| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Frantti, Tapio", "language": null, "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Voutilainen, Jouko", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2024-04-09T05:28:12Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2024-04-09T05:28:12Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2024", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/94202", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Tutkimuksessa selvitettiin mit\u00e4 hy\u00f6kk\u00e4yspinta ja uhka-alttius k\u00e4sitt\u00e4\u00e4 sek\u00e4 miten yritykset kokevat perinteisen riskienhallinnan tarpeellisuuden, kun vertailukohdaksi asetetaan dynaamisempi ja automatisoidumpi prosessi. Lis\u00e4ksi tarkoituksena oli selvitt\u00e4\u00e4, miten hy\u00f6kk\u00e4yspinnan ja uhka-alttiuden hallinta ilmenee yritysten toiminnassa ja miten sit\u00e4 voidaan hy\u00f6dynt\u00e4\u00e4.\nHy\u00f6kk\u00e4yspinnan ja uhka-alttiuden aihealue tutkittiin kirjallisuuskatsauksena hy\u00f6dynt\u00e4m\u00e4ll\u00e4 alaan liittyvi\u00e4 tutkimuksia, raportteja, artikkeleita, blogikirjoituksia, verkkosivuja ja kirjallisuutta. Kyselytutkimus toteutettiin kahdeksalle suomalaiselle IT-alan yritykselle, joiden tarkempi toimiala oli jaoteltu kolmeen kategoriaan. Yritysten koot vaihtelivat mikro- ja suuryritysten v\u00e4lill\u00e4. Kysely toteutettiin s\u00e4hk\u00f6postin liitteen\u00e4 olleella kyselylomakkeella, joka sis\u00e4lsi niin m\u00e4\u00e4r\u00e4llisi\u00e4, kuin laadullisiakin kysymyksi\u00e4. Vastausprosentti oli 57,1 %.\nVastausten analysointi tehtiin m\u00e4\u00e4r\u00e4llisten vastausten osalta k\u00e4sittelem\u00e4ll\u00e4 tilastollisia tunnuslukuja. Muuttujien v\u00e4lisi\u00e4 riippuvuuksia tulkittiin korrelaatiokertoimella. Kysymysten vastausfrekvenssien esitt\u00e4miseen k\u00e4ytettiin taulukointia. Avointen kysymysten kohdalla k\u00e4ytettiin luokittelua, jolla tuettiin monivalintakysymysten analyysin tuloksia.\nPerinteinen vaikutukseen ja todenn\u00e4k\u00f6isyyteen perustuva riskienhallinta koetaan suurelta osin tarpeelliseksi, mutta se sai osakseen my\u00f6s kritiikki\u00e4 useilta vastaajilta ja muilta tutkijoilta. Tutkimuksessa havaittiin hy\u00f6kk\u00e4yspinnan ja uhka-alttiuden nousevan selke\u00e4mmiksi trendeiksi vasta tulevaisuudessa, vaikka hyvinkin automatisoidut j\u00e4rjestelm\u00e4t ovat jo saapuneet markkinoille. Erityisesti hy\u00f6kk\u00e4yspinnan hallintaan keskittyv\u00e4t sovellukset ja palvelut eiv\u00e4t ole kyselytutkimuksen perusteella suomalaisissa IT-yrityksiss\u00e4 juurikaan k\u00e4yt\u00f6ss\u00e4. Yritykset kokivat oman hy\u00f6kk\u00e4yspintansa kasvaneen, mutta eiv\u00e4t kuitenkaan p\u00e4\u00e4osin kokeneet tarvetta p\u00e4ivitt\u00e4\u00e4 nykyisi\u00e4 prosessejaan uusilla j\u00e4rjestelmill\u00e4 tai palveluilla.\nTulosten perusteella voi p\u00e4\u00e4tell\u00e4, etteiv\u00e4t yritykset koe tarpeelliseksi yh\u00e4 dynaamisempien tai automatisoidumpien j\u00e4rjestelmien integroimista omaan tietoturvan hallinnan prosessiinsa. T\u00e4h\u00e4n vaikuttaa selke\u00e4sti yritysten itsevarmuus nykyisist\u00e4 prosesseistaan ja j\u00e4rjestelmist\u00e4\u00e4n. On kuitenkin tunnistettava, ett\u00e4 yritykset ovat p\u00e4\u00e4osin kokeneet hy\u00f6kk\u00e4yspintansa kasvaneen ja t\u00e4t\u00e4 my\u00f6t\u00e4 suojausmekanismien monimutkaistumiselle voi kuitenkin tulla tarve tulevaisuudessa.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "This research studied what attack surface and threat exposure entails and how companies experience the necessity of traditional risk management when it is compared against a more dynamic and automated process. In addition, the purpose was to understand how companies employ attack surface and threat exposure management and how it could be utilized.\nAttack surface and threat exposure was studied as literature review by utilizing other research, reports, articles, blog posts, websites and other literature. An email-survey was conducted for eight Finnish IT-companies that varied from micro to large. The survey consisted of qualitative and quantitative questions. The response rate was 57,1 %.\nThe analysis was done by processing statistical key figures and correlation coefficient for the quantitative answers. Tabulation was used to summarize and present the responses. Open-ended questions were classified to facilitate analysis alongside the multiple-choice responses. \nTraditional risk management which relies on the experience of impact and likelihood is seen to still be useful, but it did receive criticism. The trend towards managing attack surface and threat exposure was perceived as increasingly impactful in the future, even though there already is existing software and services on the market that market themselves as such. Attack surface management software isn\u2019t much used in the surveyed Finnish IT-companies. The companies felt that their own attack surface had increased, but mostly did not feel the need to update their current processes with new systems or services.\nBased on the results, it can be concluded that companies do not find it necessary to integrate increasingly dynamic or automated systems into their own information security management processes. This is clearly influenced by companies\u2019 confidence in their current processes and systems. However, it is recognized that companies have mainly perceived an increase in their attack surface, and with this, there may be a need for the more complex protective mechanisms in the future.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2024-04-09T05:28:11Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2024-04-09T05:28:12Z (GMT). No. of bitstreams: 0\n Previous issue date: 2024", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "72", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "hy\u00f6kk\u00e4yspinta", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "uhka-alttius", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Uhka-alttiuden ja hy\u00f6kk\u00e4yspinnan hallinta osana yritysten tietoturvaa", "language": null, "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202404092769", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Cyber Security", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": null, "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "riskienhallinta", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tietoturva", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "riskianalyysi", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
|