The role of the CEO in a company’s information security ⎯ in small-sized technology companies
Välikangas, Jane (2022)
Välikangas, Jane
2022
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi-fe2022041929641
https://urn.fi/URN:NBN:fi-fe2022041929641
Tiivistelmä
The role of the CEO in a company’s information security changes as more cyberattacks and data breaches occur. In today’s business world companies of all sizes have to consider information security. In Finnish companies information security is usually thought of after an attack not before as it should.
The purpose of this study is to gain knowledge about how the CEOs themselves think about information security in the company and their role in it. The focus is on information security management and corporate risk management, especially the difference in management and responsibility. The sampling method is purposive sampling and the characteristics of six respondents were the CEO of the company, a Finnish-based company, a small-sized company, and the company is in the IT business field. The method used is qualitative research with semi-structured interviews. The research questions were created from the literature review. The used theory is grounded theory, which provides the research freedom to change the theory with the results. The analysis of the research responses is coding where the responses are compared with each other and to the literature review.
As the results conducted, the CEOs think that when it comes to risk management they are in the end the one who is responsible, however, in information security there is usually someone else who is responsible for those actions. As the results suggest, awareness of information security among the CEOs needs to be more considered.
The purpose of this study is to gain knowledge about how the CEOs themselves think about information security in the company and their role in it. The focus is on information security management and corporate risk management, especially the difference in management and responsibility. The sampling method is purposive sampling and the characteristics of six respondents were the CEO of the company, a Finnish-based company, a small-sized company, and the company is in the IT business field. The method used is qualitative research with semi-structured interviews. The research questions were created from the literature review. The used theory is grounded theory, which provides the research freedom to change the theory with the results. The analysis of the research responses is coding where the responses are compared with each other and to the literature review.
As the results conducted, the CEOs think that when it comes to risk management they are in the end the one who is responsible, however, in information security there is usually someone else who is responsible for those actions. As the results suggest, awareness of information security among the CEOs needs to be more considered.