| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Siponen, Mikko", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Ferreira, Janne", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2020-12-14T10:33:47Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2020-12-14T10:33:47Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2020", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/73153", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "T\u00e4m\u00e4 tutkielma k\u00e4sittelee Julkisen hallinnon tiedonhallinnasta annetun lain (Tiedonhallintalaki) ja tietoturvallisuuden hallinnan vaatimuksia IT-ulkoistuksissa. Tiedonhallintalain 5\u00a7:ss\u00e4 s\u00e4\u00e4det\u00e4\u00e4n viranomaisen velvollisuu-desta laatia ja yll\u00e4pit\u00e4\u00e4 tiedonhallintamalli, jossa kuvataan viranomaisten teht\u00e4vien hoidossa toteutettava tiedonhallinta mukaan lukien tietoturvallisuuden hallinta. Julkisorganisaatiot yh\u00e4 enenev\u00e4ss\u00e4 m\u00e4\u00e4rin ulkoistavat IT-toimintojaan yksityisille palveluntarjoajille, mutta ulkoistettujen palvelujen osalta viranomaiselle j\u00e4\u00e4 aina lakis\u00e4\u00e4teinen vastuu palveluntarjoajien toiminnan ohjauksesta sek\u00e4 valvonnasta. Tietoturvavaatimukset ovat hankintavaiheessa keino, jolla viranomainen m\u00e4\u00e4rittelee palveluntarjoajalle tietoturvallisuuden tason, joka hankittavissa palveluissa on toteutettava. Laadullisessa tutkimuksessa perehdyttiin sis\u00e4ll\u00f6nanalyysin keinoin kahdenkymmenen IT-ulkoistuksen hankinta-asiakirjoihin ja niiden sis\u00e4lt\u00e4miin tietoturvavaatimuksiin. Tutkimuksen tavoitteena oli ymm\u00e4rt\u00e4\u00e4, miten tiedonhallintalaki, tietoturvallisuuden hallinta sek\u00e4 tietoturvavaatimukset liittyv\u00e4t toisiinsa julkisissa hankinnoissa. Toisena tavoitteena oli saada yleinen k\u00e4sitys siit\u00e4, mit\u00e4 oman toimintansa IT-toimintoja viranomaiset ulkoistavat yksityisille palveluntarjoajille. Aineisto osoitti, ett\u00e4 IT-ulkoistuksia tehd\u00e4\u00e4n niin asiantuntijoiden, laitteistojen kuin tietoj\u00e4rjestelmien osalta. Tietoturvavaatimukset tulisi m\u00e4\u00e4ritell\u00e4 aina hankinnan kohteen pohjalta, eik\u00e4 tyyty\u00e4 vakiosis\u00e4lt\u00f6isiin sopimusliitteisiin. Tutkimuksen tuloksena syntyi yl\u00e4tason kuvaus hankinnan tietoturvallisuudenhallintamallista (Information Security Management System, ISMS), joka huomioi my\u00f6s tiedonhallintamallin vaatimukset tietoturvallisuustoimenpiteiden kuvaamisesta. Malli antaa my\u00f6s esimerkkej\u00e4, miten olemassa olevia vaatimusl\u00e4hteit\u00e4 voidaan hy\u00f6dynt\u00e4\u00e4 tiedonhallintalain vaatimien kuvausten m\u00e4\u00e4rittelyss\u00e4.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "This thesis discusses of the requirements of Act on Information Management in Public Administration (Tiedonhallintalaki) and information security management in the context of IT outsourcing. According to section 5 of the Act an authority shall maintain an information management model which defines and describes the information management including information security in its operating environment. IT outsourcing has become more and more popular in Public organizations, but authorities cannot outsource their responsibilities to supervise the outsourced IT functions. Information security requirements engineering is the function to manage the information security level of the acquisition. This qualitative research utilized content analysis methodology and explored 20 IT outsourcing cases through their tender documents and information security requirements. Goal of the research was to provide understanding on the relations between the Act on Information Management in Public Administration, information security management and information security requirements in the context of IT outsourcing. Another interest was to find out which IT functions truly are outsourced by Finnish authorities. The material showed that outsourcing cases may include anything between workforce (consultants), information systems (software) and infrastructure (datacenter services, hardware). Information security requirements should always be based on the object of the acquisition instead of constant agreement templates. A metamodel of Information Security Management System (ISMS) in IT outsourcing was formed according to the results of the content analysis. The model includes the requirements of the section 5 of the Act on Information Management in Public Administration. Also examples of the relations and applicability between ISO 27001 requirements, VAHTI requirements and the information management model are given.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2020-12-14T10:33:47Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2020-12-14T10:33:47Z (GMT). No. of bitstreams: 0\n Previous issue date: 2020", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "81", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "tiedonhallintalaki", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "IT-ulkoistus", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "tietoturvavaatimukset", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "turvallisuusvaatimukset", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "tiedonhallintamalli", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "ISMS", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Tiedonhallintamalli ja tietoturvallisuudenhallintamalli IT-ulkoistuksissa", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202012147102", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietojenk\u00e4sittelytiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Computer Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "ulkoistaminen", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "julkiset hankinnat", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "julkinen hallinto", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
|