Creating a guidebook for IRAM2 information risk assessment methodology
Pelkonen, Eeva-Riina (2023)
2023
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2023053016018
https://urn.fi/URN:NBN:fi:amk-2023053016018
Tiivistelmä
The importance of information security has increased and will keep increasing also in future. Information security risks have become more and more complicated because of the rapid digitalisation and because most of the today’s operations are run with different information systems. For companies that offer consultant services the need for constant skills development and knowhow is crucial.
The goal of this thesis was to create a guidebook for professionals to use when they are getting to know a specific information risk assessment methodology. To be able to construct this kind of guidebook, first the knowledge base needed to be formed and the specific risk assessment methodology was studied thoroughly.
For this client commissioned work, research development work was carried out to construct the knowledge base and create the guidebook. Knowledge base and guidebook was created using document analysis and feedback method. Knowledge base was constructed from risk management fundamentals, information security and risk assessment methodology. Feedback was gathered of the first version of the guidebook from information risk management professionals who are the main user group for this guidebook. After receiving the feedback, guidebook was modified accordingly based on the feedback.
As a result, 32-page guidebook was created. Guidebook started from introducing the specific information risk assessment methodology, why has it been created and for whom. After that is introduced the fundamentals of risk management and what are the key points for successful risk management.
In the end of the thesis is discussion on how the goal of this thesis was met and what challenges was faced during the process. It is also discussed why the problems occurred and how they possibly could have been avoided. In discussion is also represented some ideas how the guidebook could be modified in the future.
The goal of this thesis was to create a guidebook for professionals to use when they are getting to know a specific information risk assessment methodology. To be able to construct this kind of guidebook, first the knowledge base needed to be formed and the specific risk assessment methodology was studied thoroughly.
For this client commissioned work, research development work was carried out to construct the knowledge base and create the guidebook. Knowledge base and guidebook was created using document analysis and feedback method. Knowledge base was constructed from risk management fundamentals, information security and risk assessment methodology. Feedback was gathered of the first version of the guidebook from information risk management professionals who are the main user group for this guidebook. After receiving the feedback, guidebook was modified accordingly based on the feedback.
As a result, 32-page guidebook was created. Guidebook started from introducing the specific information risk assessment methodology, why has it been created and for whom. After that is introduced the fundamentals of risk management and what are the key points for successful risk management.
In the end of the thesis is discussion on how the goal of this thesis was met and what challenges was faced during the process. It is also discussed why the problems occurred and how they possibly could have been avoided. In discussion is also represented some ideas how the guidebook could be modified in the future.