fullrecord |
[{"key": "dc.contributor.advisor", "value": "Frantti, Tapio", "language": null, "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Timlin, P\u00e4ivi", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2024-12-13T07:00:17Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2024-12-13T07:00:17Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2024", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/98993", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "The European Union's NIS2 directive imposes a cybersecurity risk management obligation on a wide range of organizations of different sizes and operating in different sectors. The NIS2 directive is supposed to be implemented by the national cyber security law, which is under consideration by the parliament when this thesis was written.\nThe thesis explained what is included in the risk management obligations of the NIS2 directive and the draft cybersecurity law. In addition, it was clarified which are the key cybersecurity standards and exact standard points in terms of the obligations of the law, as well as the similarities and differences in the application of the standard in relation to the obligations of the legislation.\nThe master's thesis was carried out as a design science study, the result of which is a construction, i.e. a design product. The construction includes the most general cybersecurity standards and applicable references to the risk management obligation of the cybersecurity law and Traficom's draft recommendations. The theoretical reference framework needed for the construction was formed from the risk management obligation and cyber security standards presented in the law. The construction was based on Traficom's draft recommendations for NIS supervisory authorities on cybersecurity risk management measures.\nThe construction presents the standard references corresponding to the national cybersecurity law from information security management systems to the ISO/IEC 27001:2022 standard and the NIST CSF 2.0 reference framework, to the cybersecurity risk management ISO/IEC 27005:2022, NIST SP 800-30 and NIST SP 800-37 standards, supply chain security to the ISO 28000:2022 and NIST SP 800-161 standards, and to the ISO/IEC 27035-1:2023, ISO/IEC 27035-2:2023 and NIST SP 800-61 standards, which deal with deviation management. The construction is published as part of the standard references contained in Traficom's recommendation and the cross-reference table attached to the recommendation.\nCybersecurity standards support the organization in preparing for legal obligations. The requirements of information security management systems are largely the same as in the draft cybersecurity law. They provide a systematic way to perform cybersecurity risk management and help maintain up-to-date documentation. However, the use of the standard does not guarantee that risk management is up-to-date and proportionate.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Euroopan unionin NIS2-direktiivi asettaa kyberturvallisuuden riskienhallintavelvoitteen laajalle joukolle eri kokoisia ja eri sektoreilla toimivia organisaatioita. NIS2-direktiivi on tarkoitus panna t\u00e4yt\u00e4nt\u00f6\u00f6n kansallisella kyberturvallisuuslailla ja se on parhaillaan eduskunnan k\u00e4sitelt\u00e4v\u00e4n\u00e4, kun t\u00e4t\u00e4 opinn\u00e4ytety\u00f6t\u00e4 kirjoitettiin.\nOpinn\u00e4ytety\u00f6ss\u00e4 tutkittiin, mit\u00e4 NIS2-direktiivin ja kyberturvallisuuslakiluonnoksen riskienhallintavelvoitteeseen sis\u00e4ltyy. Lis\u00e4ksi selvitettiin, mitk\u00e4 ovat lain velvoitteen kannalta keskeiset kyberturvallisuusstandardit ja niiden tarkat standardikohdat sek\u00e4 mit\u00e4 yht\u00e4l\u00e4isyyksi\u00e4 ja eroja standardin soveltamisessa on suhteessa lains\u00e4\u00e4d\u00e4nn\u00f6n velvoitteisiin.\nPro gradu -tutkielma toteutettiin suunnittelutieteen tutkimuksena, jonka lopputuloksena on konstruktio eli suunnittelutuote. Konstruktio sis\u00e4lt\u00e4\u00e4 yleisimm\u00e4t kyberturvallisuusstandardit ja soveltuvat viittaukset kyberturvallisuuslain riskienhallintavelvoitetta k\u00e4sitteleviin pyk\u00e4liin ja Traficomin suositusluonnokseen. Konstruktioon tarvittava teoreettinen viitekehys muodostettiin laissa esitetyst\u00e4 riskienhallintavelvoitteesta ja kyberturvallisuusstandardeista. Konstruktion pohjaksi otettiin Traficomin suositusluonnos NIS-valvoville viranomaisille kyberturvallisuuden riskienhallinnan toimenpiteist\u00e4.\nKonstruktio esittelee kansallista kyberturvallisuuslakia vastaavat standardiviittaukset tietoturvallisuuden hallintaj\u00e4rjestelmist\u00e4 ISO/IEC 27001:2022 standardiin ja NIST CSF 2.0 viitekehykseen, kyberturvallisuuden riskienhallintaan tarkoitettuihin ISO/IEC 27005:2022, NIST SP 800-30 ja NIST SP 800-37 standardeihin, toimitusketjujen turvallisuutta k\u00e4sitteleviin ISO 28000:2022 ja NIST SP 800-161 standardeihin sek\u00e4 poikkeamanhallintaa k\u00e4sitteleviin ISO/IEC 27035-1:2023, ISO/IEC 27035-2:2023 ja NIST SP 800-61 standardeihin. Konstruktio julkaistaan osana Traficomin suosituksen sis\u00e4lt\u00e4mi\u00e4 standardiviitteit\u00e4 ja suosituksen liitteen\u00e4 olevaa ristiinviittaustaulukkoa.\nKyberturvallisuusstandardit tukevat organisaatiota lains\u00e4\u00e4d\u00e4nn\u00f6n velvoitteisiin valmistautumisessa. Tietoturvallisuuden hallintaj\u00e4rjestelmien vaatimukset ovat suurelta osin vastaavat kuin kyberturvallisuuslakiluonnoksessa. Ne tarjoavat systemaattisen tavan tehd\u00e4 kyberturvallisuuden riskienhallintaa ja auttavat yll\u00e4pit\u00e4m\u00e4\u00e4n ajantasaista dokumentaatiota. Standardin k\u00e4ytt\u00f6 ei kuitenkaan takaa sit\u00e4, ett\u00e4 riskienhallinta on ajantasaista ja oikeasuhtaista.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by jyx lomake-julkaisija (jyx-julkaisija.group@korppi.jyu.fi) on 2024-12-13T07:00:17Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2024-12-13T07:00:17Z (GMT). No. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "82", "language": null, "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "fin", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "CC BY 4.0", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.title", "value": "Kyberturvallisuusstandardit NIS2-direktiivin riskienhallintavelvoitteen tukena", "language": null, "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202412137815", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Master's Degree Programme in Cyber Security", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuuden maisteriohjelma", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://creativecommons.org/licenses/by/4.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}]
|