Assessing Cybersecurity Culture in the Cloud Era - Case Study
Kaleva, Joonas (2024)
2024
Tietojohtamisen DI-ohjelma - Master's Programme in Information and Knowledge Management
Johtamisen ja talouden tiedekunta - Faculty of Management and Business
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2024-06-11
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tuni-202405276360
https://urn.fi/URN:NBN:fi:tuni-202405276360
Tiivistelmä
As organisations enhance their technological capabilities, particularly during the shift from on-premises to cloud-based systems, this can pose new kinds of opportunities but also challenges. Cloud services offer conveniences such as scalability and efficiency, yet they also bring forth security concerns. Despite this, it is still estimated that the majority of security incidents are attributed to human actions and not caused directly by advanced technologies. Hence, there is a need to focus on enhancing human behaviour and promoting proactive approaches to cybersecurity, which can be collectively encompassed within the concept of a cybersecurity culture.
A strong cybersecurity culture within an organisation cultivates a feeling of accountability and awareness among employees, positioning them the initial defence against cyber threats. Consequently, organisations need to be able to assess their maturity in this realm during this cloud era. Without a clear understanding of their cybersecurity culture state, organisations may struggle to identify weak points, track progress, or allocate resources for its improvement. Thus, given the growing significance of cybersecurity in the digital landscape and cloud environments, establishing a reliable framework and means for evaluating cybersecurity culture is not just desirable but a necessity. This is also what this study aimed to achieve.
This thesis employed a qualitative research approach, conducting a case study to assess the first iteration of the cybersecurity culture survey developed from existing literature and research. Through interviews, improvement suggestions were collected to tailor the cybersecurity culture survey to the definite requirements and context of the case organisation. Additionally, inputs were gathered on the optimal ways to utilise the survey. Furthermore, the goal was to refine the survey to further enhance the survey to comprehensively address aspects of cybersecurity culture related to the nature of cloud technologies and their security concerns.
As a result, this thesis provided the case organisation means to assess its cybersecurity culture in the era of cloud technologies. The thesis introduced a concrete assessment framework and survey to identify areas where improvements could potentially be made to continuously enhance their maturity in cloud cybersecurity culture. The findings of this study can be considered significant, as previous research seemed insufficiently attuned to the contemporary landscape of cloud computing, neglecting the new considerations these technologies introduce to the theory of cybersecurity culture. Moreover, there has been a notable absence of research on the utilisation of such surveys for continuous improvement over extended periods, a gap which this thesis addressed by providing a cybersecurity culture assessment framework.
A strong cybersecurity culture within an organisation cultivates a feeling of accountability and awareness among employees, positioning them the initial defence against cyber threats. Consequently, organisations need to be able to assess their maturity in this realm during this cloud era. Without a clear understanding of their cybersecurity culture state, organisations may struggle to identify weak points, track progress, or allocate resources for its improvement. Thus, given the growing significance of cybersecurity in the digital landscape and cloud environments, establishing a reliable framework and means for evaluating cybersecurity culture is not just desirable but a necessity. This is also what this study aimed to achieve.
This thesis employed a qualitative research approach, conducting a case study to assess the first iteration of the cybersecurity culture survey developed from existing literature and research. Through interviews, improvement suggestions were collected to tailor the cybersecurity culture survey to the definite requirements and context of the case organisation. Additionally, inputs were gathered on the optimal ways to utilise the survey. Furthermore, the goal was to refine the survey to further enhance the survey to comprehensively address aspects of cybersecurity culture related to the nature of cloud technologies and their security concerns.
As a result, this thesis provided the case organisation means to assess its cybersecurity culture in the era of cloud technologies. The thesis introduced a concrete assessment framework and survey to identify areas where improvements could potentially be made to continuously enhance their maturity in cloud cybersecurity culture. The findings of this study can be considered significant, as previous research seemed insufficiently attuned to the contemporary landscape of cloud computing, neglecting the new considerations these technologies introduce to the theory of cybersecurity culture. Moreover, there has been a notable absence of research on the utilisation of such surveys for continuous improvement over extended periods, a gap which this thesis addressed by providing a cybersecurity culture assessment framework.