| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Soliman, Wael", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Ojalainen, Anniina", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2020-10-30T07:23:34Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2020-10-30T07:23:34Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2020", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/72394", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "ISO 27001 -tietoturvastandardi ohjaa organisaatiot arvioimaan ja dokumentoimaan tietoturvaprosessejaan. Tietoturvastandardeja on kritisoitu pelkkien prosessien olemassaoloon keskittymiseen prosessien sis\u00e4ll\u00f6llisten seikkojen kustannuksella. T\u00e4m\u00e4n Pro Gradu -tutkielman tarkoituksena on arvioida ISO 27001: n soveltuvuutta ohjelmistokehitysymp\u00e4rist\u00f6\u00f6n ja sen vaikutusta ty\u00f6ntekij\u00f6iden k\u00e4ytt\u00e4ytymiseen ja kokemuksiin turvallisesta ohjelmistokehityksest\u00e4. Tutkielmassa havainnoitiin n\u00e4it\u00e4 ilmi\u00f6it\u00e4 seuraavien tutkimuskysymysten avulla: \"Kuinka ty\u00f6ntekij\u00e4t kokevat ISO 27001 -standardin k\u00e4ytt\u00f6\u00f6noton ohjelmistokehitysymp\u00e4rist\u00f6ss\u00e4?\", \"Millaisia ristiriitoja saattaa ilmet\u00e4 ISO / IEC 27001 -standardivaatimusten ja p\u00e4ivitt\u00e4isen ty\u00f6n v\u00e4lill\u00e4?\" ja \"Kuinka kohdeyksikk\u00f6 k\u00e4sittelee ISO / IEC 27001 -standardin vaatimusten ja p\u00e4ivitt\u00e4isen ty\u00f6n v\u00e4lisi\u00e4 ristiriitoja?\". T\u00e4m\u00e4 tutkielma koostettiin kirjallisuuskatsauksesta ja empiirisest\u00e4 tutkimuksesta, joka toteutettiin laadullisena tapaustutkimuksena. Tutkimuksen data ker\u00e4ttiin tekem\u00e4ll\u00e4 semistrukturoituja haastatteluja ICT-alalla toimivassa organisaatiossa. Kohdeorganisaatio oli ostanut ohjelmistokehitysyrityksen, joka oston j\u00e4lkeen sulautettiin organisaatioon ohjelmistokehitysyksik\u00f6ksi. Tutkimuskysymyksi\u00e4 havainnoitiin ohjelmistokehitysyksik\u00f6ss\u00e4 kontekstualisointiviitekehyksen ja eri haastatteluteemojen kautta. Teemat k\u00e4sitteliv\u00e4t kohdeyksik\u00f6n tietoturvakulttuurin ja k\u00e4yt\u00e4nt\u00f6jen muutosta, ISO 27001:n jalkauttamisprosessia ja ty\u00f6ntekij\u00f6iden kokemuksia prosessista ja muutoksista. Tutkimuksen tulokset osoittavat, ett\u00e4 ISO 27001 voi vaikuttaa ty\u00f6ntekij\u00f6iden asenteisiin ja tietoturvak\u00e4yt\u00e4nteiden noudattamiseen. Toisaalta ISO 27001 aiheuttaa ristiriitoja standardin vaatimusten ja organisaation k\u00e4yt\u00e4nn\u00f6n vaatimusten v\u00e4lill\u00e4. Ristiriidat liittyiv\u00e4t erityisesti koodikatselmoinnin ja kurinpitotoimien dokumentoitiin. Koodikatselmoinnin haasteet ratkaistiin tunnettujen haavoittuvuuksien arviointimekanismeihin nojaten. Kurinpitotoimiin liittyv\u00e4\u00e4 ristiriitaa ei saatu t\u00e4ysin ratkaistua: organisaation oli vastattava standardin osittain soveltumattomiin vaatimuksiin, mutta auditoinnin j\u00e4lkeen kurinpitotoimenpiteet ja niist\u00e4 kommunikointi ovat j\u00e4\u00e4neet taka-alalle. Tutkimuksen tulokset osoittavat, ett\u00e4 kuten projekteissa, my\u00f6s tietoturvastandardin jalkauttamisessa ty\u00f6ntekij\u00f6iden osallistuminen, johdon tuki ja riitt\u00e4v\u00e4 viestint\u00e4 ovat ratkaisevan t\u00e4rkeit\u00e4 ty\u00f6ntekij\u00f6iden positiivisten kokemusten lis\u00e4\u00e4miseksi.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "ISO 27001 information security management standard provides guidelines to organizations to evaluate and document their information security processes. However, information security management standards have been criticized to focus on the existence of the process but not its actual content. This Master\u2019s Thesis aims to assess ISO 27001\u2019s suitability to software development environment and its impact on employees\u2019 practices and experiences in secure soft-ware development. This thesis observed these phenomena through the following research questions: \u201cHow employees experience the ISO 27001 standard\u2019s implementation in a software development environment?\u201d, \u201cWhat kind of conflicts might appear between ISO 27001 standard requirements and day-to-day work?\u201d and \u201cHow the target unit resolves the conflicts between ISO 27001 standard requirements and day-to-day work?\u201d. This thesis consists of a literature review and an empirical research which was conducted as a qualitative case study. The study\u2019s data was collected by conducting semi-structured interviews in an organization operating in ICT. The target organization had acquired a software development company which was merged to the organization as a software development unit. The research questions were observed in the software development unit through a contextualisation framework and research themes that revolved around changes in target unit\u2019s information security culture and practices, process of ISO 27001 implementation and employees\u2019 experiences of the process and changes. The results of the study propose that ISO 27001 can influence employees\u2019 attitudes and compliance towards information security policies. On the other hand, ISO 27001 causes conflicts between its requirements and organization\u2019s practical demands. In this study, the conflicts were related to code reviewing and disciplinary measures documentation. The code reviewing process was resolved based on known vulnerability assessment mechanisms. Conflicts related to disciplinary measures were not fully resolved: the target organization had to answer to the unsuitable standard requirements but after the auditing the disciplinary measures got relegated to the background. The findings of the study indicate that as in projects, in information security management standard implementation employees\u2019 involvement, management\u2019s support and sufficient communication are crucial to make the employees\u2019 experiences more positive.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2020-10-30T07:23:34Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2020-10-30T07:23:34Z (GMT). No. of bitstreams: 0\n Previous issue date: 2020", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "86", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "management standard", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "ISO 27001", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "standard implementation", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "ISO 27001 information security management standard\u2019s implementation in software development environment : a case study", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202010306440", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietoj\u00e4rjestelm\u00e4tiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Information Systems Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.collaborator", "value": "business", "language": "", "element": "contractresearch", "qualifier": "collaborator", "schema": "yvv"}, {"key": "yvv.contractresearch.funding", "value": "2000", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "yvv.contractresearch.initiative", "value": "student", "language": "", "element": "contractresearch", "qualifier": "initiative", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "ohjelmistokehitys", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "standardit", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "data security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "software development", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "standards", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
|