GAP-analysis and needed actions to reach compliance to NIS2 directive in a global industrial manufacturing company

This master’s thesis investigates the cybersecurity requirements and needed actions for achieving compliance with the NIS2 directive in a large industrial manufacturing company. The research obeys to the Design Science Research (DSR) methodology, which enables the creation of practical solutions thr...

Täydet tiedot

Bibliografiset tiedot
Päätekijä: Lämsä, Markus
Muut tekijät: Informaatioteknologian tiedekunta, Faculty of Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Aineistotyyppi: Pro gradu
Kieli:eng
Julkaistu: 2024
Aiheet:
Linkit: https://jyx.jyu.fi/handle/123456789/99109
_version_ 1826225688966856704
author Lämsä, Markus
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet Lämsä, Markus Informaatioteknologian tiedekunta Faculty of Information Technology Jyväskylän yliopisto University of Jyväskylä Lämsä, Markus Informaatioteknologian tiedekunta Faculty of Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort Lämsä, Markus
datasource_str_mv jyx
description This master’s thesis investigates the cybersecurity requirements and needed actions for achieving compliance with the NIS2 directive in a large industrial manufacturing company. The research obeys to the Design Science Research (DSR) methodology, which enables the creation of practical solutions through iterative processes. The primary goal of this thesis is to evaluate the current state of cybersecurity in the organization, identify critical security gaps, and propose actionable measures to close these gaps. The research process combines a literature review that establishes the theoretical framework with qualitative data gathered from interviews with key stakeholders. The interviews provide insights into the organization's cybersecurity challenges and opportunities. Quantitative data was collected with the ISF Information Security Healthcheck tool, which supported the analysis and prioritization of the identified gaps. Five critical security functions have been identified as the key areas needing improvement: asset management, information security risk management, business continuity, supply chain security, and security governance. The suggested solution is then assessed through interviews with experts from the target organisation, and further major initiatives are recommended based on the evaluation. Finally, this thesis provides a practical, clear framework for the company for meeting the NIS2 directive's critical requirements. Suggestions for future research are made based on the research findings and the feedback from the interviews after the identified solution has been evaluated. Keywords: Information security, NIS2 directive, Cybersecurity, Manufacturing Industry, Compliance
first_indexed 2024-12-19T21:01:33Z
format Pro gradu
fullrecord [{"key": "dc.contributor.advisor", "value": "Frantti, Tapio", "language": null, "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "L\u00e4ms\u00e4, Markus", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2024-12-19T12:11:02Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2024-12-19T12:11:02Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2024", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/99109", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "This master\u2019s thesis investigates the cybersecurity requirements and needed actions for achieving compliance with the NIS2 directive in a large industrial manufacturing company. The research obeys to the Design Science Research (DSR) methodology, which enables the creation of practical solutions through iterative processes. The primary goal of this thesis is to evaluate the current state of cybersecurity in the organization, identify critical security gaps, and propose actionable measures to close these gaps.\nThe research process combines a literature review that establishes the theoretical framework with qualitative data gathered from interviews with key stakeholders. The interviews provide insights into the organization's cybersecurity challenges and opportunities. Quantitative data was collected with the ISF Information Security Healthcheck tool, which supported the analysis and prioritization of the identified gaps. Five critical security functions have been identified as the key areas needing improvement: asset management, information security risk management, business continuity, supply chain security, and security governance. \nThe suggested solution is then assessed through interviews with experts from the target organisation, and further major initiatives are recommended based on the evaluation. Finally, this thesis provides a practical, clear framework for the company for meeting the NIS2 directive's critical requirements. Suggestions for future research are made based on the research findings and the feedback from the interviews after the identified solution has been evaluated.\n\nKeywords: Information security, NIS2 directive, Cybersecurity, Manufacturing Industry, Compliance", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by jyx lomake-julkaisija (jyx-julkaisija.group@korppi.jyu.fi) on 2024-12-19T12:11:01Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2024-12-19T12:11:02Z (GMT). No. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "71", "language": null, "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.title", "value": "GAP-analysis and needed actions to reach compliance to NIS2 directive in a global industrial manufacturing company", "language": null, "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-202412197919", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Kyberturvallisuuden maisteriohjelma", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Master's Degree Programme in Cyber Security", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.copyright", "value": "\u00a9 The Author(s)", "language": null, "element": "rights", "qualifier": "copyright", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "restrictedAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "The author has not given permission to make the work publicly available electronically. Therefore the material can be read only at the archival workstation at Jyv\u00e4skyl\u00e4 University Library (https://kirjasto.jyu.fi/en/workspaces/facilities/facilities#autotoc-item-autotoc-2).", "language": "en", "element": "rights", "qualifier": "accessrights", "schema": "dc"}, {"key": "dc.rights.accessrights", "value": "Tekij\u00e4 ei ole antanut lupaa avoimeen julkaisuun, joten aineisto on luettavissa vain Jyv\u00e4skyl\u00e4n yliopiston kirjaston arkistoty\u00f6semalta. Ks. https://kirjasto.jyu.fi/fi/tyoskentelytilat/laitteet-ja-tilat#autotoc-item-autotoc-2.", "language": "fi", "element": "rights", "qualifier": "accessrights", "schema": "dc"}]
id jyx.123456789_99109
language eng
last_indexed 2025-02-18T10:56:21Z
main_date 2024-01-01T00:00:00Z
main_date_str 2024
publishDate 2024
record_format qdc
source_str_mv jyx
spellingShingle Lämsä, Markus GAP-analysis and needed actions to reach compliance to NIS2 directive in a global industrial manufacturing company Kyberturvallisuuden maisteriohjelma Master's Degree Programme in Cyber Security
title GAP-analysis and needed actions to reach compliance to NIS2 directive in a global industrial manufacturing company
title_full GAP-analysis and needed actions to reach compliance to NIS2 directive in a global industrial manufacturing company
title_fullStr GAP-analysis and needed actions to reach compliance to NIS2 directive in a global industrial manufacturing company GAP-analysis and needed actions to reach compliance to NIS2 directive in a global industrial manufacturing company
title_full_unstemmed GAP-analysis and needed actions to reach compliance to NIS2 directive in a global industrial manufacturing company GAP-analysis and needed actions to reach compliance to NIS2 directive in a global industrial manufacturing company
title_short GAP-analysis and needed actions to reach compliance to NIS2 directive in a global industrial manufacturing company
title_sort gap analysis and needed actions to reach compliance to nis2 directive in a global industrial manufacturing company
title_txtP GAP-analysis and needed actions to reach compliance to NIS2 directive in a global industrial manufacturing company
topic Kyberturvallisuuden maisteriohjelma Master's Degree Programme in Cyber Security
topic_facet Kyberturvallisuuden maisteriohjelma Master's Degree Programme in Cyber Security
url https://jyx.jyu.fi/handle/123456789/99109 http://www.urn.fi/URN:NBN:fi:jyu-202412197919
work_keys_str_mv AT lämsämarkus gapanalysisandneededactionstoreachcompliancetonis2directiveinaglobalindustrialmanufa