G5 Doctoral dissertation (article)
Kyberturvallisuuden johtaminen ja kehittäminen osana kriittisen infrastruktuurin organisaation toimintaa : systeemiajattelu (2020)
Pöyhönen, J. (2020). Kyberturvallisuuden johtaminen ja kehittäminen osana kriittisen infrastruktuurin organisaation toimintaa : systeemiajattelu [Doctoral dissertation]. Jyväskylän yliopisto. JYU dissertations, 270. http://urn.fi/URN:ISBN:978-951-39-8258-4
JYU authors or editors
Publication details
All authors or editors: Pöyhönen, Jouni
eISBN: 978-951-39-8258-4
Journal or series: JYU dissertations
eISSN: 2489-9003
Publication year: 2020
Number in series: 270
Number of pages in the book: 1 verkkoaineisto (236 sivua, 69 numeroimatonta sivua)
Publisher: Jyväskylän yliopisto
Place of Publication: Jyväskylä
Publication country: Finland
Publication language: Finnish
Persistent website address: http://urn.fi/URN:ISBN:978-951-39-8258-4
Publication open access: Openly available
Publication channel open access: Open Access channel
Abstract
The structure of the modern society is based on the cooperation of different parts of the critical infrastructure. Their mutual functional ability depends primarily on operationally reliable organizations that form systems, i.e. parts of the infrastructural whole. This doctoral dissertation focuses on developing cybersecurity leadership in enterprises and other organizations in the network of national critical infrastructure. The research emphasizes controlling the continuity of their functional processes in all operational environments. The dissertation presents different models of cybersecurity leadership and development for organizations. The focus is on proactiveness as well as creating trust, preserving reputation and managing the continuity of functional processes. The research method used was Soft Systems Methodology, SSM. While the people, processes and technologies of an organization present its capabilities, they also contain vulnerabilities. The most central research question of the dissertation concentrates on cybersecurity leadership procedures and a comprehensive system review of cybersecurity management in a national critical infrastructure organization. It means cybersecurity management on all levels of decision-making (strategic, operative and technical/tactical). Three practical measures for development are presented: first, embedding new technological solutions into the organization’s piers cyber security structure, second, drafting comprehensive cyber security risk assessments and third, preparing contingency plans in order to improve an organization’s resilience. In implementing the organizational cybersecurity development measures presented in the dissertation, the PDCA-method of process improvement can be applied. These organization-specific measures advance the protection of national critical infrastructure and thus also cyber self-sufficiency, comprehensive security, security of supply and both national and organization-specific competitive advantage.
Keywords: cyber security; national security; security of supply; infrastructures; organisations (systems); leadership (activity); safety and security management; systems thinking; systems architecture
Free keywords: cyber security; national critical infrastructure; system; organization; process; device
Contributing organizations
Ministry reporting: Yes
Reporting Year: 2020