Tampere University of Technology

TUTCRIS Research Portal

Tightroping between APT and BCI in small enterprises

Research output: Contribution to journalArticleScientificpeer-review

Standard

Tightroping between APT and BCI in small enterprises. / Kaukola, Jesse; Ruohonen, Jukka; Tuomisto, Antti; Hyrynsalmi, Sami; Leppänen, Ville.

In: Information Management and Computer Security, Vol. 25, No. 3, 2017, p. 226-239.

Research output: Contribution to journalArticleScientificpeer-review

Harvard

Kaukola, J, Ruohonen, J, Tuomisto, A, Hyrynsalmi, S & Leppänen, V 2017, 'Tightroping between APT and BCI in small enterprises', Information Management and Computer Security, vol. 25, no. 3, pp. 226-239. https://doi.org/10.1108/ICS-07-2016-0047

APA

Kaukola, J., Ruohonen, J., Tuomisto, A., Hyrynsalmi, S., & Leppänen, V. (2017). Tightroping between APT and BCI in small enterprises. Information Management and Computer Security, 25(3), 226-239. https://doi.org/10.1108/ICS-07-2016-0047

Vancouver

Kaukola J, Ruohonen J, Tuomisto A, Hyrynsalmi S, Leppänen V. Tightroping between APT and BCI in small enterprises. Information Management and Computer Security. 2017;25(3):226-239. https://doi.org/10.1108/ICS-07-2016-0047

Author

Kaukola, Jesse ; Ruohonen, Jukka ; Tuomisto, Antti ; Hyrynsalmi, Sami ; Leppänen, Ville. / Tightroping between APT and BCI in small enterprises. In: Information Management and Computer Security. 2017 ; Vol. 25, No. 3. pp. 226-239.

Bibtex - Download

@article{ce60a59ba35d428abd2657dbf563a6c8,
title = "Tightroping between APT and BCI in small enterprises",
abstract = "Purpose: The contemporary Internet provisions increasingly sophisticated security attacks. Besides underlining the advanced nature of these attacks, the concept of an advanced persistent threat (APT) catalyzes the important perspective of longitudinal persistence; attacks are not only carefully planned and targeted, but the subsequent exploitation period covers long periods of time. If an APT successfully realizes into such exploitation, information assets may be continuously monitored for harvesting the business critical information (BCI). These threats are relevant for the security of small enterprises and this study examines the qualitative factors that shape the security mindsets among these.Design/methodology/approach: The data is collected with semi-structured interviews of six enterprises in a small regional market segment. The analysis is based on a fourfold taxonomy that delivers three mindset profiles, while particular emphasis is placed on the subjective security notions that shape the typical strategizing among enterprises. Findings: APT is poorly understood among the observed segment, which tends to often also explicitly downplay the strategic relevance of the concept, but a more pressing challenge relates to the observation that business data is often perceived to have no value. The delivered results can be used to improve the situation.Originality/value: This study is among the firsts to explore perceptions of small enterprises towards APT and BCI. The results reveal problematic mindsets and offers new avenues for practitioners as well as academics to study and improve the situation.",
author = "Jesse Kaukola and Jukka Ruohonen and Antti Tuomisto and Sami Hyrynsalmi and Ville Lepp{\"a}nen",
year = "2017",
doi = "10.1108/ICS-07-2016-0047",
language = "English",
volume = "25",
pages = "226--239",
journal = "Information Management and Computer Security",
issn = "0968-5227",
publisher = "Emerald",
number = "3",

}

RIS (suitable for import to EndNote) - Download

TY - JOUR

T1 - Tightroping between APT and BCI in small enterprises

AU - Kaukola, Jesse

AU - Ruohonen, Jukka

AU - Tuomisto, Antti

AU - Hyrynsalmi, Sami

AU - Leppänen, Ville

PY - 2017

Y1 - 2017

N2 - Purpose: The contemporary Internet provisions increasingly sophisticated security attacks. Besides underlining the advanced nature of these attacks, the concept of an advanced persistent threat (APT) catalyzes the important perspective of longitudinal persistence; attacks are not only carefully planned and targeted, but the subsequent exploitation period covers long periods of time. If an APT successfully realizes into such exploitation, information assets may be continuously monitored for harvesting the business critical information (BCI). These threats are relevant for the security of small enterprises and this study examines the qualitative factors that shape the security mindsets among these.Design/methodology/approach: The data is collected with semi-structured interviews of six enterprises in a small regional market segment. The analysis is based on a fourfold taxonomy that delivers three mindset profiles, while particular emphasis is placed on the subjective security notions that shape the typical strategizing among enterprises. Findings: APT is poorly understood among the observed segment, which tends to often also explicitly downplay the strategic relevance of the concept, but a more pressing challenge relates to the observation that business data is often perceived to have no value. The delivered results can be used to improve the situation.Originality/value: This study is among the firsts to explore perceptions of small enterprises towards APT and BCI. The results reveal problematic mindsets and offers new avenues for practitioners as well as academics to study and improve the situation.

AB - Purpose: The contemporary Internet provisions increasingly sophisticated security attacks. Besides underlining the advanced nature of these attacks, the concept of an advanced persistent threat (APT) catalyzes the important perspective of longitudinal persistence; attacks are not only carefully planned and targeted, but the subsequent exploitation period covers long periods of time. If an APT successfully realizes into such exploitation, information assets may be continuously monitored for harvesting the business critical information (BCI). These threats are relevant for the security of small enterprises and this study examines the qualitative factors that shape the security mindsets among these.Design/methodology/approach: The data is collected with semi-structured interviews of six enterprises in a small regional market segment. The analysis is based on a fourfold taxonomy that delivers three mindset profiles, while particular emphasis is placed on the subjective security notions that shape the typical strategizing among enterprises. Findings: APT is poorly understood among the observed segment, which tends to often also explicitly downplay the strategic relevance of the concept, but a more pressing challenge relates to the observation that business data is often perceived to have no value. The delivered results can be used to improve the situation.Originality/value: This study is among the firsts to explore perceptions of small enterprises towards APT and BCI. The results reveal problematic mindsets and offers new avenues for practitioners as well as academics to study and improve the situation.

U2 - 10.1108/ICS-07-2016-0047

DO - 10.1108/ICS-07-2016-0047

M3 - Article

VL - 25

SP - 226

EP - 239

JO - Information Management and Computer Security

JF - Information Management and Computer Security

SN - 0968-5227

IS - 3

ER -