Technologie 5G: Posouzení hrozeb a rizik implementace / The 5G Technology Nexus: Assessing Threats and Risks of Implementation

La Rosa, Giampaolo

January 2021

The new 5G technology, next generation of telecommunication and mobile network, is all around the world in course of inspection and inquiry for its astonishing novelty, from new services to functions and scalability. However, every technology brings alongside new possibilities and new threats scenarios, especially in this case where the impact on the present network is promised to be massive, with brand new features allowed by 5G, like Internet of Things, widespread virtualization and huge leap forward in rapidity and capability of the mobile transmission. An increase in the network surface, considered as more connections, more devices connected and more traffic load of data, will expand also the possible entry point and fault exploitable by a malevolent actor, raising common concern about the technology. The deployment of such a technology on European soil, especially in some states of the Union, caused uproar and critics primarily in the security field. Following a global trend, but also leading a best practice approach, the EU developed a series of mechanisms and agencies that are challenged to oversees the gradual shift from old 4G LTE to 5G. In this paper a Critical Information Infrastructure Protection (CIIP) framework is used to analyse the criticalities of the new technology. Definition of...

Samarbete och konkurrens mellan svenska banker och FinTech-bolag / Cooperation and competition between major Swedish banks and FinTech companies

Hanna, Maria, Zeito, Rebecca

January 2023

The major Swedish banks have been affected by digitalization in the financial sector, where FinTech has contributed with new technological opportunities. The banks that partner with FinTech companies can develop effective and innovative solutions for both companies and individuals. However, the banks' cooperation with FinTech companies has resulted in various risks, mainly cyber and operational risks. The actors investigated were Handelsbanken, SEB and Swedbank. The purpose of the study is to analyze and investigate the relationship between banks and FinTech companies. With a focus on cooperation and competition as well as whether there are any potential risks that may arise in the relationships.  In order to answer the purpose, semi-structured interviews have been conducted with representatives from the banks as primary data collection. Secondary data have also been used, such as banks' annual reports and scientific articles. The theoretical frame of reference is important in relation to the research questions and the chosen theory of cooperation and competition is crucial for the purpose of the study. The results showed that all banks saw collaborations with Fintech companies as an opportunity to streamline their systems and develop services beyond their own capacity. However, these collaborations were different, where Handelsbanken avoided external collaborations unlike SEB and Swedbank. Finally, the study concluded that all banks experienced increased exposure to risks because of the emergence of FinTech.

FinTech

Cyber risks

Digitization

FinTech companies

bank

innovations

financial sector

operational risks

the financial sector

API

Business Administration

Företagsekonomi

FinTech och riskhantering inom den svenska banksektorn : En kvalitativ studie om samarbete, utmaningar och risker kring digitala betalningsalternativ vid utvecklingen av FinTech

Eckervig, Edvin, Hanno, Izla

January 2024

Digitalization includes a technical and digital development that plays a central role in today's banking sector. In step with digitalization, FinTech has developed and resulted in a collaboration between banks and FinTech companies, which leads to the development of new digital payment options within the banks. Digital payment options have grown in the banking sector and are widely used against customers in various ways. Along with the introduction of digital payment options, and a collaboration between banks and FinTech companies, challenges and risks have also developed. With this as a basis, the study intends to analyze how the Swedish banks handle digital payment alternatives, in relation to the challenges and risks that arise as a result of the banks' collaboration with FinTech companies. The study uses an abductive approach and the empirical answers are based on in-depth interviews, which results in a qualitative study. The study has focused on both large banks and other newly developed banks, with the aim of reaching large parts of the banking sector. The study has identified that the development of FinTech, digital payment options, risks and challenges do not differ broadly between the different banks. All respondents highlight how they experienced cyber attacks, data leakage and human errors. Furthermore, different management strategies have been highlighted for the challenges and risks that arise, many of the responses being mutually reinforcing while others are more unique. The study shows how the banks' management strategies are based on technical and organizational improvements. Different management strategies that the study can highlight are training, authorization levels, monitoring systems and the employment of hackers. The study has contributed with several aspects that explain the management strategies in more detail and contributes with new research on the cooperation between banks and FinTech companies.

FinTech

banking

digitization

collaboration

digital payment options

challenges

cyber risks

human error and management strategies

Business Administration

Företagsekonomi

Styrning av cyberrisker i svensk offentlig sektor : En kvalitativ intervju och dokumentstudie om hur svenska offentliga organisationer styr  avseende cyberrisker / Governance of cyberrisk in the swedish public sector : A qualitative interview and document study on how Swedish public organizations govern cyber risks

Giordano, Simon, Forsman, Frej

January 2024

Background: Cyberattacks have significantly increased recently amongst Swedish public sector organizations, heightening the need for robust governance of cyber risks. Cyber risks are particularly complex and dynamic, requiring strong leadership support and strategic planning. Previously, cyber risks have often been addressed from an IT perspective, whereas this study approaches them from a governance perspective. Purpose: The purpose of the study is to map and increase the knowledge about how authorities and regions govern cyber risks. The aim is to contribute with a practical conceptual model that is useful and to theoretically complement the literature on ERM. Methodology: The study was conducted using a qualitative approach. The empirical data was collected through a combination of document analysis and semi-structured interviews. Respondents were selected due to their high competence in cyber risks or governance. The theoretical material was gathered from previous research in articles and books related to the governance of cyber risks. Conclusion: Public organizations govern cyber risks through laws, policies, and internal models, but there are no unified requirements or frameworks. The ones used need to be adapted to each organization's specific needs. The study's conceptual model for cyber risk governance is proposed to be circular and continuously adaptable, focusing on strategy, identification, evaluation, prioritization. Culture and communication are central governance elements, with revision and follow-up emphasized as critical steps. Collaboration between public organizations for joint data storage is recommended to facilitate risk management. The risk-reducing measures are expressed differently in relation to the governing tools. / Bakgrund: Antalet cyberattacker har ökat den senaste tiden inom svensk offentlig sektor, vilket har gjort att behovet av effektiv styrning av cyberrisker ökat. Cyberrisker är särskilt komplexa och dynamiska, vilket kräver starkt ledningsstöd och strategisk planering. Tidigare har cyberrisker ofta behandlats utifrån ett IT-perspektiv medan denna studie behandlar problematiken ur ett styrande perspektiv. Syfte: Syftet med studien är att genom kartläggning öka kunskapen om myndigheter och regioners styrning av cyberrisker. Syftet har varit att bidra med en praktisk konceptuell modell som är användbar och att bidra teoretiskt genom att komplettera litteraturen kring ERM. Metod: Studien har genomförts genom ett kvalitativt tillvägagångssätt. Empirin har samlats in genom en kombination av dokumentanalys samt semi-strukturerade intervjuer. Respondenterna har valts ut på grund av deras höga kompetens inom cyberrisker, alternativt styrning. Det teoretiska materialet har samlats in genom tidigare forskning från artiklar och annan litteratur som berört styrning av cyberrisker.  Slutsats: Offentliga organisationer styr cyberrisker genom lagar, policys och interna modeller, men det finns inga enhetliga krav eller ramverk. De som används kräver anpassning till varje organisations specifika behov. Studiens konceptuella modell för styrning av cyberrisker föreslås vara cirkulär och ständigt anpassningsbar, med fokus på strategi, identifiering, utvärdering, prioritering. Kultur och kommunikation är centrala styrelement, revidering samt uppföljning framhålls som kritiska steg. Ett samarbete mellan offentliga organisationer för gemensam datalagring rekommenderas för att underlätta riskreduceringen. Riskreducerande åtgärderna ter sig tämligen olika, satta i relation till de styrande verktygen.

Cyber risks

Cybersecurity

Public sector

Risk governance

Risk management

Cyberrisker

Cybersäkerhet

Offentlig sektor

Riskstyrning

Riskhantering

Business Administration

Företagsekonomi

"The cyber war" : A qualitative study investigating the management of cybersecurity in Swedish online fashion companies

Steinbernreiter, Kajsa

January 2018

Due to a world-wide digitalisation, the fashion segment has experienced a shift from offline to online shopping. Consequently, more companies choose to interconnect digitally with consumers and suppliers. This highlights cyber risks and cybersecurity issues more than ever, which becomes specifically apparent amongst online companies. Through qualitative semi-structured interviews with three different Swedish online fashion companies, the purpose of investigating how cybersecurity currently is prioritised and managed was reached. In addition to this, two cybersecurity experts gave their view of the most important aspects in the field, which companies should consider. Results showed a fairly well-managed cybersecurity amongst Swedish online fashion companies, even though knowledge in the field is scarce. Through educating everyone at the company and implementing a group of people in charge of these questions, a more holistic view could be attained. By offering thoughts on how online fashion companies can enhance their current cybersecurity, this paper contributes to the literature of cyber risk management as well as provides meaningful knowledge to all types of online companies.

cybersecurity

cyber risk management

risk management

cyber risks

online fashion companies

fashion online

qualitative

Swedish

textile management

Economics and Business

Ekonomi och näringsliv

Cybersecurity in the Technology Subject from the Swedish Perspective : Investigation, Analysis, and Evaluation Tool / Cybersäkerhet i teknikämnet från det svenska perspektivet : Undersökning, analys och utvärderingsverktyg

Mushtaq, Wafaa

January 2020

This thesis contains pioneer work in Sweden which contributes to the research on cybersecurity teaching within the Technology subject as formulated in the course and subject governing documents.The work goes in line with a bigger strategy of the Swedish Civil Contingencies Agency (MSB) and the European Union (EU). A discourse analysis was performed on the interviews with four Swedish expertsfrom MSB, Internetstiftelsen, and #290CyberSecurity respectively where the interview questions were formulated around three axes; the first axis was the cybersecurity content and knowledge aimed at young individuals, the second axis was the experts’ views on teaching cybersecurity starting from lower secondary schools, and the third axis was regarding platforms or tools that could be used in cybersecurity teaching and what the experts’ perceptions on them are. The analysis resulted in six different codes and formulated the views of the experts. Content analysis was also performed on information from the experts’ organizations which were 14 security documents and reports in total that resulted in a content frame of ten cybersecurity areas. All the ten areas were found to be related to the keywords that appear in the governing documents of the Technology subjects in the course syllabus for grades 7-9 and the subject syllabus for Technology 1. Current cyber attacks and risks threatening young students were further analyzed under each area to narrow down the content frame tailoring it to young students. A new online evaluation tool was then developed to assess the cybersecurity sensibility of the young students. The formulation of the questions was inspired by the SANS cybersecurity awareness survey as well as based on both, the ten cybersecurity areas that are categorized in this thesis and the different scenarios of risks and cybersecurity attacks threatening young students. Domain SamplingTheory (DST) and scenario-based questions were considered to make the tool more fitting for the young and minimize the errors. The tool tested a random group of 250 students from 12 municipalities where110 were in the sixth grade and 140 in the ninth. The tool showed that despite students spending most of their time online using different devices and applications, they are not secure enough which puts them at risk. Moreover, most of the students were interested in getting cybersecurity education and very few received it in schools even though the cybersecurity requirements are stated in the governing documents of the Technology subject. / Detta examensarbete innehåller banbrytande arbete i Sverige vilket bidrar till forskningen om cybersäkerhetsundervisning inom teknikämnet i svenska skolor. Arbetet går i linje med en större strategi från Myndigheten för samhällsskydd och beredskap (MSB) och Europeiska unionen (EU). En diskursanalys utfördes på intervjuerna med fyra svenska experter från MSB, Internetstiftelsen och #290CyberSecurity där intervjufrågorna formulerades runt tre axlar; den första axeln var cybersäkerhetsinnehållet som är riktad mot unga individer, den andra axeln var experternas syn på undervisning i cybersäkerhet som börjar från grundskolorna, och den tredje axeln gällde de plattformar eller verktyg som kunde användas i cybersäkerhetundervisning samt vad experternas uppfattning om dem är. Analysen av intervjuer resulterade i sex olika koder vilket speglar experters åsikter. Innehållsanalys utfördes också på information från experternas organisationer. Det var totalt 14 säkerhetsdokument och rapporter som resulterade i en innehållsram med tio cybersäkerhetsområden. Alla de tio områdena är relaterade till nyckelorden som finns i styrdokumenten för teknikämnena i kursplanen för årskurs 7-9 och ämnesplanen för Teknik 1. Aktuella cyberattacker och risker som hotar unga elever analyserades vidare under varje område för att begränsa innehållsramen och anpassa den för unga elever. Ett nytt online utvärderingsverktyg utvecklades sedan för att bedöma cybersäkerhetsrespons och attityd hos de unga eleverna. Formuleringen av frågorna inspirerades av SANS cybersäkerhetsmedvetenhetsundersökning och var baserad på de tio cybersäkerhetsområdena som kategoriseras i detta examensarbete samt de olika scenarierna för risker och cybersäkerhetsattacker som hotar unga elever. Domain Sampling Theory (DST) och scenariobaserade frågor ansågs göra verktyget mer passande för de unga och minimera felen. Verktyget testade en slumpmässig grupp på 250 elever från 12 kommuner där 110 gick i 6:an och 140 i 9:an. Verktyget visade att trots att elever tillbringar större delen av sin tid online med olika enheter och applikationer är de inte tillräckligt säkra, vilket utgör en risk för dem. Dessutom var majoriteten av eleverna intresserade av att få utbildning i cybersäkerhet och väldigt få fick det i skolorna trots att det står i styrdokumenten för teknikämnet.

Technology subject

course syllabus

subject syllabus

cybersecurity

Swedish experts

cyber risks and attacks

evaluation tool

students

lower secondary schools

upper secondary schools

Teknikämne

kursplan

ämnesplan

cybersäkerhet

svenska experter

cyberrisker och attacker

utvärderingsverktyg

elever

grundskolor

gymnasieskolor

Other Engineering and Technologies

Annan teknik

Learning

Lärande