitt\u00e4 (5) kyberturvallisuusalan ammattilaista teemahaastattelun mukaisesti. Haastatteluaineisto analysoitiin k\u00e4ytt\u00e4en teoriaohjattua temaattista sis\u00e4ll\u00f6nanalyysia. Tutkimuksen p\u00e4\u00e4tulos viittaa siihen, ett\u00e4 ylimm\u00e4n johdon ja kyberturvallisuuden v\u00e4lisen yhteisty\u00f6n ajurina n\u00e4ytt\u00e4isi olevan kokonaisvaltainen ja jatkuva kyberturvallisuuden kypsyystason kehitt\u00e4minen. Tutkimuksen n\u00e4kemyksiin perustuu my\u00f6s suositus, ett\u00e4 yritysten tulisi harkita parhaisiin k\u00e4yt\u00e4nt\u00f6ihin perustuvan viitekehyksen hy\u00f6dynt\u00e4mist\u00e4 t\u00e4ysm\u00e4\u00e4r\u00e4isesti, kuten esimerkiksi pyrkim\u00e4ll\u00e4 tietoisemmin informaatioturvallisuuden hallintaj\u00e4rjestelm\u00e4n jatkuvaan parantamiseen yrityksen turvallisuushallinnon tavoitteiden tukemiseksi.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Cybersecurity is a holistic field, which demands cooperation from all levels in the companies. Notably, the collaboration between the top management and cybersecurity governance is in a critical position. This collaboration must work in both directions, and the companies need to embed the cybersecurity in strategic actions and decisions that top management drives. In return, the collaboration essentially delivers control and visibility to the actions\u2019 results as a response from the company. The literature about the topic grounded the two-part literature review in the study comprehensively. However, there is an empirical research gap concerning real implementations of cybersecurity governance. The study aimed to fill this gap by examining how the collaboration between the top management and the cybersecurity governance works in a company. The study also aimed to determine which aspects drive cybersecurity governance in the company and how the different levels of the organization produce the company\u2019s cybersecurity. These practical manifestations of cybersecurity governance include implementation, measurement, assessing, and reporting to the top management. The overarching methodology of the study was a qualitative research design, and the empirical research was conducted as a multiple-case study. Empirical data was gathered via thematic interviews from five (5) cybersecurity professionals and analyzed utilizing theory-guided thematic content analysis. As the main result of the research, the study suggests that the collaboration between top management and cybersecurity governance appears to be driven by a holistic and continual cybersecurity maturity development. The study also revealed insights indicating that companies should consider utilizing their chosen best practice framework to the full extent to support the company\u2019s cybersecurity governance pursuits, like addressing the aspect of the continual improvement more deliberately.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Miia Hakanen (mihakane@jyu.fi) on 2020-06-15T07:17:29Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2020-06-15T07:17:29Z (GMT). No. of bitstreams: 0\n Previous issue date: 2020", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "109", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "Top management", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "collaboration", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "information security governance", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "direct-control model", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Top Management Collaboration with Cybersecurity Governance", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202006154171", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietojenk\u00e4sittelytiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Computer Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "yhteisty\u00f6", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cooperation (general)", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
id jyx.123456789_69927
language eng
last_indexed 2025-02-18T10:56:20Z
main_date 2020-01-01T00:00:00Z
main_date_str 2020
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/9b6f8634-c5ae-4baf-a861-f539fbe20864\/download","text":"URN:NBN:fi:jyu-202006154171.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2020
record_format qdc
source_str_mv jyx
spellingShingle Vidgren, Jiri Top Management Collaboration with Cybersecurity Governance Top management collaboration information security governance direct-control model Tietojenkäsittelytiede Computer Science 601 yhteistyö kyberturvallisuus cooperation (general) cyber security
title Top Management Collaboration with Cybersecurity Governance
title_full Top Management Collaboration with Cybersecurity Governance
title_fullStr Top Management Collaboration with Cybersecurity Governance Top Management Collaboration with Cybersecurity Governance
title_full_unstemmed Top Management Collaboration with Cybersecurity Governance Top Management Collaboration with Cybersecurity Governance
title_short Top Management Collaboration with Cybersecurity Governance
title_sort top management collaboration with cybersecurity governance
title_txtP Top Management Collaboration with Cybersecurity Governance
topic Top management collaboration information security governance direct-control model Tietojenkäsittelytiede Computer Science 601 yhteistyö kyberturvallisuus cooperation (general) cyber security
topic_facet 601 Computer Science Tietojenkäsittelytiede Top management collaboration cooperation (general) cyber security direct-control model information security governance kyberturvallisuus yhteistyö
url https://jyx.jyu.fi/handle/123456789/69927 http://www.urn.fi/URN:NBN:fi:jyu-202006154171
work_keys_str_mv AT vidgrenjiri topmanagementcollaborationwithcybersecuritygovernance