Global ETD Search

211	Cybersecurity Awareness Training : Using ContextBased MicroTraining to teach senior citizens about phishing Lindvall, David January 2022 (has links) While most Swedish citizens take advantage of the numerous benefits and conveniences today’s digitalized society offers, many senior citizens are digitally excluded. It is considered that a lack of digital technological knowledge is a big contributing factor. The lack of knowledge and experience with digital technology manifests into different types of fear, where fear of falling victim to cybercrime is the most prevalent. Phishing is a common cybercrime, which is still successfully employed by cybercriminals regardless of the various security measures and information available. Senior citizens are especially vulnerable, as phishing can be hard to recognize for less technical people. To combat this, education designed for increasing a user’s cybersecurity awareness is crucial. However, as cybersecurity can be a complex topic, there is a need for simplifying it and delivering related education in a meaningful way. This is where the method ContextBased MicroTraining (CBMT) comes in. For this thesis, a browser add-on called WebSec Coach, which utilizes the CBMT framework, is used as a tool to investigate how CBMT can support Swedish senior citizens in increasing their cybersecurity awareness regarding phishing. This was examined by conducting semi-structured interviews with eight respondents, from the age of 65 and up, that possessed some level of previous computer literacy. The results were then analyzed using thematic analysis, which showed that CBMT implemented in an embedded learning tool, like WebSec Coach, increased the cybersecurity awareness regarding phishing for all respondents. Regardless of the small sample size, the results in combination with previous research point to CBMT being a directly effective method in increasing cybersecurity awareness. Furthermore, the results showed that all respondents perceived WebSec Coach positively and were interested in using it themselves after the interviews. This indicates a potential acceptance amongst senior citizens, provided that the application reaches that target group. CBMT cybersecurity awareness phishing WebSec Coach digital exclusion Information Systems
212	Security Aspects of Users' Information Sharing on Social Media Alharbi, Mohannad Abdulltef 05 1900 (has links) This study aims to investigate college students' security awareness of using social media in sharing information. The two theories that have guided this study are the theory of planned behavior (TPB) and the technology acceptance model (TAM). Data was collected from both undergraduate and graduate students from the University of North Texas (UNT) in Denton. The total responses included 380 students from different majors with 291 valid responses for data analysis; The structural equation model (SEM) Lavaan package was used to find out the best fit of the model. A diagonally weighted least squares (DWLS) was used to model the variables as ordinal in this study's analysis as ordinal data made the model fit substantially. The study found that 6 factors: attitude (AB), subjective norm (SN), perceived behavior control (PBC), perceived usefulness (PU), perceived risks (PR), and security awareness (SA) influenced behavior intention (BI). Also, I found that AB was influenced by PR and SA, as well as SN influenced by SA. Self-efficacy (SE) influenced PBC. On the other hand, the study found that controllability (C) did not influence PBC; perhaps, an individual's skills do not interact with social media security settings. Perceived ease of use (PEOU) did not influence BI; perhaps this occurred because of an individual's inability to prevent his or her information from being disclosed in the future, even if they had taken the right precautions. This study contributed to literature on understanding the nature of information sharing among college students on social media. The results may help college security professionals to evaluate or revise the rules and policies regarding cybersecurity and privacy. Security Awareness Risk Information Sharing Social Media Cybersecurity Theory of Planned Behavior (TPB) Technology Acceptance Model (TAM).
213	A Qualitative Comparative Analysis of Data Breaches at Companies with Air-Gap Cloud Security and Multi-Cloud Environments T Richard Stroupe Jr. (17420145) 20 November 2023 (has links) <p dir="ltr">The purpose of this qualitative case study was to describe how multi-cloud and cloud-based air gapped system security breaches occurred, how organizations responded, the kinds of data that were breached, and what security measures were implemented after the breach to prevent and repel future attacks. Qualitative research methods and secondary survey data were combined to answer the research questions. Due to the limited information available on successful unauthorized breaches to multi-cloud and cloud-based air gapped systems and corresponding data, the study was focused on the discovery of variables from several trustworthily sources of secondary data, including breach reports, press releases, public interviews, and news articles from the last five years and qualitative survey data. The sample included highly trained cloud professionals with air-gapped cloud experience from Amazon Web Services, Microsoft, Google and Oracle. The study utilized unstructured interviews with open-ended questions and observations to record and document data and analyze results.</p><p dir="ltr">By describing instances of multi-cloud and cloud-based air gapped system breaches in the last five years this study could add to the body of literature related to best practices for securing cloud-based data, preventing data breach on such systems, and for recovering from breach once it has occurred. This study would have significance to companies aiming to protect secure data from cyber attackers. It would also be significant to individuals who have provided their confidential data to companies who utilize such systems. In the primary data, 12 themes emerged. The themes were Air Gap Weaknesses Same as Other Systems, Misconfiguration of Cloud Settings, Insider Threat as Attack Vector, Phishing as Attack Vector, Software as Attack Vector, and Physical Media as Attack Vector, Lack of Reaction to Breaches, Better Authentication to Prevent Breaches, Communications, and Training in Response to Breach, Specific Responses to Specific Problems, Greater Separation of Risk from User End, and Greater Separation of Risk from Service End. For secondary data, AWS had four themes, Microsoft Azure had two, and both Google Cloud and Oracle had three.</p> Cloud computing air-gapped systems cloud-based air-gapped systems cybersecurity cybersecurity breach multi-cloud environments security measures cybersecurity attack Amazon Web Services (AWS) Google Cloud Platform Microsoft Azure Cloud oracle cloud infrastructure
214	Cybersecurity Modeling of Autonomous Systems: a Game-based Approach Jahan, Farha 11 July 2022 (has links) No description available. Computer Engineering
215	Visualization Of Cyber Threats : Visualization To Leading Operatives During Cybersecurity exercises Tysk, Gustaf January 2023 (has links) The increasing dependence on digital infrastructure leaves individuals, societies and even nations vulnerable in the case of a cyberattack. To prepare for threats and attacks, cyberattacks be simulated in environments called cyber ranges. CYBER RANGE AND TRAINING ENVIRONMENT (CRATE), Sweden's cyber range, is an example of such an environment. This environment is sophisticated and complex, but challenges remain for the operatives in how to interpret the multitude of information items that are produced during a simulation. An emerging field of study is the study of situational awareness in the cyber domain, which describes how an operative can render an accurate mental picture, which enables for quick assessment and decision-making in a situation where a multitude of data or information items are involved. An integral part of situational awareness is effective visualization. Visualization can form the linkage in the human-computer interaction and has been demonstrated in other industries and fields to facilitate situational awareness. However, the linkage between situational awareness and visualization in the unique context of a cyber range was a new topic of study. This thesis aim was to provide insight and advance the knowledge of visualization for situational awareness in the unique context of the cyber range CRATE. Conclusively, in the development of a visualization software, the abstraction levels and time frame of the information items collected should be considered. Each information item is of different relevance depending on both the operative's role and in which time frame through which the information is analyzed. A visualization technique that recognizes the abstraction level and the time frame increases the situational awareness for the operative conducting the simulation because it renders both an estimation of critical core processes, current events that are unfolding and enables for the future projection of events. Situational Awareness Common operational picture Perception Comprehension Projection Cybersecurity Defense Visualization Engineering and Technology Teknik och teknologier
216	Security and Usability : Recommendations for Password User Interfaces Borg Goga, Cleopatra January 2023 (has links) The data generated by interconnected technologies has to be protected. Passwords are used to protect many different systems and are considered an essential part of cybersecurity. The system often permits the user to select their password, where the user becomes partly responsible for the security. Selecting a predictable, common, or easily guessed password is considered a human error that affects the security of the system. Security mechanisms are often enforced by websites to try to prevent users from creating weak passwords. However, predictable and weak passwords are still used. This study examines the security and usability of password user interfaces with a qualitative approach including a systematic literature review, where the data is analysed with thematic analysis and evaluation of websites with usability testing. The objective is to provide security and usability recommendations based on previous research and users' opinions. The result identifies successful criteria features, feedback features, and usability features that can be implemented in the user interface. In addition, the usability testing results discover usability issues present on commonly used websites. The study concludes that seven security and usability features are necessary in the password user interface when the aim is to encourage users to create secure passwords. Passwords Cybersecurity User Interface Usability Recommendations Information Systems
217	Neural Network-Based Crossfire Attack Detection in SDN-Enabled Cellular Networks Perry, Nicholas 13 July 2023 (has links) No description available. Computer Science crossfire attack DoS cybersecurity SDN mininet ryu open flow networking attack
218	CYBERSÄKERHET OCH DE DRIVANDE IDÉERNA : En idéanalys av cybersäkerhetsstrategier från Europeiska kommissionen och Sveriges regering Johan, Eklund, Östlund, Adam January 2023 (has links) Cybersecurity is an emerging subject in the public policy field in Sweden and the European Union. Part of public policy is the underlying ideas that create different approaches and instruments in the policy work. This study aim to answer which underlying ideas are present in writs from the Swedish executive government and the European Commission. The method in use is an comparative descriptive idea analysis. The analytical framework consists of three different dimensions that conceptualize threat, accountable actor and policy-instruments regarding cybersecurity. The studie shows that the commission and the Swedish executive government have similar ideas concerning the accountable actor which is public actors. However, concerning threat and policy-instruments the ideas differ. The idea of threats to cybersecurity is individual actors according to the European Commission while the Swedish executive government defines states as the threat. Concerning policy-instruments the European Commission appears to have a more regulative perspective. Public policy Cybersecurity EU European commission Sweden Ideas Political Science Statsvetenskap
219	Integrating the Meta Attack Language in the Cybersecurity Ecosystem: Creating new Security Tools Using Attack Simulation Results Grönberg, Frida, Thiberg, Björn January 2022 (has links) Cyber threat modeling and attack simulations arenew methods to assess and analyze the cybersecurity of ITenvironments. The Meta Attack Language (MAL) was createdto formalize the underlying attack logic of such simulationsby providing a framework to create domain specific languages(DSLs). DSLs can be used in conjunction with modeling softwareto simulate cyber attacks. The goal of this project was to examinehow MAL can be integrated in a wider cybersecurity context bydirectly combining attack simulation results with other tools inthe cybersecurity ecosystem. The result was a proof of conceptwhere a small DSL is created for Amazon EC2. Informationis gathered about a certain EC2 instance and used to create amodel and run an attack simulation. The resulting attack pathwas used to perform an offensive measure in Pacu, an AWSexploitation framework. The result was examined to arrive atconclusions about the proof of concept itself and about integratingMAL in the cybersecurity ecosystem in a more general sense. Itwas found that while the project was successful in showing thatintegrating MAL results in such manner is possible, the CADmodeling process is not an optimal route and that other domainsthan the cloud environment could be targeted. / Cyberhotsmodellering och attacksimuleringar är nya metoder för att bedöma och analysera cybersäkerheten i en IT-miljö. Meta Attack Language (MAL) skapades för att formalisera den underliggande attacklogiken för sådana simuleringar genom att tillhandahålla ett ramverk för att skapa domain-specific languages (DSL). En DSL kan användas tillsammans med modelleringsprogramvara för att simulera cyberattacker. Målet med detta projekt var att undersöka hur MAL kan integreras i ett bredare sammanhang genom att direkt kombinera MAL-resultat med andra verktyg inom IT-säkerhet. Resultatet blev ett koncepttest där en mindre DSL skapades för Amazon EC2. Information samlades in om en viss EC2-instans och användes för att skapa en modell och genomföra en attacksimulering. Den resulterande attackvägen användes för att utföra en offensiv åtgärd i Pacu, ett ramverk för AWS-exploatering. Resultatet undersöktes för att nå slutsatser om konceptet i sig och om att integrera MAL i IT-säkerhetens ekosystem i allmänhet. Det visade sig att även om projektet lyckades visa att det är möjligt att integrera MAL-resultat på ett sådant sätt, är CAD-modelleringsprocessen inte en optimal metodik och lämpar sig illa för syftet. Det visade sig också att andra domäner än molnmiljön skulle vara en givande riktning. / Kandidatexjobb i elektroteknik 2022, KTH, Stockholm Meta Attack Language Attack Simulation Amazon EC2 Cybersecurity Elektroteknik och elektronik
220	Survey of ongoing and NextGeneration Cybersecurity of Maritime Communication Systems / Undersökning av dagens och nästa generations cybersäkerhetför sjöfartskommunikationssytem Björnlund, Pontus, Faqiri, Feraidon January 2023 (has links) The maritime industry is growing more and more for every year that passes. As the industry grows it also becomes a more attractive target for cyber criminals. The amount ofcyberattacks in the industry are few, but it is growing at an alarming rate. This literaturestudy identifies the most common datacom systems and infrastructure in the maritimeindustry and their vulnerabilities. This paper also identifies possible solutions and improvements that can be made to existing datacom systems to make them less susceptible tocyber attacks. The results show that there are many solutions that could be implementedthat would increase the cyber security in the industry, but many of them require international cooperation to implement. Therefore standards are suggested to be implemented inorder to push organisations to update their systems. Additionally, this paper delves intothe aviation industry to examine how the datacom infrastructure utilized in the maritimeindustry could be adopted to enhance both efficiency and security Next Generation Cybersecurity Maritime Communication Systems Cyber Attacks Maritime Infrastructure Communication Systems Kommunikationssystem

Search results