fullrecord |
[{"key": "dc.contributor.advisor", "value": "Siponen, Mikko", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Arponen, Leo-Pekka", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2023-05-11T05:16:11Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2023-05-11T05:16:11Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2023", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/86875", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Riskienhallinta on olennainen osa organisaatioiden toimintaa, jonka avulla pyrit\u00e4\u00e4n kasvattamaan oman toiminnan onnistumisen todenn\u00e4k\u00f6isyytt\u00e4. Useimmiten organisaatioiden riskienhallintaa ohjaa ISO 31000:2018 riskienhallinnan ohjeet. Riskienhallinnan ohjeiden, standardien sek\u00e4 muiden parhaiksi havaittujen k\u00e4yt\u00e4nteiden tarkoituksena on luoda edellytykset riskienhallinnan toteuttamiseksi. Erilaiset ohjeet ja standardit l\u00e4hestyv\u00e4t riskienhallintaa useiden n\u00e4k\u00f6kulmien ja metodien kautta, mutta tavoite on silti yhteinen, tehokas riskienhallinta. T\u00e4m\u00e4n tutkielman tavoitteena oli ker\u00e4t\u00e4 tietoa ja selvitt\u00e4\u00e4, miten ICT-organisaatioiden tulisi toteuttaa riskienhallintaa ja kannattaisiko yleisesti sovellettujen ISO 31000:2018 riskienhallinnan ohjeiden lis\u00e4ksi hy\u00f6dynt\u00e4\u00e4 NIST SP 800-37r2 riskienhallinnan viitekehyst\u00e4. Tutkimuksen teoreettisessa viitekehyksess\u00e4 perehdyttiin riskienhallinnan keskeisiin k\u00e4sitteisiin, teoriaperusteisiin sek\u00e4 tutkielmassa k\u00e4siteltyihin riskienhallintamalleihin ja niiden vertailuun. Tutkimuksen empiirinen osuus toteutettiin laadullisin menetelmin. Aineisto ker\u00e4ttiin puolistrukturoiduilla haastatteluilla, joissa haastateltiin er\u00e4\u00e4n suomalaisen ICT-organisaation turvallisuusjohtajia. Aineisto analysoitiin aineistol\u00e4ht\u00f6isell\u00e4 sis\u00e4ll\u00f6nanalyysill\u00e4. Tutkimuksen avulla p\u00e4\u00e4teltiin riskienhallinnan ohjeiden ja viitekehyksen yhdist\u00e4minen mahdolliseksi, mutta tehokkaan riskienhallinnan huomattiin olevan sidoksissa ihmisiin ohjeiden sijasta.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Risk management is an essential part of a functioning organization\u2019s activities to increase the likelihood of success. Most organizations' risk management is guided by the ISO 31000:2018 risk management guidelines. The purpose of risk management guidelines, standards, and other best practices is to create the conditions for implementing risk management. The various guidelines and standards approach risk management through different perspectives and methodologies, but the goal is still the same, effective risk management. The aim of this thesis was to gather information and to find out how ICT organizations should implement risk management and whether it would be worthwhile to use the NIST SP 800-37r2 risk management framework in addition to the generally applied ISO 31000:2018 risk management guidelines. In the theoretical framework of the study, the main concepts of risk management, theoretical foundations, and risk management models and their comparison were examined. The empirical part of the study was carried out using qualitative methods. The data was collected through semi-structured interviews with the security managers of a Finnish ICT organization. The data was analyzed using content analysis. The study concluded that it is possible to combine risk management guidelines and a framework, but effective risk management was found to depend on people rather than guidelines.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2023-05-11T05:16:11Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2023-05-11T05:16:11Z (GMT). No. of bitstreams: 0\n Previous issue date: 2023", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "70", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": null, "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "riskienhallinnan viitekehys", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "riskienhallinnan ohjeet", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "ICT-organisaatiot", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Riskienhallinnan suunnittelu ja toteutus ICT-alan organisaatioissa", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202305112954", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "riskienhallinta", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "organisaatiot", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "riskit", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "standardit", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "johtaminen", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "turvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
|