“The law that mandates us is stronger than the consumer's rights” : what are the decisions related to authentication method selection?

“The law that mandates us is stronger than the consumer's rights” what are the decisions related to authentication method selection?

Loppukäyttäjän tunnistusmenetelmien valinnalle on olemassa erilaisia viitekehyksiä, mutta yksikään niistä ei ota kantaa organisaation näkökulmaan turvalliseen ohjelmistokehitykseen liittyen. Tutkimuksen tarkoituksena oli saada tietoa turvallisesta ohjelmistokehityksestä ja selittää, miten turvallisu...

Full description

Bibliographic Details
Main Author: Tonteri, Heidi
Other Authors: Informaatioteknologian tiedekunta, Faculty of Information Technology, Informaatioteknologia, Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Format: Master's thesis
Language:eng
Published: 2023
Subjects:
secure software development
security features
end-user authentication
Tietotekniikka
Mathematical Information Technology
602
kyberturvallisuus
tietoturva
todentaminen
ohjelmistokehitys
cyber security
data security
authentication
software development
Online Access: https://jyx.jyu.fi/handle/123456789/87315
_version_ 1826225752683577344
author Tonteri, Heidi
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet Tonteri, Heidi Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä Tonteri, Heidi Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort Tonteri, Heidi
datasource_str_mv jyx
description Loppukäyttäjän tunnistusmenetelmien valinnalle on olemassa erilaisia viitekehyksiä, mutta yksikään niistä ei ota kantaa organisaation näkökulmaan turvalliseen ohjelmistokehitykseen liittyen. Tutkimuksen tarkoituksena oli saada tietoa turvallisesta ohjelmistokehityksestä ja selittää, miten turvallisuusominaisuuksia implementoidaan kehitettäviin järjestelmiin. Tutkimus toteutettiin laadullisella menetelmällä, suorittamalla puolistrukturoituja haastatteluja seitsemälle suomalaisen IT-organisaation edustajalle. Aineisto analysoitiin temaattisella analyysillä ja tutkimuksen teoreettisena taustana käytettiin Anthonyn (1964) organisaation päätöksentekoprosessin viitekehystä. Tutkimus osoittaa, että turvallisen ohjelmistokehityksen eri vaiheissa toteutetaan erilaisia turvallisuusominaisuuksia. Yhtiön strategisen tason turvallisuuslinjaukset muunnetaan teknisiksi ohjeistuksiksi, jotka ohjaavat arkkitehtuuripäätöksiä, vaatimussuunnittelua, tunnistautumismenetelmän valintaa ja komponenttien integrointia. Anthonyn teorian vastaisesti, kehittäjien vaikutus päätöksentekoon voi olla huomattava; kehittäjät voivat asiantuntijoina valvoa korkean tason teknisiä päätöksiä, kuten arkkitehtuurisia ratkaisuja. He saattavat myös käyttää valtaa saadakseen aikaan muutoksia tiimin käyttämän kehitysmenetelmän valintaan virallisen turvallisuuspolitiikan vastaisesti. Tutkimus osoittaa, että sääntely on yrityksille suurin täytetyn vaatimuksen lähde, ja valintaperusteet tunnistautumismenetelmälle ovat samanlaiset kuin mihin tahansa komponenttiin liittyvät perusteet. Lisäksi tutkimus osoittaa, että järjestelmien kehittäjät eivät ota vastuuta nykyisten tunnistautumiskäytäntöjen ylläpitämisestä, vaan katsovat sen johtuvan sääntelystä. There exist various frameworks for the selection of end-user authentication methods, but none of those takes a stand concerning the organizational point of view regarding secure software development. The purpose of this research was to gain insight into secure software development and explain how security features are implemented in the developed systems. The research was carried out using a qualitative method, conducting semi-structural interviews for seven participants from Finnish IT organizations. Data were processed by thematic analysis. The theoretical framework was Anthony’s (1964) organizational decision- making processes, and it was used in analysing the data. The research shows that different security features are implemented at different phases of secure software development. Security policies created at the company’s strategic level are transferred to technical instructions that guide architectural decisions, requirements engineering, the selection of authentication methods, and component integration. Contradicting Anthony’s theory, developers’ influence on decision-making is notable; developers as experts can oversee high-level technical decisions such as relating to the architectural resolution. They may also use power to gain changes counteracting official company policies such as the selection of development methods. The study shows that high regulation is the main source of requirements for companies and the selection criteria of authentication method is similar than relating to any component. It also shows that system developers do not take responsibility for maintaining the current authentication practice due to the reliance on regulation.
first_indexed 2024-09-11T08:51:56Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "Paananen, Hanna", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.advisor", "value": "Woods, Naomi", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Tonteri, Heidi", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2023-05-31T05:55:41Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2023-05-31T05:55:41Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2023", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/87315", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Loppuk\u00e4ytt\u00e4j\u00e4n tunnistusmenetelmien valinnalle on olemassa erilaisia viitekehyksi\u00e4, mutta yksik\u00e4\u00e4n niist\u00e4 ei ota kantaa organisaation n\u00e4k\u00f6kulmaan turvalliseen ohjelmistokehitykseen liittyen. Tutkimuksen tarkoituksena oli saada tietoa turvallisesta ohjelmistokehityksest\u00e4 ja selitt\u00e4\u00e4, miten turvallisuusominaisuuksia implementoidaan kehitett\u00e4viin j\u00e4rjestelmiin. Tutkimus toteutettiin laadullisella menetelm\u00e4ll\u00e4, suorittamalla puolistrukturoituja haastatteluja seitsem\u00e4lle suomalaisen IT-organisaation edustajalle. Aineisto analysoitiin temaattisella analyysill\u00e4 ja tutkimuksen teoreettisena taustana k\u00e4ytettiin Anthonyn (1964) organisaation p\u00e4\u00e4t\u00f6ksentekoprosessin viitekehyst\u00e4. Tutkimus osoittaa, ett\u00e4 turvallisen ohjelmistokehityksen eri vaiheissa toteutetaan erilaisia turvallisuusominaisuuksia. Yhti\u00f6n strategisen tason turvallisuuslinjaukset muunnetaan teknisiksi ohjeistuksiksi, jotka ohjaavat arkkitehtuurip\u00e4\u00e4t\u00f6ksi\u00e4, vaatimussuunnittelua, tunnistautumismenetelm\u00e4n valintaa ja komponenttien integrointia. Anthonyn teorian vastaisesti, kehitt\u00e4jien vaikutus p\u00e4\u00e4t\u00f6ksentekoon voi olla huomattava; kehitt\u00e4j\u00e4t voivat asiantuntijoina valvoa korkean tason teknisi\u00e4 p\u00e4\u00e4t\u00f6ksi\u00e4, kuten arkkitehtuurisia ratkaisuja. He saattavat my\u00f6s k\u00e4ytt\u00e4\u00e4 valtaa saadakseen aikaan muutoksia tiimin k\u00e4ytt\u00e4m\u00e4n kehitysmenetelm\u00e4n valintaan virallisen turvallisuuspolitiikan vastaisesti. Tutkimus osoittaa, ett\u00e4 s\u00e4\u00e4ntely on yrityksille suurin t\u00e4ytetyn vaatimuksen l\u00e4hde, ja valintaperusteet tunnistautumismenetelm\u00e4lle ovat samanlaiset kuin mihin tahansa komponenttiin liittyv\u00e4t perusteet. Lis\u00e4ksi tutkimus osoittaa, ett\u00e4 j\u00e4rjestelmien kehitt\u00e4j\u00e4t eiv\u00e4t ota vastuuta nykyisten tunnistautumisk\u00e4yt\u00e4nt\u00f6jen yll\u00e4pit\u00e4misest\u00e4, vaan katsovat sen johtuvan s\u00e4\u00e4ntelyst\u00e4.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "There exist various frameworks for the selection of end-user authentication methods, but none of those takes a stand concerning the organizational point of view regarding secure software development. The purpose of this research was to gain insight into secure software development and explain how security features are implemented in the developed systems. The research was carried out using a qualitative method, conducting semi-structural interviews for seven participants from Finnish IT organizations. Data were processed by thematic analysis. The theoretical framework was Anthony\u2019s (1964) organizational decision- making processes, and it was used in analysing the data. The research shows that different security features are implemented at different phases of secure software development. Security policies created at the company\u2019s strategic level are transferred to technical instructions that guide architectural decisions, requirements engineering, the selection of authentication methods, and component integration. Contradicting Anthony\u2019s theory, developers\u2019 influence on decision-making is notable; developers as experts can oversee high-level technical decisions such as relating to the architectural resolution. They may also use power to gain changes counteracting official company policies such as the selection of development methods. The study shows that high regulation is the main source of requirements for companies and the selection criteria of authentication method is similar than relating to any component. It also shows that system developers do not take responsibility for maintaining the current authentication practice due to the reliance on regulation.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2023-05-31T05:55:41Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2023-05-31T05:55:41Z (GMT). No. of bitstreams: 0\n Previous issue date: 2023", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "72", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": null, "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "secure software development", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "security features", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "end-user authentication", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "\u201cThe law that mandates us is stronger than the consumer's rights\u201d : what are the decisions related to authentication method selection?", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202305313371", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietotekniikka", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Mathematical Information Technology", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "602", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "todentaminen", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "ohjelmistokehitys", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "data security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "authentication", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "software development", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
id jyx.123456789_87315
language eng
last_indexed 2025-02-18T10:56:43Z
main_date 2023-01-01T00:00:00Z
main_date_str 2023
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/8f96a107-2764-4847-8ba2-f7ddf9a4fd42\/download","text":"URN:NBN:fi:jyu-202305313371.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2023
record_format qdc
source_str_mv jyx
spellingShingle Tonteri, Heidi “The law that mandates us is stronger than the consumer's rights” : what are the decisions related to authentication method selection? secure software development security features end-user authentication Tietotekniikka Mathematical Information Technology 602 kyberturvallisuus tietoturva todentaminen ohjelmistokehitys cyber security data security authentication software development
title “The law that mandates us is stronger than the consumer's rights” : what are the decisions related to authentication method selection?
title_full “The law that mandates us is stronger than the consumer's rights” : what are the decisions related to authentication method selection?
title_fullStr “The law that mandates us is stronger than the consumer's rights” : what are the decisions related to authentication method selection? “The law that mandates us is stronger than the consumer's rights” : what are the decisions related to authentication method selection?
title_full_unstemmed “The law that mandates us is stronger than the consumer's rights” : what are the decisions related to authentication method selection? “The law that mandates us is stronger than the consumer's rights” : what are the decisions related to authentication method selection?
title_short “The law that mandates us is stronger than the consumer's rights”
title_sort law that mandates us is stronger than the consumer s rights what are the decisions related to authentication method selection
title_sub what are the decisions related to authentication method selection?
title_txtP “The law that mandates us is stronger than the consumer's rights” : what are the decisions related to authentication method selection?
topic secure software development security features end-user authentication Tietotekniikka Mathematical Information Technology 602 kyberturvallisuus tietoturva todentaminen ohjelmistokehitys cyber security data security authentication software development
topic_facet 602 Mathematical Information Technology Tietotekniikka authentication cyber security data security end-user authentication kyberturvallisuus ohjelmistokehitys secure software development security features software development tietoturva todentaminen
url https://jyx.jyu.fi/handle/123456789/87315 http://www.urn.fi/URN:NBN:fi:jyu-202305313371
work_keys_str_mv AT tonteriheidi lawthatmandatesusisstrongerthantheconsumersrightswhatarethedecisionsrelatedtoauthen AT tonteriheidi thelawthatmandatesusisstrongerthantheconsumersrightswhatarethedecisionsrelatedtoaut

Similar Items