Enhancing Cyber Security for SME organizations through self-assessments : How self-assessment raises awareness
Hassinen, Tarmo (2017)
Hassinen, Tarmo
Jyväskylän ammattikorkeakoulu
2017
All rights reserved
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-201704285657
https://urn.fi/URN:NBN:fi:amk-201704285657
Tiivistelmä
This thesis primarily studied the importance of self-assessment in increasing business organizations’ cyber security awareness of their ICT environment. The secondary studied item was the relevance of self-assessment in detecting new business potential while understanding ICT environment changes. The self-assessment is based on FINCS, the Finnish basic level cyber security certificate launched in December 2016. FINCSC consists of physical and management security, ICT service and system security as well as risk management. Behind FINCSC there is e.g. ISO/IEC 27001 information security standard.
The study uses explanatory research methodology to conduct the research, and the method of the research is survey. The participants to the survey were persons from SME business organizations that participated to the pilot of the FINCSC development. For the survey, Webropol portal was used. The survey was conducted in two phases: before and after completing the FINCSC self-assessment. This was mandatory in order to study the change of the awareness before and after the self-assessment. For the results of the survey, inductive and hermeneutic analyses were used.
Based on the results of the survey, self-assessment helps the organizations to acknowledge the impact of the different parts of cyber security to the business. Especially, for the awareness of the current state of the business ICT environment, the self-assessment is valuable. Otherwise, from business prospect’s perspective, direct benefits were not found with the self-assessment.
The study uses explanatory research methodology to conduct the research, and the method of the research is survey. The participants to the survey were persons from SME business organizations that participated to the pilot of the FINCSC development. For the survey, Webropol portal was used. The survey was conducted in two phases: before and after completing the FINCSC self-assessment. This was mandatory in order to study the change of the awareness before and after the self-assessment. For the results of the survey, inductive and hermeneutic analyses were used.
Based on the results of the survey, self-assessment helps the organizations to acknowledge the impact of the different parts of cyber security to the business. Especially, for the awareness of the current state of the business ICT environment, the self-assessment is valuable. Otherwise, from business prospect’s perspective, direct benefits were not found with the self-assessment.