Assessment of the Current State of Cybersecurity in a Decentralized Multi-Industry Organization : High-Level Security Guidance, Common Information Security Practices, and On-boarding Process
Silvala, Laura (2025-04-25)
Assessment of the Current State of Cybersecurity in a Decentralized Multi-Industry Organization : High-Level Security Guidance, Common Information Security Practices, and On-boarding Process
(25.04.2025)
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
suljettu
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2025043034559
https://urn.fi/URN:NBN:fi-fe2025043034559
Tiivistelmä
The organizations are growing even more dependent on information systems on their daily operations, which leads to the need of secure, reliable and flexible systems. Addition to the technology, the organizations require a combination of skills and knowledge in IT, in information security and its management, and in aligning the business with information security. Due to the decentralized business model of the case organization, the subsidiaries are in charge of implementing and managing their own information security leading to a situation where there are varying levels of security within the subsidiaries. This can cause increased amount of vulnerabilities, operational disruptions and financial consequences for the case organization.
This study aims to assess the current state of cybersecurity within the case organization, provide high-level security guidance and common information security practices, and develop an information security on-boarding/due diligence process. The area of research focus on the field of technical trade in Finland and internationally.
The main method of the research is the literature review, which is complemented by the survey results. The literature review focuses on IT infrastructure management, information security risk management and information security in decentralized businesses, SMEs, supply chain, operational technology and in mergers and acquisitions. The stakeholders of the subsidiaries were surveyed regarding the subsidiary’s information security practices.
The results are a comprehensive summary of the current topics of cybersecurity management, an improved approach to information security management within the case company and an insight into the state of cybersecurity of Finnish SMEs in the field of technical trade. The study identifies minimum information security requirements for all SMEs and micro companies. Additionally, the guidance, common information practices and on-boarding processes are tailored to fit organizations having to comply with NIS2 and Cyber Resilience Act.
This study aims to assess the current state of cybersecurity within the case organization, provide high-level security guidance and common information security practices, and develop an information security on-boarding/due diligence process. The area of research focus on the field of technical trade in Finland and internationally.
The main method of the research is the literature review, which is complemented by the survey results. The literature review focuses on IT infrastructure management, information security risk management and information security in decentralized businesses, SMEs, supply chain, operational technology and in mergers and acquisitions. The stakeholders of the subsidiaries were surveyed regarding the subsidiary’s information security practices.
The results are a comprehensive summary of the current topics of cybersecurity management, an improved approach to information security management within the case company and an insight into the state of cybersecurity of Finnish SMEs in the field of technical trade. The study identifies minimum information security requirements for all SMEs and micro companies. Additionally, the guidance, common information practices and on-boarding processes are tailored to fit organizations having to comply with NIS2 and Cyber Resilience Act.