• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 271
  • 93
  • 86
  • 83
  • 15
  • 13
  • 9
  • 8
  • 8
  • 8
  • 7
  • 6
  • 3
  • 2
  • 2
  • Tagged with
  • 781
  • 781
  • 202
  • 199
  • 161
  • 133
  • 121
  • 121
  • 104
  • 96
  • 92
  • 90
  • 85
  • 83
  • 77
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Establishing an information security awareness and culture

Korovessis, Peter January 2015 (has links)
In today’s business environment all business operations are enabled by technology. Its always on and connected nature has brought new business possibilities but at the same time has increased the number of potential threats. Information security has become an established discipline as more and more businesses realize its value. Many surveys have indicated the importance of protecting valuable information and an important aspect that must be addressed in this regard is information security awareness. The human component has been recognized to have an important role in information security since the only way to reduce security risks is through making employees more information security aware. This also means that employees take responsibility of their actions when dealing with information in their everyday activities. The research is concentrated mainly on information security concepts alongside their relation to the human factor with evidence that users remain susceptible to information security threats, thus illustrating the need for more effective user training in order to raise the level of security awareness. Two surveys were undertaken in order to investigate the potential of raising security awareness within existing education systems by measuring the level of security awareness amongst the online population. The surveys analyzed not only the awareness levels and needs of students during their study and their preparation towards entering the workforce, but also whether this awareness level changes as they progress in their studies. The results of both surveys established that the awareness level of students concerning information security concepts is not at a sufficient level for students entering university education and does not significantly change as they progress their academic life towards entering the workforce. In respect to this, the research proposes and develops the information security toolkit as a prototype awareness raising initiative. The research goes one step further by piloting and evaluating toolkit effectiveness. As an awareness raising method, the toolkit will be the basis for the general technology user to understand the challenges associated with secure use of information technology and help him assess its current knowledge, identify lacks and weaknesses and acquire the required knowledge in order to be competent and confident users of technology.
2

Personalising information security education

Talib, Shuhaili January 2014 (has links)
Whilst technological solutions go a long way in providing protection for users online, it has been long understood that the individual also plays a pivotal role. Even with the best of protection, an ill-informed person can effectively remove any protection the control might provide. Information security awareness is therefore imperative to ensure a population is well educated with respect to the threats that exist to one’s electronic information, and how to better protect oneself. Current information security awareness strategies are arguably lacking in their ability to provide a robust and personalised approach to educating users, opting for a blanket, one-size-fits-all solution. This research focuses upon achieving a better understanding of the information security awareness domain; appreciating the requirements such a system would need; and importantly, drawing upon established learning paradigms in seeking to design an effective personalised information security education. A survey was undertaken to better understand how people currently learn about information security. It focussed primarily upon employees of organisations, but also examined the relationship between work and home environments and security practice. The survey also focussed upon understanding how people learn and their preferences for styles of learning. The results established that some good work was being undertaken by organisations in terms of security awareness, and that respondents benefited from such training – both in their workplace and also at home – with a positive relationship between learning at the workplace and practise at home. The survey highlighted one key aspect for both the training provided and the respondents’ preference for learning styles. It varies. It is also clear, that it was difficult to establish the effectiveness of such training and the impact upon practice. The research, after establishing experimentally that personalised learning was a viable approach, proceeded to develop a model for information security awareness that utilised the already successful field of pedagogy and individualised learning. The resulting novel framework “Personalising Information Security Education (PISE)” is proposed. The framework is a holistic approach to solving the problem of information security awareness that can be applied both in the workplace environment and as a tool for the general public. It does not focus upon what is taught, but rather, puts into place the processes to enable an individual to develop their own information security personalised learning plan and to measure their progress through the learning experience.
3

Fast algorithms for public key cryptography

Han, Yong-Fei January 1996 (has links)
No description available.
4

Management of operational risks related to information security in financial organizations

Mehmood, Furhan, Rafique, Rajia January 2010 (has links)
<p><strong>Date</strong>: 30<sup>th</sup> May 2010</p><p><strong>Authors</strong>: Rajia Rafique, Furhan Mehmood</p><p><strong>Tutor:</strong> Dr. Michael Le Duc, Dr. Deepak Gupta</p><p><strong>Title:</strong> Management of Operational Risks related to Information Security in Financial Organizations</p><p><strong>Introduction: </strong>Information security is very significant for organizations, especially for financial organizations where customer information and their satisfaction are considered the most important assets for financial organizations. Therefore customer information must be sustained from information security breaches in order to satisfy customers. Financial organizations use their customer’s information several times a day to deal with different operations. These operations contain several types of risks. Operational risks related to information security are becoming sensational for financial organizations. Financial organizations concentrate to reduce the exposure of operational risk related to information security because these risks can affect the business to a great extent. Financial organizations need such policies and techniques which can be used to reduce the exposure of operational risk and to enhance information security. Several authors discuss about several types of operational risk related to information security, and several authors discuss about the techniques to avoid these risks in order to enhance information security.</p><p><strong>Problem:</strong> Investigate the concept of Operational Risks related to Information Security and how it is perceived in Financial Organization?<strong><em> </em></strong></p><p><strong>Purpose: </strong>The aspiration of writing this report is to describe and analyze operational risks related to information security in financial organizations and then to present some suggestions in form of polices or techniques which can be used by financial organizations to enhance their information security.</p><p><strong>Method:</strong> Since the type of our thesis is Qualitative based, therefore exploratory research approach is used to carry out research. Authors tried to use secondary source of information as well as primary source of information in order to get maximum knowledge about the topic and to come up with maximum possible output.</p><p><strong>Target Audience</strong></p><p>The target audience in our mind for this paper consists of both, academic readers and professionals who have interest and some knowledge about information security and operational risks. Target audience for this research work includes professionals, academic readers and both investigated organizations (NCCPL and CDC).</p><p><strong>Conclusion</strong></p><p>By critically analyzing the literature written by various authors and the worthy information provided by our primary sources gave us the opportunity to develop a solution to keep the operations secure from risks and to fix the current problems related to information security. We found that there are different types of operational risks related to information security which can affect the business of financial organizations and there are various techniques which can be used by financial organizations to solve the current issue related to operational risks in order to enhance information security. It was also found that top management in financial organizations is interested in issues about information security operational risk and they showed their keen interest in adopting new effective techniques.</p><p><strong>Keywords:</strong> Information Security, Information Security Risks, Operational Risks, Operational Risk Management, Operational Risks in Financial Organizations.</p>
5

Management of operational risks related to information security in financial organizations

Mehmood, Furhan, Rafique, Rajia January 2010 (has links)
Date: 30th May 2010 Authors: Rajia Rafique, Furhan Mehmood Tutor: Dr. Michael Le Duc, Dr. Deepak Gupta Title: Management of Operational Risks related to Information Security in Financial Organizations Introduction: Information security is very significant for organizations, especially for financial organizations where customer information and their satisfaction are considered the most important assets for financial organizations. Therefore customer information must be sustained from information security breaches in order to satisfy customers. Financial organizations use their customer’s information several times a day to deal with different operations. These operations contain several types of risks. Operational risks related to information security are becoming sensational for financial organizations. Financial organizations concentrate to reduce the exposure of operational risk related to information security because these risks can affect the business to a great extent. Financial organizations need such policies and techniques which can be used to reduce the exposure of operational risk and to enhance information security. Several authors discuss about several types of operational risk related to information security, and several authors discuss about the techniques to avoid these risks in order to enhance information security. Problem: Investigate the concept of Operational Risks related to Information Security and how it is perceived in Financial Organization? Purpose: The aspiration of writing this report is to describe and analyze operational risks related to information security in financial organizations and then to present some suggestions in form of polices or techniques which can be used by financial organizations to enhance their information security. Method: Since the type of our thesis is Qualitative based, therefore exploratory research approach is used to carry out research. Authors tried to use secondary source of information as well as primary source of information in order to get maximum knowledge about the topic and to come up with maximum possible output. Target Audience The target audience in our mind for this paper consists of both, academic readers and professionals who have interest and some knowledge about information security and operational risks. Target audience for this research work includes professionals, academic readers and both investigated organizations (NCCPL and CDC). Conclusion By critically analyzing the literature written by various authors and the worthy information provided by our primary sources gave us the opportunity to develop a solution to keep the operations secure from risks and to fix the current problems related to information security. We found that there are different types of operational risks related to information security which can affect the business of financial organizations and there are various techniques which can be used by financial organizations to solve the current issue related to operational risks in order to enhance information security. It was also found that top management in financial organizations is interested in issues about information security operational risk and they showed their keen interest in adopting new effective techniques. Keywords: Information Security, Information Security Risks, Operational Risks, Operational Risk Management, Operational Risks in Financial Organizations.
6

Biometrics - Evaluation of Current Situation

Zahidi, Salman January 2011 (has links)
Information security has always been a topic of concern in the world as an emphasis on new techniques to secure the identity of a legitimate user is regarded as top priority. To counter such an issue, we have a traditional way of authentication factors “what you have” and “what you know” in the form of smart cards or passwords respectively. But biometrics is based on the factor “who are you” by analyzing human physical or behavioral characteristics. Biometrics has always been an efficient way of authorization and is now considered as a $1500 million industry where fingerprints dominate the biometrics while iris is quickly emerging as the most desirable form of biometric technique.The main goal of this thesis is to compare and evaluate different biometrics techniques in terms of their purpose, recognition mechanism, market value and their application areas. Since there are no defined evaluating criteria, my method of evaluation was based on a literature survey from internet, books, IEEE papers and technical surveys. Chapter 3 is focused on different biometrics techniques where I discuss them briefly but in chapter 4, I go deeper into Iris, fingerprints, facial techniques which are prominent in biometrics world. Lastly, I had a general assessment of the biometrics, their future growth and suggested specific techniques for different environment like access controls, e-commerce, national ids, and surveillance.
7

Enterprise Information Security - Backup Systems Planning and Practice

Lin, Gary 05 July 2002 (has links)
It is well understood that competitiveness is the foundation of business. Efficient information acquisition, distribution and protection proves to not only improve business¡¦ competitiveness but also extend business value to both business partners and customers. Consequently, Information Security has been the rigorous and sustaining challenge to the business. Thanks to the booming evolution of information technology, business nowadays has proliferated it widely for business operations. Sept 11 catastrophe in US has brought to business a significant yet unforeseen impact ¡V information security reassessment on both backup systems and disaster recovery planning. This document aims at exploring the status quo of domestic enterprises in this regard as well as possible obstacles of the implementation. Through field research and thorough understanding, we¡¦ve observed the differentiation among the industries we investigated. Meanwhile, we hoped to come out some solid recommendations and awareness to the business by applying generally acknowledged standard ¡V BS7799 rules and policies. With that in mind, enterprises then would be able to move themselves faster toward globalization. For a long time, IT professionals tend to use tape or jukebox as primary data backup media. Today, we can only rely on those tools for alternatives. By current working field, I¡¦m taking the advantage by introducing high-level technologic system frameworks, practices and experiences from international key players in this field. Enterprises are also recommended to start the ¡§BIA ¡V Business Impact Analysis¡¨ to outline a proper DR and Contingency Plan for the sake of substantial and continual support to business interests and long-term benefits!
8

Discovery and Evaluation of Finite State Machines in Hardware Security

Geist, James 01 January 2023 (has links) (PDF)
In the decades since the invention of the integrated circuit (IC), IC's have become ubiquitous, complex, and networked. High transistor density and the low cost of production at scale have made it economically feasible to use complex custom IC's in almost any engineering application. While IC's provide a powerful tool for solving many engineering problems, the low cost comes from outsourcing production and reusing existing design components. Both of these dependencies introduce security risk; unwanted functionality may be inserted either from opaque third party libraries used in a design or by any outside vendor involved in the fabrication process. As it is far easier to verify that specified functionality works as intended than to discover unwanted functionality, verifying that a design has not been tampered with is an important, difficult problem. In stateful designs, Finite State Machines (FSM's) choreograph the operation of the design. With knowledge of the primary inputs and the current state, an FSM instructs other subsystems what to do next. Given this central role, an FSM is an obvious target for malicious exploitation. A bad actor can add states to an FSM that may only be entered via a non-obvious sequence of inputs; these states may then leak information via a side channel, or corrupt operation of the device in a denial of service attack. Such exploitation can be avoided both proactively and reactively. This dissertation introduces methods for discovering, extracting, modifying, and analyzing FSM's in post-compilation netlists. Such netlists may be acquired either in house directly after a design is compiled, or recovered by microscopy techniques post-fabrication. This dissertation introduces several methods applicable to the problem. In order to study FSM's in a netlist, the FSM's must first be located. One method to find FSM's is to search for the control signals which drive it. A proposed algorithm for discovering control signals, RELIC-FUN, provides more accurate results than other algorithms on specific designs. Once an FSM is discovered, state transition enumeration is key to comparing the FSM's behavior to the original design. This dissertation introduces two new tools, RECUT and REFSM-SAT, which provide significantly better performance than existing enumeration algorithms. Noting that FSM's, both structurally and semantically, are graph theoretical constructs, a new graphical environment, NetViz, is introduced. NetViz is an environment for hardware security which allows chaining of analysis algorithms and graphical display of, and interaction with, analysis results. Finally, an existing logic locking algorithm, SANSCrypt, is shown to be insecure due to structural FSM analysis techniques.
9

A Semi-Autonomous Credit/Debit Card Transaction Fraud Defense Framework for Online Merchants

Laurens, Roy 01 January 2023 (has links) (PDF)
The majority of online credit/debit card fraud research focuses on the defense by back-end entities, such as card issuer or processor (i.e., payment processing company), and overlooks the fraud defense initiated by online merchants. This is problematic because the merchants – especially online merchants – are the ones generally held responsible for covering any loss due to transaction fraud. Thus they have a great incentive to detect and defend against card fraud. But at the same time, compared with card issuers, they also lack access to large samples needed for data mining (such as existing purchase data of a cardholder). This dissertation presents a novel semi-autonomous framework for online merchants to defend against such fraud by utilizing three interrelated components: a supervised classifier based on existing fraud pattern and our newly developed DNS fingerprinting, an unsupervised anomaly detection method using diversity index, and a novel soft descriptor based verification system. The classifier and the anomaly detection work together to allow our framework to detect known fraud patterns and adapt to the previously undetected patterns. Afterward, suspicious transactions can be autonomously verified by requesting the customer to provide a unique identifier that was previously embedded in the soft descriptor during the card transaction processing. This verification process greatly improves fraud detection accuracy without adding a burden on most legitimate customers. Our framework can be readily implemented and we have deployed several aspects of our framework at a real-world e-commerce Merchant website, with the real testing results explained in this dissertation.
10

Towards Secure and Trustworthy IoT Systems

Luo, Lan 01 January 2022 (has links) (PDF)
The boom of the Internet of Things (IoT) brings great convenience to the society by connecting the physical world to the cyber world, but it also attracts mischievous hackers for benefits. Therefore, understanding potential attacks aiming at IoT systems and devising new protection mechanisms are of great significance to maintain the security and privacy of the IoT ecosystem. In this dissertation, we first demonstrate potential threats against IoT networks and their severe consequences via analyzing a real-world air quality monitoring system. By exploiting the discovered flaws, we can impersonate any victim sensor device and polluting its data with fabricated data. It is a great challenge to fight against runtime software attacks targeting IoT devices based on microcontrollers (MCUs) due to the heterogeneity and constrained computational resources of MCUs. An emerging hardware-based solution is TrustZone-M, which isolates the trusted execution environment from the vulnerable rich execution environment. Though TrustZone-M provides the platform for implementing various protection mechanisms, programming TrustZone-M may introduce a new attack surface. We explore the feasibility of launching five exploits in the context of TrustZone-M and validate these attacks using SAM L11, a Microchip MCU with TrustZone-M enabled. We then propose a security framework for IoT devices using TrustZone-M enabled MCUs, in which device security is protected in five dimensions. The security framework is implemented and evaluated with a full-fledged secure and trustworthy air quality monitoring device using SAM L11 as its MCU. Based on TrustZone-M, a function-based ASLR (fASLR) scheme is designed for runtime software security of IoT devices. fASLR is capable of trapping and modifying control flow upon a function call and randomizing the callee function before its execution. Evaluation results show that fASLR achieves high entropy with low overheads.

Page generated in 0.0295 seconds