834 resultados para security, usability, identity management, authentication, authorization
Resumo:
Diplomityön tarkoituksena oli tutkia vaatimusten hallintaa suunnittelu- ja konsultointiyrityksen kannalta Suomen ydinvoimaprojekteissa keskittyen ydinturvallisuus- ja laatuvaatimuksiin. Ydinvoimaprojekteissa toimiminen on edellyttänyt menettelyohjeiden ja laatujärjestelmän uudelleen organisointia yrityksessä ja esiin on noussut haasteita liittyen muun muassa vaatimusten tunnistamiseen ja todentamiseen erityyppisissä ja erilaajuisissa projekteissa. Työ toteutettiin perehtymällä ydinvoimaan liittyvään lainsäädäntöön Suomessa, ohjeisiin ja standardeihin sekä haastattelemalla yrityksen omia asiantuntijoita. Viimeaikaisista sekä meneillään olevista projekteista kerättiin kokemuksia sekä arvioitiin ydinvoima projekteja varten laaditun projektin toteutusohjeen toimivuutta ja käytettävyyttä esimerkkiprojektin avulla. Suurimmiksi haasteiksi tunnistettiin lainsäädännöllisten vaatimusten, kuten ydinvoima- laitosohjeiden (YVL) muuttuminen ja tulkinnanvaraisuus sekä asiakkaiden perehtymät- tömyys Suomen lainsäädäntöön ja vaatimustasoon liittyen ydinturvallisuuteen. Työn tuloksena tunnistettiin hyviä vaatimusten hallintaan liittyviä projektinhallintaa ja ydin- turvallisuutta edistäviä asioita, kuten vaatimusten täsmentäminen jo sopimustasolla sekä niiden täyttymisen seuranta projektin aikana. Erillisen vaatimustietokannan luomista ydinvoimaprojekteja varten tutkittiin, mutta siitä luovuttiin teknisten vaatimusten osalta kannattamattomana, sillä standardien ja vaatimusten määrä kasvoi niin suureksi, että niiden hallitseminen vaatisi enemmän työtä kuin mitä projektien taso yleensä sallisi.
Resumo:
The ninth annual Suomenlinna seminar, organised by the Department of Strategic and Defence Studies, Finnish National Defence College, was held in May 2006. It brought together a representative group of specialists in security studies for two days of presentations and discussion about the most pressing issues of today – the challenges facing European Union’s crisis management in Africa.
Resumo:
The objective of this research was to describe how Nordic companies manage hazard risks in their operations in Russia and how the local business environment is considered to affect the hazard risks. Research methods used in this research were literature review and expert interviews. Twelve Nordic industrial companies operating in different fields of industry were interviewed. Large Nordic companies typically guide risk management centralized from the parent company on behalf of the whole company group and the risk management standards and policies are integrated in all subsidiaries. Parent companies typically control hazard risk management in Russia by regular risk management reporting, auditing the Russian sites and by training local managers and employees to risk management work. Many companies have experienced several losses in the first years of operating in Russia before the risk management policies have been implemented in Russian subsidiaries. The companies have learned to take local characteristics better into account by experience and most companies are quite satisfied with their current risk management standards in Russia. The interviews indicate that companies experience especially the poor quality of infrastructure, some features in Russian organizational culture and high level of criminality to increase hazard risks in Russia. However, understanding these features and risks in the business environment makes the management of these risks possible. Risks related to infrastructure can be managed in advance by decreasing dependencies of infrastructure and considering the infrastructure quality already when planning the business operations. Also good local network is often considered critical in order to overcome the complications related to infrastructure. Russian personnel has typically different attitude towards risk management than Nordic personnel and neglecting safety and maintenance and concealing losses is more typical in Russia. By training and guiding the local personnel risk management and safety work and desired ways of actions these risks can be decreased. Criminality risks are often managed to certain extent by investing in security, increasing supervising and paying attention to reliability of the employees and other interest groups of the company.
Resumo:
The modern business development of China began during 1978 and during the last decades Chinese have created one of the most dynamic and strongest economies in the world. China is now second largest trading power calculated in dollars. The special characteristic of this economic development is that it is not copy of any existing economy, instead the developments have been strongly influenced by the Chinese cultural characteristics. One cultural characteristic, guanxi, which is a “network of services and counter- services” is argued to be major component of successful business in China where these changes of services happen between people but also between companies. Obtaining introductions and the guanxi when doing business in China will give attentive audience and security for companies business. Despite the evidenced importance of guanxi, China´s business environment is rapidly changing towards Western economies, which might then reduce the importance of guanxi. Therefore the current impact of guanxi is a important topic to study. The main purpose of this study is to explore the impact of guanxi for Western big and small sized multinational companies´ business processes when doing business in China. This study looks What is the impact of guanxi in contemporary Chinese business environment for foreign companies doing business in China. Sub-questions in this research focus on what is the impact of guanxi on corporate reputation, management and negotiations. Findings present a mixed view where the importance of guanxi is not anymore critical, especially among younger people in the cities, however guanxi was clearly important outside the cities and when dealing with government officials. Efficient use of guanxi can be extremely profitable especially during early stages of business operations and guanxi plays role when bargaining prices and ensuring product quality from the factories. Therefore guanxi should be considered as essential element for successful business in China.
Resumo:
Cyber security is one of the main topics that are discussed around the world today. The threat is real, and it is unlikely to diminish. People, business, governments, and even armed forces are networked in a way or another. Thus, the cyber threat is also facing military networking. On the other hand, the concept of Network Centric Warfare sets high requirements for military tactical data communications and security. A challenging networking environment and cyber threats force us to consider new approaches to build security on the military communication systems. The purpose of this thesis is to develop a cyber security architecture for military networks, and to evaluate the designed architecture. The architecture is described as a technical functionality. As a new approach, the thesis introduces Cognitive Networks (CN) which are a theoretical concept to build more intelligent, dynamic and even secure communication networks. The cognitive networks are capable of observe the networking environment, make decisions for optimal performance and adapt its system parameter according to the decisions. As a result, the thesis presents a five-layer cyber security architecture that consists of security elements controlled by a cognitive process. The proposed architecture includes the infrastructure, services and application layers that are managed and controlled by the cognitive and management layers. The architecture defines the tasks of the security elements at a functional level without introducing any new protocols or algorithms. For evaluating two separated method were used. The first method is based on the SABSA framework that uses a layered approach to analyze overall security of an organization. The second method was a scenario based method in which a risk severity level is calculated. The evaluation results show that the proposed architecture fulfills the security requirements at least at a high level. However, the evaluation of the proposed architecture proved to be very challenging. Thus, the evaluation results must be considered very critically. The thesis proves the cognitive networks are a promising approach, and they provide lots of benefits when designing a cyber security architecture for the tactical military networks. However, many implementation problems exist, and several details must be considered and studied during the future work.
Resumo:
The goal of this thesis is to study how a solution-oriented business-to-business company can utilize its brand as a strategic asset by using the concepts of brand identity and brand image. The study analyses the intended brand message (identity) contrasting it with the customer perceptions (image) to reveal points of parity and congruence. The study uses a case company as an example and discusses the benefits of brand management as well. Internally, brands can be studied by performing a set of interviews amongst top and middle management. The interviews need to consider the various elements of branding from associations to differentiation and value creation. Customers’ perceptions can be reliably studied via online survey designed to compare the intended brand message with customers’ experiences. From the perspective of industrial management the incentive for brand development lies in both monetary and managerial benefits. In literature the four essential benefits of B2B branding are risk dilution, efficiency of communications, strategic direction and price premiums. As a result, suggestive models for brand identity and image were devised and compared. The Case Company perceives itself as a technically oriented open-integrator, with a strong focus on reliability and customer service. Customers agree with the picture in general, but there are some points of parity as well: they are quite satisfied with the company and perceive it as reliable and providing the promised value. The problematic areas revolve around customer interaction and maintaining the leadership position. The results confirm previous findings in B2B branding theory, where the reliability and credibility of the supplier are in major role. The results also suggest a holistic, corporate approach on branding.
Resumo:
Presentation at Open Repositories 2014, Helsinki, Finland, June 9-13, 2014
Resumo:
BCM (business continuity Management) is a holistic management process aiming at ensuring business continuity and building organizational resilience. Maturity models offer organizations a tool for evaluating their current maturity in a certain process. In the recent years BCM has been subject to international ISO standardization, while the interest of organizations to bechmark their state of BCM agains standards and the use of maturity models for these asessments has increased. However, although new standards have been introduced, very little attention has been paid to reviewing the existing BCM maturity models in research - especially in the light of the new ISO 22301 standard for BCM. In this thesis the existing BCM maturily models are carefully evaluated to determine whetherthey could be improved. In order to accomplish this, the compliance of the existing models to the ISO 22301 standard is measured and a framework for assessing a maturitymodel´s quality is defined. After carefully evaluating the existing frameworks for maturity model development and evaluation, an approach suggested by Becker et al. (2009) was chosen as the basis for the research. An additionto the procedural model a set of seven research guidelines proposed by the same authors was applied, drawing on the design-science research guidelines as suggested by Hevner et al. (2004). Furthermore, the existing models´ form and function was evaluated to address their usability. Based on the evaluation of the existing BCM maturity models, the existing models were found to have shortcomings in each dimension of the evaluation. Utilizing the best of the existing models, a draft version for an enhanced model was developed. This draft model was then iteratively developed by conducting six semi-structured interviews with BCM professionals in finland with the aim of validating and improving it. As a Result, a final version of the enhanced BCM maturity model was developed, conforming to the seven key clauses in the ISO 22301 standard and the maturity model development guidelines suggested by Becker et al. (2009).
Resumo:
Data management consists of collecting, storing, and processing the data into the format which provides value-adding information for decision-making process. The development of data management has enabled of designing increasingly effective database management systems to support business needs. Therefore as well as advanced systems are designed for reporting purposes, also operational systems allow reporting and data analyzing. The used research method in the theory part is qualitative research and the research type in the empirical part is case study. Objective of this paper is to examine database management system requirements from reporting managements and data managements perspectives. In the theory part these requirements are identified and the appropriateness of the relational data model is evaluated. In addition key performance indicators applied to the operational monitoring of production are studied. The study has revealed that the appropriate operational key performance indicators of production takes into account time, quality, flexibility and cost aspects. Especially manufacturing efficiency has been highlighted. In this paper, reporting management is defined as a continuous monitoring of given performance measures. According to the literature review, the data management tool should cover performance, usability, reliability, scalability, and data privacy aspects in order to fulfill reporting managements demands. A framework is created for the system development phase based on requirements, and is used in the empirical part of the thesis where such a system is designed and created for reporting management purposes for a company which operates in the manufacturing industry. Relational data modeling and database architectures are utilized when the system is built for relational database platform.
Resumo:
The purpose of this master’s thesis was to study the opportunity to apply Lean practices to product management function which happens in an office environment. Since product management plays an important role in the company’s success story, it’s important to have it functioning as effectively as possible. The goal was to find those Lean tools and methods that fit the best to the needs of product management. The research was conducted as a qualitative action research which comprises a comprehensive literature review and a single case study. Theoretical information about Lean Thinking and product management was collected from articles, literature and Internet sources. Moreover, empirical data was collected by conducting interviews in the Case Company’s product management department in order to gain an in-depth understanding of product management’s problematics. The results indicate that most of the product management challenges could be overcome by applying Lean practises. Based on the usability rate, which has been discussed in the empirical part of this study, the most suitable Lean practises for product management function are: value stream mapping, Kanban and KPIs.
Resumo:
This thesis aims to provide insight into the social-business tensions the social enterprises face in their operation and how they manage them. The social-business tensions are examined from four theoretical perspectives using triangulation approach. The theoretical lenses chosen are organizational identity, stakeholder theory, paradox theory and institutional theory. The theories aim to clarify, how the tensions are formed, how they appear and how they are managed in social enterprises. One viewpoint of this thesis is to examine the competence of these theories in explaining the social-business tensions in practise. The qualitative data was collected by interviewing persons from the management of two social enterprises. The empirical evidence of this thesis suggests that the appearing of social-business tensions varies between the social enterprises and they can be seen both as an advantage and as a challenge. Most of the social-business tensions arise from the enterprise’s multiple incoherent objectives, their stakeholders’ various demands and the differing understanding of the company’s central operation among the members of the organization. According to this thesis, the theories of organizational identity, stakeholder, paradox and institution are all able to provide unique insight into the identification and management of the social-business tensions. However, the paradox theory turned out to be the most abstract of the theories and thus being the farthest from the practise.
Resumo:
Finnish Defence Studies is published under the auspices of the National Defence College, and the contributions reflect the fields of research and teaching of the College. Finnish Defence Studies will occasionally feature documentation on Finnish Security Policy. Views expressed are those of the authors and do not necessarily imply endorsement by the National Defence College.
Resumo:
The vast majority of our contemporary society owns a mobile phone, which has resulted in a dramatic rise in the amount of networked computers in recent years. Security issues in the computers have followed the same trend and nearly everyone is now affected by such issues. How could the situation be improved? For software engineers, an obvious answer is to build computer software with security in mind. A problem with building software with security is how to define secure software or how to measure security. This thesis divides the problem into three research questions. First, how can we measure the security of software? Second, what types of tools are available for measuring security? And finally, what do these tools reveal about the security of software? Measuring tools of these kind are commonly called metrics. This thesis is focused on the perspective of software engineers in the software design phase. Focus on the design phase means that code level semantics or programming language specifics are not discussed in this work. Organizational policy, management issues or software development process are also out of the scope. The first two research problems were studied using a literature review while the third was studied using a case study research. The target of the case study was a Java based email server called Apache James, which had details from its changelog and security issues available and the source code was accessible. The research revealed that there is a consensus in the terminology on software security. Security verification activities are commonly divided into evaluation and assurance. The focus of this work was in assurance, which means to verify one’s own work. There are 34 metrics available for security measurements, of which five are evaluation metrics and 29 are assurance metrics. We found, however, that the general quality of these metrics was not good. Only three metrics in the design category passed the inspection criteria and could be used in the case study. The metrics claim to give quantitative information on the security of the software, but in practice they were limited to evaluating different versions of the same software. Apart from being relative, the metrics were unable to detect security issues or point out problems in the design. Furthermore, interpreting the metrics’ results was difficult. In conclusion, the general state of the software security metrics leaves a lot to be desired. The metrics studied had both theoretical and practical issues, and are not suitable for daily engineering workflows. The metrics studied provided a basis for further research, since they pointed out areas where the security metrics were necessary to improve whether verification of security from the design was desired.
Resumo:
The future of paying in the age of digitalization is a topic that includes varied visions. This master’s thesis explores images of the future of paying in the Single Euro Payment Area (SEPA) up to 2020 and 2025 through the views of experts specialized in paying. This study was commissioned by a credit management company in order to obtain more detailed information about the future of paying. Specifically, this thesis investigates what could be the most used payment methods in the future, what items could work as a medium of exchange in 2020 and how will they evolve towards the year 2025. Changing consumer behavior, trends connected to payment methods, security and private issues of new cashless payment methods were also part of this study. In the empirical part of the study the experts’ ideas about probable and preferable future images of paying were investigated through a two-round Disaggregative Delphi method. The questionnaire included numeric statements and open questions. Three alternative future images were created with the help of cluster analysis: “Unsurprising Future”, “Technology Driven Future” and “The Age of the Customer”. The plausible images had similarities and differences, which were reflected to the previous studies in the literature review. The study’s findings were formed based on the images of futures’ similarities and to the open questions answers that were received from the questionnaire. The main conclusion of the study was that development of technology will unify and diversify SEPA; the trend in 2020 seems to be towards more cashless payment methods but their usage depends on the countries’ financial possibilities and customer preferences. Mobile payments, cards and cash will be the main payment methods but the banks will have competitors from outside the financial sector. Wearable payment methods and NFC technology are seen as widely growing trends but subcutaneous payment devices will likely keep their niche position until 2025. In the meantime, security and private issues are seen to increase because of identity thefts and various frauds. Simultaneously, privacy will lose its meaning to younger consumers who are used to sharing their transaction and personal data with third parties in order to get access to attractive services. Easier access to consumers’ transaction data will probably open the door for hackers and cause new risks in paying processes. There exist many roads to future, and this study was not an attempt to give any complete answers about it even if some plausible assumptions about the future’s course were provided.
Resumo:
This qualitative research study used grounded theory methodology to explore the settlement experiences and changes in professional identity, self esteem and health status of foreign-trained physicians (FTPs) who resettled in Canada and were not able to practice their profession. Seventeen foreign-trained physicians completed a pre-survey and rated their health status, quality of life, self esteem and stress before and after coming to Canada. They also rated changes in their experiences of violence and trauma, inclusion and belonging, and racism and discrimination. Eight FTPs from the survey sample were interviewed in semi-structured qualitative interviews to explore their experiences with the loss of their professional medical identities and attempts to regain them during resettlement. This study found that without their medical license and identity, this group of FTPs could not fully restore their professional, social, and economic status and this affected their self esteem and health status. The core theme of the loss of professional identity and attempts to regain it while being underemployed were connected with the multifaceted challenges of resettlement which created experiences of lowered selfesteem, and increased stress, anxiety and depression. They identified the re-licensing process (cost, time, energy, few residency positions, and low success rate) as the major barrier to a full and successful settlement and re-establishment of their identities. Grounded research was used to develop General Resettlement Process Model and a Physician Re-licensing Model outlining the tasks and steps for the successfiil general resettlement of all newcomers to Canada with additional process steps to be accomplished by foreign-trained physicians. Maslow's Theory of Needs was expanded to include the re-establishment of professional identity for this group to re-establish levels of safety, security, belonging, self-esteem and self-actualization. Foreign-trained physicians had established prior professional medical identities, self-esteem, recognition, social status, purpose and meaning and bring needed human capital and skills to Canada. However, without identifying and addressing the barriers to their full inclusion in Canadian society, the health of this population may deteriorate and the health system of the host country may miss out on their needed contributions.
