Pieces of a puzzle : Exploring information security services
Kulta, Lotta (2018-01-04)
Pieces of a puzzle : Exploring information security services
(04.01.2018)
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
avoin
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe201802053104
https://urn.fi/URN:NBN:fi-fe201802053104
Tiivistelmä
Digitalization is changing the society and its operations from consumers to organizations: the world is becoming connected 24/7. This sets increasing demands on organizations as new threats against information security are continuously arising. Companies need to ensure that they are protecting their information assets against information security threats. Digiwars programme by the Ministry of Transport and Communications aims at strengthening the digital services market and ensuring a reliable operating environment in Finland. As part of the programme, this thesis aims at exploring what information security (later infosec) services are, how the services can be categorized and what type of services are utilized in companies operating in Finland.
To answer the aforementioned research questions, this study combines a systematic literature review (SLR) on infosec services and a survey that investigates the use of these services. Furthermore, based on the infosec services identified in the SLR, an infosec service categorization (ISSeCa) was built. ISSeCa offers a structured manner to understanding the infosec service concept and its complexity. Based on the results of the research, the definition of a security service lacks cohesion as the range of infosec services is wide; additionally, there are multiple perspectives on the services from which a technical perspective was pronounced in the results. In addition, to some extent, academia is still describing infosec services by characteristics typically seen as the components of information security itself. Furthermore, although the results of the survey cannot be generalized to a larger population due to low response rate, the results provide insights on the outlook of organizations towards infosec services by suggesting that companies utilize a balanced set of infosec services from different infosec categories and regard these services as important.
Based on the findings of the research it can be stated, that the infosec service concept lacks coherence; additionally, a consensus on the definition of an infosec service is yet to be achieved. The ISSeCa categorization, consequently, offers a fertile ground for further research regarding infosec services. Furthermore, based on the findings of the research it can be stated, that organizations should adopt a holistic approach in building their information security service palette, where different services are fitted tightly together like the pieces of a puzzle. This puzzle, however, is not built static but needs to be altered based on emerging organizational needs and new arising threats.
To answer the aforementioned research questions, this study combines a systematic literature review (SLR) on infosec services and a survey that investigates the use of these services. Furthermore, based on the infosec services identified in the SLR, an infosec service categorization (ISSeCa) was built. ISSeCa offers a structured manner to understanding the infosec service concept and its complexity. Based on the results of the research, the definition of a security service lacks cohesion as the range of infosec services is wide; additionally, there are multiple perspectives on the services from which a technical perspective was pronounced in the results. In addition, to some extent, academia is still describing infosec services by characteristics typically seen as the components of information security itself. Furthermore, although the results of the survey cannot be generalized to a larger population due to low response rate, the results provide insights on the outlook of organizations towards infosec services by suggesting that companies utilize a balanced set of infosec services from different infosec categories and regard these services as important.
Based on the findings of the research it can be stated, that the infosec service concept lacks coherence; additionally, a consensus on the definition of an infosec service is yet to be achieved. The ISSeCa categorization, consequently, offers a fertile ground for further research regarding infosec services. Furthermore, based on the findings of the research it can be stated, that organizations should adopt a holistic approach in building their information security service palette, where different services are fitted tightly together like the pieces of a puzzle. This puzzle, however, is not built static but needs to be altered based on emerging organizational needs and new arising threats.