information security management
TRANSCRIPT
Information Security Management
Course conducted by Department of Information Management and Logistics &Novi Research Center - TUT
Dr. Ilona Ilvonen (Course Teacher)Karan Menon (Course Assistant)
What are the information and knowledge security related issues in your firm and how can they be mitigated?
• 2015-16 – 6 Kampusklubi Companies Case interviews conducted by student groups
• KSRM Model• Target for 2016-17 approximately 15 companies
with a focus on Digitalization and/or IoT related activities
• Interviews will be conducted in December or January by groups of 3-4 students and the course assistant
02.05.2023 2
Summary of 15 Groups
02.05.2023 3
Contact Us to register as a Case CompanyWrite an email for queries and registration to the following persons.
Dr. Ilona Ilvonen – [email protected]
Karan Menon – [email protected] 0401 305 046
Jaana Hanninen – [email protected] 0400 414 117
02.05.2023 4
What is the course about?
• The course aims for understanding of issues related to information security management: recognizing risks that information and knowledge face in companies, how to address those risks, and how to develop the information security status
• Both Finnish and international students
02.05.2023 5
KSRM model, focus on steps 1-5 in this assignment
02.05.2023 6
1. BUSINESS NEED OR PROBLEM, EXPECTED BENEFITS SOUGHT FROM
CHANGE- costs of implementation
- expected monetary business benefits
2. KNOWLEDGE IDENTIFICATION- identify communication genres
and containers
3. THREAT IDENTIFICATION- identify vulnerabilities and motives
to exploit them- identify threat agents
4. RISK ANALYSIS- identify risks connected to the most
important communication genres- analyse the size of risk and costs of
risk realization- identify mitigation means
5. COST/BENEFIT ASSESSMENT- business benefits vs. implementation
costs- mitigation costs vs. mitigation benefits
6. MITIGATION- implementation of mitigation
means that are deemed reasonable
7. MONITORING- set triggers for action
- any change should trigger re-evaluation of business need
and threats
Examples of results: Group 1
02.05.2023 7
Examples of results: Group 1
02.05.2023 8
Examples of results: Group 2
02.05.2023 9
Examples of results: Group 2
02.05.2023 10
Examples of results: Group 3
02.05.2023 11
Examples of results: Group 3
02.05.2023 12
Examples of the most severe risks
• Employee leaves and takes customer contacts with them• Losing company reputation due to mistakes, technical
problems or intentional actions by employees• New employee gives information to their previous
employer• Leaving employee tells information to their new employer
02.05.2023 13
Contact Us to register as a Case CompanyWrite an email for queries and registration to the following persons.
Dr. Ilona Ilvonen – [email protected]
Karan Menon – [email protected] 0401 305 046
Jaana Hanninen – [email protected] 0400 414 117
02.05.2023 14