Organizational change - the personnel perpective Case: Nordea - Financial Institutions

Tutkimuksen tavoite Tutkimuksen tavoite oli kerätä FI:n johdolle tietoa henkilöstön suhtautumisesta organisaatiomuutokseen. Tutkimus toimii pohjana muutosprosessin kriittiselle tarkastelulle ja mahdollisille muutoksille resurssien kohdentamisessa. Tutkimusmenetelmä Organisaatiomuutosta käsittelevä kirjallisuus muodosti tutkielman teoriapohjan. Tutkimuksen aineisto kerättiin kyselylomakkeella FI:n henkilöstölle ja neljällä haastattelulla henkilöstön ja johdon kanssa. Johtopäätökset Yleisesti tuloksista on nähtävissä, että vastaajat ovat aluksi vastustaneet muutosta, vaikka muutos itsessään onkin nähty positiivisena kehityksenä. Vastarintaa ovat aiheuttaneet pääasiallisesti muutoksen johtamisen tyyli ja tiedotuksen kokeminen riittämättömänä.

Integrating Financial Perspective to Quality Orientated Management System. Case: ALSTOM Finland Oy

Tutkimuksen päätavoitteena on tutkia taloudellisen näkökulman integroimista laatuajatteluun pohjautuvaan johtamisjärjestelmään esimerkkiyrityksessä. Johtamisjärjestelmän tulee tuottaa tietoa johdon strategiselle päätöksenteolle ja lisäksi täyttää laatujärjestelmän (ISO 9001:2000) asettamat vaatimukset. Tutkimuksen kohteena oleva työkalu on balanced scorecard (tasapainotettu tuloskortti). Työn tarkoituksena on ehdottaa balanced scorecard- talouden tunnuslukuja esimerkkiyritykselle. Tutkimuksen tavoitteisiin päästään empiiristä tutkimusta varten tehdyn teoreettisen viitekehyksen avulla. Empiiristä tutkimustietoa kerätään osallistuvan havainnoinnin, haastattelujen ja keskustelujen avulla. Tutkimusmenetelmänä on laadullinen case -tutkimus. Balanced scorecardin eri näkökulmille ehdotettiin tunnuslukuja empiirisen tutkimuksen pohjalta. Lisäksi talouden näkökulmaa tutkittiin tarkemmin. Tutkimuksen johtopäätöksenä esitettiin, että taloudelliset tunnusluvut mittaavat ensisijaisesti strategiaa eivätkä laatua. Lisäksi huomioitiin, että tuloskorttien tulisi olla koekäytössä ennen bonuspalkkauksen ja balanced scorecardin yhdistämistä.

A cyber security architecture for military networks using a cognitive network approach

Cyber security is one of the main topics that are discussed around the world today. The threat is real, and it is unlikely to diminish. People, business, governments, and even armed forces are networked in a way or another. Thus, the cyber threat is also facing military networking. On the other hand, the concept of Network Centric Warfare sets high requirements for military tactical data communications and security. A challenging networking environment and cyber threats force us to consider new approaches to build security on the military communication systems. The purpose of this thesis is to develop a cyber security architecture for military networks, and to evaluate the designed architecture. The architecture is described as a technical functionality. As a new approach, the thesis introduces Cognitive Networks (CN) which are a theoretical concept to build more intelligent, dynamic and even secure communication networks. The cognitive networks are capable of observe the networking environment, make decisions for optimal performance and adapt its system parameter according to the decisions. As a result, the thesis presents a five-layer cyber security architecture that consists of security elements controlled by a cognitive process. The proposed architecture includes the infrastructure, services and application layers that are managed and controlled by the cognitive and management layers. The architecture defines the tasks of the security elements at a functional level without introducing any new protocols or algorithms. For evaluating two separated method were used. The first method is based on the SABSA framework that uses a layered approach to analyze overall security of an organization. The second method was a scenario based method in which a risk severity level is calculated. The evaluation results show that the proposed architecture fulfills the security requirements at least at a high level. However, the evaluation of the proposed architecture proved to be very challenging. Thus, the evaluation results must be considered very critically. The thesis proves the cognitive networks are a promising approach, and they provide lots of benefits when designing a cyber security architecture for the tactical military networks. However, many implementation problems exist, and several details must be considered and studied during the future work.

New threats - old routines : bureaucratic adaptability in the security policy environment

Within the framework of state security policy, the focus of this dissertation are the relations between how new security threats are perceived and the policy planning and bureaucratic implementation that are designed to address them. In addition, this thesis explores and studies some of the inertias that might exist in the core of the state apparatus as it addresses new threats and how these could be better managed. The dissertation is built on five thematic and interrelated articles highlighting different aspects of when new significant national security threats are detected by different governments until the threats on the policy planning side translate into protective measures within the society. The timeline differs widely between different countries and some key aspects of this process are also studied. One focus concerns mechanisms for adaptability within the Intelligence Community, another on the policy planning process within the Cabinet Offices/National Security Councils and the third focus is on the planning process and how policy is implemented within the bureaucracy. The issue of policy transfer is also analysed, revealing that there is some imitation of innovation within governmental structures and policies, for example within the field of cyber defence. The main findings of the dissertation are that this context has built-in inertias and bureaucratic seams found in most government bureaucratic machineries. As much of the information and planning measures imply security classification of the transparency and internal debate on these issues, alternative assessments become limited. To remedy this situation, the thesis recommends ways to improve the decision-making system in order to streamline the processes involved in making these decisions. Another special focus of the thesis concerns the role of the public policy think tanks in the United States as an instrument of change in the country’s national security decision-making environment, which is viewed from the perspective as being a possible source of new ideas and innovation. The findings in this part are based on unique interviews data on how think tanks become successful and influence the policy debate in a country such as the United States. It appears clearly that in countries such as the United States think tanks smooth the decision making processes, and that this model with some adaptations also might be transferrable to other democratic countries.

Evaluation of Machine Learning Classifiers for Mobile Network Intrusion Detection Systems

Mobile malwares are increasing with the growing number of Mobile users. Mobile malwares can perform several operations which lead to cybersecurity threats such as, stealing financial or personal information, installing malicious applications, sending premium SMS, creating backdoors, keylogging and crypto-ransomware attacks. Knowing the fact that there are many illegitimate Applications available on the App stores, most of the mobile users remain careless about the security of their Mobile devices and become the potential victim of these threats. Previous studies have shown that not every antivirus is capable of detecting all the threats; due to the fact that Mobile malwares use advance techniques to avoid detection. A Network-based IDS at the operator side will bring an extra layer of security to the subscribers and can detect many advanced threats by analyzing their traffic patterns. Machine Learning(ML) will provide the ability to these systems to detect unknown threats for which signatures are not yet known. This research is focused on the evaluation of Machine Learning classifiers in Network-based Intrusion detection systems for Mobile Networks. In this study, different techniques of Network-based intrusion detection with their advantages, disadvantages and state of the art in Hybrid solutions are discussed. Finally, a ML based NIDS is proposed which will work as a subsystem, to Network-based IDS deployed by Mobile Operators, that can help in detecting unknown threats and reducing false positives. In this research, several ML classifiers were implemented and evaluated. This study is focused on Android-based malwares, as Android is the most popular OS among users, hence most targeted by cyber criminals. Supervised ML algorithms based classifiers were built using the dataset which contained the labeled instances of relevant features. These features were extracted from the traffic generated by samples of several malware families and benign applications. These classifiers were able to detect malicious traffic patterns with the TPR upto 99.6% during Cross-validation test. Also, several experiments were conducted to detect unknown malware traffic and to detect false positives. These classifiers were able to detect unknown threats with the Accuracy of 97.5%. These classifiers could be integrated with current NIDS', which use signatures, statistical or knowledge-based techniques to detect malicious traffic. Technique to integrate the output from ML classifier with traditional NIDS is discussed and proposed for future work.