Improving IT administration security by using security controls based on security frameworks
Hertteli, Leevi (2022)
Hertteli, Leevi
2022
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2022052010890
https://urn.fi/URN:NBN:fi:amk-2022052010890
Tiivistelmä
Cybercrime continues to grow, and more effort should be put into defending capabilities against crimi-nals. When an attacker breaks into an organization’s IT infrastructure, its primary goal is to reach the ad-ministrator’s desired maintenance credentials that would allow them to gain access to critical assets and sensitive information. This could lead to a significant compromising of core business operations. The idea for the chosen topic arised from my own work and experiences that have been over the years of IT maintenance work. Each activity involves threats and risks and therefore, efforts are constantly made to examine one’s own activities at work, e.g. how the daily tasks are safely performed without compromis-ing the organization’s operations.
A constructive method was used as a research method in the study. The purpose of the development research is to focus solely on enhancing information security related to IT maintenance. The work creates and develops a risk management tool that is used in workshops as a tool for risk analyses. The goal is to find the necessary development targets and controls to improve the security of IT maintenance through risk assessment. The research aims are exploring different kinds of IT security criteria and standards to find recommendations and controls, and to mitigate the risks identified in workshops. Another key part of the work is to identify the protectable assets and threats.
During the implementation phase of the work, the current state analysis of the IT management was cre-ated based on queries and observations. The most important part of the implementation was to organize workshops for IT department personnel, where all the main steps involved in risk assessment were re-viewed. Assets and threats were identified, risk levels were assessed, and controls were discussed to mitigate risks. The workshop’s outputs were used as research material in this work.
To serve the organization, a risk management tool was developed to help assess risks and maintain secu-rity management. In the workshops, a lot of assets and threats were identified and those were examined more detailed in the risk analysis. The results of the risk analysis show that most of the risks assessed are intolerable risks. The reason for this is certainly because the workshop focused on better understanding of where most critical risks arise from and how the risk could be reduced.
A constructive method was used as a research method in the study. The purpose of the development research is to focus solely on enhancing information security related to IT maintenance. The work creates and develops a risk management tool that is used in workshops as a tool for risk analyses. The goal is to find the necessary development targets and controls to improve the security of IT maintenance through risk assessment. The research aims are exploring different kinds of IT security criteria and standards to find recommendations and controls, and to mitigate the risks identified in workshops. Another key part of the work is to identify the protectable assets and threats.
During the implementation phase of the work, the current state analysis of the IT management was cre-ated based on queries and observations. The most important part of the implementation was to organize workshops for IT department personnel, where all the main steps involved in risk assessment were re-viewed. Assets and threats were identified, risk levels were assessed, and controls were discussed to mitigate risks. The workshop’s outputs were used as research material in this work.
To serve the organization, a risk management tool was developed to help assess risks and maintain secu-rity management. In the workshops, a lot of assets and threats were identified and those were examined more detailed in the risk analysis. The results of the risk analysis show that most of the risks assessed are intolerable risks. The reason for this is certainly because the workshop focused on better understanding of where most critical risks arise from and how the risk could be reduced.
Kokoelmat
Samankaltainen aineisto
Näytetään aineisto, joilla on samankaltaisia nimekkeitä, tekijöitä tai asiasanoja.
-
Creation of Drone Education Curriculum for Security Guards and Security Officers
Leppäviita, Nelli Jasmine (2021)One of the subjects Etelä-Kymenlaakson Ammattiopisto teaches is vocational upper secondary qualification within safety and security. To modernize the teaching at the school a drone has been purchased and a curriculum for ... -
Hybrid Cloud Infrastructure Security : Security Automation Approaches for Hybrid IT
Chewe, Mutale (2021)Security is the single most consequential public cloud adoption barrier for enterprise. The need to extend on-premises IT infrastructure to public clouds poses great security challenges. Solution architecting to the said ... -
Improving Cyber Security Situational Awareness with Log and Network Security Monitoring
Muikku, Juha-Matti (2020)The objective of this thesis was to study the current best practices of technical information security monitoring regarding mission-critical environments. In addition, information outside best practices was sought to ...