| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Sepp\u00e4nen, Ville", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.advisor", "value": "Takala, Arttu", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "R\u00e4s\u00e4nen, Iiro", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2021-02-02T06:26:34Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2021-02-02T06:26:34Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2021", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/73933", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "T\u00e4m\u00e4n pro gradu -tutkielman tarkoituksena oli tutkia pilvipalveluiden tietoturvaa k\u00e4sittelevi\u00e4 standardeja ja viitekehyksi\u00e4 sek\u00e4 niiden noudattamista erityyppisen tiedon n\u00e4k\u00f6kulmasta. Tietoturvan tasoa on hyvin vaikea arvioida ilman tiedossa olevaa k\u00e4ytt\u00f6tapausta, joten vaatimusten noudattamisen selvitt\u00e4minen eri tietotyyppien n\u00e4k\u00f6kulmasta on k\u00e4yt\u00e4nn\u00f6n ongelma, johon t\u00e4ll\u00e4 tutkielmalla pyrittiin vastaamaan. Tutkielman teoriaosuus toteutettiin kirjallisuuskatsauksena, jonka tarkoitus oli luoda teoreettinen pohja tutkielman empiiriselle osuudelle, sek\u00e4 vertailla tietoturvastandardeja ja -viitekehyksi\u00e4. Tutkielman empiirisess\u00e4 osuudessa tutkittiin, miten eri pilvipalveluntarjoajat noudattavat Pilvipalveluiden turvallisuuden arviointikriteerist\u00f6n (PiTuKri) vaatimuksia eri tietotyyppien n\u00e4k\u00f6kulmasta. Tietotyyppej\u00e4 t\u00e4ss\u00e4 tutkielmassa olivat liiketoimintatieto, viranomaisen salassa pidett\u00e4v\u00e4tieto, henkil\u00f6tieto ja turvallisuusluokiteltu tieto. Tutkimus toteutettiin laadullisena tutkimuksena ja p\u00e4\u00e4asiassa dokumenttianalyysina, jota onnistuttiin tukeman my\u00f6s yhdell\u00e4 teemahaastattelulla. Yhten\u00e4 keskeisen\u00e4 tuloksena todettiin, ett\u00e4 tietoturvastandardit ja \u2013viitekehykset noudattavat melko yhdenmukaisia rakenteita ja esitystapoja. PiTuKrin havaittiin soveltuvan parhaiten erityyppisen tiedon suojaamisen arviointiin. Lis\u00e4ksi keskeisen\u00e4 tuloksena tutkielman empiirisess\u00e4 osuudessa havaittiin, ett\u00e4 pilvipalveluntarjoajat noudattavat PiTuKrin vaatimuksia p\u00e4\u00e4osin hyvin, kun vaatimustenmukaisuutta tarkastellaan liiketoimintatiedon tai salassa pidett\u00e4v\u00e4n tiedon n\u00e4k\u00f6kulmasta. Henkil\u00f6tietojen ja turvallisuusluokiteltujen tietojen n\u00e4k\u00f6kulmasta rajoitteet tietojen k\u00e4sittelyn sijaintiin ja pilvipalveluntarjoajaan liittyen havaittiin vaatimustenmukaisuuden kannalta haastaviksi. Keskeisen\u00e4 johtop\u00e4\u00e4t\u00f6ksen\u00e4 tehtiin se, ett\u00e4 arkaluonteisen tiedon suojaamisessa pilvipalveluymp\u00e4rist\u00f6ss\u00e4 korostuvat salaaminen, k\u00e4sitelt\u00e4v\u00e4n tiedon sijainti sek\u00e4 lains\u00e4\u00e4d\u00e4nt\u00f6johdanneiset riskit. N\u00e4ihin asioihin PiTuKri ottaa kantaa muita viitekehyksi\u00e4 selke\u00e4mmin, mutta pilvipalveluntarjoajat eiv\u00e4t kovinkaan helposti pysty osoittamaan vaatimustenmukaisuutta eri tietotyyppien tapauksessa. Tutkielma toteutettiin toimeksiantona suunnittelutoimisto Huld Oy:lle, joka hy\u00f6dynt\u00e4\u00e4 tutkimustietoa asiantuntijateht\u00e4viss\u00e4\u00e4n asiakkaiden kysynn\u00e4n kasvaessa pilvipalveluinfrastruktuurin hy\u00f6dynt\u00e4misen suhteen.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "The purpose of this master's thesis was to study the information security stand-ards and frameworks of cloud services and their compliance from the perspective of different types of information. It is very difficult to assess the level of information security without a known use case. Therefore, determining compliance from the point of view of different information types is a practical problem that this thesis sought to address. The theoretical part of the thesis was carried out as a literature review, the purpose of which was to create a theoretical basis for the empirical study, and to compare information security standards and frameworks. The empirical part of the thesis examined how different cloud service providers comply with the requirements of the Criteria to Assess the Information Security of Cloud Services (PiTuKri) from the perspective of different information types. The information types in the thesis were business confidential information, in-formation of the authorities to be kept secret, personal information, and classified protection level information of the authorities. The study was carried out as a qualitative research and mainly as a document analysis. In addition, research data was also collected through one theme interview. A key finding was that the security standards and frameworks follow fairly consistent structures and for-mats. PiTuKri was found to be best suited for assessing the protection of different information types. In addition, it was found as a key finding that cloud service providers largely comply with PiTuKri's requirements when assessing the com-pliance from the perspective of business confidential information or information to be kept secret. From the perspective of personal data and classified protection level information, constraints on the location of data processing and the cloud service provider were found to be challenging for compliance. The main conclu-sion was that encryption, the location of the information processing and the leg-islation-derived risks are emphasized in the protection of sensitive information in the cloud environment. PiTuKri takes a clearer position on these issues than other frameworks, but cloud service providers are not easily able to demonstrate compliance for different information types. Thesis was carried out as an assign-ment for a technology design company Huld Oy, which utilizes research data in its expert tasks as customer demand grows for the utilization of cloud service infrastructure.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2021-02-02T06:26:34Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2021-02-02T06:26:34Z (GMT). No. of bitstreams: 0\n Previous issue date: 2021", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "89", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "tietoturvastandardi", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "pitukri", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Pilvipalveluiden tietoturva : standardit ja viitekehykset sek\u00e4 erityyppisen tiedon suojaaminen", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202102021389", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietoj\u00e4rjestelm\u00e4tiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Information Systems Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.collaborator", "value": "business", "language": "", "element": "contractresearch", "qualifier": "collaborator", "schema": "yvv"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "yvv.contractresearch.initiative", "value": "student", "language": "", "element": "contractresearch", "qualifier": "initiative", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "restrictedAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "vaatimustenmukaisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "pilvipalvelut", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "standardit", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietotyypit", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "yritykset", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "henkil\u00f6tiedot", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "turvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "The author has not given permission to make the work publicly available electronically. Therefore the material can be read only at the archival workstation at Jyv\u00e4skyl\u00e4 University Library (https://kirjasto.jyu.fi/collections/archival-workstation).", "language": "en", "element": "rights", "qualifier": "accessrights", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "Tekij\u00e4 ei ole antanut lupaa avoimeen julkaisuun, joten aineisto on luettavissa vain Jyv\u00e4skyl\u00e4n yliopiston kirjaston arkistoty\u00f6semalta. Ks. https://kirjasto.jyu.fi/kokoelmat/arkistotyoasema..", "language": "fi", "element": "rights", "qualifier": "accessrights", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
|