| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Lehto, Martti", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Ihanus, Juri", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2023-05-10T05:58:26Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2023-05-10T05:58:26Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2023", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/86845", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "T\u00e4ss\u00e4 tutkielmassa tutkittiin sis\u00e4piiriuhkaa ja sen hy\u00f6kk\u00e4ysvaiheita. Organisaatioihin ja niiden k\u00e4ytt\u00e4m\u00e4\u00e4n tietoon kohdistuu monenlaisia uhkia, joista osa syntyy organisaatioiden sis\u00e4lt\u00e4. Organisaation omaisuuteen luvallisen p\u00e4\u00e4syoikeuden saaneita yksil\u00f6it\u00e4 voidaan kutsua sis\u00e4piiril\u00e4isiksi. Sis\u00e4piiril\u00e4isten toimenpiteet voivat aiheuttaa haittaa organisaatiolle, jolloin puhutaan sis\u00e4piiriuhkasta. Sis\u00e4piiriuhka voi olla joko tahatonta tai pahantahtoista. Kyberturvallisuuden alalta l\u00f6ytyy useita malleja pahantahtoisten hy\u00f6kk\u00e4\u00e4jien tekemien hy\u00f6kk\u00e4ysten mallintamiseen. Sis\u00e4piiriuhkan osalta malleissa on kuitenkin puutteita, mik\u00e4 tekee tutkielmasta t\u00e4rke\u00e4n. Tutkielman p\u00e4\u00e4tavoitteena oli kehitt\u00e4\u00e4 malli, jolla voidaan kuvata tietoon kohdistuvan sis\u00e4piiriuhkan hy\u00f6kk\u00e4ysvaiheita. Tutkielmassa analysoitiin julkisista l\u00e4hteist\u00e4 saatavilla olevia sis\u00e4piiriuhkan tapausaineistoja laadullisen sis\u00e4ll\u00f6nanalyysin keinoin. Analyysin tavoitteena oli selvitt\u00e4\u00e4, millaisia vaiheita sis\u00e4piiriuhkan hy\u00f6kk\u00e4yksiss\u00e4 oli. Analyysiss\u00e4 k\u00e4ytettiin hy\u00f6dyksi aiempaa teoriaa kyberhy\u00f6kk\u00e4ysten vaiheista. Analyysin tuloksia hy\u00f6dynnettiin kehitt\u00e4m\u00e4ll\u00e4 uusi malli, joka kuvaa tietoon kohdistuvan sis\u00e4piiriuhkan hy\u00f6kk\u00e4ysvaiheita. Uuden mallin kehitt\u00e4minen tehtiin kehitt\u00e4mistutkimuksen keinoin ja mallin toimivuutta verrattiin olemassa oleviin hy\u00f6kk\u00e4\u00e4jien toimenpiteit\u00e4 kuvaaviin malleihin. Tutkimuksessa havaittiin, ett\u00e4 aiemmat mallit eiv\u00e4t kykene kattavasti kuvaamaan sis\u00e4piiriuhkan hy\u00f6kk\u00e4ysvaiheita. Uuden mallin avulla voidaan kuvata sis\u00e4piiriuhkan hy\u00f6kk\u00e4ysvaiheita kattavammin ja mallia voidaan hy\u00f6dynt\u00e4\u00e4 sis\u00e4piiriuhkan hallinnassa organisaatioissa.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "This study examined insider threat and the attack phases involved in insider threat cases. Organizations need to protect their information assets from multiple different threat actors, including those from within the organization. Individuals who have been given authorized access to the assets of an organization can be called insiders. Insiders can cause damage to an organization through their actions. The potential for such actions is called \u201cinsider threat\u201d. Insider threat can be either malicious or unintentional. The field of cyber security has multiple models which illustrate phases of malicious attacks on organizations. Such models are known to have issues regarding insider threat, which makes this study important. The main purpose of this study was to create a model which illustrates the attack phases of insider threat targeting information assets. In the study, a qualitative analysis was conducted on publicly available insider threat case studies. The purpose of the analysis was to find out what kind of phases are involved in attacks caused by insider threat, utilizing previous theory on cyberattack phases. The results of the analysis were used in developing a new model for insider threat attacks targeting information assets. The development of the new model was conducted through design science research, and the model was evaluated against earlier attack models. The study found that the coverage of earlier models regarding insider attack phases was lacking. The new model has better coverage of all the phases of insider attack phases and the model can be utilized in insider threat management in organizations.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2023-05-10T05:58:26Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2023-05-10T05:58:26Z (GMT). No. of bitstreams: 0\n Previous issue date: 2023", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "67", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": null, "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "sis\u00e4piiriuhka", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "hy\u00f6kk\u00e4ysketju", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "MITRE ATT&CK", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "Unified Kill Chain", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Sis\u00e4piiriuhkan hy\u00f6kk\u00e4ysketju : sis\u00e4piiriuhkan hy\u00f6kk\u00e4ysvaiheiden mallintaminen", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202305102926", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "verkkohy\u00f6kk\u00e4ykset", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
|