Graduation with Master’s Degree
Master of Business Administration
in Information System Competence
On 17th of December, 2020 I graduated with Master of Business Administration in Information System Competence from the Tampere University of Applied Sciences – or in Finnish, as Tradenomi (ylempi AMK).
My thesis, titled Tietoturvan näkökulma vaatimusmäärittelyssä ja järjestelmäsuunnittelussa, is available in Theseus.
ABSTRACT
Tampereen ammattikorkeakoulu
Tampere University of Applied Sciences
Master’s Degree Programme in Information System Competence
STENBÄCK, MARK E.:
Information Security Perspective in Requirements Specification and Systems Design
Master's thesis 68 pages, appendices 4 pages
November 2020
The significance of information security for software and systems design, as well as for the information society in general, cannot be overstated. The protection of private and confidential information is not only vital for corporations and other organisations, but it is also a mandatory requirement based on national laws and international treaties.
The research question of this thesis is how the information security perspective should be acknowledged during requirements specification and design phases, in order to avoid problems in the later stages of a system’s life cycle. This thesis strives to provide an answer by means of material research. The primary source is the information security guideline, published by the Finland’s Ministry of Finance. Additional sources include Microsoft’s Secure Development Lifecycle, OWASP Application Security Verification Standard, OWASP Web Security Testing Guide and other contextually relevant literature.
The conclusion of the thesis is that all organisations and development projects must understand that information security is a vital, integral part of software and systems design. It is not an optional, additional feature. Failures in information security compromise not only individual privacy, but may also result in significant financial liabilities, and even jeopardize national security.