Global ETD Search

11	Исследование и разработка web-портала для отслеживания данных о киберугрозах : магистерская диссертация / Research and development web portal for data monitoring of cyber threat intelligence Зиновьев, А. Н., Zinovev, A. N. January 2023 (has links) В работе были в полном объёме рассмотрены теоретические аспекты разведки об угрозах (threat intelligence), разработаны метрики, проанализированы и проранжированы информационные источники и разработан веб-портал для взаимодействия с отобранными информационными источниками CTI. Был разработан веб портал для отслеживания данных об угрозах кибер-атак. Полученные результаты имеют теоретическую и практическую значимость так, как могут быть использованы при построении информационной безопасности предприятия. / In this work was described theoretical and practical aspects about cyber threat intelligence and information security. Information sources of cyber threat intelligence was group and ranged. Web portal for data monitoring of cyber threat intelligence was developed. The results are gained a theoretical and practical aspects for information security of enterprise. КИБЕРУГРОЗЫ WEB-ПОРТАЛ ОБНАРУЖЕНИЕ УГРОЗ MASTER'S THESIS CYBER THREAT INTELLIGENCE CTI WEB PORTAL INFORMATION SECURITY
12	Cyber Attack Modelling using Threat Intelligence. An investigation into the use of threat intelligence to model cyber-attacks based on elasticsearch and honeypot data analysis Al-Mohannadi, Hamad January 2019 (has links) Cyber-attacks have become an increasing threat to organisations as well as the wider public. This has led to greatly negative impacts on the economy at large and on the everyday lives of people. Every successful cyber attack on targeted devices and networks highlights the weaknesses within the defense mechanisms responsible for securing them. Gaining a thorough understanding of cyber threats beforehand is therefore essential to prevent potential attacks in the future. Numerous efforts have been made to avoid cyber-attacks and protect the valuable assets of an organisation. However, the most recent cyber-attacks have exhibited the profound levels of sophistication and intelligence of the attacker, and have shown conven- tional attack detection mechanisms to fail in several attack situations. Several researchers have highlighted this issue previously, along with the challenges faced by alternative solu- tions. There is clearly an unprecedented need for a solution that takes a proactive approach to understanding potential cyber threats in real-time situations. This thesis proposes a progressive and multi-aspect solution comprising of cyber-attack modeling for the purpose of cyber threat intelligence. The proposed model emphasises on approaches from organisations to understand and predict future cyber-attacks by collecting and analysing network events to identify attacker activity. This could then be used to understand the nature of an attack to build a threat intelligence framework. However, collecting and analysing live data from a production system can be challenging and even dangerous as it may lead the system to be more vulnerable. The solution detailed in this thesis deployed cloud-based honeypot technology, which is well-known for mimicking the real system while collecting actual data, to see network activity and help avoid potential attacks in near real-time. In this thesis, we have suggested a new threat intelligence technique by analysing attack data collected using cloud-based web services in order to identify attack artefacts and support active threat intelligence. This model was evaluated through experiments specifically designed using elastic stack technologies. The experiments were designed to assess the identification and prediction capability of the threat intelligence system for several different attack cases. The proposed cyber threat intelligence and modeling systems showed significant potential to detect future cyber-attacks in real-time. / Government of Qatar Cyber-attack Cyber-attack modelling Cyber threat intelligence Elasticsearch Honeypots Cloud services Attack awareness Object-based model
13	企業資訊安全風險評估－以電腦病毒為例洪裕傑, Hung,Yu-Chieh Unknown Date (has links) 隨著網際網路的快速成長，資訊安全已成為企業最重視的議題之一。企業必須保護自己免於網路威脅(Cyber-Threat)，不過防止企業免受網際威脅已非易事，這也為企業資訊安全風險埋下了一顆不定時炸彈。換句話說，資訊安全風險是現今企業所面臨的主要挑戰之一，企業資訊安全防護的好壞將直接反應在企業的盈虧上，甚至可能影響到顧客對該企業產品或服務的滿意度等，對企業的殺傷力是不容忽視的。目前的防毒軟體(Anti-Virus)與威脅管理系統(Threat Management System)所能提供的基本功能都是大同小異，其效能也在伯仲之間，但是企業使用的成效則大不相同。因此如何掌握左右企業資訊安全風險的主要影響因子，並根據該影響因子提供企業一套資訊安全策略以解決其所面臨的風險與使得金錢上的損失降到最低，將是改善企業資訊安全風險的關鍵成功因素。本研究首先透過與五位企業安全維護有實務經驗的專家訪談，了解資訊安全之重要影響因素並不在於投入防毒軟體的預算金額，反而是企業的資訊安全策略類型，如使用者與資訊安全人員關係型態、資訊安全人員的素質、高階主管對資訊安全政策的支持之類因素更重要。接著藉由問卷調查，以國內某著名防毒軟體客戶為樣本，發出1910份郵寄問卷與網路問卷邀請email信，共回收102份有效問卷，回收率5.3%。問卷共分為兩大部份：組織特徵（包括公司背景、過去三年病毒感染情形、防毒系統、資訊安全管理現況）及防毒能力評估（防毒軟體的使用、監控與過濾、追蹤裝置、區隔網路等四類防毒技術的使用，與弱點管理、病毒碼部署、帳號管理、應用程式與網路使用的權限、回應與恢復程序等五類安全程序政策，組織的責任與能力、組織的順從、對教育訓練的重視等三項組織因素）。以「病毒爆發數量」、「病毒爆發影響嚴重性」、「偵測病毒數」與「偵測感染事件事」為應變數，以公司概況及防毒能力評估各變項為自變數進行單因子與多因子變異數分析，分析結果顯示組織大小及防毒軟體的使用、弱點管理、帳號管理等安全程序政策是影響「病毒爆發數量」的重要因素；組織大小、網路管理等組織特徵，防毒軟體的使用、弱點管理、病毒碼部署等安全程序政策及教育訓練等是影響「病毒爆發影響嚴重性」的重要因素；組織大小與防毒軟體的使用、監控與過濾等防毒技術的使用，弱點管理影響「偵測病毒數」的重要因素；組織大小、弱點管理、與教育訓練等是影響「偵測感染事件數」的重要因素。本研究藉由分析企業在資訊安全所面臨到的風險，得以建立並發展相關評量的模型，研究結果除了可以提供廠商與設計人員在開發企業資訊安全風險評量時參考的依據，也為後續的相關實證研究提供一些建議的方向。 / Following the growth of the www internet in the latest years, information security has become the most important topic among all enterprise companies. Enterprise companies have to protect themselves from Cyber-Threat, but this is not an easy job at all. That means a hidden bomb has already been planted inside their information systems. In another words, the information security threat is the main challenge that all enterprise companies are facing right now. The performance of the defensive system that an enterprise company is using directly impacts whether this company can have a profit gain or loss; furthermore, this affects the customers’ satisfaction about the company’s products and services. This threat can harm the company and should not be ignored. Right now the basic service that Anti Virus software and Threat Management System can provide and their performance are functionally the same, but the effective factor of how each different companies use them may yield a big difference. Hence, knowing how to control the main factor of the information security threat of the company and knowing how to provide the best and the most secured strategy according to the threat to solve any possible future threat such that the loss of profit can be minimized, will be the most important aspect for an enterprise company to be succeeded. This research was conducted by interviewing with five experienced enterprise security maintenance experts at first. From the conservation, we have learned that the main factor of the information security is not depending on the amount of budget that the company has spent on anti-virus software. In fact the strategy type that the company uses for information security is the main reason. This includes the relational model between the users and the information security members, the quality of the information security members, the support of information security strategy from the top manager, and etc. These are more important factors. We have then conducted a survey among the customers from one of the famous anti virus software in Taiwan. We have sent out 1910 questionnaire mails and online survey invitation emails, we have collected back 102 copies of valid questionnaires (5.3% of the total). The questionnaire contains two parts: the characteristic of the company (including the background of company, the virus infection situation in the past three years, the anti virus system, the present situation of information security management), and the performance evaluation of the anti-virus system (which one(s) out of the four anti-virus techniques that the current company is applying: using anti-virus software, monitoring and filtering, using some tools for tracing, and the separation of local area network. Which one(s) out of five security process strategies that the company is using: weakness management, virus pattern deployment, account management, permission of using application and network, and response and restore process. And the factor of company: the responsibility and ability, the obedient, and the weight that was put for educational training.) Using the infection number of virus, the impact severity of virus spread, the quantity of detectable virus, and the number of detectable infection events as dependent variables, along with using the situation of company and each items in anti-virus ability evaluation as single factor or multiple factor variant analysis, the analyzed result shows that the size of companies and the security process strategies such as the use of anti-virus software, weakness management, and account management, are the main factors of the infection number of virus. The characteristic of the company such as the size of companies and its network management, the security process strategies such as the use of anti-virus, weakness management, and virus pattern deployment, and the educational training are the main reasons of affecting the severity of virus spread. The size of company, the use of anti virus technique such as the use of anti-virus software and the monitoring and filtering, and weakness management are the main factors of the number of detected virus. The size of company, weakness management, and the educational training are the main factor of the number of events of detected infection. According to the analysis of the threat of information security that an enterprise company would face, this research has built and developed a related evaluation model. The result from this research not only can provide a reference for companies and software designers when they evaluate their enterprise information security, but also suggest a new direction for future research. 資訊安全病毒網路威脅弱點管理 Information Security Virus Cyber-Threat Vulnerability Management
14	Cybersäkerhet - Att stärka den svaga länken : En flerfallsstudie om hur formella och informella styrmedel förebygger interna cyberhot i banksektorn Olsson, Sanna, Hultberg, Isabella January 2021 (has links) Bakgrund: Banker fyller en mycket viktig funktion i samhället och har sedan digitaliseringen varit särskilt utsatta för cyberhot. Samtidigt bygger bankens verksamhet till stor del på att upprätthålla förtroendet hos sina kunder, varpå det är av stor vikt för banker att ha en hög cybersäkerhet. Framför allt kan interna cyberhot i form av mänskliga misstag konstateras vara den svaga länken i bankers säkerhetsarbete idag. Därför är det intressant att undersöka hur banker i Sverige arbetar för att öka cybersäkerheten genom formella och informella styrmedel, som kan påverka anställdas beteenden. Syfte: Studien syftar till att bidra till ökad förståelse om hur banker styr sin verksamhet med formella och informella styrmedel för att förebygga interna cyberhot på arbetsplatsen. Metod: Studien har ett hermeneutiskt perspektiv och är utformad enligt en kvalitativ metod. Vidare har en abduktiv ansats format uppsatsen. Syfte och frågeställningar har besvarats genom en flerfallstudie av fyra olika banker i Sverige. Det empiriska materialet har inhämtats med hjälp av intervjuer med representanter från respektive bank som arbetar med säkerhet. Slutsats: För att förebygga interna cyberhot arbetar banker med formella styrmedel främst i form av regler, där de tar hjälp av globala standarder vid utformningen. Reglerna utformas även utifrån bankens kultur och uppdateras ofta. Vi har sett att kompetens och medvetenhet inom cybersäkerhet hos anställda är något som samtliga fallföretag värderar högt, och för att stärka kompetensen lägger bankerna stora resurser på utbildning. Att göra säkerhetstänket till en naturlig del av anställdas dagliga arbete har framför allt understrukits av respondenterna, samtidigt som arbetet med kultur till stor del görs passivt då det starka regelverket formar kulturen. Informella dialoger menas dock vara något som ökar medvetenheten och därmed stärker kulturen. Slutligen har vi identifierat att samtliga styrmedel nämnda ovan påverkar varandra, varpå det är viktigt att ha ett helhetstänk vid styrningsarbetet vad gäller cybersäkerhet. / Background: Banks play an important role in society and have since the increasing digitalization been particularly exposed to cyber threats. At the same time, the bank's operations are largely based on maintaining trust of its customers, and therefore it is of great importance for banks to have a high level of cyber security. Above all, internal cyber threats in the form of human error constitute one of the greatest risks to banks' security work today. Therefore, it is interesting to investigate how banks work to mitigate internal cyber threats through formal and informal management controls. Purpose: This study aims to contribute to an increased understanding of how banks use formal and informal management control to mitigate internal cyber threats in the workplace. Methodology: This study adopts a hermeneutic perspective and uses qualitative method. Furthermore, an abductive approach has shaped the essay. The purpose and research questions have been answered through a multiple case study of four different banks in Sweden. The empirical material has been obtained with the help of interviews with representatives from each bank who work with security. Conclusion: To prevent internal cyber threats, banks work with rules which global standards and the company’s culture help design. We have noted that competence and awareness in cyber security is something that is valued highly. To strengthen the competence banks invest large resources in training. Making the idea of safety a natural part of employees' daily work has above all been emphasized by, at the same time as cultural development is largely done passively as the strong regulations shape culture. Informal dialogues, however, increase awareness and thus strengthen culture. Finally, we have identified that all the management controls mentioned above affect each other. Therefore, it is important to have a holistic approach to the governance work regarding cyber security. Cyber security cyber threat management control bank security policy education security culture Cybersäkerhet cyberhot styrning bank standarder regler utbildning kultur Business Administration Företagsekonomi
15	Threats and Mitigation of DDoS Cyberattacks Against the U.S. Power Grid via EV Charging Morrison, Glenn Sean 30 August 2018 (has links) No description available. Computer Engineering Computer Science DDoS Distributed Denial of Service DDoS Cyberattacks United States power grid electric vehicle EV EV Charging cyberattack cyber threat
16	BRIDGING THE GAP IN VULNERABILITY MANAGEMENT : A tool for centralized cyber threat intelligence gathering and analysis Vlachos, Panagiotis January 2023 (has links) A large number of organizations these days are offering some kind of digital services, relyon digital technologies for processing, storing, and sharing of information, are harvesting moderntechnologies to offer remote working arrangements and may face direct cybersecurity risks. Theseare some of the properties of a modern organization. The cybersecurity vulnerability managementprograms of most organizations have been relying on one-dimensional information to prioritizeefforts of remedying security flaws for many years. When combined with the ever-growing attacksurface of modern organizations, the number of vulnerabilities disclosed yearly and the limitedresources available to cybersecurity teams, this renders the goal of securing an organization almostimpossible. This thesis aims at reviewing existing methodologies as observed in academicliterature and in the industry, highlighting their disadvantages, as well as the importance of adynamic, data-driven and informed approach and finally providing a tool that can assist thevulnerability prioritization efforts and increase resource utilization and efficiency. The thesis isinspired by Design Science Research, to design and develop a web-based cybersecurity tool thatcan be utilized towards a data-rich and rigorous approach of Vulnerability Management, by relyingon various cyber threat intelligence metrics. Vulnerability management Cyber threat intelligence Common vulnerability scoring system Exploit prediction scoring system Övrig annan teknik
17	Integration of CTI into security management Takacs, Gergely January 2019 (has links) Current thesis is a documentative approach to sum up experiences of a practical projectof implementing Cyber Threat Intelligence into an existing information securitymanagement system and delivering best practices using action design researchmethodology. The project itself was delivered to a multinational energy provider in 2017.The aim of the CTI-implementation was to improve the information security posture ofthe customer. The author, as participant of the delivery team presents an extensive reviewof the current literature on CTI and puts the need for threat intelligence into context. Theauthor claims that traditional security management is not able to keep up with currentcybersecurity threats which makes a new approach required. The thesis gives an insightof an actually working and continuously developed CTI-service and offers possible bestpractices for InfoSec professionals, adds theoretical knowledge to the body of knowledgeand opens up new research areas for researchers. Cyber Threat Intelligence CTI security management information security InfoSec operational CTI technical CTI threat intelligence TIP threat information portal cybersecurity threat management risk management InfoSec management Computer Systems Datorsystem
18	Modelo de referencia para identificar el nivel de madurez de ciberinteligencia de amenazas en la dark web Aguilar Gallardo, Anthony Josue, Meléndez Santos, Ricardo Alfonso 31 October 2020 (has links) La web oscura es una zona propicia para actividades ilegales de todo tipo. En los últimos tiempos los cibercriminales están cambiando su enfoque hacia el tráfico de informacion (personal o corporativa) porque los riesgos son mucho más bajos en comparación con otros tipos de delito. Hay una gran cantidad de información alojada aquí, pero pocas compañías saben cómo acceder a estos datos, evaluarlos y minimizar el daño que puedan causar. El presente trabajo propone un modelo de referencia para identificar el nivel de madurez del proceso de Ciber Inteligencia de Amenazas. Esta propuesta considera la información comprometida en la web oscura, originando un riesgo latente que las organizaciones no consideran en sus estrategias de ciberseguridad. El modelo propuesto tiene como objetivo aumentar el nivel de madurez del proceso mediante un conjunto de controles propuestos de acuerdo a los hallazgos encontrados en la web oscura. El modelo consta de 3 fases:1. Identificación de los activos de información mediante herramientas de Ciber inteligencia de amenazas. 2. Diagnóstico de la exposición de los activos de información. 3. Propuesta de controles según las categorías y criterios propuestos. La validación de la propuesta se realizó en una institución de seguros en Lima, Perú con datos obtenidos por la institución. Los resultados preliminares mostraron 196 correos electrónicos y contraseñas expuestos en la web oscura de los cuales 1 correspondía al Gerente de Tecnología. Con esta identificación, se diagnosticó que la institución se encontraba en un nivel de madurez “Normal”, y a partir de la implementación de los controles propuestos se llegó al nivel “Avanzado”. / The dark web is an area conducive to illegal activities of all kinds. In recent times, cybercriminals are changing their approach towards information trafficking (personal or corporate) because the risks are much lower compared to other types of crime. There is a wealth of information hosted here, but few companies know how to access this data, evaluate it, and minimize the damage it can cause. In this work, we propose a reference model to identify the maturity level of the Cyber Intelligence Threat process. This proposal considers the dark web as an important source of cyber threats causing a latent risk that organizations do not consider in their cybersecurity strategies. The proposed model aims to increase the maturity level of the process through a set of proposed controls according to the information found on the dark web. The model consists of 3 phases: 1. Identification of information assets using cyber threat intelligence tools. 2. Diagnosis of the exposure of information assets. 3. Proposal of controls according to the proposed categories and criteria. The validation of the proposal was carried out in an insurance institution in Lima, Peru with data obtained by the institution. Preliminary results showed 196 emails and passwords exposed on the dark web of which 1 corresponded to the Technology Manager of the company under evaluation. With this identification, it was diagnosed that the institution was at a “Normal” maturity level, and from the implementation of the proposed controls the “Advanced” level was reached. / Tesis Ciberseguridad Ciber inteligencia de amenazas Modelo de madurez Web oscura Cybersecurity Cyber threat intelligence Maturity model Dark Web
19	Nuclear Safety related Cybersecurity Impact Analysis and Security Posture Monitoring Gupta, Deeksha 05 April 2022 (has links) The Electrical Power Systems (EPS) are indispensable for a Nuclear Power Plant (NPP). The EPS are essential for plant start-up, normal operation, and emergency conditions. Electrical power systems are necessary not only for power generation, transmission, and distribution but also to supply reliable power for plant operation and control system during safe operation, Design Basis Conditions (DBC) and Design Extension Conditions (DEC). According to IAEA Specific Safety Guide SSG-34, EPS are essentially the support systems of many plant equipment. Electrical system, which supply power to plant systems important to nuclear safety, are essential to the safety of an NPP. In recent years, due to the digitization of Instrumentation and Control (I&C) systems, along with their enhanced accuracy, ease of implementing complex functions and flexibility, have been also exposed to sophisticated cyber threats. Despite physical separation and redundant electrical power supply sources, malicious cyber-attacks performed by insiders or outsiders might disrupt the power flow and result in an interruption in the normal operation of an NPP. Therefore, for the uninterrupted operation of a plant, it is crucial to contemplate cybersecurity in the EPS design and implementation. Considering multiple cyber threats, the main objectives of this research work are finding out security vulnerabilities in electrical power systems, simulating potential cyber-attacks and analyzing the impacts of these attacks on the electrical components to protect the electrical systems against these cyber-attacks. An EPS testbed at a small scale was set up, which included commercial I&C and electrical equipment significant for the cybersecurity analysis. The testbed equipment comprises of electrical protection relay (IEC 60255), controller, operating panel, engineering workstation computer, simulation model, etc. to monitor and control the power supply of one or more electrical equipment responsible for a regular operation in an NPP. Simulated cybersecurity attacks were performed using this testbed and the outcomes were examined in multiple iterations, after adding or changing security controls (cybersecurity countermeasures). Analyzing the cybersecurity and performing cyber-attacks on these systems are very advantageous for a real power plant to prepare and protect the plant equipment before any malicious attack happens. This research work conclusively presents cybersecurity analysis, including basic and sophisticated cyber-attack scenarios to understand and improve the cybersecurity posture of EPS in an NPP. The approach was completed by considering the process engineering systems (e.g. reactor core cooling systems) as attack targets and investigating the EPS specific security Defense-in-Depth (DiD) design together with the Nuclear Safety DiD concepts.:CHAPTER 1 INTRODUCTION 1.1 Motivation 1.2 Technical Background 1.3 Objectives of the Ph.D. Project 1.4 State of the Art in Science and Technology CHAPTER 2 FUNDAMENTALS OF CYBERSECURITY AND ELECTRICAL CONTROL AND PROTECTION CONCEPTS 2.1 Electrical Power System 2.2 Electrical Protection System 2.3 Cyber-Physical System 2.4 Industrial Control System 2.5 Safety I&C and Operational I&C Systems 2.6 Safety Objective Oriented Top-Down Approach 2.7 Cybersecurity Concept 2.8 Threat Identification and Characterization in NPP 2.8.1 Design Basis Threat 2.8.2 Attacker Profile 2.8.1 Reported Real-Life NPP Cyber-Attack Examples 2.9 Security Levels 2.10 Summary CHAPTER 3 CYBER-PHYSICAL PROCESS MODELING 3.1 Introduction 3.2 Single Line Diagrams of Different Operational Modes 3.3 Design 3.4 Block Diagram of Simulink Model 3.5 Implementation of Simulink Blocks 3.5.1 Power Generation 3.5.2 Grid Feed 3.5.3 House Load (Feed Water Pump) 3.6 OPC UA Communication 3.7 Summary CHAPTER 4 CYBER THREAT SCENARIOS FOR EPS 4.1 Introduction 4.2 Cyber-Physical System for EPS 4.3 Cyber Threats and Threat Sources 4.3.1 Cyber Threats 4.3.2 Threat Sources 4.4 Cybersecurity Vulnerabilities 4.4.1 Vulnerabilities in EPS 4.4.2 Vulnerabilities in ICS 4.5 Attacker Modeling 4.6 Basic Cyber Threat Scenarios for EPS 4.6.1 Scenario-1: Physical Access to Electrical Cabinets 4.6.2 Scenario-2: Modification of Digital Protection Devices 4.7 Potential Advanced Cyber Threat Scenarios for EPS 4.7.1 Scenario-1: Alteration of a Set-point of the Protection Relay 4.7.2 Scenario-2: Injection of Malicious Packets 4.7.3 Scenario-3: False Trip Command 4.7.4 Scenario-4: Availability Attack on Protection Relay or SCADA System 4.7.5 Scenario-5: Permanent Damage to Physical Component 4.7.6 Scenario-6: Protocol-wise Attack on Operator Panel 4.8 Threat Scenario for Simulink model 4.9 Summary CHAPTER 5 EPS TESTBED DESCRIPTION 5.1 Introduction 5.2 Basic Industrial Automation Architecture 5.3 Need for Testbeds 5.4 Proposed EPS Testbed 5.4.1 Testbed Architecture 5.4.2 Testbed Implementation 5.5 EPS Physical Testbed Applications 5.5.1 Modeling and Simulation of Power System Faults 5.5.2 Modeling of Cyber-Attacks 5.6 Summary CHAPTER 6 EXPERIMENTAL AND IMPACT ANALYSIS OF CYBER THREAT SCENARIOS 6.1 Outline 6.2 Normal Operation and Control 6.3 Possibilities to Cause Failure in the Primary or Secondary Cooling Systems 6.4 Implementation of Cybersecurity Threat Scenarios 6.4.1 Alteration of a Relay Set-Point during Plant Start-Up Phase 6.4.2 Alteration of a Controller Set-Point during Normal Operation Phase 6.4.3 Availability Attack on Control and Protection System 6.4.4 Severe Damage to a Physical Component due to Overcurrent 6.5 Experimentally Assessed Cyber-attacks 6.6 Summary CHAPTER 7 SUMMARY AND OUTLOOK REFERENCES SCIENTIFIC PUBLICATIONS GLOSSARY info:eu-repo/classification/ddc/621.3 ddc:621.3
20	Cybersäkerhet : Distansarbetets påverkan på cybersäkerhet inom företag Håman, Philip, Kasum, Edin, Klingberg, Olof January 2022 (has links) Digitaliseringen och den konstanta utvecklingen av teknologi i vårt samhälle har medfört många förändringar de senaste åren. I olika områden inom yrkeslivet har rutiner och system behövt uppdaterats för att hålla jämna steg med digitaliseringen. Idag är det inte ovanligt för anställda att arbeta på distans, vanligtvis från sina egna hem. Utöver detta, har Covid-19-pandemin som drabbade världen under 2020, endast utökat och påskyndat processen där företag behöver anpassa sig till denna typ av arbete. Trots att möjligheten att kunna jobba hemifrån reflekterar en modern arbetsplats såväl som ett modernt samhälle, öppnar det även upp frågan om potentiella cyberhot. På grund av detta undersöker nuvarande studie forskningsfrågan: Hur har cybersäkerhet inom företag påverkats av utökat distansarbete? Som avgränsning fokuserar studien specifikt på den finansiella sektorn. Forskningsmetoden som valts ut för studien har varit kvalitativ, i form av primär datainsamling genom semistrukturerade intervjuer som sedan analyserats med hjälp av tematisk analys. Samtliga respondenter arbetar med och har erfarenhet av cybersäkerhet samt har en koppling till finanssektorn. Vidare fokuserar dessa intervjuer på olika aspekter av hur säkerheten inom företag har påverkats av det ökade distansarbetet hemifrån. För att kunna besvara detta, ställdes en rad specifika frågor angående förändringar, kommunikation, cyberhot och utmaningar på grund av distansarbete till respondenterna. Det insamlade och analyserade resultatet visar på att majoriteten av respondenterna anser att jobba hemifrån betyder en ökad mängd förändringar i form av hantering av information, inloggningsrutiner, behörigheter, utrustning och ibland även förändring av IT-infrastrukturen i företagen. Resultaten visar även på hot och utmaningar som kan uppstå vid distansarbete. En slutsats som därmed kan dras från studien är att företagens cybersäkerhet påverkas och hanteras på olika sätt när det kommer till det ökade distansarbetet. Dessa bemöts enligt respondenterna med olika strategier, rutiner och riskminimering. För att vidare minimera cyberhoten vid arbete hemifrån i framtiden, är den generella uppfattningen i studien att företag behöver arbeta förebyggande och utbilda personal i frågan om cybersäkerhet när man inte befinner sig på ordinarie arbetsplats. Trots att respondenterna tillsammans med föregående studier anser att cyberhoten har ökat de senaste åren, håller de med varandra om svårigheten att fastställa om det är ett faktum att de har ökat på grund av just ökat distansarbete. Eftersom det inte alltid rapporteras om hoten som finns mot finanssektorn på grund av anseende- och trovärdighetsskäl, har det varit en utmaning att få tillräckliga svar i de i utförda intervjuerna. / The digitalization and constant development of technology in our society has brought many changes over the last few years. In various areas of the work field, routines and systems have been updated to keep up with the digitalization. Nowadays it is not unusual for employees to be teleworking, most commonly to work from their own homes. On top of that, the global Covid-19-pandemic that hit the world in 2020, has only increased and speeded up the process for companies to adjust to this type of work. Even though being able to work from home reflects a modern workplace as well as society, it does open the question about possible online threats. Therefore, this current study examines the question: How does the increasing teleworking trend affect cybersecurity in organizations? As a demarcation, the study specifically focuses on the financial sector. The research method selected for the study has been of qualitative nature, during which primary data was collected through semi-structured interviews which further were analyzed using thematic analysis. The respondents are all employees and have experience within cybersecurity, related to the financial sector. Furthermore, these interviews focus on different aspects of how the cybersecurity of companies has been affected by the recent increase in teleworking from home. To shed light on the matter, the respondents were asked a specific set of questions regarding changes in; communication, cyber threats and challenges all due to telework. The results gathered and analyzed do show that the majority of the respondents believe that working from home does mean an increased amount of changes in ways of handling information, login-routines, competence, equipment and sometimes even the infrastructure of their IT-systems. Additionally, the results also show threats and challenges that may occur due to increased teleworking, such as larger attack surfaces. Therefore, a conclusion that can be drawn from the study is that there are different ways in which the cybersecurity of companies can be affected by the increasing teleworking trend. According to the respondents, these challenges are met with different strategies, routines and risk minimization. To further minimize future cyberthreats when working from home, the general perception drawn from the study is that companies have to work preventively and as well as educate staff on threats and risks associated with increased teleworking. However, while the respondents and previous studies believe that threats have increased over the last couple of years, they do agree on the difficulty of determining whether it is in fact due to the increased amount of telework. Since the cyberthreats against the financial sector are not always spoken about or reported for reasons of reputation and credibility, there were also respondents who have been hersistant in providing full answers to the interviews. Cybersecurity telework information security cyber threats cyber threat intelligence human factors Covid-19 safety risks Cybersäkerhet distansarbete informationssäkerhet dataintrång underrättelser om cyberhot mänskliga faktorer Covid-19 säkerhetsrisker Computer and Information Sciences Data- och informationsvetenskap Computer Engineering Datorteknik

Search results