| fullrecord |
[{"key": "dc.contributor.advisor", "value": "Frantti, Tapio", "language": null, "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Sepp\u00e4nen, Tanja Elisabet", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2024-06-10T19:48:09Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2024-06-10T19:48:09Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2024", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/95720", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Critical and industrial infrastructure systems have previously been isolated to a great degree but due to the increased need for e.g. remote access and data collection, the industrial systems have become more connected, and thereby, exposed to more cyber threats. This research is focused on operational technology (OT) security and particularly on patch management in OT environment. The research question is formed around the implementation of patch management in a way that minimizes cyber risks and production disruptions.\nPatches are an efficient method to protect OT environment, but the patch deployment often requires production disruption. The OT systems set requirements for high availability and safety which make patch management planning more complex than in normal IT systems. Furthermore, the lifecycle of an OT system is usually longer and not all OT systems can necessarily be patched. \nThe research method in this thesis is Design Science Research Methodology that is used to create an artifact. The artifact is a checklist for systematic patch management in OT environment. The findings are collected via semi-structured interviews with IT and OT professionals. In addition to the inter-views, the artifact is further developed in a small-scale workshop with the security professionals. \nThe findings of this thesis suggest that the OT patch management is de-pendent on technology, people, and processes. Communication and collaboration between the IT & OT professionals and the relevant stakeholders has the most remarkable impact on patch management and minimization of cyber risks and production disruptions. Other remarkable factors are OT asset management, patch automation, backups and rollback, lifecycle management, manual patching, allocation of sufficient resources, and regular maintenance. \nThe demonstration and evaluation of the artifact is limited to three production sites of a case study company. Future research in other organizations or industries could support the further development of the artifact.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Kriittisen infrastruktuurin ja teollisuuden tietoj\u00e4rjestelm\u00e4t ovat perinteisesti olleet suljetuissa ymp\u00e4rist\u00f6iss\u00e4, mutta esimerkiksi et\u00e4yhteyksien ja datanker\u00e4\u00e4misen tarpeen lis\u00e4\u00e4ntyess\u00e4 my\u00f6s tuotantoymp\u00e4rist\u00f6t muuttuvat aiempaa avoimemmiksi ja altistuvat lis\u00e4\u00e4ntyviss\u00e4 m\u00e4\u00e4rin kyberuhille. T\u00e4m\u00e4 tutkimus tarkastelee tuotantoteknologian (OT) kyberturvallisuutta ja erityisesti p\u00e4ivitysten hallintaa tuotantoymp\u00e4rist\u00f6ss\u00e4. Keskeinen tutkimuskohde on tuotannon tietoturvap\u00e4ivitysten hallinta tavalla, joka minimoi kyberriskit ja tuotantokatkokset. \nP\u00e4ivitykset ovat tehokas tapa suojata OT-ymp\u00e4rist\u00f6\u00e4, mutta p\u00e4ivitysten asentaminen vaatii usein tuotantokatkon. OT-j\u00e4rjestelm\u00e4t edellytt\u00e4v\u00e4t erityisesti korkeaa saatavuutta ja turvallisuutta, jonka vuoksi p\u00e4ivitysten asentaminen vaatii enemm\u00e4n suunnittelua kuin ns. tavallisen IT-tietoj\u00e4rjestelm\u00e4n p\u00e4ivitt\u00e4minen. OT-j\u00e4rjestelmien elinkaari on usein my\u00f6s huomattavan pitk\u00e4, jonka vuoksi kaikkia OT-j\u00e4rjestelmi\u00e4 ei v\u00e4ltt\u00e4m\u00e4tt\u00e4 pystyt\u00e4 p\u00e4ivitt\u00e4m\u00e4\u00e4n.\nTutkimuksen menetelm\u00e4 perustuu suunnittelutieteeseen, jonka avulla kehitet\u00e4\u00e4n artefaktina tarkastuslista j\u00e4rjestelm\u00e4lliseen tietoturvap\u00e4ivitysten hallintaan teollisuusymp\u00e4rist\u00f6ss\u00e4. Tutkimustulokset on ker\u00e4tty haastattelemalla IT- ja OT-tietoturva-ammattilaisia. Haastatteluiden perusteella kehitetty\u00e4 tarkastuslistaa on kehitetty edelleen ty\u00f6pajassa tietoturva-ammattilaisten kanssa.\nTutkimus osoittaa, ett\u00e4 OT-j\u00e4rjestelmien p\u00e4ivitt\u00e4minen ja tuotantokatkojen minimointi riippuu teknologiasta, ihmisist\u00e4 ja prosesseista. Merkitt\u00e4vin vaikutus on IT- ja OT-ammattilaisten ja sidosryhmien v\u00e4lisell\u00e4 yhteisty\u00f6ll\u00e4 ja viestinn\u00e4ll\u00e4. Muita merkitt\u00e4vi\u00e4 tekij\u00f6it\u00e4 ovat OT-komponenttien ja -laitteiden tunnistaminen, p\u00e4ivitysten automatisointi, varmuuskopiointi ja niiden palauttaminen, elinkaarenhallinta, manuaalinen p\u00e4ivitt\u00e4minen, riitt\u00e4v\u00e4t resurssit ja s\u00e4\u00e4nn\u00f6llinen huolto. \nTutkimuksen otanta on yhden yrityksen kolme tuotantolaitosta. Mahdollisen jatkotutkimuksen avulla artefaktia voi kehitt\u00e4\u00e4 sovellettavammaksi my\u00f6s muissa yrityksiss\u00e4 ja toimialoilla.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by jyx lomake-julkaisija (jyx-julkaisija.group@korppi.jyu.fi) on 2024-06-10T19:48:09Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2024-06-10T19:48:09Z (GMT). No. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "72", "language": null, "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.title", "value": "Patch Management in OT Environment", "language": null, "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202406104491", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Cyber Security", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuus", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "restrictedAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "The author has not given permission to make the work publicly available electronically. Therefore the material can be read only at the archival workstation at Jyv\u00e4skyl\u00e4 University Library (https://kirjasto.jyu.fi/en/workspaces/facilities/facilities#autotoc-item-autotoc-2).", "language": "en", "element": "rights", "qualifier": "accessrights", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "Tekij\u00e4 ei ole antanut lupaa avoimeen julkaisuun, joten aineisto on luettavissa vain Jyv\u00e4skyl\u00e4n yliopiston kirjaston arkistoty\u00f6semalta. Ks. https://kirjasto.jyu.fi/fi/tyoskentelytilat/laitteet-ja-tilat#autotoc-item-autotoc-2.", "language": "fi", "element": "rights", "qualifier": "accessrights", "schema": "dc"}]
|