Spelling suggestions: "subject:"computer networks, security measures"" "subject:"coomputer networks, security measures""
191 |
Addressing the incremental risks associated with social media by using the cobit 5 control frameworkGerber, Petro 04 1900 (has links)
Thesis (MComm)--Stellenbosch University, 2015. / ENGLISH ABSTRACT: Social media offers great opportunities for businesses and the use thereof will
increase competitiveness. However, social media also introduce significant risks
to those who adopt it. A business can use existing IT governance control
framework to address the risks introduced by social media. However a business
should combine existing control frameworks for adequate and complete IT
governance.
This study was undertaken to help businesses to identify incremental risks
resulting from the adoption of social media and to develop an integrated IT
governance control framework to address these risks both at strategic and
operational level. With the help of the processes in COBIT 5, this study provides
safeguards or controls which can be implemented to address the IT risks that
social media introduce to a business. By implementing the safeguards and
controls identified from COBIT 5, a business ensures that they successfully
govern the IT related risks at strategic level. This study also briefly discuss the
steps that a business can follow to ensure IT related risks at operational level is
addressed through the implementation of configuration controls. / AFRIKAANSE OPSOMMING: Sosiale media bied groot geleenthede vir besighede en die gebruik daarvan sal
mededingendheid verhoog. Sosiale media hou ook egter beduidende risiko's in vir
diegene wat dit aanneem. 'n Besigheid kan bestaande Informasie Tegnologie (IT)
kontrole raamwerke gebruik om die risiko's wat ontstaan as gevolg van die
gebruik van sosiale media aan te spreek. Vir voldoende en volledige IT
korporatiewe beheer moet 'n besigheid egter bestaande kontrole raamwerke
kombineer.
Hierdie studie is onderneem om besighede te help om die toenemende risiko's
wat ontstaan as gevolg van die gebruik van die sosiale media, te identifiseer en
om 'n geïntegreerde IT kontrole raamwerk te ontwikkel om hierdie risiko's op
strategiese sowel as operasionele vlak aan te spreek. Met die hulp van die
prosesse in COBIT 5 voorsien hierdie studie voorsorgmaatreëls of kontroles wat
geïmplementeer kan word om die IT-risiko's waaraan die besigheid, deur middel
van sosiale media blootgestel is, aan te spreek. Deur die implementering van die
voorsorgmaatreëls en kontroles soos geïdentifiseer uit COBIT 5, verseker ʼn
besigheid dat hulle die IT-verwante risiko's op strategiese vlak suksesvol beheer.
Hierdie studie bespreek ook kortliks die stappe wat 'n besigheid kan volg om te
verseker dat IT-verwante risiko's op operasionele vlak aangespreek word deur die
implementering van konfigurasie kontroles.
|
192 |
A structured approach to the identification of the significant risks related to enterprise mobile solutions at a mobile technology component levelSahd, Lize-Marie 04 1900 (has links)
Thesis (MComm)--Stellenbosch University, 2015. / ENGLISH ABSTRACT: The consumerisation of mobile technology is driving the mobile revolution and
enterprises are forced to incorporate mobile solutions into their business processes
in order to remain competitive. While there are many benefits relating to the
investment in and use of mobile technology, significant risks are also being
introduced into the business. The fast pace of technological innovation and the rate
of adoption of mobile technology by employees has, however, created an
environment where enterprises are deploying mobile solutions on an ad hoc basis.
Enterprises are only addressing the risks as they are occurring and resulting in
losses. The key contributing factor to this lack of governance and management is the
fact that those charged with governance do not understand the underlying mobile
technology components.
The purpose of this research is to improve the understanding of the underlying
components of mobile technology. The research further proposes to use this
understanding to identify the significant risks related to mobile technology and to
formulate appropriate internal controls to address these risks. The findings of the
research identified the following underlying components of mobile technology: mobile
devices; mobile infrastructure, data delivery mechanisms and enabling technologies;
and mobile applications. Based on an understanding of the components and
subcategories of mobile technology, a control framework was used to identify the
significant risks related to each component and subcategory. The significant risks
identified included both risks to the users (including interoperability, user experience,
connectivity and IT support) as well as risks to the enterprise’s strategies (including
continuity, security, cost and data ownership). The research concludes by
formulating internal controls that the enterprise can implement to mitigate the
significant risks. This resulted in two matrixes that serve as quick-reference guides to
enterprises in the identification of significant risks at an enterprise specific mobile
technology component level, as well as the relevant internal controls to consider.
The matrixes also assist enterprises in determining the best mobile solutions to
deploy in their business, given their strategies, risk evaluation and control
environment. / AFRIKAANSE OPSOMMING: Die mobiele revolusie word deur die verbruiker van mobiele tegnologie aangedryf en,
ten einde kompeterend te bly, word ondernemings gedwing om mobiele tegnologie
in hul besigheidsprosesse te implementeer. Terwyl daar baie voordele verbonde is
aan die investering in en gebruik van mobiele tegnologie, word die besigheid egter
ook blootgestel aan wesenlike risiko’s. Die vinnige tempo waarteen mobiele
tegnologie ontwikkel en deur werknemers aangeneem word, het egter ʼn omgewing
geskep waarin ondernemings mobiele tegnologie op ʼn ad hoc basis ontplooi.
Besighede spreek eers die risiko’s aan nadat dit reeds voorgekom het en verliese as
gevolg gehad het. Die hoof bydraende faktor tot die tekort aan beheer en bestuur
van mobiele tegnologie is die feit dat diegene verantwoordelik vir beheer, nie
onderliggend mobiele tegnologie komponente verstaan nie.
Die doel van hierdie navorsing is om die begrip van die onderliggende komponente
van mobiele tegnologie te verbeter. Die navorsing poog verder om die wesenlike
risiko’s verbonde aan mobiele tegnologie te identifiseer en om toepaslike interne
beheermaatreëls te formuleer wat die risiko’s sal aanspreek. Die bevindinge van die
navorsing het die volgende onderliggende komponente van mobiele tegnologie
geïdentifiseer: mobiele toestelle; mobiele infrastruktuur, data afleweringsmeganismes,
en bemagtigende tegnologieë; en mobiele toepassings. Gebaseer op
ʼn begrip van die komponente en subkategorieë van mobiele tegnologie, is ʼn kontrole
raamwerk gebruik om die wesenlike risiko’s verbonde aan elke komponent en
subkategorie van die tegnologie, te identifiseer. Die wesenlike risiko’s sluit beide
risiko’s vir die gebruiker (insluitend kontinuïteit, gebruikerservaring, konnektiwiteit en
IT ondersteuning) sowel as risiko’s vir die onderneming se strategieë (insluitend
kontinuïteit, sekuriteit, koste en data eienaarskap) in. Die navorsing sluit af met die
formulering van die beheermaatreëls wat geïmplementeer kan word om die
wesenlike risiko’s aan te spreek. Dit het gelei tot twee tabelle wat as vinnige
verwysingsraamwerke deur ondernemings gebruik kan word in die identifisering van
wesenlike risiko’s op ʼn onderneming-spesifieke tegnologie komponentvlak asook die
oorweging van relevante interne beheermaatreëls. Die tabelle help ondernemings
ook om die beste mobiele tegnologie vir hul besigheid te implementeer, gebaseer op
hul strategie, risiko evaluering en beheeromgewing.
|
193 |
Benefits, business considerations and risks of big dataSmeda, Jorina 04 1900 (has links)
Thesis (MComm)--Stellenbosch University, 2015. / ENGLISH ABSTRACT: Big data is an emerging technology and its use holds great potential and benefits for
organisations. The governance of this technology is something that is still a big
concern and as aspect for which guidance to organisations wanting to use this
technology is still lacking.
In this study an extensive literature review was conducted to identify and define the
business imperatives distinctive of an organisation that will benefit from the use of
big data. The business imperatives were identified and defined based on the
characteristics and benefits of big data. If the characteristics and benefits are clear,
the relevant technology will be better understood. Furthermore, the business
imperatives provide business managers with guidance to whether their organisation
will benefit from the use of this technology or not.
The strategic and operational risks related to the use of big data were also identified
and they are discussed in this assignment, based on a literature review. The risks
specific to big data are highlighted and guidance is given to business managers as to
which risks should be addressed when using big data. The risks are then mapped
against COBIT 5 (Control Objectives for Information and Related Technology) to
highlight the processes most affected when implementing and using big data,
providing business managers with guidance when governing this technology. / AFRIKAANSE OPSOMMING: ‘Big data’ is 'n ontwikkelende tegnologie en die gebruik daarvan hou baie groot
potensiaal en voordele vir besighede in. Die bestuur van hierdie tegnologie is egter ʼn
groot bron van kommer en leiding aan besighede wat hierdie tegnologie wil gebruik
ontbreek steeds.
Deur middel van 'n uitgebreide literatuuroorsig is die besigheidsimperatiewe
kenmerkend van 'n besigheid wat voordeel sal trek uit die gebruik van ‘big data’
geïdentifiseer. Die besigheidsimperatiewe is geïdentifiseer en gedefinieer gebaseer
op die eienskappe en voordele van ‘big data’. Indien die eienskappe en voordele
behoorlik verstaan word, is 'n beter begrip van die tegnologie moontlik.
Daarbenewens bied die besigheidsimperatiewe leiding aan bestuur sodat hulle in
staat kan wees om te beoordeel of hulle besigheid voordeel sal trek uit die gebruik
van hierdie tegnologie of nie.
Die strategiese en operasionele risiko's wat verband hou met die gebruik van ‘big
data’ is ook geïdentifiseer en bespreek, gebaseer op 'n literatuuroorsig. Dit
beklemtoon die risiko's verbonde aan ‘big data’ en daardeur word leiding verskaf aan
besigheidsbestuurders ten opsigte van watter risiko's aangespreek moet word
wanneer ‘big data’ gebruik word. Die risiko's is vervolgens gekarteer teen COBIT 5
(‘Control Objectives for Information and Related Technology’) om die prosesse wat
die meeste geraak word deur die gebruik van ‘big data’ te beklemtoon, ten einde
leiding te gee aan besigheidsbestuurders vir die beheer en kontrole van hierdie
tegnologie.
|
194 |
Whether using encryption in SCADA systems, the services performance requirements are still met in OT IT environment over an MPLS core network?Chego, Lloyd January 2016 (has links)
A Research Project Abstract
submitted in fulfillment of the requirements
for
Master of Science in Engineering [Electrical]: Telecommunications
at the
University Of The Witwatersrand, Johannesburg
07 June 2016 / Utilities use Supervisory Control and Data Acquisition systems as their industrial control
system. The architecture of these systems in the past was based on them being isolated from
other networks. Now with recent ever changing requirements of capabilities from these
systems there is a need to converge with information technology systems and with the need to
have these industrial networks communicating on packet switched networks there are cyber
security concerns that come up.
This research project looks at the whether using encryption in an IP/MPLS core network for
SCADA in an OT IT environment has an effect on the performance requirements. This was
done through an experimental simulation with the results recorded. The research project also
looks at the key literature study considerations.
The key research question for the research project of this MSc 50/50 mini-thesis is “whether
using encryption in SCADA systems, the services performance requirements are still met in
OT/ IT environment over an MPLS core network”? The research project seeks to determine if
SCADA performance requirements are met over an encrypted MPLS/IP core network in an
OT/IT environment. The key focus area of the research project is only encryption in the
whole cyber security value chain versus SCADA services performances. This means that the
research project only focused on the encryption portion of the whole cyber security value
chain and the scope did not focus on other aspects of the value chain. This suffices for an
MSc 50/50 mini-thesis research project as a focus on the whole value chain would require a
full MSc thesis.
Thus the primary objective for the research project is to research and demonstrate that
encryption is essential for secure SCADA communication over a MPLS/IP core network. As
aforementioned encryption forms an essential part of the Cyber Security value chain which
has to achieve the following objectives.
Confidentiality: ensuring that the information source is really from that source.
Integrity: ensuring that the information has not been altered in any way.
Availability: ensuring that system is not comprised but that it is available.
These objectives of encryption should be met with SCADA service performance
requirements not violated which is the objective of the research project. / M T 2016
|
195 |
Reputation and trust-based security in wireless sensor networksUnknown Date (has links)
This dissertation presents the results of research that led to the development of a novel reputation and trust-based monitoring paradigm for secure and reliable computing in Wireless Sensor Networks (WSNs). WSNs have undergone tremendous technological advances over the last few years. They have caused a giant leap toward "proactive computing," a paradigm where computers anticipate human needs and, when necessary, act on their behalf. Therefore, we cannot deploy such a critical technology without first addressing the security and privacy challenges to ensure that it does not turn against those whom it is meant to benefit. The core application of WSNs is to detect and report events, be it military or civilian applications. The building blocks of a WSN are small, battery-powered, lowcost, self-contained devices called "sensors" that measure factors like light, temperature, pressure, vibration, motion, etc. A WSN usually consists of hundreds of thousands of sensors that operate in unattended, hostile territories to monitor a given geographical area. Once deployed, the wireless sensors self-organize into ad-hoc wireless networks in order to cope with the dynamics of the surveillance field. During the post deployment phase, the wireless sensors aggregate data, then process and generate a report, which is subsequently relayed from one sensor to the next using secure multi-hop routing until the data reaches its desired destination, which is usually the sink. Since sensors operate in unattended and hostile territories, the adversary can capture a sensor node physically and extract all the information stored onboard, including cryptographic keying material. With this unique situation, WSNs are subject to a unique attack referred to as an "Insider Attack," in which the adversary becomes a legitimate member of the network being represented by the captured node. / To overcome this unique situation, a distributed Reputation and Trust-based Monitoring System (RTMS) is required. The most critical contribution of this dissertation work has been the proposal and design of a novel, clique-based, distributed group-key establishment protocol with specific application to RTMSs. We have also proposed and evaluated the application of RTMS models for securing beacon-based localization in WSNs addressing information asymmetry attacks, and proposed a novel k-parent tree model for securing broadcast communication in WSNs with an underlying RTMS model. Other issues addressed in this dissertation work include the proposal of a Connected Dominating Set (CDS) based reputation dissemination and bootstrapping model. This model also enables secure, certificateless node mobility and enables the model to be robust to ID Spoofing and node replication attacks. / by Avinash Srinivasan. / Thesis (Ph.D.)--Florida Atlantic University, 2008. / Includes bibliography. / Electronic reproduction. Boca Raton, FL : 2008 Mode of access: World Wide Web.
|
196 |
An uncertainty-aware reputation system in mobile networks: analysis and applicationsUnknown Date (has links)
Many emerging mobile networks aim to provide wireless network services without relying on any infrastructure. The main challenge in these networks comes from their self-organized and distributed nature. There is an inherent reliance on collaboration among the participants in order to achieve the aimed functionalities. Therefore, establishing and quantifying trust, which is the driving force for collaboration, is important for applications in mobile networks. This dissertation focuses on evaluating and quantifying trust to stimulate collaboration in mobile networks, introducing uncertainty concepts and metrics, as well as providing the various analysis and applications of uncertainty-aware reputation systems. Many existing reputation systems sharply divide the trust value into right or wrong, thus ignoring another core dimension of trust: uncertainty. As uncertainty deeply impacts a node's anticipation of others' behavior and decisions during interaction, we include it in the reputation system. Specifically, we use an uncertainty metric to directly reflect a node's confidence in the sufficiency of its past experience, and study how the collection of trust information may affect uncertainty in nodes' opinions. Higher uncertainty leads to higher transaction cost and reduced acceptance of communication. We exploit mobility to efficiently reduce uncertainty and to speed up trust convergence. We also apply the new reputation system to enhance the analysis of the interactions among mobile nodes, and present three sample uncertainty-aware applications. We integrate the uncertainty-aware reputation model with game theory tools, and enhance the analysis on interactions among mobile nodes. / Instead of reactively protecting the mobile networks from existing attacks as in the traditional security paradigms, the analysis in this dissertation gives more insights on nodes' rationality in the interaction, which will enable the mechanism design in mobile networks to be security and incentive compatible. Moreover, we present three sample applications, in which we clearly identify the challenges, specifically formalize the problems, and cleverly employ the uncertainty mitigation schemes. These applications show that the uncertainty definition and mitigation schemes can benefit a broad range of applications, including fields such as security, network services, and routing. / by Feng Li. / Vita. / Thesis (Ph.D.)--Florida Atlantic University, 2009. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2009. Mode of access: World Wide Web.
|
197 |
Implementing security in an IP Multimedia Subsystem (IMS) next generation network - a case studyUnknown Date (has links)
The IP Multimedia Subsystem (IMS) has gone from just a step in the evolution of the GSM cellular architecture control core, to being the de-facto framework for Next Generation Network (NGN) implementations and deployments by operators world-wide, not only cellular mobile communications operators, but also fixed line, cable television, and alternative operators. With this transition from standards documents to the real world, engineers in these new multimedia communications companies need to face the task of making these new networks secure against threats and real attacks that were not a part of the previous generation of networks. We present the IMS and other competing frameworks, we analyze the security issues, we present the topic of Security Patterns, we introduce several new patterns, including the basis for a Generic Network pattern, and we apply these concepts to designing a security architecture for a fictitious 3G operator using IMS for the control core. / by Jose M. Ortiz-Villajos. / Thesis (M.S.C.S.)--Florida Atlantic University, 2009. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2009. Mode of access: World Wide Web.
|
198 |
Secure routing in wireless sensor networksUnknown Date (has links)
This research addresses communication security in the highly constrained wireless sensor environment. The goal of the research is twofold: (1) to develop a key management scheme that provides these constrained systems with the basic security requirements and evaluate its effectiveness in terms of scalability, efficiency, resiliency, connectivity, and flexibility, and (2) to implement this scheme on an appropriate routing platform and measure its efficiency. / The proposed key management scheme is called Hierarchical Key Establishment Scheme (HIKES). In HIKES, the base station, acting as the central trust authority, empowers randomly selected sensors to act as local trust authorities, authenticating on its behalf the cluster members and issuing to them all secret keys necessary to secure their communications. HIKES uses a novel key escrow scheme that enables any sensor node selected as a cluster head to generate all the cryptographic keys needed to authenticate other sensors within its cluster. This scheme localizes secret key issuance and reduces the communication cost with the base station. The key escrow scheme also provides the HIKES with as large an addressing mechanism as needed. HIKES also provides a one-step broadcast authentication mechanism. HIKES provides entity authentication to every sensor in the network and is robust against most known attacks. We propose a hierarchical routing mechanism called Secure Hierarchical Energy-Efficient Routing protocol (SHEER). SHEER implements HIKES, which provides the communication security from the inception of the network. SHEER uses a probabilistic broadcast mechanism and a three-level hierarchical clustering architecture to improve the network energy performance and increase its lifetime. / Simulation results have shown that HIKES provides an energy-efficient and scalable solution to the key management problem. Cost analysis shows that HIKES is computationally efficient and has low storage requirement. Furthermore, high degree of address flexibility can be achieved in HIKES. Therefore, this scheme meets the desired criteria set forth in this work. Simulation studies also show that SHEER is more energy-efficient and has better scalability than the secure version of LEACH using HIKES. / by Jamil Ibriq. / Thesis (Ph. D.)--Florida Atlantic University, 2007. / Includes bibliography. / Also available in print. / Electronic reproduction. Boca Raton, FL : 2007. Mode of access: World Wide Web.
|
199 |
Internet payment system--: mechanism, applications & experimentation.January 2000 (has links)
Ka-Lung Chong. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2000. / Includes bibliographical references (leaves 80-83). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgments --- p.iii / Chapter 1 --- Introduction & Motivation --- p.1 / Chapter 1.1 --- Introduction --- p.1 / Chapter 1.2 --- Internet Commerce --- p.3 / Chapter 1.3 --- Motivation --- p.6 / Chapter 1.4 --- Related Work --- p.7 / Chapter 1.4.1 --- Cryptographic Techniques --- p.7 / Chapter 1.4.2 --- Internet Payment Systems --- p.9 / Chapter 1.5 --- Contribution --- p.16 / Chapter 1.6 --- Outline of the Thesis --- p.17 / Chapter 2 --- A New Payment Model --- p.19 / Chapter 2.1 --- Model Description --- p.19 / Chapter 2.2 --- Characteristics of Our Model --- p.22 / Chapter 2.3 --- Model Architecture --- p.24 / Chapter 2.4 --- Comparison --- p.30 / Chapter 2.5 --- System Implementation --- p.30 / Chapter 2.5.1 --- Acquirer Interface --- p.31 / Chapter 2.5.2 --- Issuer Interface --- p.32 / Chapter 2.5.3 --- Merchant Interface --- p.32 / Chapter 2.5.4 --- Payment Gateway Interface --- p.33 / Chapter 2.5.5 --- Payment Cancellation Interface --- p.33 / Chapter 3 --- A E-Commerce Application - TravelNet --- p.35 / Chapter 3.1 --- System Architecture --- p.35 / Chapter 3.2 --- System Features --- p.38 / Chapter 3.3 --- System Snapshots --- p.39 / Chapter 4 --- Simulation --- p.44 / Chapter 4.1 --- Objective --- p.44 / Chapter 4.2 --- Simulation Flow --- p.45 / Chapter 4.3 --- Assumptions --- p.49 / Chapter 4.4 --- Simulation of Payment Systems --- p.50 / Chapter 5 --- Discussion of Security Concerns --- p.54 / Chapter 5.1 --- Threats to Internet Payment --- p.54 / Chapter 5.1.1 --- Eavesdropping --- p.55 / Chapter 5.1.2 --- Masquerading --- p.55 / Chapter 5.1.3 --- Message Tampering --- p.56 / Chapter 5.1.4 --- Replaying --- p.56 / Chapter 5.2 --- Aspects of A Secure Internet Payment System --- p.57 / Chapter 5.2.1 --- Authentication --- p.57 / Chapter 5.2.2 --- Confidentiality --- p.57 / Chapter 5.2.3 --- Integrity --- p.58 / Chapter 5.2.4 --- Non-Repudiation --- p.58 / Chapter 5.3 --- Our System Security --- p.58 / Chapter 5.4 --- TravelNet Application Security --- p.61 / Chapter 6 --- Discussion of Performance Evaluation --- p.64 / Chapter 6.1 --- Performance Concerns --- p.64 / Chapter 6.2 --- Experiments Conducted --- p.65 / Chapter 6.2.1 --- Description --- p.65 / Chapter 6.2.2 --- Analysis on the Results --- p.65 / Chapter 6.3 --- Simulation Analysis --- p.69 / Chapter 7 --- Conclusion & Future Work --- p.72 / Chapter A --- Experiment Specification --- p.74 / Chapter A.1 --- Configuration --- p.74 / Chapter A.2 --- Experiment Results --- p.74 / Chapter B --- Simulation Specification --- p.77 / Chapter B.1 --- Parameter Listing --- p.77 / Chapter B.2 --- Simulation Results --- p.77 / Bibliography --- p.80
|
200 |
Defining the Information Security Posture: An Empirical Examination of Structure, Integration, and Managerial EffectivenessYoung, Randall Frederick 08 1900 (has links)
The discipline of information security management is still in its infancy as evidenced by the lack of empirical scholarly work in this area. Most research within the information security domain focuses on specific technologies and algorithms and how it impacts the principles of confidentiality, integrity, and availability. But, an important area receiving little attention is the antecedents of effective information security management at the organizational level (Stanton, Guzman, Stam & Caldera, 2003). The little empirical research that has been conducted in this area has shown that information security management in many organizations is poor (Baskerville, 1993; Shimeall & McDermott, 1999). Several researchers have identified the need for methods to measure the organization-wide information security posture of organizations (Eloff & Von Solms, 2000; James, 1996). This dissertation attempts to measure the organization-wide information security posture by examining benchmark variables that assess role, planning orientation, and performance structure within the organization. Through this conceptualization of an organization's information security posture, a means is presented to measure overall information security and how it impacts the effective utilization of information security strategies. The presence of the dependent variable, effectiveness, gives academics and practitioners a success measure which can guide more effective decision making in the information security domain. An additional aim of this dissertation is to empirically examine the influence of management practices and decisions on effective use of information security strategies within the organization. The issues of centralization versus decentralization of information security activities will be evaluated along with its impact on information security posture of organizations and the effectiveness of the organization's information security strategies. Data was collected from 119 IT and information security executives. Results show that how the organization structures information security activities is not correlated with more effective utilization of information security strategies. Meanwhile, the organization's information security posture is significantly correlated with more effective utilization of information security strategies. The implications of this research is discussed.
|
Page generated in 0.1082 seconds