Improving IT administration security by using security controls based on security frameworks
Hertteli, Leevi (2022)
2022
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2022052010890
https://urn.fi/URN:NBN:fi:amk-2022052010890
Tiivistelmä
Cybercrime continues to grow, and more effort should be put into defending capabilities against crimi-nals. When an attacker breaks into an organization’s IT infrastructure, its primary goal is to reach the ad-ministrator’s desired maintenance credentials that would allow them to gain access to critical assets and sensitive information. This could lead to a significant compromising of core business operations. The idea for the chosen topic arised from my own work and experiences that have been over the years of IT maintenance work. Each activity involves threats and risks and therefore, efforts are constantly made to examine one’s own activities at work, e.g. how the daily tasks are safely performed without compromis-ing the organization’s operations.
A constructive method was used as a research method in the study. The purpose of the development research is to focus solely on enhancing information security related to IT maintenance. The work creates and develops a risk management tool that is used in workshops as a tool for risk analyses. The goal is to find the necessary development targets and controls to improve the security of IT maintenance through risk assessment. The research aims are exploring different kinds of IT security criteria and standards to find recommendations and controls, and to mitigate the risks identified in workshops. Another key part of the work is to identify the protectable assets and threats.
During the implementation phase of the work, the current state analysis of the IT management was cre-ated based on queries and observations. The most important part of the implementation was to organize workshops for IT department personnel, where all the main steps involved in risk assessment were re-viewed. Assets and threats were identified, risk levels were assessed, and controls were discussed to mitigate risks. The workshop’s outputs were used as research material in this work.
To serve the organization, a risk management tool was developed to help assess risks and maintain secu-rity management. In the workshops, a lot of assets and threats were identified and those were examined more detailed in the risk analysis. The results of the risk analysis show that most of the risks assessed are intolerable risks. The reason for this is certainly because the workshop focused on better understanding of where most critical risks arise from and how the risk could be reduced.
A constructive method was used as a research method in the study. The purpose of the development research is to focus solely on enhancing information security related to IT maintenance. The work creates and develops a risk management tool that is used in workshops as a tool for risk analyses. The goal is to find the necessary development targets and controls to improve the security of IT maintenance through risk assessment. The research aims are exploring different kinds of IT security criteria and standards to find recommendations and controls, and to mitigate the risks identified in workshops. Another key part of the work is to identify the protectable assets and threats.
During the implementation phase of the work, the current state analysis of the IT management was cre-ated based on queries and observations. The most important part of the implementation was to organize workshops for IT department personnel, where all the main steps involved in risk assessment were re-viewed. Assets and threats were identified, risk levels were assessed, and controls were discussed to mitigate risks. The workshop’s outputs were used as research material in this work.
To serve the organization, a risk management tool was developed to help assess risks and maintain secu-rity management. In the workshops, a lot of assets and threats were identified and those were examined more detailed in the risk analysis. The results of the risk analysis show that most of the risks assessed are intolerable risks. The reason for this is certainly because the workshop focused on better understanding of where most critical risks arise from and how the risk could be reduced.
Kokoelmat
Samankaltainen aineisto
Näytetään aineisto, joilla on samankaltaisia nimekkeitä, tekijöitä tai asiasanoja.
-
Research on Optimization of Security Screening Process in AB Airport
(2025)With the rapid development of the air transportation industry, the efficiency and safety of the airport security check process has become a core issue of concern for the industry. This paper takes AB airport as the research ... -
Making an information security plan
(2021)The development objective of this thesis was to create a working, efficient and solid information security plan for a small-sized company. This thesis used qualitative and development methods, such as qualitative interview, ... -
Cybersecurity development and business continuity plan for car dealership
(2022)The purpose of this thesis was to investigate the capability of the case company to meet the challenges of current and growing security threats and to come up with a development plan to increase the level of cyber security ...
