Global ETD Search

431	Investigating cybersecurity response strategies : Measures to responding to successful spear phishing attacks Alaaraj, Aiham, Yassin, Ali January 2024 (has links) Spear phishing attacks pose an ongoing threat to organizational cybersecurity, requiring effective response measures. This study examines measures that can be implemented by Swedish organizations to respond to successful spear phishing attacks, focusing on technical solutions and cybersecurity frameworks. Through 14 semi-structured interviews with incident response teams and cybersecurity professionals, insights were gathered on the effectiveness of these measures as well as the challenges that may be faced in complying with them. The results indicate the presence of two primary response measures: technical solutions used during and after the successful attack. In addition, cybersecurity frameworks play a critical role in guiding organizations in countering successful spear phishing attacks. While the results provide valuable insight, their effectiveness varies depending on the challenges the organization may face in complying with measures. This study underscores the importance of comprehensive and effective measures to respond to successful spear phishing attacks and improve organizational resilience to evolving cyber threats. Spear phishing organizations cybersecurity incident response measures for spear phishing spear phishing incident response to spear phishing cyber threats Information Systems, Social aspects
432	The Role of Hiring Managers in regard to Inclusion in the Workplace : A Case Study of an SMB Multinational Organization in the Cybersecurity Sector Stokic, Tamara, Strelschenko Cuevas, Jules January 2024 (has links) This thesis examines how hiring managers promote inclusion in the cybersecurity sector. Conducted as a case study in a small to medium-sized multinational cybersecurity company, the research involved qualitative methods and semi-structured interviews. Findings reveal that hiring managers use strategies like unbiased recruitment, customized onboarding, team collaboration, trainings, and regular one-on-one meetings to foster inclusion. However, they face challenges such as a limited talent pool, budget constraints, cultural and language barriers, resistance to inclusion efforts, the impact of remote work, and a lack of formal tools and metrics. The study highlights the complex role of hiring managers in achieving workplace inclusion and suggests integrating sustainability and sustainable human resources practices to enhance inclusion efforts. Further research is recommended on the long-term effects of these initiatives, the intersectionality of identity groups, and the impact of emerging technologies and remote work on inclusion. Inclusion Initiatives Hiring Managers Workplace Inclusion Cybersecurity Sector Inclusive Hiring Practices Organizational Culture Leadership Sustainable Human Resources Management Övrig annan samhällsvetenskap Work Sciences Arbetslivsstudier
433	Skyddsåtgärder på sociala medier : En kvalitativ studie om hur individer kan skydda sig mot cyberattacker och varför de inte tillämpar skyddsåtgärder på sociala medier Shi, Amy, Sellman, Hanna January 2024 (has links) Digitala plattformars integration i samhället har omformat hur vi människor kommunicerar, arbetar och lever på. Sociala medier har bidragit till en central del i denna omvandling, samtidigt som det även har ökat risken för individers sårbarheter för cyberattacker. Individer lämnar digitala fotavtryck genom aktiviteter online som kan hota deras integritet och säkerhet. Trots detta saknar många medvetenhet om riskerna och kunskap om hur de kan skydda sig. Syftet med studien är att utforska vilka skyddsåtgärder som kan minska individers sårbarheter för cyberattacker på sociala medier. Dessutom syftar studien till att utforska varför de avstår från att använda dessa skyddsåtgärder. Genom att granska tidigare forskning och analysera de mänskliga faktorer som påverkar säkerhetsmedvetenhet, strävar studien efter att undersöka dessa beteenden. En kvalitativ forskningsansats antogs och datainsamlingen gemfördes med hjälp av semistrukturerade intervjuer. Analysen utfördes med en tematisk analysmetod där tre teman identifierades som är: skyddsåtgärder, sociala medier och attityder och användarbeteende. Slutsatsen är att individer kan tillämpa skyddsåtgärder som starka lösenord, undvika delning av lösenord, tvåfaktorsautentisering och att vara misstänksam mot okända meddelanden för att skydda sig mot cyberattacker. Individer använder inte dessa åtgärder på grund av en naiv attityd kring cyberattacker och upplevd omständighet med att implementera skyddsåtgärder. Trots att vissa blivit offer för cyberattacker fortsätter de att inte tillämpa skyddsåtgärder på grund av bristande förståelse för risker och konsekvenser. / The integration of digital platforms into society has transformed how we communicate, work, and live. Social media has played a central role in this transformation, while also increasing individuals' vulnerabilities to cyberattacks. People leave digital footprints through online activities that can threaten their privacy and security. Despite this, many lack awareness of the risks and knowledge of how to protect themselves. The aim of this study is to explore protective measures that can reduce individuals' vulnerabilities to cyberattacks on social media. Additionally, the study seeks to understand why individuals refrain from using these protective measures. By reviewing previous research and analyzing the human factors affecting security awareness, the study aims to investigate these behaviors. A qualitative research approach was adopted, and data was collected through semi-structured interviews. The analysis was conducted using a thematic analysis method, identifying three themes: protective measures, social media, and attitudes and user behavior. The conclusion is that individuals can apply protective measures such as strong passwords, avoiding password sharing, two-factor authentication, and being suspicious of unknown messages to protect themselves against cyberattacks. Individuals do not use these measures due to a naive attitude towards cyberattacks and the perceived inconvenience of implementing protective measures. Despite some having been victims of cyberattacks, they continue not to apply protective measures due to a lack of understanding of risks and consequences. Protective measures cybersecurity awareness social media online security phishing cyberattacks user behavior Skyddsåtgärder cybersäkerhetsmedvetenhet sociala medier säkerhet online nätfiske cyberattacker användarbeteende Information Systems, Social aspects
434	<strong>TOWARDS A TRANSDISCIPLINARY CYBER FORENSICS GEO-CONTEXTUALIZATION FRAMEWORK</strong> Mohammad Meraj Mirza (16635918) 04 August 2023 (has links) <p>Technological advances have a profound impact on people and the world in which they live. People use a wide range of smart devices, such as the Internet of Things (IoT), smartphones, and wearable devices, on a regular basis, all of which store and use location data. With this explosion of technology, these devices have been playing an essential role in digital forensics and crime investigations. Digital forensic professionals have become more able to acquire and assess various types of data and locations; therefore, location data has become essential for responders, practitioners, and digital investigators dealing with digital forensic cases that rely heavily on digital devices that collect data about their users. It is very beneficial and critical when performing any digital/cyber forensic investigation to consider answering the six Ws questions (i.e., who, what, when, where, why, and how) by using location data recovered from digital devices, such as where the suspect was at the time of the crime or the deviant act. Therefore, they could convict a suspect or help prove their innocence. However, many digital forensic standards, guidelines, tools, and even the National Institute of Standards and Technology (NIST) Cyber Security Personnel Framework (NICE) lack full coverage of what location data can be, how to use such data effectively, and how to perform spatial analysis. Although current digital forensic frameworks recognize the importance of location data, only a limited number of data sources (e.g., GPS) are considered sources of location in these digital forensic frameworks. Moreover, most digital forensic frameworks and tools have yet to introduce geo-contextualization techniques and spatial analysis into the digital forensic process, which may aid digital forensic investigations and provide more information for decision-making. As a result, significant gaps in the digital forensics community are still influenced by a lack of understanding of how to properly curate geodata. Therefore, this research was conducted to develop a transdisciplinary framework to deal with the limitations of previous work and explore opportunities to deal with geodata recovered from digital evidence by improving the way of maintaining geodata and getting the best value from them using an iPhone case study. The findings of this study demonstrated the potential value of geodata in digital disciplinary investigations when using the created transdisciplinary framework. Moreover, the findings discuss the implications for digital spatial analytical techniques and multi-intelligence domains, including location intelligence and open-source intelligence, that aid investigators and generate an exceptional understanding of device users' spatial, temporal, and spatial-temporal patterns.</p> Spatial data and applications Knowledge representation and reasoning Digital forensics Data engineering and data science Knowledge and information management Digital curation and preservation Cyber Crime Cybersecurity Cyber Forensics DFIR Digital Forensics Incident Response Threat Intelligence Networking Mobile Forensics iOS Forensics Intelligence Open-source Intelligence (OSINT) Location Intelligence GIS Spatial Analysis Spatiotemporal Analysis UAV Forensics GeoDatabase Geodata
435	Faculty Senate Minutes February 6, 2017 University of Arizona Faculty Senate 07 March 2017 (has links) This item contains the agenda, minutes, and attachments for the Faculty Senate meeting on this date. There may be additional materials from the meeting available at the Faculty Center. defining NTE faculty Nontenure-eligible faculty BS in Applied Biomedical Industries MS in Genetic Counseling dean searches Spring Calendar Changes MS in Cybersecurity BS In Architectural Engineering
436	Sécurité informationnelle des systèmes cyberphysiques et risques à la santé et sécurité : quelle responsabilité pour le fabricant ? Fournier-Gendron, Hugo 12 1900 (has links) No description available. responsabilité civile responsabilité extracontractuelle responsabilité du fait des biens responsabilité du fabricant défaut de sécurité risques de développement sécurité informationnelle cybersécurité système cyberphysique internet des objets objets connectés robots civil liability extra-contractual liability liability from the act of a thing manufacturer liability safety defect cyber-security cybersecurity cyber security cyber-physical system internet of things connected thing
437	Mieux vaut prévenir et guérir : la réaction du public envers la posture de cyber-résilience des entreprises après un vol de données Toma, Traian 08 1900 (has links) Les recherches montrent que les clients ne prennent guère de mesures pour se protéger des crimes qui peuvent découler d’une brèche de renseignements confidentiels au sein d’une entreprise. Plutôt, ils considèrent que la firme — hébergeuse de leurs informations personnelles — a la responsabilité absolue en matière de la confidentialité continue de leurs données. Les commerces qui manquent de protéger adéquatement les informations clients risquent en contrepartie de subir des torts réputationnels ruineux. Cela dit, peu de travaux explicatifs sont effectués sur la résilience des entreprises face à la réaction négative du public après un vol de données. Ainsi, une étude expérimentale basée sur des vignettes de cas a été menée à l’aide du modèle de la victime « idéale ». Les mises en situation illustrent : (1) une entreprise victime décrite comme ayant une forte posture de cyber-résilience ; (2) une entreprise victime décrite comme ayant une faible posture de cyber-résilience. Un échantillon final de 664 participants a été aléatoirement affecté à l’une des deux conditions expérimentales principales. Les résultats révèlent que, comparativement à une faible posture de cyber-résilience, une bonne posture de cyber-résilience minimise les attitudes négatives des clients et favorise leurs intentions comportementales positives vis-à-vis la firme victime. À la lumière de ces résultats, la cyber-résilience, qui a principalement fait l’objet d’une attention conceptuelle, acquiert un fondement empirique. Par ailleurs, ce projet de recherche contribue plus généralement au développement de la victimologie des entreprises. / Research shows that customers take few measures to protect themselves from crimes that may follow data theft at a business. They rather consider that the firm—the host of their personal information—holds exclusive responsibility over the continued confidentiality of their data. Companies that fail to properly secure customer information may, in return, risk experiencing ruinous reputational harm. That said, little explanatory research is done on the resilience of businesses to negative public reaction after data theft. Consequently, a vignette-based experimental study was conducted using the “ideal” victim model. The scenarios feature: (1) a breached business described as having a strong cyber-resilience posture; (2) a breached business described as having a weak cyber-resilience posture. A final sample of 664 participants was randomly assigned to one of the two main experimental conditions. Results reveal that compared to a weak cyber-resilience posture, a good cyber-resilience posture minimizes negative customer attitudes and promotes positive customer behavioural intentions towards the company. Considering these results, cyber-resilience, which has mainly received conceptual attention, gains empirical support. Furthermore, this research project contributes more broadly to the evolution of the victimology of businesses. Cybersécurité Cyber-résilience Brèche de données Réputation Réaction sociale Gestion des risques Communication de crise Faute de la victime Victime idéale Vignettes de cas Cybersecurity Cyber-resilience Data breach Social reaction Risk management Crisis communication Victim blaming Ideal victim Vignettes
438	Role Based Access Control (RBAC) in the context of Smart Grids : Implementing and Evaluating a Role Based Access Control System for Configuration Loading in a Substation from a Desktop / Rollbaserad åtkomstkontroll (RBAC) för smarta nät : Implementering och utvärdering av ett rollbaserat åtkomstkontrollsystem för konfigurationsinläsning i en transformatorstation från en datorapplikation. Ducornaud, Gatien January 2023 (has links) Access control is a crucial aspect of cybersecurity, and Role Based Access Control (RBAC) is a typical framework for controlling the access to specific resources. However, in the context of Smart Grids, the usual authentication solution of using a trusted identity provider might not be possible to provide authentication of a user, as systems cannot rely on external services. This, in addition to devices in a substation being usually strictly controlled, means that having an RBAC limited to a desktop application can be necessary. Moreover, the cost of adding additional layers of security needs to be considered too, as the cost of adding specific features can vary significantly. This thesis thus looks into the existing solutions for desktop applications in substations, explains their viability and implements an RBAC system using Group Nesting in Windows user management, in the context of a configuration loading application on a main computer in a substation. It is then used to evaluate the cost of this new solution, in terms of maintainability, usability and flexibility, compared to the gained security. This is done by using static analysis of both codebases, and evaluation of usability and security. It shows that security can be added for a reasonable cost using Group Nesting in Smart Grids if the focus is to delegate some tasks to the directory, improving on the security of the application and the system as a whole. / Åtkomstkontroll är en viktig aspekt av cybersäkerhet, och rollbaserad åtkomstkontroll (RBAC) är ett typiskt ramverk för att kontrollera åtkomsten till specifika resurser. I smarta nät kan det dock hända att den vanliga autentiseringslösningen med en betrodd identitetsleverantör inte är tillräcklig för att autentisera en användare, eftersom systemen inte kan förlita sig på externa tjänster. Detta, förutom att enheterna i en transformatorstation vanligtvis är strikt kontrollerade, innebär att det kan vara nödvändigt att ha en RBAC som är begränsad till en datorapplikation. Dessutom måste kostnaden för att lägga till ytterligare säkerhetslager också beaktas, eftersom kostnaden för att lägga till specifika funktioner kan variera avsevärt. Denna avhandling omfattar därför dels undersökning av de befintliga lösningarna för datorapplikation i transformatorstationer, dels redogörelse av genomförbarheten och dels implementeringen av ett RBAC-system. Implementationen använder funktionen Group Nesting i Windows-användarhantering och integrerades i en applikation för konfigurationsinläsning på en huvuddator i en transformatorstation. Därefter utvärderas kostnaden för denna nya lösning i fråga om underhållbarhet, användbarhet och flexibilitet i förhållande till den ökade säkerheten. Detta görs med hjälp av statisk analys av de båda mjukvarulösningarna och utvärdering av användbarhet och säkerhet. Det visar att säkerheten kan ökas till en rimlig kostnad med hjälp av Group Nesting i smarta nät, om fokus ligger på att delegera vissa uppgifter till en katalog, vilket förbättrar säkerheten i applikationen och systemet som helhet. / Le contrôle ’daccès est un aspect essentiel de la cybersécurité, et utiliser des rôles pour implémenter cela est souvent le modèle recommandé. Pour autant, dans le contexte des réseaux électriques intelligents, il ’nest pas toujours possible de posséder un parti tiers fiable qui puisse faire autorité car il ne faut pas dépendre de systèmes extérieurs. ’Cest particulièrement vrai dans une sous-station où les ordinateurs connectés ont un rôle strictement défini. Ainsi il peut être nécessaire ’davoir un système de contrôle ’daccès basé sur les rôles (RBAC, Role-Based Access Control) uniquement contenu sur un ordinateur. Il faut de plus pouvoir estimer le coût de cette sécurité supplémentaire. Ce rapport évalue les solutions existantes dans cette situation et leur viabilité, et implémente un RBAC grâce à ’limbrication de groupe ’dutilisateur Windows, pour une application desktop pour le chargement de configuration pour l´ordinateur central ’dune sous-station. Cette implémentation est ensuite utilisée pour estimer les coûts associés à ’lajout ’dun RBAC en termes de maintenabilité, ’dutilisabilité et de flexibilité par rapport aux gains de sécurité. Cela est fait à travers des outils ’danalyse statique sur le code avant et après implémentation et ’dautres techniques ’danalyse de la sécurité et de la maintenabilité. Cela permet de montrer que, avec ’limbrication de groupes, il est possible ’dobtenir un niveau de sécurité satisfaisant tout en limitant les coûts associés, grâce au fait de déléguer les fonctions de gestion ’dutilisateur à un système de directory (répertoire). Role Based Access Control (RBAC) Cybersecurity Smart Grid Substation Desktop Applications Cybersécurité Réseau électrique intelligent Sous-Station Application Desktop Rollbaserad åtkomstkontroll (RBAC) Cybersäkerhet Smarta nät Transformatorstation datorapplikation Software Engineering Programvaruteknik Computer and Information Sciences Data- och informationsvetenskap
439	Operativ cybersäkerhet: för och nackdelar med AI verktyg : En Förstudie Jepsson, David, Tillman, Axel January 2023 (has links) Denna studie undersöker för- och nackdelarna med att implementera artificiell intelligens (AI)som ett verktyg inom en Security Operations Center (SOC). Syftet med studien är att undersökaom och hur AI-verktyg kan underlätta incidenthantering inom en SOC, samt vilka nyautmaningar som uppstår.Studien har genomförts genom kvalitativa intervjuer med fyra personer med expertkunskaperinom både AI och cybersäkerhet. Experterna utfrågades om deras syn på AI som ett verktyg, hurde ser på AI och cybersäkerhet, samt hur AI kan appliceras relaterat till de 4 stegen inom NISTincidenthantering; förberedelser, detektion & analys, Identifiera, utrotning & återhämtning samtpost-incident aktivitet.Resultaten visar på både fördelar och nackdelar med att använda AI-verktyg inom SOC inklusiveeffektivare konfigurering av SIEM, lägre antal falska positiva larm, lättad arbetsbörda förSOC-analytiker och hantering av "zero-day" incidenter. Nackdelar inkluderar lägre förklarbarhetav större AI-modeller, juridiska utmaningar och beroendet av bra indata. Slutligen visar studienatt användningen av AI som ett verktyg i SOC kan vara fördelaktigt och att mer forskningbehövs för att utforska specifika tekniker och verktyg. Artificial Intelligence AI Tools Cybersecurity IT Security Explainable Artificial Intelligence Incident Management Security Operations Center (SOC) Artificiell Intelligens AI-verktyg Cybersäkerhet IT-säkerhet Explainable AI Incidenthantering Security Operations Center SIEM NIST Computer Systems Datorsystem
440	Internet of Things and Cybersecurity in a Smart Home Kiran Vokkarne (17367391) 10 November 2023 (has links) <p dir="ltr">With the ability to connect to networks and send and receive data, Internet of Things (IoT) devices involve associated security risks and threats, for a given environment. These threats are even more of a concern in a Smart Home network, where there is a lack of a dedicated security IT team, unlike a corporate environment. While efficient user interface(UI) and ease of use is at the front and center of IoT devices within Smart Home which enables its wider adoption, often security and privacy have been an afterthought and haven’t kept pace when needed. Therefore, a unsafe possibility exists where malicious actors could exploit vulnerable devices in a domestic home environment.</p><p dir="ltr">This thesis involves a detailed study of the cybersecurity for a Smart Home and also examines the various types of cyberthreats encountered, such as DDoS, Man-In-Middle, Ransomware, etc. that IoT devices face. Given, IoT devices are commonplace in most home automation scenarios, its crucially important to detect intrusions and unauthorized access. Privacy issues are also involved making this an even more pertinent topic. Towards this, various state of the art industry standard tools, such as Nmap, Nessus, Metasploit, etc. were used to gather data on a Smart Home environment to analyze their impacts to detect security vulnerabilities and risks to a Smart Home. Results from the research indicated various vulnerabilities, such as open ports, password vulnerabilities, SSL certificate anomalies and others that exist in many cases, and how precautions when taken in timely manner can help alleviate and bring down those risks.</p><p dir="ltr">Also, an IoT monitoring dashboard was developed based on open-source tools, which helps visualize threats and emphasize the importance of monitoring. The IoT dashboard showed how to raise alerts and alarms based on specific threat conditions or events. In addition, currently available cybersecurity regulations, standards, and guidelines were also examined that can help safeguard against threats to commonly used IoT devices in a Smart Home. It is hoped that the research carried out in this dissertation can help maintain safe and secure Smart Homes and provide direction for future work in the area of Smart Home Cybersecurity.</p> Data and information privacy Data security and protection Hardware security Software and application security Information security management Software architecture Internet of things (IoT) Data Internet of Things (IoT) devices cybersecurity standards Smart Home User Interfaces SMART HOME SECURITY SYSTEM monitoring adaptation

Search results