Tietoturvariskien hallinta organisaatioissa

Tietoturvariskien hallinta organisaatioissa

Tässä tutkimuksessa tarkastellaan tietoturvariskien hallintaa organisaa-tioissa. Tutkimuksen tavoitteena on tunnistaa ne keskeiset tekijät, jotka yrityksen on huomioitava oman tietoturvallisuuden hallinnassa ja yritykseen kohdistuvien tietoturvariskien hallinnassa. Tutkimus on toteutettu kirjallisu...

Full description

Bibliographic Details
Main Author: Pollari, Elina
Other Authors: Informaatioteknologian tiedekunta, Faculty of Information Technology, Informaatioteknologia, Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Format: Master's thesis
Language:fin
Published: 2021
Subjects:
tietoturvariski
tietoturvan hallinta
riskienhallinnan elinkaari
tietoturvan elinkaari
tietoturva käytänteet
Tietojärjestelmätiede
Information Systems Science
601
riskit
riskienhallinta
tietoturva
hallinta
elinkaari
riskinarviointi
kyberturvallisuus
Online Access: https://jyx.jyu.fi/handle/123456789/77437
_version_ 1826225752203329536
author Pollari, Elina
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet Pollari, Elina Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä Pollari, Elina Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort Pollari, Elina
datasource_str_mv jyx
description Tässä tutkimuksessa tarkastellaan tietoturvariskien hallintaa organisaa-tioissa. Tutkimuksen tavoitteena on tunnistaa ne keskeiset tekijät, jotka yrityksen on huomioitava oman tietoturvallisuuden hallinnassa ja yritykseen kohdistuvien tietoturvariskien hallinnassa. Tutkimus on toteutettu kirjallisuuskatsauksena, jossa aiemman kirjallisuuden perusteella on pyritty löytämään aiheeseen liittyviä yhteisiä tekijöitä, joiden voidaan katsoa olevan keskeinen osa yrityksen tietoturvan ja tietoturvariskien hallinnan suunnittelussa ja toteuttamisessa. Tutkimuksessa käydään läpi useiden eri tutkijoiden ja kirjoittajien teoksia. Aiempien tutkimusten vertailulla pyritään löytämään yhteisiä tekijöitä eri tutkijoiden välillä. Näiden yh-täläisyyksien avulla pyritään löytämään ne kohdat, joita laajimmin pidetään aiheen kannalta keskeisimpinä toimintatapoina tai ns. parhaina käytänteinä. Tutkimuskysymykseen on pyritty vastaamaan vertailemalla kirjallisuutta niin tietoturvariskien tutkimusten, tietoturvariskien hallinnan standardien ja viitekehysten kautta kuin myös muun tietoturva käytänteiden hallintaa käsittelevän kirjallisuuden kautta. Tutkimuskysymykseen on vastattu kuvaamalla tietoturvan- ja tietoturvariskien hallinnan kannalta keskeiset toimet, joita yrityksessä tarvitsee suorittaa, sekä avaamalla mitä toimintoja eri osa-alueet pitävät sisällään ja mihin yrityksen tulee kiinnittää huomiota. Tämän tutkimuksen yhtenä havaintona on riskien arvioinnin tärkeyden korostaminen miltei jokaisessa läpi käydyssä kirjallisuudessa. Tarkasteltaessa erikseen jokaista tietoturvan hallinnan osa-aluetta, on miltei jokaisen prosessin alussa suositeltu riskien arviointia. Riskien arviointi antaa yritykselle näkemyksen siitä, millaisia ovat juuri kyseistä organisaatiota uhkaavat riskit. Riskien tunnistamisen jälkeen voidaan lähteä suunnittelemaan niitä toimenpiteitä, joilla yritykset voivat kehittää itselleen toimivan riskienhallintastrategian. This study examines information security and information security risk management in organizations. The aim of the study is to identify the key factors that a company must take into account in managing its own information security and in managing information security risks in the company. The study has been carried out as a theoretical study, in which, based on the previous literature, an attempt has been made to find common factors related to the topic, which can be considered a key part in the planning and implementation of a company's information security and security risk management. The study goes through several different research and written literature. A comparison of previous studies seeks to find common factors between different researchers. These similarities aim to identify those points that are most widely considered to be the most important courses of action on the subject. An attempt has been made to answer the research question by comparing the literature through the literature on information security research, information security risk management and information security policy management. The research question has been answered by describing the key actions that the company needs to perform in terms of information security and information security risk management, as well as by opening up what functions the different areas include and what the company should pay attention to. One findings of this study is the emphasis on the importance of risk assessment in almost every literature reviewed. When looking at each aspect of security management separately, a risk assessment is recommended at the beginning of almost every process. The risk assessment gives the company an idea of the risks facing the organization in question. Once the risks have been identified, it is possible to start planning the measures that the company has to hedge against the risks.
first_indexed 2024-09-11T08:52:37Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "Siponen, Mikko", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Pollari, Elina", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2021-08-20T05:46:29Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2021-08-20T05:46:29Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2021", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/77437", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "T\u00e4ss\u00e4 tutkimuksessa tarkastellaan tietoturvariskien hallintaa organisaa-tioissa. Tutkimuksen tavoitteena on tunnistaa ne keskeiset tekij\u00e4t, jotka yrityksen on huomioitava oman tietoturvallisuuden hallinnassa ja yritykseen kohdistuvien tietoturvariskien hallinnassa. \nTutkimus on toteutettu kirjallisuuskatsauksena, jossa aiemman kirjallisuuden perusteella on pyritty l\u00f6yt\u00e4m\u00e4\u00e4n aiheeseen liittyvi\u00e4 yhteisi\u00e4 tekij\u00f6it\u00e4, joiden voidaan katsoa olevan keskeinen osa yrityksen tietoturvan ja tietoturvariskien hallinnan suunnittelussa ja toteuttamisessa. Tutkimuksessa k\u00e4yd\u00e4\u00e4n l\u00e4pi useiden eri tutkijoiden ja kirjoittajien teoksia. Aiempien tutkimusten vertailulla pyrit\u00e4\u00e4n l\u00f6yt\u00e4m\u00e4\u00e4n yhteisi\u00e4 tekij\u00f6it\u00e4 eri tutkijoiden v\u00e4lill\u00e4. N\u00e4iden yh-t\u00e4l\u00e4isyyksien avulla pyrit\u00e4\u00e4n l\u00f6yt\u00e4m\u00e4\u00e4n ne kohdat, joita laajimmin pidet\u00e4\u00e4n aiheen kannalta keskeisimpin\u00e4 toimintatapoina tai ns. parhaina k\u00e4yt\u00e4ntein\u00e4. Tutkimuskysymykseen on pyritty vastaamaan vertailemalla kirjallisuutta niin tietoturvariskien tutkimusten, tietoturvariskien hallinnan standardien ja viitekehysten kautta kuin my\u00f6s muun tietoturva k\u00e4yt\u00e4nteiden hallintaa k\u00e4sittelev\u00e4n kirjallisuuden kautta. \nTutkimuskysymykseen on vastattu kuvaamalla tietoturvan- ja tietoturvariskien hallinnan kannalta keskeiset toimet, joita yrityksess\u00e4 tarvitsee suorittaa, sek\u00e4 avaamalla mit\u00e4 toimintoja eri osa-alueet pit\u00e4v\u00e4t sis\u00e4ll\u00e4\u00e4n ja mihin yrityksen tulee kiinnitt\u00e4\u00e4 huomiota. T\u00e4m\u00e4n tutkimuksen yhten\u00e4 havaintona on riskien arvioinnin t\u00e4rkeyden korostaminen miltei jokaisessa l\u00e4pi k\u00e4ydyss\u00e4 kirjallisuudessa. Tarkasteltaessa erikseen jokaista tietoturvan hallinnan osa-aluetta, on miltei jokaisen prosessin alussa suositeltu riskien arviointia. Riskien arviointi antaa yritykselle n\u00e4kemyksen siit\u00e4, millaisia ovat juuri kyseist\u00e4 organisaatiota uhkaavat riskit. Riskien tunnistamisen j\u00e4lkeen voidaan l\u00e4hte\u00e4 suunnittelemaan niit\u00e4 toimenpiteit\u00e4, joilla yritykset voivat kehitt\u00e4\u00e4 itselleen toimivan riskienhallintastrategian.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "This study examines information security and information security risk management in organizations. The aim of the study is to identify the key factors that a company must take into account in managing its own information security and in managing information security risks in the company. \n The study has been carried out as a theoretical study, in which, based on the previous literature, an attempt has been made to find common factors related to the topic, which can be considered a key part in the planning and implementation of a company's information security and security risk management. The study goes through several different research and written literature. A comparison of previous studies seeks to find common factors between different researchers. These similarities aim to identify those points that are most widely considered to be the most important courses of action on the subject. An attempt has been made to answer the research question by comparing the literature through the literature on information security research, information security risk management and information security policy management.\n The research question has been answered by describing the key actions that the company needs to perform in terms of information security and information security risk management, as well as by opening up what functions the different areas include and what the company should pay attention to.\n One findings of this study is the emphasis on the importance of risk assessment in almost every literature reviewed. When looking at each aspect of security management separately, a risk assessment is recommended at the beginning of almost every process. The risk assessment gives the company an idea of the risks facing the organization in question. Once the risks have been identified, it is possible to start planning the measures that the company has to hedge against the risks.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2021-08-20T05:46:29Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2021-08-20T05:46:29Z (GMT). No. of bitstreams: 0\n Previous issue date: 2021", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "51", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "tietoturvariski", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "tietoturvan hallinta", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "riskienhallinnan elinkaari", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "tietoturvan elinkaari", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "tietoturva k\u00e4yt\u00e4nteet", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Tietoturvariskien hallinta organisaatioissa", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202108204602", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietoj\u00e4rjestelm\u00e4tiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Information Systems Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "riskit", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "riskienhallinta", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "hallinta", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "elinkaari", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "riskinarviointi", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
id jyx.123456789_77437
language fin
last_indexed 2025-02-18T10:56:50Z
main_date 2021-01-01T00:00:00Z
main_date_str 2021
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/cd13a576-4fa8-444a-825e-6095aa5ee46e\/download","text":"URN:NBN:fi:jyu-202108204602.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2021
record_format qdc
source_str_mv jyx
spellingShingle Pollari, Elina Tietoturvariskien hallinta organisaatioissa tietoturvariski tietoturvan hallinta riskienhallinnan elinkaari tietoturvan elinkaari tietoturva käytänteet Tietojärjestelmätiede Information Systems Science 601 riskit riskienhallinta tietoturva hallinta elinkaari riskinarviointi kyberturvallisuus
title Tietoturvariskien hallinta organisaatioissa
title_full Tietoturvariskien hallinta organisaatioissa
title_fullStr Tietoturvariskien hallinta organisaatioissa Tietoturvariskien hallinta organisaatioissa
title_full_unstemmed Tietoturvariskien hallinta organisaatioissa Tietoturvariskien hallinta organisaatioissa
title_short Tietoturvariskien hallinta organisaatioissa
title_sort tietoturvariskien hallinta organisaatioissa
title_txtP Tietoturvariskien hallinta organisaatioissa
topic tietoturvariski tietoturvan hallinta riskienhallinnan elinkaari tietoturvan elinkaari tietoturva käytänteet Tietojärjestelmätiede Information Systems Science 601 riskit riskienhallinta tietoturva hallinta elinkaari riskinarviointi kyberturvallisuus
topic_facet 601 Information Systems Science Tietojärjestelmätiede elinkaari hallinta kyberturvallisuus riskienhallinnan elinkaari riskienhallinta riskinarviointi riskit tietoturva tietoturva käytänteet tietoturvan elinkaari tietoturvan hallinta tietoturvariski
url https://jyx.jyu.fi/handle/123456789/77437 http://www.urn.fi/URN:NBN:fi:jyu-202108204602
work_keys_str_mv AT pollarielina tietoturvariskienhallintaorganisaatioissa

Similar Items