Összefoglalás.
A ma vállalata dinamikusan változó üzleti és kockázati környezetben működik, behálózzák az információs és kommunikációs technológiák. Mindez a biztonság területén is felkészültséget igényel. A sikeres vállalati működés fontos pillére a kívánt biztonsági szint megteremtése és fenntartása. Jelen tanulmány szakértői kutatás eredményeit tartalmazza, és a megalapozott elmélet módszertana alapján készült. A kutatás a nyereségorientált vállalatok szemszögéből vizsgálja a biztonság kérdéskörét, javaslatokat tesz, eszközöket mutat ebben a dinamikus és innovatív környezetben a biztonsági kérdések kezelésére, és azonosítja a vállalatot behálózó belső kontrollrendszer, az ún. vállalati biztonsági háló meghatározó tényezőit. A kutatás lényeges megállapítása, hogy a vállalati biztonsági háló kulcseleme a vezetői elkötelezettség.
Summary.
A company of these days operates in a dynamically changing business- and risk environment, surrounded by information and communication technologies; all this calls for thorough grounding in the field of security. This study contains the results of expert research and was prepared based on the methodology of grounded theory. The research examines the matter of security from the perspective of profit-oriented companies; makes suggestions and shows tools on how to ensure the smooth handling of security matters in this dynamic and innovative environment, and furthermore identifies what is the determining factor in the digital age behind the operation of the internal control system that encompasses the company, the so-called corporate safety-net. Security represents value for companies, its economic benefit must be shown to decision-makers. Resiliency is important from business and security perspective as well.
The safe operation of business processes requires the appropriate management of related risks, i.e., controlled processes, tools, or appropriate management of human risks are necessary. A network-like relationship can be identified between the key factors of corporate security. Safe operation requires safety-conscious, and rule-following behaviour of the human factors. Staying up-to-date in the digital era requires both up-to-date digital technology solutions and up-to-date users and developers of the solutions. This can be ensured through continuous learning and development. The security aspects of digital transformation projects should be diligently managed from the very beginning of the development process of the digital solution, as well as people should accept and support the changes. The design and operational testing of controls are the keys to ensure safe operation later on.
The key finding of the research is that the key element of the corporate safety-net is top management commitment that is the most important factor determining a company’s safety culture and corporate security.
Anderson, D. J., & Eubanks, G. (2015) Governance and Internal Control. Leveraging COSO across The Three Lines of Defense The Institute of Internal Auditors, https://riskcue.id/uploads/ebook/20211013105542-2021-10-13ebook105459.pdf
Aven, T., & Ylönen, M. (2019) The strong power of standards in the safety and risk fields: A threat to proper developments of these fields?, Reliability Engineering & System Safety, Vol. 189. No. September 2019. pp. 279–286. https://doi.org/10.1016/j.ress.2019.04.035
Barabási A-L. (2006) A hálózatok tudománya: a társadalomtól a webig. Magyar Tudomány, Vol. 167. No. 11. pp. 1298–1308, http://www.matud.iif.hu/06nov/03.html
Charmaz, K. (2000) Grounded theory: Objectivist and constructivist methods. 2nd edition, Sage Publications, London
Committee of Sponsoring Organizations of the Treadway Commission (COSO) (2004) Enterprise Risk Management - Integrated Framework Executive Summary, https://www.coso.org/_files/ugd/3059fc_1df7d5dd38074006bce8fdf621a942cf.pdf
Committee of Sponsoring Organizations of the Treadway Commission (COSO) (2013a) Internal Control - Integrated Framework Executive Summary, https://www.coso.org/_files/ugd/3059fc_1df7d5dd38074006bce8fdf621a942cf.pdf
Committee of Sponsoring Organizations of the Treadway Commission (COSO) (2013b) COSO Internal Control – Integrated Framework Principles. https://www.coso.org/_files/ugd/3059fc_1df7d5dd38074006bce8fdf621a942cf.pdf
Corrales-Estrada, A. M., Gómez-Santos, L. L., Bernal-Torres, C. A., & Rodriguez-López, J. E. (2021) Sustainability and Resilience Organizational Capabilities to Enhance Business Continuity Management: A Literature Review. Sustainability, Vol. 13. No. 15. p. 8196. https://doi.org/10.3390/su13158196
DAMA International (2017) Guide to the Data Management Body of Knowledge. 2nd edition. (DAMA-DMBOK2) Data Management Body of Knowledge (DMBoK) Adatmenedzsment Tudásanyag. Technics Publications
Dionne, G. (2019) Corporate Risk Management: Theories and Applications. John Wiley & Sons, Incorporated
Ekler, P., & Pásztor, D. (2020) Alkalmazott mesterséges intelligencia felhasználási területei és biztonsági kérdései – Mesterséges intelligencia a gyakorlatban. Scientia et Securitas, Vol. 1. No. 1. pp. 35–42., https://doi.org/10.1556/112.2020.00006
Európai Parlament és a Tanács (EU) 2016/679 rendelete a természetes személyeknek a személyes adatok kezelése tekintetében történő védelméről és az ilyen adatok szabad áramlásáról, valamint a 95/46/EK irányelv hatályon kívül helyezéséről (angolul: General Data Protection Regulation, röviden: GDPR)
Gasparetz, A. (szerk.) (2011) Irodamenedzsment. (Bürotika oktatási segédlet.)
Glaser, B. (1992) Basics of Grounded Theory Analysis. Mill Valley, CA, Sociology Press
Glaser, B. G., Anselm L., & Strauss, A. L. (1967) The Discovery of Grounded Theory. New York, Aldine
Glaser, B. G., & Strauss, A. L. (1965) Awareness of Dying. Chicago, Aldine
Haes, S. De, Grembergen, W. van, Debreceny, R. S. (2013) COBIT 5 and Enterprise Governance of Information Technology: Building Blocks and Research Opportunities, June 2013, Journal of Information Systems, Vol. 27. No. 1. pp. 307–324. https://doi.org/10.2308/isys-50422
Hall, J. (2007) Internal Auditing and ERM: Fitting in and Adding Value. The Institute of Internal Auditors Research Foundation. https://global.theiia.org/about/about-the-iia/Public%20Documents/Sawyer_Award_2007.pdf
Institute of Internal Auditors (IIA) (2020) The IIA’s three lines model. https://www.theiia.org/globalassets/documents/resources/the-iias-three-lines-model-an-update-of-the-three-lines-of-defense-july-2020/three-lines-model-updated-english.pdf
ISACA (2012) Control Objectives for Information and related Technology - COBIT 5
ISACA (2019) Control Objectives for Information and related Technology - COBIT 2019
ISO 9000 Family Quality management
ISO 9001:2015 Quality management systems – Requirements
ISO 22301:2019 Security and resilience – Business continuity management systems – Requirements
ISO 31000:2018 Risk management – Guidelines
ISO/IEC 27000 Family information security management
ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection – Information security management systems – Requirements
ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection – Information security controls
Kelemenné Erdős, A. (2014) A közforgalmú közlekedési szolgáltatás és piac vizsgálata marketing és fenntarthatósági nézőpontból. Budapest, Budapesti Műszaki és Gazdaságtudományi Egyetem.
Kemendi, Á. (2022a) A biztonság hálózata – a kontrollok biztonsági hálózata. Jelenkori Társadalmi és Gazdasági Folyamatok, Vol. 17. No. 1–2. pp. 77–90. https://doi.org/10.14232/jtgf.2022.1-2.77-90
Kemendi, A. (2022b) Integrált kockázatkezelés. Biztonságtudományi Szemle, Vol. 4. No. 1. pp. 43–61.
Kemendi, Á. (2023) Humán kockázatok hálózatkutatási szempontból. Belügyi Szemle, Vol. 71. No. 2. pp. 317–334. https://doi.org/10.38146/BSZ.2023.2.8
Kemendi, Á., Michelberger, P., & Mesjasz-Lech, A. (2021) ICT security in businesses-efficiency analysis. Entrepreneurship and Sustainability Issues, Vol 9. No. 1. pp. 123–149. https://doi.org/10.9770/jesi.2021.9.1(8)
Kemendi, Á., Michelberger, P., & Mesjasz-Lech, A. (2022a) Industry 4.0 and 5.0 – Organizational and competency challenges of enterprises. Polish Journal of Management Studies, Vol. 26. No. 2. pp. 209–232. https://doi.org/10.17512/pjms.2022.26.2.13
Kemendi, A., Michelberger, P., & Mesjasz-Lech, A. (2022b) Corporate risk management: Development and applications. An international serial publication for theory and practice of Management Science, Vol. 18. No. 1. pp. 85–100.
Mills, J., Bonner, A., & Francis, K. (2006) The development of constructivist grounded theory. International Journal of Qualitative methods, Vol. 5. No. 1. pp. 25–35.
Mitev, A. Z. (2012) Grounded theory, a kvalitatív kutatás klasszikus mérföldköve (Grounded theory, the classic milestone of qualitative research). Vezetéstudomány – Budapest Management Review, Vol. 43. No. 1. pp. 17–30. https://doi.org/10.14267/VEZTUD.2012.01.02
Pandit, N. R. (1996) The Creation of Theory: A Recent Application of the Grounded Theory Method. The Qualitative Report, Vol. 2 No. 4. pp. 1–15. https://doi.org/10.46743/2160-3715/1996.2054
Patton, M. Q. (2002) Two decades of developments in qualitative inquiry: A personal, experiential perspective. Qualitative Social Work: Research and Practice, Vol. 1. No. 3. pp. 261–283. https://doi.org/10.1177/1473325002001003636
Patton, M. Q. (1999) Enhancing the quality and credibility of qualitative analysis. Health Services Research, Vol. 34. No. 5. Part 2. pp. 1189–1208.
Project Management Institute (2020) Projektmenedzsment útmutató. Budapest, Akadémiai Kiadó. https://doi.org/10.1556/9789634545019
Richardson, G. E., Neiger, B. L., Jensen, S., & Kumpfer, K. L. (1990) The Resiliency Model, Health Education, Vol. 21. No. 6. pp. 33–39. https://doi.org/10.1080/00970050.1990.10614589
Schneier, B. (2003) Beyond Fear – Thinking Sensibly about Security in an Uncertain World. Springer-Verlag Copernicus Books. https://doi.org/10.1007/0-387-21712-6_8
Staller, K. M. (2021) Big enough? Sampling in qualitative inquiry. Qualitative Social Work, Vol. 20. No. 4. pp. 897–904. https://doi.org/10.1177/14733250211024516
Technical Department of ENISA Section Risk Management ENISA (2006) Risk Management - Principles and Inventories for Risk Management / Risk Assessment methods and tools
Timmermans, S., & Tavory, I. (2007) Advancing ethnographic research through grounded theory practice. Handbook of Grounded Theory, pp. 493–513.
Timmermans, S., & Tavory, I. (2012) Theory Construction in Qualitative Research: From Grounded Theory to Abductive Analysis. Sociological Theory, Vol. 30 No. 3. pp. 167–186. https://doi.org/10.1177/0735275112457914