Show simple item record

dc.contributor.advisorPaananen, Hanna Kaisa
dc.contributor.authorBoddy, Sara Elizabeth
dc.date.accessioned2024-06-12T09:18:41Z
dc.date.available2024-06-12T09:18:41Z
dc.date.issued2024
dc.identifier.urihttps://jyx.jyu.fi/handle/123456789/95795
dc.description.abstractThe European Union is committed to enhancing cybersecurity across its Member States by introducing legislation that impacts organizations cybersecurity preparedness. These laws include the Network and Information Security 2 Directive (NIS2), the Critical Entities Resilience Directive (CER), and the Digital Operational Resilience Act (DORA). These legislations mandate that organizations report cyber incidents to authorities. Currently, there are few guidelines available to help organizations understand how to report incidents to authorities. With the new legislations, it becomes even more crucial for organizations to comprehend how to report cyber incidents effectively to authorities. This research aims to determine do organizations current practices align with the decision-support framework and does the new legislations warrant adaptions to the framework in question. This thesis was conducted as a case study, beginning with a comprehensive literature review on existing research on incident reporting and the legislations. Data was gathered through semi-structured interviews with cybersecurity professionals who have observed cybersecurity exercises simulating real-life cyber incidents. The data was analyzed using deductive coding. The results indicate that the decision-support framework partially corresponds to real-life operations; however, the specifics vary depending on the particular incident and the organization's processes. The key findings highlight that clear roles and responsibilities, established communication paths, a diverse team, and knowledgeable individuals in the core group related to the incident are essential. These team members must understand the legislative obligations and have experience in incident management, making sure that the organization can effectively handle the complexities of reporting under the new legislations.en
dc.format.extent69
dc.format.mimetypeapplication/pdf
dc.language.isoeng
dc.rightsCC BY
dc.titleCase study: The decision-support framework and NIS2, CER, and DORA incident reporting obligations
dc.typeMaster's thesis
dc.identifier.urnURN:NBN:fi:jyu-202406124562
dc.contributor.tiedekuntaFaculty of Information Technologyen
dc.contributor.tiedekuntaInformaatioteknologian tiedekuntafi
dc.contributor.yliopistoJyväskylän yliopistofi
dc.contributor.yliopistoUniversity of Jyväskyläen
dc.contributor.oppiaineCyber Securityen
dc.contributor.oppiaineKyberturvallisuusfi
dc.rights.copyright© The Author(s)
dc.rights.accesslevelopenAccess
dc.format.contentfulltext
dc.rights.urlhttps://creativecommons.org/licenses/by/4.0/


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

CC BY
Except where otherwise noted, this item's license is described as CC BY