The Human Element in IT Security
Malinen, Leo Mikael (2021)
Malinen, Leo Mikael
2021
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-202105026566
https://urn.fi/URN:NBN:fi:amk-202105026566
Tiivistelmä
This research is focused on the topic of IT security from the perspective of the internal human element by examining employee’s roles in organization’s IT security. This is achieved by examining how big the role of the employees in the overall organization’s IT security is and what measures can be taken to prepare for threats involving or originating from the internal human element.
The goal of the research is to give a clear overview of the aforementioned threats by categorizing them and examining real IT security incidents which have happened from said categories. The scope of this project is limited to IT security threats with direct involvement of the internal human element and hence excludes threats such as injections and software bugs.
This research is primarily based on qualitative data and was conducted between September 2020 and May 2021. The methods of acquiring the qualitative data in the research include referenced books, blogs, news articles and interviews on related topics.
The first part of the research goes over the practical aspects of this research after which it transitions into the theoretical background of the topics discussed later in the research. After the theoretical background, the research goes over the empirical part by examining real cases involving the internal human element and making observations based on interviews carried out during this research. The final parts go over the results and discussions of this research.
Results from this research include information on how factors such as solutions involving technology, organization sizes, risk assessments and psychology affect organizations capabilities to prepare for threats involving the internal human element.
The conclusion from this research is that employees play a large role in organizations IT security not only due to their direct actions but also based on their approach to the topic especially when considering IT security in organizations culture. This research also came to the conclusion that frameworks, especially the ISO 27001, are very beneficial for organizations when dealing with threats involving the internal human element.
The goal of the research is to give a clear overview of the aforementioned threats by categorizing them and examining real IT security incidents which have happened from said categories. The scope of this project is limited to IT security threats with direct involvement of the internal human element and hence excludes threats such as injections and software bugs.
This research is primarily based on qualitative data and was conducted between September 2020 and May 2021. The methods of acquiring the qualitative data in the research include referenced books, blogs, news articles and interviews on related topics.
The first part of the research goes over the practical aspects of this research after which it transitions into the theoretical background of the topics discussed later in the research. After the theoretical background, the research goes over the empirical part by examining real cases involving the internal human element and making observations based on interviews carried out during this research. The final parts go over the results and discussions of this research.
Results from this research include information on how factors such as solutions involving technology, organization sizes, risk assessments and psychology affect organizations capabilities to prepare for threats involving the internal human element.
The conclusion from this research is that employees play a large role in organizations IT security not only due to their direct actions but also based on their approach to the topic especially when considering IT security in organizations culture. This research also came to the conclusion that frameworks, especially the ISO 27001, are very beneficial for organizations when dealing with threats involving the internal human element.