| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Frantti, Tapio", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Lintula, Tuomas", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2022-12-09T07:29:31Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2022-12-09T07:29:31Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2022", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/84251", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "T\u00e4ss\u00e4 tutkimuksessa tarkastellaan tapahtuneita kohdistettuja haittaohjelmahy\u00f6kk\u00e4yksi\u00e4 ja ehdotetaan vastatoimia niiden torjumiseksi. Tutkimuksen teoriaosuuden tarkoituksena on taustoittaa varsinaista tutkimusta ja antaa lukijalle riitt\u00e4v\u00e4t perustiedot tutkimusaiheesta. Tutkimuksen empiirisess\u00e4 osuudessa tutkittiin tapahtuneita kohdistettuja haittaohjelmahy\u00f6kk\u00e4yksi\u00e4 niiden toteutuksessa k\u00e4ytettyjen taktiikoiden ja tekniikoiden n\u00e4k\u00f6kulmasta. Tutkimuksessa pyrittiin my\u00f6s selvitt\u00e4m\u00e4\u00e4n, onko kansallisessa tietoturvallisuusauditointikriteerist\u00f6ss\u00e4 puutteita kohdistetuilta haittaohjelmahy\u00f6kk\u00e4yksilt\u00e4 suojautumiseksi. Tutkimuksen aihe on t\u00e4rke\u00e4, sill\u00e4 tutkimuksessa voidaan l\u00f6yt\u00e4\u00e4 puutteita laajasti k\u00e4yt\u00f6ss\u00e4 olevasta viranomaisten turvallisuusluokitellun tiedon suojaamiseksi k\u00e4ytett\u00e4v\u00e4st\u00e4 auditointikriteerist\u00f6st\u00e4. Tutkimuksen empiirinen osuus toteutettiin monitapaustutkimuksena ja aineistoa analysoitiin aineistol\u00e4ht\u00f6ist\u00e4 sis\u00e4ll\u00f6nanalyysi\u00e4 k\u00e4ytt\u00e4en. Tutkimusmateriaali ker\u00e4ttiin julkisesti saatavissa olevista l\u00e4hteist\u00e4. Tutkimuksen empiirisess\u00e4 osuudessa havaittiin, ett\u00e4 kohdistetuille haittaohjelmahy\u00f6kk\u00e4yksille on tyypillist\u00e4 k\u00e4ytt\u00e4\u00e4 samankaltaisia taktiikoita ja tekniikoita. Tyypillisimmiksi taktiikoiksi paljastui avointen l\u00e4hteiden tiedustelu, tietojenkalastelu ja nollap\u00e4iv\u00e4haavoittuvuuksien hy\u00f6dynt\u00e4minen. Tutkimuksen perusteella hy\u00f6kk\u00e4ysten torjumiseksi henkil\u00f6st\u00f6n koulutus, poikkeamien havainnointikyky ja onnistunut riskienhallinta ovat olennaisessa osassa. Kansallista turvallisuusauditointikriteerist\u00f6\u00e4 noudattamalla voidaan torjua niin teollisuusymp\u00e4rist\u00f6\u00f6n kuin salassa pidett\u00e4v\u00e4\u00e4n tietoon kohdistettuja hy\u00f6kk\u00e4yksi\u00e4. Kriteerist\u00f6n heikkouksiksi havaittiin vaatimusten yleisluontoisuus, puhelinten ja IOT-laitteiden v\u00e4h\u00e4inen huomiointi sek\u00e4 SOC-toiminnon puuttuminen.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "This study examines the advanced persistent threat attacks that have occurred and suggests countermeasures to combat them. The purpose of the theory part of the research is to provide a background to the actual research and to give the \nreader sufficient basic information about the research topic. In the empirical part of the study, the advanced persistent threat attacks that have occurred were investigated from the perspective of the tactics and techniques used in their \nimplementation. The study also sought to find out whether there are any shortcomings in the national security auditing criteria for protecting against advanced persistent threat attacks. The topic of the research is important because \nthe research can find flaws in the widely used audit criteria used to protect information classified as security by the authorities. The empirical part of the research was carried out as a multi-case study and the material was analyzed \nusing material-based content analysis. The research material was collected from publicly available sources. In the empirical part of the study, it was found that it is typical for advanced persistent threat attacks to use similar tactics and \ntechniques. The most typical tactics turned out to be intelligence on open sources, phishing and exploiting zero-day vulnerabilities. Based on the research, personnel training, the ability to detect deviations and successful risk \nmanagement are an essential part of combating attacks. By following the national security auditing criteria, attacks targeting the industrial environment as well as confidential information can be countered. Weaknesses of the criteria were found to be the general nature of the requirements and little consideration of telephones and IOT devices.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2022-12-09T07:29:31Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2022-12-09T07:29:31Z (GMT). No. of bitstreams: 0\n Previous issue date: 2022", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "64", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "kohdistettu haittaohjelmahy\u00f6kk\u00e4ys", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "MITRE ATT&CK", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "ADDRR", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "Kansallinen turvallisuusauditointikriteerist\u00f6", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Kansallisen turvallisuusauditointikriteerist\u00f6n antama suoja kohdistettuja haittaohjelmahy\u00f6kk\u00e4yksi\u00e4 vastaan", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202212095511", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "haittaohjelmat", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "hy\u00f6kk\u00e4ys", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "vakoilu", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "torjunta", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
|