Global ETD Search

241	Porovnání výuky informační a kybernetické bezpečnosti v České republice a Jižní Koreji s návrhy na zlepšení / Comparison of education information and cybernetic security in Czech republic and South Korea with suggestions for improvement Šisler, Marcel January 2020 (has links) This diploma thesis deals with a suggestions to improve the current state of education information and cyber security in the Czech Republic. These suggestions are from a comparison of education at the Brno University of Technology - Faculty of Business and Hallym University in South Korea. Another part is the analysis of trends in the field of cyber attacks and comparison of this area between the Czech Republic and South Korea.
242	Cybersecurity framework for cloud computing adoption in rural based tertiary institutions Patala, Najiyabanu Noormohmed 18 May 2019 (has links) MCom (Business Information Systems) / Department of Business Information Systems / Although technology is being progressively used in supporting student learning and enhancing business processes within tertiary institutions, certain aspects are hindering the decisions of cloud usage. Among many challenges of utilizing cloud computing, cybersecurity has become a primary concern for the adoption. The main aim of the study was to investigate the effect of cloud cyber-security usage at rural based tertiary institutions in order to compare the usage with an urban-based institution and propose a cybersecurity framework for adoption of cloud computing cybersecurity. The research questions focused on determining the drivers for cloud cybersecurity usage; the current adoption issues; how cybersecurity challenges, benefits, and quality affects cloud usage; the adoption perceptions and awareness of key stakeholders and identifying a cloud cybersecurity adoption framework. A quantitative approach was applied with data collected from a simple random sample of students, lecturers, admin and IT staff within the tertiary institutions through structured questionnaires. The results suggested compliance with legal law as a critical driver for cloud cybersecurity adoption. The study also found a lack of physical control of data and harmful activities executed on the internet as challenges hampering the adoption. Prevention of identity fraud and cheaper security costs were identified as benefits of adoption. Respondents found cloud cybersecurity to be accurate and effective, although most of the students and employees have not used it. However, respondents were aware of the value of cybersecurity adoption and perceive for it to be useful and convenient, hence have shown the intention of adopting it. There were no significant elements identified to differentiate the perceptions of usage at rural and urban-based tertiary institutions. The results of the study are to be used for clarifying the cybersecurity aspects of cloud computing and forecasting the suitability cloud cybersecurity within the tertiary institutions. Recommendations were made on how tertiary institutions and management can promote cloud cybersecurity adoption and how students, lecturers, and staff can effectively use cloud cybersecurity. / NRF Cloud computing adoption Cloud computing security Cloud cyber-security framework 005.57071168257 Computer networks -- Security measures. Security system
243	INTERNET OF THINGS SYSTEMS SECURITY: BENCHMARKING AND PROTECTION Naif S Almakhdhub (8810120) 07 May 2020 (has links) <div><p>Internet of Things (IoT) systems running on Microcontrollers (MCUS) have become a prominent target of remote attacks. Although deployed in security and safety critical domains, such systems lack basic mitigations against control-flow hijacking attacks. Attacks against IoT systems already enabled malicious takeover of smartphones, vehicles, unmanned aerial vehicles, and industrial control systems.</p></div><div><p> </p><div><p>The thesis introduces a systemic analysis of previous defense mitigations to secure IoT systems. Building off this systematization, we identify two main issues in IoT systems security. First, efforts to protect IoT systems are hindered by the lack of realistic benchmarks and evaluation frameworks. Second, existing solutions to protect from control-flow hijacking on the return edge are either impractical or have limited security guarantees. This thesis addresses these issues using two approaches. </p></div><div><p> </p></div><div><p>First, we present BenchIoT, a benchmark suite of five realistic IoT applications and an evaluation framework that enables automated and extensible evaluation of 14 metrics covering security, performance, memory usage, and energy. BenchIoT enables evaluating and comparing security mechanisms. Using BenchIoT, we show that even if two security mechanisms have similarly modest runtime overhead, one can have undesired consequences on security such as a large portion of privileged user execution.</p></div><div><p> </p></div><div><p>Second, we introduce Return Address Integrity (RAI), a novel security mechanism to prevent all control-flow hijacking attacks targeting return edges, without requiring special hardware. We design and implement μRAI to enforce the RAI property. Our results show μRAI has a low runtime overhead of 0.1% on average, and therefore is a</p></div><div><p>practical solution for IoT systems. </p></div><div><p> </p></div><div><p>This thesis enables measuring the security IoT systems through standardized benchmarks and metrics. Using static analysis and runtime monitors, it prevents control-flow hijacking attacks on return edges with low runtime overhead. Combined, this thesis advances the state-of-the-art of protecting IoT systems and benchmarking its security.</p></div></div> Computer Engineering Applied Computer Science Computer System Security Cyber security Computer Security System Security Software Security Embedded Systems Security IoT Security Internet of things(IoT) control-flow hijacking embedded systems Cybersecurity
244	Community-Based Intrusion Detection Weigert, Stefan 11 April 2016 (has links) Today, virtually every company world-wide is connected to the Internet. This wide-spread connectivity has given rise to sophisticated, targeted, Internet-based attacks. For example, between 2012 and 2013 security researchers counted an average of about 74 targeted attacks per day. These attacks are motivated by economical, financial, or political interests and commonly referred to as “Advanced Persistent Threat (APT)” attacks. Unfortunately, many of these attacks are successful and the adversaries manage to steal important data or disrupt vital services. Victims are preferably companies from vital industries, such as banks, defense contractors, or power plants. Given that these industries are well-protected, often employing a team of security specialists, the question is: How can these attacks be so successful? Researchers have identified several properties of APT attacks which make them so efficient. First, they are adaptable. This means that they can change the way they attack and the tools they use for this purpose at any given moment in time. Second, they conceal their actions and communication by using encryption, for example. This renders many defense systems useless as they assume complete access to the actual communication content. Third, their actions are stealthy — either by keeping communication to the bare minimum or by mimicking legitimate users. This makes them “fly below the radar” of defense systems which check for anomalous communication. And finally, with the goal to increase their impact or monetisation prospects, their attacks are targeted against several companies from the same industry. Since months can pass between the first attack, its detection, and comprehensive analysis, it is often too late to deploy appropriate counter-measures at businesses peers. Instead, it is much more likely that they have already been attacked successfully. This thesis tries to answer the question whether the last property (industry-wide attacks) can be used to detect such attacks. It presents the design, implementation and evaluation of a community-based intrusion detection system, capable of protecting businesses at industry-scale. The contributions of this thesis are as follows. First, it presents a novel algorithm for community detection which can detect an industry (e.g., energy, financial, or defense industries) in Internet communication. Second, it demonstrates the design, implementation, and evaluation of a distributed graph mining engine that is able to scale with the throughput of the input data while maintaining an end-to-end latency for updates in the range of a few milliseconds. Third, it illustrates the usage of this engine to detect APT attacks against industries by analyzing IP flow information from an Internet service provider. Finally, it introduces a detection algorithm- and input-agnostic intrusion detection engine which supports not only intrusion detection on IP flow but any other intrusion detection algorithm and data-source as well. info:eu-repo/classification/ddc/004 ddc:004
245	EXPLORING PHISHING SUSCEPTIBILITY ATTRIBUTABLE TO AUTHORITY, URGENCY, RISK PERCEPTION AND HUMAN FACTORS Priyanka Tiwari (9187496) 30 July 2020 (has links) <p>Security breaches nowadays are not limited to technological orientation. Research in the information security domain is gradually shifting towards human behavioral orientation toward breaches that target weaknesses arising from human behaviors (Workman et al., 2007). Currently, social engineering breaches are more effective than many technical attacks. In fact, the majority of cyber assaults have a social engineering component. Social Engineering is the art of manipulating human flaws towards a malicious objective (Breda et al., 2017). In the likely future, social engineering will be the most predominant attack vector within cyber security (Breda et al., 2017). Human failures, persuasion and social influences are key elements to understand when considering security behaviors. With the increasing concerns for social engineering and advancements in human factors-based technology, phishing emails are becoming more prevalent in exploiting human factors and external factors. Such factors have been researched upon in pairs, not overall. Till date, there is not much research done to identify the collaborative links between authority, urgency, risk perception and human factors such as personality traits, and knowledge. This study investigates about phishing email characters, external influences, human factors influences, and their collaborative effects. </p> Social and Community Informatics Computer-Human Interaction Social Engineering attacks Cyber Security Personality Traits Social Engineering Phishing Spear phishing Personality Framework Authority Urgency Risk Perception Cyber knowledge Elaboration Likelihood Model Human factors User susceptibility
246	RISKS AND CONSEQUENCES OF CYBER- ATTACKS AFFECTING DSO'S AND ELECTRICAL SUPPLIER’S BUSINESS PROCESSES IN THE SUPPLIER CENTRIC MODEL Gonzalez Hernandez, Rodrigo January 2016 (has links) There has been a motivated desire from different power system operators to have more systems embedded in computing and networking due to the great advantages of adding new capabilities that wasn't before possible. These advantages increased the power system’s up-time, performance and reduced its maintenance but opened a world of possible cyber-attacks. In January 2016, the Ukrainian electricity infrastructure suffered the first power outage caused by destructive malware that left hundreds and thousands of end-users without electricity during the Christmas holidays. Malicious malware are starting to cover cyber-physical systems that connect the physical technical equipment with the networked computational resources. One of these resources, which are currently being further developed, involves futuristic procedures for the electrical billing process. This means that data corruption could lead to both economical and physical consequences, leading to a decrease of the public's trust on metering equipments, the overall smart grid concept and the electricity market actors. The Nordic and Swedish electricity market is under transition to the Supplier Centric Model (SCM), a new market model, which facilitates the billing and payment towards the end-users and the interactions between electrical suppliers and Distribution System Operators (DSO). This model uses a centralized data service hub for information exchange that is owned and operated by the Swedish Transmission System Operator (TSO). Vattenfall IT has thus jointly with the department of Electric Power and Energy systems (EPE) at KTH launched this master thesis that focuses on the risks and consequences caused by cyber-attacks in the SCM. An adversary may cause unwanted actions by business process hacking or knowledge-based hacking by analyzing the business processes maps within the SCM One of the aims of the thesis was to identify the business process vulnerabilities and events of the DSO's and supplier’s business processes in the SCM if the system was under attack and when the power system operator was unaware that the presented data was corrupted. The outcome of the thesis will help improve the business process resilience against cyber-attacks thus leading to an increased trust in the SCM from the general public. Different related attack-scenarios (AS) were investigated to provide a generic solution for improvements to all relevant business service actors. The risks and consequences were found, analyzed and used for developing suggestive improvements for the Billing Business Process (BBP). / Det har funnits ett motiverat önskemål från olika elkraftsoperatörer att flera system inbäddas i datoranvändningen och nätverken på grund av de många fördelar och nya förmågor som inte var möjliga förut. Dessa förmågor ökade elkraftsystemens tillgänglighet, prestanda och minskade dess underhåll men öppnade en värld av möjliga cyber-attacker. Den Ukrainska elektriska infrastrukturen upplevde det första strömavbrottet orsakad av destruktiva skadeprogram som lämnade tusentals användare strömlösa under julen 2015. Skadeprogrammen har börjat täcka cyber-fysiska system som kopplar det fysiska tekniska utrustningen med de nätverskopplade beräkningsresurserna. En av dessa resurser, som för närvarande är under utveckling, involverar framtida procedurer åt faktureringsprocessen för elektricitet. Detta betyder att data korruption kan leda till både ekonomiska och fysiska konsekvenser vilket leder till en förminskning av det allmänna förtroendet på mätningsutrustningen, det generella smarta elnätskonceptet och på elmarknadsaktörerna. Den nordiska och svenska elmarknaden är under övergång till Elleverantörs Centriska Modellen (SCM), en ny marknadsmodell som underlättar fakturering och betalningen gentemot användarna och växelverkan mellan elleverantörerna och elnätsföretagen (DSO). Denna modell använder en centraliserad tjänstehubb för informationsutbytet som ägs och drivs av den svenska systemansvariga myndigheten (TSO). Vattenfall IT har således tillsammans med avdelningen Energi och Elkraft (EPE) på KTH lanserat detta examensarbete som fokuserar på riskerna och konsekvenserna orsakade av cyber-attacker i SCM. Motståndaren kan orsaka oönskade handlingar via hackning av affärsprocesserna eller kunskapsbaserat hackning genom att analysera affärsprocesskartorna inom SCM. Ett mål av examensarbetet var att identifiera affärsprocessernas sårbarheter och händelser av en DSO och elleverantörs affärsprocesser i SCM om systemen var under anfall och elkraftsoperatören är ovetande att det presenterade data är korrumperat. Examensarbetets resultat kommer hjälpa att förbättra affärsprocessernas spänstighet mot cyber-attacker vilket kommer leda till ett ökat förtroende på SCM från allmänheten. Olika relaterade cyber-attack scenarion undersöktes för att förse en generisk lösning för förbättringar åt alla relevanta verksamhetsaktörer. Riskerna och konsekvenserna var funna, analyserade och användes för att utveckla förbättringsförslagen åt faktureringsprocessen (BBP). Data service hub Process resilience Supplier Centric Model Business Process hacking Tjänstehubb Process spänstighet Elleverantörs Centriska Modellen Process hackning Cyber-Säkerhet och Nordiska elmarknaden Elektroteknik och elektronik
247	Factors Influencing the Implementation of Information Security Risk Management : A case study of Nigerian Commercial Banks Aghaunor, Gabriel, Okojie, Bukky E January 2022 (has links) The banking industry is one of the critical infrastructures in any economy. The services rendered by banks are systematically based on innovation, products, and technology to leverage their services. Several associated risks come along with the rendering of these banking services. The protection of critical information assets of any banking organization should be a top priority of the management. They must ensure that adequate provision is made to develop a strong strategy to control, reduce, and mitigate tasks, such as fraud, cyber-attacks, and other forms of cybersecurity exploitations. Risk management is a series of actions to identify, assess and control threats and vulnerabilities in an organization's capital investment and revenue. These potential risks arise from diverse sources like credit risk, liquidity risk, financial uncertainties, legal actions, technology failures, business strategic management errors, accidental occurrences, and natural disasters. This research study aimed to investigate the factors influencing the implementation of information security risk management in Nigerian Commercial Banks, using a social-technical system framework to address a fundamental human risk factor, which contributes predominately to the failure in information security risk management. These research was motivated by the fact that Nigerian banking sector is facing serious threats' threat emanate from cyber-attacks. Evidenced by the ever-increasing cyber-attacks, as demonstrated by a total of 1,612 complaints from consumers of financial services over banking fraud and aggressive charges received between July and December 2018 of which 99.38% of these incidences were against the commercial banks. The banks are faced with a lot of vulnerabilities and cybersecurity threats, and most of the attacks that happened within the banking sector are focused on the customers, and employees through phishing and social engineering. These showed weaknesses in information security management within the Nigerian banking industry. However, the study was guided by the social-technical theory that advocates for overall training to the stakeholders that helps in changing their beliefs and norms about organization of IS security. In order to find out the factors influencing the implementation of information security risks management in respect of Nigerian Commercial Banks, this study evaluated the influence of management support, technical experts support, funding and users’ security awareness to curb the cyber-attacks in Nigerian financial sector. The contribution of this research is expected to lead to the improvement in the financial system, and organizations, where cybersecurity and information security risk management processes are taken seriously, to reduce the high level of information security risk, threats, and vulnerabilities. Nigeria is a developing country, and at the same time fighting to develop a more conducive business investment environment to attract both national and international investors. A mixed approach research (qualitative and quantitative) method was used to validate this research study. Data collection tools used included interviews and questionnaires. Data analysis was done using the SPSS and logistic regression model. Information Security Risk Assessment Qualitative Quantitative Management Support Funding Technical Experts’ Support Cyber Security Banking ATM Information Systems
248	Lingvistisk knäckning av lösenordsfraser / Linguistical passphrase cracking Sparell, Peder January 2015 (has links) För att minnas långa lösenord är det inte ovanligt att användare rekommenderas att skapa en mening som sedan sätts ihop till ett långt lösenord, en lösenordsfras. Informationsteoretiskt sett är dock ett språk väldigt begränsat och förutsägbart, varför enligt Shannons definition av informationsteori en språkriktig lösenordsfras bör vara relativt lätt att knäcka. Detta arbete riktar in sig på knäckning av språkriktiga lösenordsfraser, dels i syfte att avgöra i vilken grad det är tillrådligt att basera en lösenordspolicy på lösenordsfraser för skydd av data, dels för att allmänt tillgängliga effektiva metoder idag saknas för att knäcka så långa lösenord. Inom arbetet genererades fraser för vidare användning av tillgängliga knäckningsprogram, och språket i fraserna modelleras med hjälp av en Markov-process. I denna process byggs fraserna upp genom att det används antal observerade förekomster av följder av bokstäver eller ord i en källtext, så kallade n-gram, för att avgöra möjliga/troliga nästkommande bokstav/ord i fraserna. Arbetet visar att genom att skapa modeller över språket kan språkriktiga lösenordsfraser knäckas på ett praktiskt användbart sätt jämfört med uttömmande sökning. / In order to remember long passwords, it is not uncommon users are recommended to create a sentence which then is assembled to form a long password, a passphrase. However, theoretically a language is very limited and predictable, why a linguistically correct passphrase according to Shannon's definition of information theory should be relatively easy to crack. This work focuses on cracking linguistically correct passphrases, partly to determine to what extent it is advisable to base a password policy on such phrases for protection of data, and partly because today, widely available effective methods to crack these long passwords are missing. Within the work of this thesis, phrases were generated for further processing by available cracking applications, and the language of the phrases were modeled using a Markov process. In this process, phrases were built up by using the number of observed instances of subsequent characters or words in a source text, known as n-grams, to determine the possible/probable next character/word in the phrases. The work shows that by creating models of language, linguistically correct passphrases can be broken in a practical way compared to an exhaustive search. passwords information security cyber security IT forensics passphrases markov chains n-gram entropy cracking lösenord informationssäkerhet it-säkerhet it-forensik lösenordsfraser markovkedjor n-gram entropi knäckning Computer Sciences Datavetenskap (datalogi)
249	Development of an Instrument to Measure the Level of Acceptability and Tolerability of Cyber Aggression: Mixed-Methods Research on Saudi Arabian Social Media Users Albar, Ali Aldroos 05 1900 (has links) Cyber aggression came about as a result of advances in information communication technology and the aggressive usage of the technology in real life. Cyber aggression can take on many forms and facets. However, the main focus of this study is cyberbullying and cyberstalking through information sharing practices that might constitute digital aggressive acts. Human aggression has been extensively investigated. Studies focusing on understanding the causes and effects that can lead to physical and digital aggression have shown the prevalence of cyber aggression in different settings. Moreover, these studies have shown strong relationship between cyber aggression and the physiological and physical trauma on both perpetrators and their victims. Nevertheless, the literature shows a lack of studies that could measure the level of acceptance and tolerance of these dangerous digital acts. This study is divided into two main stages; Stage one is a qualitative pilot study carried out to explore the concept of cyber aggression and its existence in Saudi Arabia. In-depth interviews were conducted with 14 Saudi social media users to collect understanding and meanings of cyber aggression. The researcher followed the Colaizzi’s methods to analyze the descriptive data. A proposed model was generated to describe cyber aggression in social media applications. The results showed that there is a level of acceptance to some cyber aggression acts due to a number of factors. The second stage of the study is focused on developing scales with reliable items that could determine acceptability and tolerability of cyber aggression. In this second stage, the researcher used the factors discovered during the first stage as source to create the scales’ items. The proposed methods and scales were analyzed and tested to increase reliability as indicated by the Cronbach’s Alpha value. The scales were designed to measure how acceptable and tolerable is cyber-bullying, cyber-stalking in Saudi Arabia and the sharing of some information in social media applications. The results show a strong tolerance level of those activities. This study is a valuable resource for advanced-level students, educators, and researchers who focus on cyber security, cyber psychology, and cyber aggression in social network sites. cyber aggression cyber bullying cyber stalking online harassment cyber security social networking sites social media sites human-computer interaction information behavior Cyberbullying -- Saudi Arabia. Toleration -- Saudi Arabia. Online social networks -- Saudi Arabia. Social media -- Saudi Arabia. Cyberstalking -- Saudi Arabia.
250	Vliv kybernetického terorismu na americkou bezpečnostní politiku / The Influence of Cyber Terrorism Threat on the American Security Policy Rezek, Tomáš January 2015 (has links) (English) The aim of this dissertation is to answer the question of whether the U.S. security policy is influenced by the threat of cyber terrorism. The dissertation is divided into chapters that can be regarded as steps in a logical reasoning process. In the first chapter, cyber space is introduced and described to illustrate its importance and complexity. The next chapter analytically compares various definitions of terrorism, and partially rejects the initial hypothesis that cyber terrorism is not included in the general definition of terrorism. The following chapter statistically analyzes the available data on terrorist groups and terrorist attacks to empirically confirm the hypothesis that terrorism is still a real threat to American security. The analysis actually proves that the threat of terrorism has not decreased in relation to the number of terrorist groups. It also shows that the number of terrorist attacks against the U.S. targets has significantly decreased in the United States, while terrorist actions have been increasing constantly on a global level. The analysis shows that the success rate of terrorists attacks does not form a time series, and therefore each terrorist attack has to be examined individually to assess its success probability. The following analysis reviews the...

Search results