fullrecord |
[{"key": "dc.contributor.advisor", "value": "Koskelainen, Tiina", "language": null, "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Alavesa, Piia", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2024-11-20T15:45:33Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2024-11-20T15:45:33Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2024", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/98565", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Lokit ovat t\u00e4rkeit\u00e4, koska ne kertovat j\u00e4rjestelm\u00e4n tilasta, ja niiden avulla voidaan tunnistaa mink\u00e4 tahansa tyyppiset kyberhy\u00f6kk\u00e4ykset tai luoda tietopohjainen kuva k\u00e4ytt\u00e4jien ty\u00f6tavoista. Monet viimeaikaiset lait ja standardit pakottavat lokinhallintaan. NIS2 direktiivi pakottaa tietyt valmistajat huomioimaan lokinhallinnan ja -k\u00e4sittelyn ohjelmistokehitysprosessin vaiheissa. Ohjelmistohallinnan automaatiota tulisi edist\u00e4\u00e4 my\u00f6s standardien IEC 62443 ja ISO 27001 mukaisesti. T\u00e4m\u00e4 sis\u00e4lt\u00e4\u00e4 lokinhallintaty\u00f6kalujen ja ty\u00f6kaludokumentaation, lokinhallintatoimintojen teknisen ohjeistuksen ja tiedon jakamisen lokinhallintahenkil\u00f6st\u00f6lle. ISO 27001 jopa mainitsee yhdeksi menetelmist\u00e4\u00e4n sen, ett\u00e4 turvallinen SDLC tulee m\u00e4\u00e4ritt\u00e4\u00e4 ja k\u00e4ytt\u00f6\u00f6nottaa. Kohdeorganisaatio toimii globaalin ohjelmistokehityksen (GSD) kontekstissa, jossa ty\u00f6t\u00e4 tehd\u00e4\u00e4n useassa paikassa samanaikaisesti. Siksi on viel\u00e4 t\u00e4rke\u00e4mp\u00e4\u00e4, ett\u00e4 tietoturvavaatimuksista ollaan tietoisia ja k\u00e4ytet\u00e4\u00e4n sertifiointia. N\u00e4m\u00e4 ovat mahdollisia keskitt\u00e4m\u00e4ll\u00e4 lokinhallintaa esimerkiksi ty\u00f6kaluilla kuten keskitetyll\u00e4 lokinhallinnalla (CLM), sovituilla menettelyill\u00e4 ja rakentamalla monet lokinhallinnan edellytt\u00e4mist\u00e4 toiminnoista pilvialustaan.\nTutkimusmenetelm\u00e4n\u00e4 on asiantuntija-analyysi laadullisin haastatteluin ja kyselyin kuudelle asiantuntijalle, joilla on usean vuoden kokemus aihealueesta. Tutkimus ker\u00e4\u00e4 asiantuntijoiden n\u00e4kemykset lokinhallinnan parhaista k\u00e4yt\u00e4nn\u00f6ist\u00e4 huomioiden my\u00f6s lains\u00e4\u00e4d\u00e4nn\u00f6n, standardit ja kirjallisuuskatsauksen sek\u00e4 artikkelit aiheesta. Ker\u00e4tty materiaali analysoitiin koodaamalla ne ohjelmistokehitysprosessin, ty\u00f6kalujen, lokeihin liittyvien vaatimusten ja toimintojen pohjalta induktiivisesti. \nT\u00e4m\u00e4 tutkimus p\u00e4\u00e4ttelee, ett\u00e4 lokinhallintatoimintojen tulee perustua ohjelmistokehityksen elinkaareen (SDLC). Keskittym\u00e4ll\u00e4 ratkaisujen rakentamisprosessiin voidaan varmistaa, ett\u00e4 rakennettava tuote on laadukas. Jokainen asiantuntija oli samaa mielt\u00e4, ett\u00e4 hyvin m\u00e4\u00e4ritelty pilviarkkitehtuuri auttaa varmistamaan, ett\u00e4 monet lokeihin liittyv\u00e4t vaatimukset k\u00e4sitell\u00e4\u00e4n oikein. Yht\u00e4 t\u00e4rke\u00e4\u00e4 on m\u00e4\u00e4ritt\u00e4\u00e4 standardoidut lokinhallintaprosessit ty\u00f6skentelytavoiksi, kuten lokitarkastuksiksi, turvallisten koodausk\u00e4yt\u00e4nt\u00f6jen, kuten OWASP:n (Open Worldwide Application Security Project) noudattaminen ja SDLC-prosessia tukevien ty\u00f6kalujen, kuten Jiran, k\u00e4ytt\u00f6 ty\u00f6n organisointiin ja seurantaan.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Logs are important because they inform about the system health and can be used to identify any type of cyber-attacks or give a data-based overview of users\u2019 ways of working. Recent legislation and standards enforce log management. NIS2 directive forces certain manufacturers to take logging procedures into software development process\u2019 phases. Software management automation should be promoted as defined in standards IEC 62443 and ISO 27001. This covers distribution of log management tools, technical guidance in log management and delivering the needed data to the log management personnel. ISO 27001 even mentions one of its controls being that the secure development lifecycle should be established and applied. The target organization of this study operates in Global Software Development (GSD) where work is being done in many locations simultaneously. In GDS, it is even more important that the security requirements are known, and certification is used. This is possible via centralizing the log management with tools such as Centralized Log Management (CLM), agreed procedures, and building many of the log management required functionality on the cloud platform.\nThe research method used is expert analysis with qualitative interviews and a survey with six participants who all have several years of domain expertise. The research gathers the views of subject matter experts around the log management best practices but also reflects the legislation, standards, literature review, and articles about the topic. The gathered data was analyzed via theming in reflection on the software development process, tooling, logging related requirements, and logging activities inductively. \nThis research concludes that the log management activities should be built on the Software Development Lifecycle (SDLC). Placing focus on the process of how solutions are built, one can ensure that the product being built will be of good quality. All interviewed experts agreed that a well-defined cloud architecture helps to ensure many of the log related requirements are handled accordingly. As important is to set up standardized log management processes into ways of working such as log inspections, following secure coding practices such as OWASP (Open Worldwide Application Security Project), and using tools supporting SDLC process such as Jira as a management tool to organize and track the work.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by jyx lomake-julkaisija (jyx-julkaisija.group@korppi.jyu.fi) on 2024-11-20T15:45:33Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2024-11-20T15:45:33Z (GMT). No. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "76", "language": null, "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "CC BY-NC-ND 4.0", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.title", "value": "Log Management Best Practices in Cloud Based Software Development Lifecycle, Expert Analysis", "language": null, "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202411207398", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuuden maisteriohjelma", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Master's Degree Programme in Cyber Security", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://creativecommons.org/licenses/by-nc-nd/4.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
|