| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Sepp\u00e4nen, Ville", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.advisor", "value": "Tuovinen, Jussi", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Virtanen, Alex", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2022-06-16T05:31:51Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2022-06-16T05:31:51Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2022", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/81769", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Informaatioteknologian keskeinen rooli liiketoiminnan mahdollistajana merkitsee my\u00f6s tietoturvallisuuden eri osa-alueiden korostamista, kun tarkoituksena on suojata organisaatioiden informaatio-omaisuuseri\u00e4. N\u00e4m\u00e4 omaisuuser\u00e4t muodostavat tietoj\u00e4rjestelmi\u00e4, joita k\u00e4ytt\u00e4v\u00e4t niin yksityisen kuin my\u00f6s julkisen sektorin toimijat. K\u00e4sitelt\u00e4ess\u00e4 viranomaistietoa tulee tietoj\u00e4rjestelmien t\u00e4ytt\u00e4\u00e4 niille asetetut minimivaatimukset, jotka on useassa tapauksessa kuvattuna erilaisiin kriteerist\u00f6ihin sek\u00e4 standardeihin. Tietoturva-auditointien tavoitteena on tarkastaa j\u00e4rjestelm\u00e4llisesti ja puolueettomasti kohdej\u00e4rjestelm\u00e4n tietoturvallisuuteen liittyvien hallintakeinojen tila, jotta voidaan todeta, t\u00e4ytt\u00e4\u00e4k\u00f6 j\u00e4rjestelm\u00e4 valitussa kriteerist\u00f6ss\u00e4 sille asetetut vaatimukset. Auditointitoiminnan tulee olla rakenteeltaan j\u00e4rjestelm\u00e4llist\u00e4 tarkastustoimintaa, johon liittyy useita vaiheita. T\u00e4m\u00e4n tutkielman tavoitteena oli luoda tapaustutkimuksen omaisesti kohdeorganisaatiolle uusi auditointiviitekehys, joka selkeytt\u00e4isi tietoturva-auditointiprosessin rakennetta sek\u00e4 auttaisi geneerisen kansallisen turvallisuusauditointikriteerist\u00f6n (Katakri) hy\u00f6dynt\u00e4misess\u00e4. Ongelman ratkaisemiseksi k\u00e4ytettiin suunnittelutieteellist\u00e4 tutkimusmenetelm\u00e4\u00e4 tietoj\u00e4rjestelm\u00e4tieteen tutkimusviitekehyksess\u00e4. Tutkimus aloitettiin ker\u00e4\u00e4m\u00e4ll\u00e4 kattava teoriapohja tunnistetun tutkimusongelman sek\u00e4 sille m\u00e4\u00e4ritellyn ratkaisun perusteella. T\u00e4m\u00e4n j\u00e4lkeen tietoturva- auditointiviitekehys suunniteltiin ja kehitettiin tutkimuksen kohdeorganisaation tunnistamien haasteiden pohjalta, jota my\u00f6hemmin demonstroitiin sek\u00e4 arvioitiin kahdeksan kuukauden ajan todellisissa sis\u00e4isiss\u00e4 tietoturva- auditointitilanteissa. Viimeisen arviointikierroksen j\u00e4lkeen tutkimuksen tuloksena syntyi viimeistelty tietoturva-auditointiviitekehys, joka sis\u00e4lsi niin akateemisessa kuin my\u00f6s ammatillisessa kirjallisuudessa mainittuja parhaimpia k\u00e4yt\u00e4nteit\u00e4 sek\u00e4 ohjeistuksia geneeristen auditointikriteerist\u00f6jen k\u00e4ytt\u00e4miseen sen kanssa. Luotu viitekehys antaa uutta tiet\u00e4myst\u00e4 tieteenalalle, saavuttaa sille asetetut tavoitteet sek\u00e4 mahdollistaa sen jatkokehitt\u00e4misen.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "The key role of information technology as a business enabler also means emphasizing the various aspects of information security when it comes to protecting organizations' information assets. Information systems must meet the minimum requirements set for them when they are used to handle official information. These minimum requirements are commonly set in various criteria and standards. The purpose of information security audit is to systematically and objectively verify the status of the target system's security controls in order to determine whether the system meets the requirements set for it in the selected criteria. These kinds of information security audits contain various systematic tasks and processes that are used to determine the state of the compliance in information systems. The main goal of this master\u2019s thesis was to create a new audit reference framework for the case organization, which would clarify the structure of the information security audit process and help utilize the generic national security audit criteria (Katakri) in the same context. To get to the said goal, a design science research method was used in the information systems sciences research setting. The research began by gathering a comprehensive theoretical basis based on the identified research problem and the solution defined for it. The security audit framework was then designed and developed based on the challenges identified by the target organization of the study, which was later demonstrated and evaluated. Demonstration and evaluation phases were conducted during eight months of real internal security audit situations. After the last iteration of the evaluation phase, the study\u2019s result was a finalized security audit framework that included best practices mentioned in both the academic and professional literature and some additional guidelines for using generic audit criteria with the said framework. The framework provides new knowledge to the field of information systems sciences, achieves the goals that were set during the study and delivers a good baseline for future research.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Miia Hakanen (mihakane@jyu.fi) on 2022-06-16T05:31:51Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2022-06-16T05:31:51Z (GMT). No. of bitstreams: 0\n Previous issue date: 2022", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "66", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "katakri", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "hallintakeinot", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Tietoturva-auditointiprosessin kehitt\u00e4minen viranomaisn\u00e4k\u00f6kulmasta", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202206163378", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietoj\u00e4rjestelm\u00e4tiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Information Systems Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.collaborator", "value": "public", "language": "", "element": "contractresearch", "qualifier": "collaborator", "schema": "yvv"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "yvv.contractresearch.initiative", "value": "business", "language": "", "element": "contractresearch", "qualifier": "initiative", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "restrictedAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "vaatimustenmukaisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "standardit", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kriteerit", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "auditointi", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "Tekij\u00e4 ei ole antanut lupaa avoimeen julkaisuun, joten aineisto on luettavissa vain Jyv\u00e4skyl\u00e4n yliopiston kirjaston <a href=\"https://kirjasto.jyu.fi/kokoelmat/arkistotyoasema\">arkistoty\u00f6asemalta</a>.", "language": "fi", "element": "rights", "qualifier": "accessrights", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "<br><br>The author has not given permission to make the work publicly available electronically. Therefore the material can be read only at the archival <a href=\"https://kirjasto.jyu.fi/collections/archival-workstation\">workstation</a> at Jyv\u00e4skyl\u00e4 University Library reserved for the use of archival materials.", "language": "en", "element": "rights", "qualifier": "accessrights", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
|