Internet security threats and solutions

14 July 2015

M.Com. (Computer Auditing) / Please refer to full text to view abstract

Internet - Security measures

Implementation, management and dissemination of information security : an organisational perspective of financial institution

Alhayani, Abdullah

January 2013

The objective of this thesis is to investigate the significant perceived security threats against information security systems (ISS) for information systems (IS) in Saudi organisations. An empirical survey using a self-administered questionnaire has been carried out to achieve this objective. The survey results revealed that almost half of the responded Saudi organisations have suffered financial losses due to internal and external IS security breaches. The statistical results further revealed that accidental and intentional entry of bad data; accidental destruction of data by employees; employees' sharing of passwords; introduction of computer viruses to IS; suppression and destruction of output; unauthorised document visibility; and directing prints and distributed information to people who are not entitled to receive are the most significant perceived threats to IS in Saudi organisations. Accordingly, it is recommended to strengthen the security controls over the above weakened security areas and to enhance the awareness of IS security issues among Saudi companies to achieve better protection to their IS.

005.8

Stakeholder ; Security policy

Euro-Mediterranean securitization and EU foreign and defence policy : challenges for Mediterranean regional security

Vieira, Telmo J.

January 2009

The emergence of the European Union (EU) as an international actor is an important development for Europeans, but also for the international community. The EU constitutes a new actor in international affairs. It goes beyond the nation state and seeks to construct a new international order based on rules. This new international actor must deal with a complex security environment, in particular in the Mediterranean region. This thesis seeks to determine how security perceptions in the region will influence the EU’s roles and responsibilities in the Mediterranean region as a new security actor. A detailed analysis of security discourse from both the EU and Southern Mediterranean shows that there are similar security concerns throughout the Mediterranean. Issues like terrorism or illegal immigration are securitised across the region, whereas issues like regional conflicts or weapons of mass destruction are considered security threats in specific areas, in particular the Eastern Mediterranean. Furthermore, security discourse also coexists with strong references to a common Mediterranean identity. This sharing of security perceptions and references to a common identity allows us to conclude that there is indeed a regional security complex in the Mediterranean. After determining the existence of a regional security complex in the Mediterranean, an analysis of the individual actors participating in the Euro- Mediterranean RSC, at different levels, was conducted. This analysis shows that the EU occupies a central role in the region as a global great power. Moreover, an analysis of the RSC in the Mediterranean region shows that it is an unstable security complex, susceptible to internal and external transformation in the medium to long term. As such, the EU could play a more substantial role in the Mediterranean, exercising greater influence to stabilise the region; leading the region away from instability and moving it towards a more institutional framework for conflict resolution. In this role, the EU will need to be more active throughout the region, especially in the Eastern Mediterranean. It must assume its position as a great power but with its particular capabilities and characteristics. The EU must then emphasise mediation and regional integration, including south-south integration in its policies towards the Southern Mediterranean.

355

Mediterranean Regional Security

Metrics for assessing adaptive capacity and water security: Common challenges, diverging contexts, emerging consensus

Garfin, Gregg, Varady, Robert, Merideth, Robert, Wilder, Margaret O., Scott, Christopher

10 November 2016

The rapid pace of climate and environmental changes requires some degree of adaptation, to forestall or avoid severe impacts. Adaptive capacity and water security are concepts used to guide the ways in which resource managers plan for and manage change. Yet the assessment of adaptive capacity and water security remains elusive, due to flaws in guiding concepts, paucity or inadequacy of data, and multiple difficulties in measuring the effectiveness of management prescriptions at scales relevant to decision-making. We draw on conceptual framings and empirical findings of the articles in this special issue and seek to respond to key questions with respect to metrics for the measurement, governance, information accessibility, and robustness of the knowledge produced in conjunction with ideas related to adaptive capacity and water security. Three overarching conclusions from this body of work are (a) systematic cross-comparisons of metrics, using the same models and indicators, are needed to validate the reliability of evaluation instruments for adaptive capacity and water security, (b) the robustness of metrics to applications across multiple scales of analysis can be enhanced by a “metrics plus” approach that combines well-designed quantitative metrics with in-depth qualitative methods that provide rich context and local knowledge, and (c) changes in the governance of science-policy can address deficits in public participation, foster knowledge exchange, and encourage the co-development of adaptive processes and approaches (e.g., risk-based framing) that move beyond development and use of static indicators and metrics.

adaptive capacity

water security

Analysis of security solutions in large enterprises

Bailey, Carmen F.

06 1900

Approved for public release; distribution is unlimited / The United States Government and private industry are facing challenges in attempting to secure their computer network infrastructure. The purpose of this research was to capture current lessons learned from Government and Industry with respect to solving particular problems associated with the secure management of large networks. Nine thesis questions were generated to look at common security problems faced by enterprises in large networks. Research was predominantly gathered through personal interviews with professionals in the computer security area from both the public and private sector. The data was then analyzed to compile a set of lessons learned by both the public and private sector regarding several leading computer security issues. Some of the problems were challenges such as maintaining and improving security during operating systems upgrades, analyzing lessons learned in configurations management, employee education with regards to following policy and several other challenging issues. The results of this thesis were lessons learned in the areas of employee education, Government involvement in the computer security area and other key security areas. An additional result was the development of case studies based upon the lessons learned. / Naval Postgraduate School author (civilian).

Computer networks

Security measures

The role of the Partnership for Peace Program and the State Partnership Program in the process of NATO enlargement : the case of the Hungarian-Ohio cooperation

Babos, Tibor, Royer, Linda M.

06 1900

The end of the Cold War created new challenges and opportunities for European Security. The power vacuum that was left by the disappearance of the Warsaw Pact needed to be addressed quickly and pragmatically to ensure the democratization of the former Eastern Block nations. Also, recent developments in World Security such as increased Terrorism and Military Operations Other Than War have forced NATO and other Transatlantic Security Institutions to adapt to a new way of thinking, operating and cooperating. This thesis identifies some of the most recent political and security procedures of NATO, other various Transatlantic Security Institutions and the National Guard State Partnership Program to aide these nascent democracies. This thesis focuses on Hungary.s successful experience of obtaining NATO membership via the Partnership for Peace Programme and State Partnership Program as a case-study. / Approved for public release; distribution unlimited / Major, Ohio Air National Guard / Major, Hungarian Army

National security

Hungary

The role of the National Security and Defense Council of Ukraine in political decision-making process

Syvak, Oleksiy

03 1900

Approved for public release; distribution is unlimited / The thesis examines the National Security and Defense Council of Ukraine (NSDC) and its role in the political decision-making process. Within the context of the post-Soviet period, this research analyzes the development of the NSDC's influence on political process in Ukraine since 1994. In addition, the thesis evaluates the place of the National Security and Defense Council of Ukraine and, in particular, of its Secretary in Ukrainian government. The present research analyzes and compares the experience of leading East-European and former Soviet Union countries as well as that of the United States of America in resolving the issues of national security policy. This study also makes suggestions about how to apply those experiences to the Ukrainian situation. The purpose of this thesis is to define the potential of the National Security and Defense Council as an actor of the Ukrainian political arena, and to find the strengths and weaknesses of the NSDC. The offered conclusions refer to the factors that undermine the NSDC's practical power in the political realm, conditions under which one might expect changes to the Council's contemporary role in the Ukrainian government, and the experiences of national security institutions of other countries and their application to the NSDC. / Civilian, Ukrainian Government Employee

National security

Ukraine

Metric methodology for the creation of environments and processes to certify a component : specifically the Naval Research Laboratory Pump

Rich, Ronald P., Holmgren, Jonathan S.

03 1900

This thesis was completed in cooperation with the Cebrowski Institute for Information Innovation and Superiority. / Approved for public release; distribution is unlimited / A of the NP, but the key requirement for Certification and Accreditation is the creation of a Protection Profile and an understanding of the DITSCAP requirements and process. This thesis creates a Protection Profile for the NP along with a draft Type SSAA for Certification and Accreditation of the NP. / Lieutenant, United States Navy / Lieutenant, United States Navy

Computer security

United States

Fitting an information security architecture to an enterprise architecture

19 May 2009

M.Phil. (Computer Science) / Despite the efforts at international and national level, security continues to pose challenging problems. Firstly, attacks on information systems are increasingly motivated by profit rather than by the desire to create disruption for its own sake. Data are illegally mined, increasingly without the user’s knowledge, while the number of variants (and the rate of evolution) of malicious software (malware) is increasing rapidly. Spam is a good example of this evolution. It is becoming a vehicle for viruses and fraudulent and criminal activities, such as spyware, phishing and other forms of malware. Its widespread distribution increasingly relies on botnets, i.e. compromised servers and PCs used as relays without the knowledge of their owners. The increasing deployment of mobile devices (including 3G mobile phones, portable videogames, etc.) and mobile-based network services will pose new challenges, as IP-based services develop rapidly. These could eventually prove to be a more common route for attacks than personal computers since the latter already deploy a significant level of security. Indeed, all new forms of communication platforms and information systems inevitably provide new windows of opportunity for malicious attacks. In order to successfully tackle the problems described above, a strategic approach to information security is required, rather than the implementation of ad hoc solutions and controls. The strategic approach requires the development of an Information Security Architecture. To be effective, an Information Security Architecture that is developed must be aligned with the organisation’s Enterprise Architecture and must be able to incorporate security into each domain of the Enterprise Architecture. This mini dissertation evaluates two current Information Security Architecture models and frameworks to find an Information Security Architecture that aligns with Eskom’s Enterprise Architecture.

Computer security

Computer architecture

Some Novice methods for Software Protection with Obfuscation

Aravalli, SaiKrishna

15 December 2006

Previously software is distributed to the users by using devices like CD.S and floppies and in the form of bytes. Due to the high usage of internet and in order to perform the tasks rapidly without wasting time on depending physical devices, software is supplied through internet in the form of source code itself. Since source code is available to the end users there is a possibility of changing the source code by malicious users in order to gain their personnel benefits which automatically leads to malfunctioning of the software. The method proposed in this thesis is based on the concept of using hardware to protect the software. We will obfuscate the relation between variables and statements in the software programs so that the attacker can not find the direct relation between them. The method combines software security with code obfuscation techniques, uses the concepts of cryptography like hashing functions and random number generators.

computers

software

security