Threat modeling during the times of hybrid work: A tech SME perspective
| dc.contributor.author | Paananen, Veera | |
| dc.contributor.department | fi=Tietotekniikan laitos|en=Department of Computing| | |
| dc.contributor.faculty | fi=Teknillinen tiedekunta|en=Faculty of Technology| | |
| dc.contributor.studysubject | fi=Tietotekniikka|en=Information and Communication Technology| | |
| dc.date.accessioned | 2022-06-08T21:02:08Z | |
| dc.date.available | 2022-06-08T21:02:08Z | |
| dc.date.issued | 2022-05-20 | |
| dc.description.abstract | Cybersecurity has become a highly relevant area in the industry that organizations of all sizes need to consider to stay relevant and viable. In order to consider cybersecurity at a sufficient level general, "best practices" for security are simply inadequate, and security measures like threat modeling are required. An increased amount of cyber-attacks during the last few years has further highlighted the importance of proper security management in an organizational context. In addition, the COVID-19 pandemic led to a sudden widespread shift from traditional on-site work to remote and hybrid work (a combination of on-site and remote work), which has created more challenges for effectively managing cybersecurity risks. While larger enterprises tend to have the resources for meeting the cybersecurity needs of new work models and associated risks, the same does not apply to small and medium-sized enterprises. Researchers had already found that risks of hybrid work need to be accounted for and had recognized ways to do so, but the question of how SMEs view these risks was left unanswered. This thesis aims to learn how tech SMEs view cybersecurity risks associated with hybrid work and what strategies are adopted to deal with them, and whether threat modeling is a tool tech SMEs consider in their cybersecurity management. To reach these goals, the author collected data using a case study approach from 9 employees of a Finnish tech SME through semi-structured interviews, which were then analyzed together with observational data collected by the thesis author. The findings show that SMEs, even tech SMEs, rely on the most known best cybersecurity practices, such as using VPN, to deal with cybersecurity risks related to hybrid work. SMEs also view threat modeling as an optional security tool they usually do not have much knowledge or experience of. In addition, the study results revealed that it is feasible to implement threat modeling into a tech SME’s existing security practices if the general limitations of SMEs and specific requirements of that specific SME are considered beforehand. | |
| dc.format.extent | 113 | |
| dc.identifier.olddbid | 171135 | |
| dc.identifier.oldhandle | 10024/154240 | |
| dc.identifier.uri | https://www.utupub.fi/handle/11111/23482 | |
| dc.identifier.urn | URN:NBN:fi-fe2022060844219 | |
| dc.language.iso | eng | |
| dc.rights | fi=Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.|en=This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.| | |
| dc.rights.accessrights | suljettu | |
| dc.source.identifier | https://www.utupub.fi/handle/10024/154240 | |
| dc.subject | threat modeling, risk management, hybrid work, cyber security | |
| dc.title | Threat modeling during the times of hybrid work: A tech SME perspective | |
| dc.type.ontasot | fi=Diplomityö|en=Master's thesis| |
Tiedostot
1 - 1 / 1