Global ETD Search

161	NATO and Offensive Cybersecurity: A Strategic Analysis / NATO and Offensive Cybersecurity: A Strategic Analysis Lopes Carvalho Viana, André January 2018 (has links) This thesis presents a strategic analysis on the possibility of use of offensive cyber capabilities by NATO in its defensive efforts. There is a vast array of academic literature regarding the strategic value of the use of offensive capabilities in cybersecurity, and NATO's cyber posture, however, there is little available regarding the relationship between both. Through the use of tools borrowed from Strategic Studies, this thesis attempts to determine whether it is possible to formulate valid cybersecurity strategies for the use of offensive cyber capabilities from the combination of known academic concepts with current NATO capabilities. The thesis also analyzes the possible implications of using such strategies as well as the underlying causes of their potential success or failure. Viana, André Lopes C. NATO and Offensive Cybersecurity: A Strategic Analysis, [number of pages]p. Master Thesis. Charles University, Faculty of Social Sciences, Institute of Political Studies. Supervisor PhDr. Vít Střítecký, M.Phil., Ph.D.
162	Blockchain v národní bezpečnosti / Blockchain in National Security Pavliv, Katerina January 2020 (has links) The given work is dedicated to the provision of the evaluation on the effectiveness of Blockchain if applied within national security. The research is done through the summative evaluation approach, which allows to estimate the studied phenomenon in one realm in terms of its level of usefulness and transfer the findings to the framework of the thesis on the basis of the main methodological hypothesis. The research comprises the analysis and evaluation of the Blockchain environment, levels of operation, existing normative clash, the componential issues of the latter, provision of the final perspectives of the potential incorporation of the Blockchain technologies into national security with the discussion on the possible application, benefits of the platform, its social and technical vulnerabilities, and limitations.
163	Är gymnasieskolans digitala säkerhet tillräcklig? : Risk- och sårbarhetsanalys, ur ett informationssäkert perspektiv / Is the Swedish highschooldigital security adequate? : Risk and Vulnerability assesment Rahimi, Farhad, Isufi, Mevlyde January 2020 (has links) This work presents a study of how information security has been implemented in the municipal high school. The study covers applications' resistance to intrusion, hardware security, students & the IT department's overall competence, also requirements for confidentiality in relation to municipal and state guidelines. The study includes field visits that have been carried out at two municipal high schools with technical vulnerabilities in focus. Based on this study, a risk and vulnerability analysis and an action plan for identified risks are presented. Cybersecurity Highschool Phishing Pentesting Vulnerability Cloud Informationssäkerhet Gymnasieskola Sårbarhet Molnet Engineering and Technology Teknik och teknologier
164	Performance of DevOps compared to DevSecOps : DevSecOps pipelines benchmarked! Björnholm, Jimmy January 2020 (has links) This paper examines how adding security tools to a software pipeline affect the build time. Software development is an ever-changing field in a world where computers are trusted with almost everything society does. Meanwhile keeping build time low is crucial, and some aspects of quality assurance have therefore been left on the cutting room floor, security being one of the most vital and time-consuming. The time taken to scan for vulnerabilities has been suggested as a reason for the absence of security tests. By implementing nine different security tools into a generic DevOps pipeline, this paper aimed to examine the build times quantitatively. The tools were selected using the OWASP Top Ten, coupled with an ISO standard, as a guideline. OWASP Juice Shop was used as the testing environment, and the scans managed to find most of the vulnerabilities in the Vulnerable Web Application. The pipeline was set up in Microsoft Azure and was configured in .yaml files. The resulting scan durations show that adding security measures to a build pipeline can add as little as 1/3 of the original build time. Software Engineering Programvaruteknik Computer Engineering Datorteknik
165	Who Watches The Privileged Users Persson, Sebastian January 2020 (has links) Today, companies are spending millions of dollars on cybersecurity, but compromised systems and stealing sensitive information are still huge problems. Protecting sensitive information has always been of vital importance. However, the struggle today is that digital information can be distributed to an endless amount of users, everywhere in the world. Security solutions today focus on role-based access control and "the principle of the least privilege". They can affect the productivity of employees, which is also a key aspect to be considered when it comes to security. Privilege users are the ones that possess the most permissions within a system and are, therefore, a significant risk. This thesis project is focusing on developing a solution that protects against security risks connected to the users with the most privilege. The developed solution resulted in a modular role-based access methodology, also adding the "four-eye principle" (4EP). By introducing an extra shield outside the standard API, sensitive commands sent unwittingly or wittingly by a privileged user can be discovered before compromising a system or leaking sensitive information. Introducing the "four-eye principle" in a secure proxy solution, a "third-party" user approves sensitive commands before reaching the intended system. The solution is developed in JAVA and is adaptable to different organisations by letting the system administrators choose an intended system, which policies of sensitive commands to apply and whom that needs to approve them. The concepts implemented in this prototype can be used in future industrial developments. Information security cybersecurity cyber security access control four-eye principle 4EP Computer and Information Sciences Data- och informationsvetenskap
166	Integrating security into agile software development : A case study on the role of inertia Andersson, Rasmus, Edström, Carl January 2022 (has links) The security directives at Ericsson Group IT have recently been re-worked to apply to modern security requirements. For Ericsson's software development teams developing internal applications, security tools have been implemented into the daily workflow to follow these new directives. Before, security mainly was considered during the reviews and scheduled assessments of the software projects. The goal of these new tools is to add security to every part of the software development process. Security thus adds to the scope of work of the developers at Ericsson Group IT, which has, in the past, evolved from being solely a developer to being responsible for development and operations to development, security and operations. However, adding methods and tools to the developer's workflow can create inertia and friction in daily work. We intend to apply the concept of inertia to agile work practices to examine how small-scale projects are affected when new security tools and methods are introduced and implemented in the agile workflow. Research suggests that linked processes and methods should be put in place to achieve desirable results from the implemented tools and be integrated into the team's agile methodologies. The thesis aims to identify the factors that affect inertia by investigating and analysing the developers' use of methods and tools. As for data collection, a pilot study and a case study were applied to a team at Ericsson Group IT. The data was collected through qualitative surveys conducted on twelve proven factors regarding successfulness in work implementations. The data was then analysed through the Gioia methodology by compiling the collected data into first-order concepts and linking them to familiar second-order themes. These themes were then translated into aggregate dimensions synthesised from the study's theoretical framework. The results showed that several factors affected the change process: personnel training and education, appropriate communication, and adaptability to the change process. These are all factors attributing inertia to the change process, and awareness of these can help mitigate and facilitate a successful change process. Streamlining successful change processes is vital when integrating security as a requirement into an agile software development team. agile inertia cybersecurity security change management Övrig annan teknik
167	Formal security verification of the Drone Remote Identification Protocol using Tamarin / Formell säkerhetsverifiering av Drone Remote Identification Protocol med hjälp av Tamarin Ahokas, Jakob, Persson, Jonathan January 2022 (has links) The current standard for remote identification of unmanned aircraft does not contain anyform of security considerations, opening up possibilities for impersonation attacks. Thenewly proposed Drone Remote Identification Protocol aims to change this. To fully ensurethat the protocol is secure before real world implementation, we conduct a formal verification using the Tamarin Prover tool, with the goal of detecting possible vulnerabilities. Theunderlying technologies of the protocol are studied and important aspects are identified.The main contribution of this thesis is the formal verification of session key secrecy andmessage authenticity within the proposed protocol. Certain aspects of protocol securityare still missing from the scripts, but the protocol is deemed secure to the extent of themodel. Many features of both the protocol and Tamarin Prover are presented in detail,serving as a potential base for the continued work toward a complete formal verificationof the protocol in the future. Cybersecurity Formal verification Unmanned aircraft Cryptography Other Computer and Information Science Annan data- och informationsvetenskap
168	The Internal Auditor's Role in Cybersecurity Governance : A qualitative study about the internal auditor's influence on the people factor of cybersecurity Simić, Nikola January 2022 (has links) Internal auditors have a substantial impact on organisations’ governance. Hence this research aims to uncover the practice of internal auditors in Sweden, especially their part in cybersecurity and the people factor. While previous research point to internal auditing being an oversight governance mechanism for organisations, the threat of a changing risk landscape due to increased digitalisation and business transactions occurring in cyberspace leaves more questions undiscovered. The research implements a qualitative approach. The data was collected by semi-structured interviews conducted with members from IIA working as internal auditors. The IPPF authoritative guidance was also used as complementary data. The data was later analysed through theories such as the Three Lines of Defense. The results demonstrated how internal auditors provide assurance heavily influence organisations’ cybersecurity. However, it is equally essential for auditors to consider the indirect impact they have on the organisation, especially regarding the people factor of cybersecurity and the amount of influence internal auditors have. These findings indicate the need to focus on researching the indirect influence internal auditors have through their soft skills. Professionals should also reflect on their influence in their organisation not to overshadow other important risks. Internal auditing Cybersecurity Assurance Risk Assessment Three Lines of Defense Business Administration Företagsekonomi
169	Threats to smart buildings : Securing devices in a SCADA network Lindqvist, Anna January 2021 (has links) This paper examines the possibilities of performing tests with the aim to ensure that devices in a SCADA network can be deemed secure before deployment. SCADA systems are found in most industries and have recently seen an increased use in building automation, most importantly the healthcare sector, which means that a successful attack toward such a system could endanger lives of patients and healthcare professionals.The method of testing was created to examine whether devices conflicted with the security flaws identified by OWASP IoT Top 10 list, meaning that OWASP IoT Top 10 was the foundation for the methodology used in this paper.Results of the tests show that the devices used in testing are not in conflict with the OWASP IoT Top 10 list when using the default settings. However, some settings that can be enabled on the devices would constitute a security risk if enabled. Cybersecurity SCADA Penetration testing Computer Engineering Datorteknik Software Engineering Programvaruteknik Information Systems
170	Nepoučitelní uživatelé: příčiny (ne)bezpečných hesel / Careless society: Drivers of (un)secure passwords Nedvěd, Vojtěch January 2021 (has links) Careless Society: Drivers of (Un)Secure Passwords Thesis abstract Vojtěch Nedvěd May 2, 2021 Vulnerabilities related to poor cybersecurity are a dangerous global economic issue. This thesis aims to explain two examples of poor password management. First, why users use similar password and username and second, why they reuse their passwords, as the main drivers of this behaviour are unknown. We examined the effects of selected macroeconomic variables, gender, password length and password complexity. Additionally, this thesis suggest how to estimate sentiment in passwords using models build on Twitter posts. The results are verified on large password data, including password leaks from recent years. There are four main findings. First, a higher cybersecurity index and diversity of a password seem to be related to the lower similarity between a username and a password. Second, it seems that there are structural differences between countries and languages. Third, the sentiment seems to be a significant determinant too. Fourth, password reuse seems to be positively affected by the cybersecurity level. The thesis contributes to the study of password management. It proposes how to model the relationship, derive the data, split the passwords into words, model the sentiment of passwords, what variables might be...

Search results