Global ETD Search

251	Towards a conceptual framework for information security digital divide Chisanga, Emmanuel 10 1900 (has links) In the 21st century, information security has become the heartbeat of any organisation. One of the best-known methods of tightening and continuously improving security on an information system is to uniquely and efficiently combine the human aspect, policies, and technology. This acts as leverage for designing an access control management approach which not only avails parts of the system that end-users are permitted to but also regulates which data is relevant according to their scope of work. This research explores information security fundamentals at organisational and theoretical levels, to identify critical success factors which are vital in assessing the organisation’s security maturity through a model referred to as “information security digital divide maturity framework”. The foregoing is based on a developed conceptual framework for information security digital divide. The framework strives to divide end-users, business partners, and other stakeholders into “specific information haves and have-nots”. It intends to assist organisations to continually evaluate and improve on their security governance, standards, and policies which permit access on the basis of each end-user or stakeholder’s business function, role, and responsibility while at the same time preserving the traditional standpoint of confidentiality, integrity, and availability. After a thorough review of a range of frameworks that have influenced the information security landscape, COBITTM was relied upon as a baseline for the development of the framework of the study because of its rich insight and maturity on IT management and governance. To ascertain that the proposed framework meets the required expectation, a survey targeting end-users within three participating organisations was carried out. The outcome revealed the current maturity level of each participating organisation, highlighting strengths and limitations of current information security practices. As such, for new organisations relying on the proposed framework for the first time, the outcome of such an assessment will represent a benchmark to be relied on for further improvement before embarking on the next maturity assessment cycle. In addition, a second survey was conducted with subject matter experts in information security. Data generated and collected through a questionnaire was then analysed and interpreted qualitatively and quantitatively in order to identify aspects, not only to gauge the acceptance of the proposed conceptual framework but also to identify areas for improvements. The study found that there was a general consensus amongst experts on the importance of a framework for benchmarking information security digital divide in organisations. It also provided a range of valuable input relied upon to improve the framework to its final version. / School of Computing / M. Sc. (Computing) Capability maturity Digital divide Information security Information systems Critical success factors Information security digital divide Information security maturity level Frameworks Benchmarking 005.8 Computer security Computer networks -- Security measures
252	A framework for the protection of mobile agents against malicious hosts Biermann, Elmarie 30 September 2004 (has links) The mobility attribute of a mobile agent implies deployment thereof in untrustworthy environments, which introduces malicious host threats. The research question deals with how a security framework could be constructed to address the mentioned threats without introducing high costs or restraining the mobile agent's autonomy or performance. Available literature have been studied, analysed and discussed. The salient characteristics as well as the drawbacks of current solutions were isolated. Through this knowledge a dynamic mobile agent security framework was defined. The framework is based on the definition of multiple security levels, depending on type of deployment environment and type of application. A prototype was constructed and tested and it was found to be lightweight and efficient, giving developers insight into possible security threats as well as tools for maximum protection against malicious hosts. The framework outperformed other frameworks / models as it provides dynamic solutions without burdening a system with unnecessary security gadgets and hence paying for it in system cost and performance / Computing / D.Phil. Computer security Communication networks Countermeasure classification Mobile agent security framework Security framework requirements Threats classification Malicious hosts Mobile agent security 005.8 Mobile agents (Computer software) Computer security Computer networks -- Security measures
253	Computer seizure as technique in forensic investigation Ndara, Vuyani 19 March 2014 (has links) The problem encountered by the researcher was that the South African Police Service Cyber-Crimes Unit is experiencing problems in seizing computer evidence. The following problems were identified by the researcher in practice: evidence is destroyed or lost because of mishandling by investigators; computer evidence is often not obtained or recognised, due to a lack of knowledge and skills on the part of investigators to properly seize computer evidence; difficulties to establish authenticity and initiate a chain of custody for the seized evidence; current training that is offered is unable to cover critical steps in the performance of seizing computer evidence; computer seizure as a technique requires specialised knowledge and continuous training, because the information technology industry is an ever-changing area. An empirical research design, followed by a qualitative research approach, allowed the researcher to also obtain information from practice. A thorough literature study, complemented by interviews, was done to collect the required data for the research. Members of the South African Police Cyber-crime Unit and prosecutors dealing with cyber-crime cases were interviewed to obtain their input into, and experiences on, the topic. The aim of the study was to explore the role of computers in the forensic investigation process, and to determine how computers can be seized without compromising evidence. The study therefore also aimed at creating an understanding and awareness about the slippery nature of computer evidence, and how it can find its way to the court of law without being compromised. The research has revealed that computer crime is different from common law or traditional crimes. It is complicated, and therefore only skilled and qualified forensic experts should be used to seize computer evidence, to ensure that the evidence is not compromised. Training of cyber-crime technicians has to be priority, in order to be successful in seizing computers. / Department of Criminology / M.Tech. (Forensic Investigation) Forensic Digital forensic Computer Digital evidence Investigators Technicians Chain of custody Seizure Cyber-crime Cyber-crime technicians 363.25968 Computer crimes -- Investigation Computer security Forensic sciences -- Data processing Crime scene searches Electronic evidence Computer networks -- Security measures
254	Um framework para desenvolvimento e implementação de sistemas seguros baseados em hardware / A framework for development and implementation of secure hardware-based systems Gallo Filho, Roberto Alves, 1978- 20 April 2004 (has links) Orientador : Ricardo Dahab. / Tese (doutorado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-21T17:02:27Z (GMT). No. of bitstreams: 1 GalloFilho_RobertoAlves_D.pdf: 5999506 bytes, checksum: 6ef66e76246dddb7de30593abff60bc5 (MD5) Previous issue date: 2012 / Resumo A concepção de sistemas seguros demanda tratamento holístico, global. A razão é que a mera composição de componentes individualmente seguros não garante a segurança do conjunto resultante2. Enquanto isso, a complexidade dos sistemas de informação cresce vigorosamente, dentre outros, no que se diz respeito: i) ao número de componentes constituintes; ii) ao número de interações com outros sistemas; e iii) 'a diversidade de natureza dos componentes. Este crescimento constante da complexidade demanda um domínio de conhecimento ao mesmo tempo multidisciplinar e profundo, cada vez mais difícil de ser coordenado em uma única visão global, seja por um indivíduo, seja por uma equipe de desenvolvimento. Nesta tese propomos um framework para a concepção, desenvolvimento e deployment de sistemas baseados em hardware que é fundamentado em uma visão única e global de segurança. Tal visão cobre um espectro abrangente de requisitos, desde a integridade física dos dispositivos até a verificação, pelo usuário final, de que seu sistema está logicamente íntegro. Para alcançar este objetivo, apresentamos nesta tese o seguinte conjunto de componentes para o nosso framework: i) um conjunto de considerações para a construção de modelos de ataques que capturem a natureza particular dos adversários de sistemas seguros reais, principalmente daqueles baseados em hardware; ii) um arcabouço teórico com conceitos e definições importantes e úteis na construção de sistemas seguros baseados em hardware; iii) um conjunto de padrões (patterns) de componentes e arquiteturas de sistemas seguros baseados em hardware; iv) um modelo teórico, lógico-probabilístico, para avaliação do nível de segurança das arquiteturas e implementações; e v) a aplicação dos elementos do framework na implementação de sistemas de produção, com estudos de casos muito significativos3. Os resultados relacionados a estes componentes estão apresentados nesta tese na forma de coletânea de artigos. 2 Técnicas "greedy" não fornecem necessariamente os resultados ótimos. Mais, a presença de componentes seguros não é nem fundamental. 3 Em termos de impacto social, econômico ou estratégico / Abstract: The conception of secure systems requires a global, holistic, approach. The reason is that the mere composition of individually secure components does not necessarily imply in the security of the resulting system4. Meanwhile, the complexity of information systems has grown vigorously in several dimensions as: i) the number of components, ii) the number of interactions with other components, iii) the diversity in the nature of the components. This continuous growth of complexity requires from designers a deep and broad multidisciplinary knowledge, which is becoming increasingly difficult to be coordinated and attained either by individuals or even teams. In this thesis we propose a framework for the conception, development, and deployment of secure hardware-based systems that is rooted on a unified and global security vision. Such a vision encompasses a broad spectrum of requirements, from device physical integrity to the device logical integrity verification by humans. In order to attain this objective we present in this thesis the following set of components of our framework: i) a set of considerations for the development of threat models that captures the particular nature of adversaries of real secure systems based on hardware; ii) a set of theoretical concepts and definitions useful in the design of secure hardware-based systems; iii) a set of design patterns of components and architectures for secure systems; iv) a logical-probabilistic theoretical model for security evaluation of system architectures and implementations; and v) the application of the elements of our framework in production systems with highly relevant study cases. Our results related to these components are presented in this thesis as a series of papers which have been published or submitted for publication. 4Greedy techniques do not inevitably yield optimal results. More than that, the usage of secure components is not even required / Doutorado / Ciência da Computação / Doutor em Ciência da Computação Proteção de dados Sistemas de segurança Data protection Computer networks - Security measures Security systems
255	Performance Analysis of Security Protocols Donta, Praveen Kumar 01 January 2007 (has links) Security is critical to a wide range of applications and services. Numerous security mechanisms and protocols have been developed and are widely used with today’s Internet. These protocols, which provide secrecy, authentication, and integrity control, are essential to protecting electronic information. There are many types of security protocols and mechanisms, such as symmetric key algorithms, asymmetric key algorithms, message digests, digital certificates, and secure socket layer (SSL) communication. Symmetric and asymmetric key algorithms provide secrecy. Message digests are used for authentication. SSL communication provides a secure connection between two sockets. The purpose of this graduate project was to do performance analysis on various security protocols. These are performance comparisons of symmetric key algorithms DES (Data Encryption Standard), 3DES (Triple DES), AES (Advanced Encryption Standard), and RC4; of public-private key algorithms RSA and ElGamal; of digital certificates using message digests SHA1 (Secure Hash Algorithm) and MD5; and of SSL (Secure Sockets Layer) communication using security algorithms 3DES with SHA1 and RC4 with MD5. UNF University of North Florida School of Computing Computer security -- Evaluation Computer network protocols -- Evaluation Computer Sciences
256	Misbehaviors detection schemes in mobile ad hoc networks / Une approche décentralisée pour la détection de comportements malveillants dans les réseaux MANETs Rmayti, Mohammad 30 September 2016 (has links) Avec l’évolution des besoins d’utilisateurs, plusieurs technologies de réseaux sans fil ont été développées. Parmi ces technologies, nous trouvons les réseaux mobiles ad hoc (MANETs) qui ont été conçus pour assurer la communication dans le cas où le déploiement d’une infrastructure réseaux est coûteux ou inapproprié. Dans ces réseaux, le routage est une fonction primordiale où chaque entité mobile joue le rôle d’un routeur et participe activement dans le routage. Cependant, les protocoles de routage ad hoc tel qu’ils sont conçus manquent de contrôle de sécurité. Sur un chemin emprunté, un nœud malveillant peut violemment perturber le routage en bloquant le trafic. Dans cette thèse, nous proposons une solution de détection des nœuds malveillants dans un réseau MANET basée sur l’analyse comportementale à travers les filtres bayésiens et les chaînes de Markov. L’idée de notre solution est d’évaluer le comportement d’un nœud en fonction de ses échanges avec ses voisins d’une manière complètement décentralisée. Par ailleurs, un modèle stochastique est utilisé afin de prédire la nature de comportement d’un nœud et vérifier sa fiabilité avant d’emprunter un chemin. Notre solution a été validée via de nombreuses simulations sur le simulateur NS-2. Les résultats montrent que la solution proposée permet de détecter avec précision les nœuds malveillants et d’améliorer la qualité de services de réseaux MANETs / With the evolution of user requirements, many network technologies have been developed. Among these technologies, we find mobile ad hoc networks (MANETs) that were designed to ensure communication in situations where the deployment of a network infrastructure is expensive or inappropriate. In this type of networks, routing is an important function where each mobile entity acts as a router and actively participates in routing services. However, routing protocols are not designed with security in mind and often are very vulnerable to node misbehavior. A malicious node included in a route between communicating nodes may severely disrupt the routing services and block the network traffic. In this thesis, we propose a solution for detecting malicious nodes in MANETs through a behavior-based analysis and using Bayesian filters and Markov chains. The core idea of our solution is to evaluate the behavior of a node based on its interaction with its neighbors using a completely decentralized scheme. Moreover, a stochastic model is used to predict the nature of behavior of a node and verify its reliability prior to selecting a path. Our solution has been validated through extensive simulations using the NS-2 simulator. The results show that the proposed solution ensures an accurate detection of malicious nodes and improve the quality of routing services in MANETs Réseaux ad hoc (informatique) Attaques par déni de service Statistique bayésienne Processus stochastiques Ad hoc networks (computer networks) Denial of service attacks Computer networks -- Security measures Bayesian statistical decision theory Stochastic processes 005.8
257	Towards an information security awareness process for engineering SMEs in emerging economies Gundu, Tapiwa January 2013 (has links) With most employees in Engineering Small and Medium Enterprises (SME) now having access to their own personal workstations, the need for information security management to safeguard against loss/alteration or theft of the firms’ important information has increased. These Engineering SMEs tend to be more concerned with vulnerabilities from external threats, although industry research suggests that a substantial proportion of security incidents originate from insiders within the firm. Hence, technical preventative measures such as antivirus software and firewalls are proving to solve only part of the problem as the employees controlling them lack adequate information security knowledge. This tends to expose a firm to risk and costly mistakes made by naïve/uninformed employees. This dissertation presents an information security awareness process that seeks to cultivate positive security behaviours using a behavioural intention model based on the Theory of Reasoned Action, Protection Motivation Theory and the Behaviourism Theory. The process and model have been refined and verified using expert review and tested through action research at an Engineering SME in South Africa. The main finding was information security levels of employees within the firm were low, but the proposed information security awareness process increased their knowledge thereby positively altering their behaviour. Computer security -- South Africa Information technology -- South Africa Small business -- South Africa Engineering firms -- South Africa Information Security Awareness Information Security Behaviour Information Security Training
258	A study and implementation of an electronic commerce website using active server pages Boutkhil, Soumaya 01 January 2001 (has links) The purpose of this project is to design an electronic commerce site for MarocMart company. MarocMart.com is an one-stop shopping company for a number of high quality products: carpets, jewelry, pottery, wood, leather, metals, and fashion items, etc... Each article is unique, hand-made by Moroccan craftsmen. Web site development Client/server computing World Wide Web -- Economic aspects Distributors (Commerce) Handicraft -- Morocco -- Marketing Digital Communications and Networking Marketing
259	A secure lightweight currency service provider Hsiao, Chih-Wen, Turner, David, Ross, Keith 01 January 2004 (has links) The main purpose of this project is to build a bank system that offers a friendly and simple interface to let users easily manage their lightweight currencies. The Lightweight Currency Protocol (LCP) was originally proposed to solve the problem of fairness in resource cooperatives. However, there are other possible applications of the protocol, including the control of spam and as a general purpose medium of exchange for low value transactions. This project investigates the implementation issues of the LCP, and also investigates LCP bank services to provide human interface to currency operations. Peer-to-peer architecture Computer networks -- Security measures Application software -- Development Confidential communications -- Banking Internet banking Struts framework Java (Computer program language) SQL (Computer program language) Information Security
260	Three Essays on Information Security Risk Management Ogbanufe, Obiageli 05 1900 (has links) Today's environment is filled with the proliferation of cyber-attacks that result in losses for organizations and individuals. Hackers often use compromised websites to distribute malware, making it difficult for individuals to detect. The impact of clicking through a link on the Internet that is malware infected can result in consequences such as private information theft and identity theft. Hackers are also known to perpetrate cyber-attacks that result in organizational security breaches that adversely affect organizations' finances, reputation, and market value. Risk management approaches for minimizing and recovering from cyber-attack losses and preventing further cyber-attacks are gaining more importance. Many studies exist that have increased our understanding of how individuals and organizations are motivated to reduce or avoid the risks of security breaches and cyber-attacks using safeguard mechanisms. The safeguards are sometimes technical in nature, such as intrusion detection software and anti-virus software. Other times, the safeguards are procedural in nature such as security policy adherence and security awareness and training. Many of these safeguards fall under the risk mitigation and risk avoidance aspects of risk management, and do not address other aspects of risk management, such as risk transfer. Researchers have argued that technological approaches to security risks are rarely sufficient for providing an overall protection of information system assets. Moreover, others argue that an overall protection must include a risk transfer strategy. Hence, there is a need to understand the risk transfer approach for managing information security risks. Further, in order to effectively address the information security puzzle, there also needs to be an understanding of the nature of the perpetrators of the problem – the hackers. Though hacker incidents proliferate the news, there are few theory based hacker studies. Even though the very nature of their actions presents a difficulty in their accessibility to research, a glimpse of how hackers perpetrate attacks can be obtained through the examination of their knowledge sharing behavior. Gaining some understanding about hackers through their knowledge sharing behavior may help researchers fine-tune future information security research. The insights could also help practitioners design more effective defensive security strategies and risk management efforts aimed at protecting information systems. Hence, this dissertation is interested in understanding the hackers that perpetrate cyber-attacks on individuals and organizations through their knowledge sharing behavior. Then, of interest also is how individuals form their URL click-through intention in the face of proliferated cyber risks. Finally, we explore how and why organizations that are faced with the risk of security breaches, commit to cyberinsurance as a risk management strategy. Thus, the fundamental research question of this dissertation is: how do individuals and organizations manage information security risks? hackers security risk management malware cyberinsurance risk transfer knowledge sharing social network analysis Computer security -- Management. Data protection. Hackers.

Search results