Information Security Failures Measured and ISO/IEC 27001:2022 Controls Ranked by General Data Protection Regulation Penalty Analysis

Tietueen suppeat tiedot
annif.suggestionsdata security|data protection|risk management|data systems|safety and security|enterprises|cyber security|root cause analysis|control systems|management (control)|enen
annif.suggestions.linkshttp://www.yso.fi/onto/yso/p5479|http://www.yso.fi/onto/yso/p3636|http://www.yso.fi/onto/yso/p3134|http://www.yso.fi/onto/yso/p3927|http://www.yso.fi/onto/yso/p7349|http://www.yso.fi/onto/yso/p3128|http://www.yso.fi/onto/yso/p26189|http://www.yso.fi/onto/yso/p28670|http://www.yso.fi/onto/yso/p16975|http://www.yso.fi/onto/yso/p506en
dc.contributor.authorSuorsa, Mikko
dc.contributor.authorHelo, Petri
dc.contributor.facultyfi=Tekniikan ja innovaatiojohtamisen yksikkö|en=School of Technology and Innovations|-
dc.contributor.orcidhttps://orcid.org/0000-0002-1649-4223-
dc.contributor.orcidhttps://orcid.org/0000-0002-0501-2727-
dc.contributor.organizationfi=Vaasan yliopisto|en=University of Vaasa|
dc.date.accessioned2024-03-21T07:51:36Z
dc.date.accessioned2025-06-25T13:14:21Z
dc.date.available2024-03-21T07:51:36Z
dc.date.issued2023-11-30
dc.description.abstractSelecting the most important information security controls is a critical and difficult process. Therefore, the decision-making on how to manage risks and threats has to be supported with data-driven performance measurement metrics. This paper identifies and explores the failures and impacts of information security, as well as the most effective controls to mitigate information security risks in organizations. The method of the study was root cause analysis. All year 2020 GDPR penalty cases (n=81) based on misconduct, as defined in GDPR Article 32: “Security of processing” were matched with ISO/IEC 27001:2022 controls, which were used as failure identifiers in the analysis. As a result, the study presents both, the top 10 most frequent and the top 10 most expensive information security failures corresponding to ISO/IEC 27001:2022 controls. Furthermore, the study also illustrates the correlation of these controls.-
dc.description.notification©2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.-
dc.description.reviewstatusfi=vertaisarvioitu|en=peerReviewed|-
dc.format.bitstreamtrue
dc.format.contentfi=kokoteksti|en=fulltext|-
dc.format.extent5-
dc.identifier.isbn979-8-3503-0596-8-
dc.identifier.olddbid20170
dc.identifier.oldhandle10024/17072
dc.identifier.urihttps://osuva.uwasa.fi/handle/11111/1761
dc.identifier.urnURN:NBN:fi-fe2024032112241-
dc.language.isoeng-
dc.publisherIEEE-
dc.relation.conferenceInternational Conference on Cyber and IT Service Management (CITSM)-
dc.relation.doi10.1109/citsm60085.2023.10455413-
dc.relation.ispartof2023 11th International Conference on Cyber and IT Service Management (CITSM)-
dc.relation.urlhttps://doi.org/10.1109/CITSM60085.2023.10455413-
dc.source.identifierhttps://osuva.uwasa.fi/handle/10024/17072
dc.subjectInformation security-
dc.subjectIT risk management-
dc.subjectIT compliance-
dc.subjectISO/IEC 27001:2022-
dc.subjectGeneral Data Protection Regulation-
dc.subjectGDPR-
dc.subject.disciplinefi=Tuotantotalous|en=Industrial Management|-
dc.titleInformation Security Failures Measured and ISO/IEC 27001:2022 Controls Ranked by General Data Protection Regulation Penalty Analysis-
dc.type.okmfi=A4 Artikkeli konferenssijulkaisussa|en=A4 Peer-reviewed article in conference proceeding|sv=A4 Artikel i en konferenspublikation|-
dc.type.publicationarticle-
dc.type.versionacceptedVersion-

Tiedostot

Näytetään 1 - 1 / 1
Name:
Osuva_Suorsa_Helo_2023.pdf
Size:
287.24 KB
Format:
Adobe Portable Document Format
Description:
Article
Lataa

Kokoelmat

Artikkelit