Operational information security risk management in the Wellbeing Services County of Southwest Finland
Välilä, Mikko (2023-12-22)
Operational information security risk management in the Wellbeing Services County of Southwest Finland
(22.12.2023)
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
suljettu
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe20231222157206
https://urn.fi/URN:NBN:fi-fe20231222157206
Tiivistelmä
The Wellbeing Services County of Southwest Finland (Varha) was created at the start of the year 2023 after a major health and social services reform was implemented in Finland. The new and developing organization saw demand for research in the field of cyber security where risks to information and applicable security solutions would be accounted for.
To meet these requirements, this research was commissioned to investigate risk management and information security frameworks and applications that suit Varha's operations in due manner. As part of this study, an interview was conducted in the organization with a versatile target group in order to receive an extensive overview of the work environment and methods used therein.
The study found out that the standards ISO 27799:2016 and ISO 27002:2022 contain recommendations that can be utilized in the social and healthcare sector. They provide aspects that could be used as a frame of reference for information risk management and security in Varha.
These standards were reviewed and suitable recommendations from them were applied to the organization’s operational environment. Inapplicable portions from the standards were omitted from the work. Additional documentation in the field of healthcare was investigated to complement the recommendations included in the standards.
As a result of this work, a standardized set of risk management and information security recommendations was compiled with an adjoining condensed checklist that can be used for quick validation of the requirements. These findings can be utilized to support and develop the management of information risks and security in Varha.
To meet these requirements, this research was commissioned to investigate risk management and information security frameworks and applications that suit Varha's operations in due manner. As part of this study, an interview was conducted in the organization with a versatile target group in order to receive an extensive overview of the work environment and methods used therein.
The study found out that the standards ISO 27799:2016 and ISO 27002:2022 contain recommendations that can be utilized in the social and healthcare sector. They provide aspects that could be used as a frame of reference for information risk management and security in Varha.
These standards were reviewed and suitable recommendations from them were applied to the organization’s operational environment. Inapplicable portions from the standards were omitted from the work. Additional documentation in the field of healthcare was investigated to complement the recommendations included in the standards.
As a result of this work, a standardized set of risk management and information security recommendations was compiled with an adjoining condensed checklist that can be used for quick validation of the requirements. These findings can be utilized to support and develop the management of information risks and security in Varha.