Global ETD Search

271	Gender in Cyber policy, is it really necessary? : A critical analysis of gender in EU’s cybersecurity policy Linden, Emmie January 2022 (has links) Cyberspace offers many opportunities but is also a very hostile place for women. Studies claim that women are disproportionally affected by certain cybercrimes and suffer frequent rights violations in cyberspace. The aim of cybersecurity policies is, among others, to protect citizens from different cyberthreats and the EU has a vital role in designing such policies. This involves portraying what issues are seen as cyberthreats and in extension, which issues are prioritized over others. Therefore, it is important to problematize what key EU bodies depict as cybersecurity threats and how they incorporate gender in their cybersecurity policy and strategy. This study uses post-structural feminist theory to analyze the EU cybersecurity discourse and its implications for women’s rights. This is because the theory emphasizes the deconstruction of discourse to showcase hidden gendered power dimensions. It is a qualitative case study that uses the framing method to identify the discursive construction of threats, priorities, and key issues, and McPhail’s feminist policy analysis framework to investigate how gender is incorporated in the discourse. The findings confirm previous research, which states that cybersecurity is mainly state-centric and securitized and gender is silenced in the overall discourse. Among the five distinct frames that I identified in the discourse on cybersecurity, none includes a gendered perspective. No official EU document adopts or argues for a gender-sensitive approach to cybersecurity. Gender is only mentioned with regard to empowering women in the STEM sector, although the European Parliament stresses the need to target cyberviolence against women. The study concludes that a gender-neutral approach to cybersecurity has negative implications for women’s rights, as cybercrimes and violates women endure are overlooked and deprioritized in comparison to a gendered approach. This is because it is more likely that political measures can be taken if the policies and actors acknowledge the gendered issues, which then have positive implications for the protection of women’s rights in cyberspace. EU cybersecurity policy gender human rights women’s rights securitization post- structural feminist theory policy discourse analysis Political Science Statsvetenskap
272	Digital Vulnerability Awareness : In a “working from home” environment during COVID-19 / Medvetenhet om Digital Sårbarhet : I en “working from home” miljö under COVID-19 Jarlhem, Jonathan, Stigsson, Jakob January 2021 (has links) Employees who have adapted to a "working from home" environment, due to the COVID-19 pandemic, rapidly face a lack of awareness regarding cybersecurity and cybercrimes. It is well established that the rate of employees hacked has increased dramatically due to the pandemic. This study aims to determine what has more impact on digital vulnerability awareness of cybersecurity and cybercrime. Specifically, it investigates from the perspectives of training and education, digital competence, being a victim, and how protection motivation plays a role in policy following. In this context, digital vulnerability is defined as the risk that individuals might put themselves into unknowingly through the lack of security when working from home, which leads to having incriminating information publicly disclosed and exploited by third parties. Digital competence refers to the extent of an individual's information technology skills. To test the hypothesis that training and education lead to higher digital vulnerability awareness, a set of interviews was conducted with various employees working from home from different industries, age groups, and countries. Furthermore, an online survey was distributed among online communities on Discord, Facebook and Instagram. The survey was meant to prove the points made by the participants of the interviews. The results showed a slight effect in the opposite direction than hypothesised: digital vulnerability awareness was associated with digital competence over training and education. These results suggest that employees who have higher digital competence are more likely to understand their digital vulnerability awareness, making it easier to identify cyber threats. On this basis, the concept of training and educating is not enough to prevent cybercrimes. To better prevent cybercrime, employees must be willing to learn and understand the threats and risks. / Medarbetare som har anpassat sig till en "working from home" miljö på grund av COVID-19 pandemin möter snabbt en bristande medvetenhet inom cybersäkerhet och cyberbrott. Det är väl etablerat att antalet medarbetare som blivit hackade har kat drastiskt till följd av pandemin. Denna studien försöker forma förståelse om vad som har större inverkan på medvetenhet av digitalsårbarhet om cybersäkerhet och cyberbrott. I detta sammanhang definieras digitalsårbarhet som risken till att individer kan sätta sig själv omedvetet i osäkerhet när de arbetar hemifrån, vilket leder till att inkriminerande information offentliggörs och utnyttjas av tredje part. Digital kompetens avses att vara en individs informationstekniska färdigheter. För att kunna testa hypotesen, att utbildning leder till högre medvetenhet inom digitalsårbarhet, genomfördes intervjuer med anställda som jobbade hemifrån med bakgrund från olika industrier, land och åldersgrupper. Dessutom genomfördes också en online enkätundersökning som tog plats bland sociala medier platformer så som Discord, Facebook och Instagram. Resultaten visade en motsatt riktning i förhållande till hypotesen där medvetenhet om digitalsårbarhet var förknippad med digital kompetens över utblidning. Resultaten visar att anställda som har högre digital kompetens är mer benägna att förstå dess medvetenhet om digitalsårbarhet i vilket gör det lättare för de att identifiera cyberhot. Utifrån detta tyder studien på att utbildning inte är tillräckligt för att förhindra cyberbrott. För att bättre förebygga cyberbrott måste anställda vara villiga att lära sig och vilja förstå hoten och riskerna. Cybercrime Digital Vulnerability Awareness Digital Competence Cybersecurity Cyberbrott digitalsårbarhet medvetenhet digital kompetens cybersäkerhet Information Systems
273	Essays on Experimental Economics Daniel John Woods (11038146) 22 July 2021 (has links) This thesis contains three chapters, each of which covers a different topic in experimental economics.<br><br>The first chapter investigates power and power analysis in economics experiments. Power is the probability of detecting an effect when a true effect exists, which is an important but under-considered concept in empirical research. Power analysis is the process of selecting the number of observations in order to avoid issues with low power. However, it is often not clear ex-ante what the required parameters for a power analysis, like the effect size and standard deviation, should be. <br>This chapter considers the use of Quantal Choice/Response (QR) simulations for ex-ante power analysis, as it maps related data-sets into predictions for novel environments. <br>The QR can also guide optimal design decisions, both ex-ante as well as ex-post for conceptual replication studies. This chapter demonstrates QR simulations on a wide variety of applications related to power analysis and experimental design.<br><br>The second chapter considers a question of interest to computer scientists, information technology and security professionals. How do people distribute defenses over a directed network attack graph, where they must defend a critical node? Decision-makers are often subject to behavioral biases that cause them to make sub-optimal defense decisions. Non-linear probability weighting<br>is one bias that may lead to sub-optimal decision-making in this environment. An experimental test provides support for this conjecture, and also other empirically important biases such as naive diversification and preferences over the spatial timing of the revelation of an overall successful defense. <br><br>The third chapter analyzes how individuals resolve an exploration versus exploitation trade-off in a laboratory experiment. The experiment implements the single-agent exponential bandit model. The experiment finds that subjects respond in the predicted direction to changes in the prior belief, safe action, and discount factor. However, subjects also typically explore less than predicted. A structural model that incorporates risk preferences, base rate neglect/conservatism, and non-linear probability weighting explains the empirical findings well. <br> Economics Experimental Economics Behavioral Economics Quantal response equilibrium Power analysis Non-linear probability weighting Optimal experimental design Cybersecurity
274	Intrusion Attack & Anomaly Detection in IoT Using Honeypots Kulle, Linus January 2020 (has links) This thesis is presented as an artifact of a project conducted at MalmöUniversity IoTaP LABS. The Internet of Things (IoT) is a growing field and its usehas been adopted in many aspects of our daily lives, which has led todigitalization and the creation of smart IoT ecosystems. However, with the rapidadoption of IoT, little or no focus has been put on the security implications,device proliferations and its advancements. This thesis takes a step forward toexplore the usefulness of implementing a security mechanism that canproactively be used to aid understanding attacker behaviour in an IoTenvironment. To achieve this, this thesis has outlined a number of objectivesthat ranges from how to create a deliberate vulnerability by using honeypots inorder to lure attacker’s in order to study their modus operandi. Furthermore,an Intrusion Attack Detection (Model) has been constructed that has aided withthis implementation. The IAD model, has been successfully implemented withthe help of interaction and dependence of key modules that have allowedhoneypots to be executed in a controlled IoT environment. Detailed descriptionsregarding the technologies that have been used in this thesis have also beenexplored to a greater extent. On the same note, the implemented system withthe help of an attack scenario allowed an attacker to access the system andcircumnavigate throughout the camouflaged network, thereafter, the attacker’sfootprints are mapped based on the mode of attack. Consequently, given thatthis implementation has been conducted in MAU environment, the results thathave been generated as a result of this implementations have been reportedcorrectly. Eventually, based on the results that have been generated by thesystem, it is worth to note that the research questions and the objective posedby the thesis have been met. honeypot honeypots iot cyber cybersecurity information security infosec cybersec anomaly detection intrusion detection iot security Engineering and Technology Teknik och teknologier
275	Public Servants' Perceptions of the Cybersecurity Posture of the Local Government in Puerto Rico Rodriguez, Julio C 01 January 2019 (has links) The absence of legislation, the lack of a standard cybersecurity framework, and the failure to adopt a resilient cybersecurity posture can be detrimental to the availability, confidentiality, and integrity of municipal information systems. The purpose of this phenomenological study was to understand the cybersecurity posture of municipalities from the perception of public servants serving in information technology (IT) leadership roles in highly populated municipalities in the San Juan-Carolina-Caguas Metropolitan Statistical Area of Puerto Rico. The study was also used to address key factors influencing the cybersecurity posture of these municipalities. The theoretical framework was open system theory used in combination with a conceptual framework encompassing key dimensions influencing digital government. Data were collected using semistructured interviews with 10 public servants working in IT leadership positions in a municipal setting in Puerto Rico. Data analysis involved horizontalization, reduction, elimination, clustering, thematizing, validation, and development of individual and composite textural descriptions. Participants reported that the cybersecurity posture of their municipalities was resilient. Participants also reported that technological changes, politics, the economy, management support, and processes were key elements to achieve a resilient posture. Findings may be used to empower elected officials, policymakers, public servants, and practitioners to manage and improve elements affecting cybersecurity with the goal of achieving a resilient posture to deliver cybersecurity as a public good. cybersecurity information assurance information security local government municipality security posture Databases and Information Systems Public Administration Public Policy
276	Standardizing Instructional Definition and Content Supporting Information Security Compliance Requirements Curran, Theresa 01 January 2018 (has links) Information security (IS)-related risks affect global public and private organizations on a daily basis. These risks may be introduced through technical or human-based activities, and can include fraud, hacking, malware, insider abuse, physical loss, mobile device misconfiguration or unintended disclosure. Numerous and diverse regulatory and contractual compliance requirements have been mandated to assist organizations proactively prevent these types of risks. Two constants are noted in these requirements. The first constant is requiring organizations to disseminate security policies addressing risk management through secure behavior. The second constant is communicating policies through IS awareness, training and education (ISATE) programs. Compliance requirements direct that these policies provide instruction about making compliant and positive security decisions to reduce risk. Policy-driven and organizationally-relevant ISATE content is understood to be foundational and critical to prevent security risk. The problem identified for investigation is inconsistency of the terms awareness, training and education as found in security-related regulatory, contractual and policy compliance requirements. Organizations are mandated to manage a rapidly increasing portfolio of inconsistent ISATE compliance requirements generated from many sources. Since there is no one set of common guidance for compliance, organizations struggle to meet global, diverse and inconsistent compliance requirements. Inconsistent policy-related content and instructions, generated from differing sources, may cause incorrect security behavior that can present increased security risk. Traditionally, organizations were required to provide only internally-developed programs, with content left to business, regulatory/contractual, and cultural discretion. Updated compliance requirements now require organizations to disseminate externally-developed content in addition to internally-provided content. This real-world business requirement may cause compliance risks due to inconsistent instruction, guidance gaps and lack of organizational relevance. The problem has been experienced by industry practitioners within the last five years due to increased regulatory and contractual compliance requirements. Prior studies have not yet identified specific impacts of multiple and differing compliance requirements on organizations. The need for organizational relevance in ISATE content has been explored in literature, but the amount of organizationally-relevant content has not been examined in balance of newer compliance mandates.The goal of the research project was to develop a standard content definition and framework. Experienced practitioners responsible for ISATE content within their organizations participated in a survey to validate definitions, content, compliance and organizational relevance requirements imposed on their organizations. Fifty-five of 80 practitioners surveyed (68.75% participation rate) provided responses to one or more sections of the survey. This research is believed to be the first to suggest a standardized content definition for ISATE program activities based on literature review, assessment of existing regulatory, contractual, standard and framework definitions and information obtained from specialized practitioner survey data. It is understood to be the first effort to align and synthesize cross-industry compliance requirements, security awareness topics and organizational relevance within information security awareness program content. Findings validated that multiple and varied regulatory and contractual compliance requirements are imposed on organizations. A lower number of organizations were impacted by third party program requirements than was originally expected. Negative and positive impacts of third party compliance requirements were identified. Program titles and content definitions vary in respondent organizations and are documented in a variety of organizational methods. Respondents indicated high acceptance of a standard definition of awareness, less so for training and education. Organizationally-relevant program content is highly important and must contain traditional and contemporary topics. Results are believed to be an original contribution to information/cyber security practitioners, with findings of interest to academic researchers, standards/framework bodies, auditing/risk management practitioners and learning/development specialists. cybersecurity program information security awareness information security policy organizational relevance security compliance requirements security risk management Computer Sciences
277	A Comprehensive Cybersecurity Defense Framework for Large Organizations Smith, Willarvis 01 January 2019 (has links) There is a growing need to understand and identify overarching organizational requirements for cybersecurity defense in large organizations. Applying proper cybersecurity defense will ensure that the right capabilities are fielded at the right locations to safeguard critical assets while minimizing duplication of effort and taking advantage of efficiencies. Exercising cybersecurity defense without an understanding of comprehensive foundational requirements instills an ad hoc and in many cases conservative approach to network security. Organizations must be synchronized across federal and civil agencies to achieve adequate cybersecurity defense. Understanding what constitutes comprehensive cybersecurity defense will ensure organizations are better protected and more efficient. This work, represented through design science research, developed a model to understand comprehensive cybersecurity defense, addressing the lack of standard requirements in large organizations. A systemic literature review and content analysis were conducted to form seven criteria statements for understanding comprehensive cybersecurity defense. The seven criteria statements were then validated by a panel of expert cyber defenders utilizing the Delphi consensus process. Based on the approved criteria, the team of cyber defenders facilitated the development of a Comprehensive Cybersecurity Defense Framework prototype for understanding cybersecurity defense. Through the Delphi process, the team of cyber defense experts ensured the framework matched the seven criteria statements. An additional and separate panel of stakeholders conducted the Delphi consensus process to ensure a non-biased evaluation of the framework. The comprehensive cybersecurity defense framework is developed through the data collected from two distinct and separate Delphi panels. The framework maps risk management, behavioral, and defense in depth frameworks with cyber defense roles to offer a comprehensive approach to cyber defense in large companies, agencies, or organizations. By defining the cyber defense tasks, what those tasks are trying to achieve and where best to accomplish those tasks on the network, a comprehensive approach is reached. comprehensive cyber defense cyber defense cybersecurity frameworks large organizations Communication Communication Technology and New Media Computer Sciences Engineering Social and Behavioral Sciences
278	A cybersecurity audit of the Garmin Venu Antal, Oliver January 2023 (has links) The presence of smart wearables has established itself as a norm of the 21 st century, but the state of their trustworthiness from the viewpoint of personal safety remains debatable. The information gathered by such devices has great potential for personal safety risks and must be handled safely. Previous work on the Garmin Venu watch gave room for relevant future work. This thesis aims to perform further evaluation of this smartwatch in unexplored areas. The work took inspiration from the relatively new “PatrIoT” penetration testing methodology, developed in-house at the Network and Systems Engineering lab, customized for penetration testing of Internet of Things devices. This project examined a broad surface on the watch including network traffic, data over USB connection, a few details in the watch’s update mechanism, probed for some memory attack mitigations, fuzz testing of some functions in the Software Development Kit’s Application Programming Interface, and some more. According to these investigations, the watch is perceived as safe. A deeper look into some investigations is left for future work. / Bärbara enheter har blivit en normal del av 21:a århundradet, men deras pålitlighet från ett personligt säkerhetssynvinkel är diskutabelt. Informationen som samlas in av dessa har stort potential för att orsaka personliga säkerhetsrisker och måste hanteras säkert. Tidigare utförda undersökningar av Garmin Venu-smartklockan lämnade utrymme för relevant framtida arbete. Det här examensarbetet siktar på att utföra ytterligare undersökningar av denna smartklocka. Arbetet tog inspiration av det relativt nya “PatrIoT” intrångstestmetodologin, internt utvecklad av personalen i avdelningen för nätverk och systemteknik, skräddarsydd för intrångstestning av Sakernas Internet-enheter. Det här projektet undersökte en bred attackyta på klockan, inkluderande datatrafik, data över USB-anslutning, några detaljer i klockans uppdateringsmekanism, undersökte närvaron av några mekanismer för minnesbaserade attacker, försök till störningsattacker i programvaruutvecklingssatsens applikationsprogrammeringsgränssnitt, med flera. Enligt dessa undersökningar uppfattas klockan vara säker. En djupare undersökning av dessa aspekter lämnas till framtida arbete. IoT wearables cybersecurity penetration testing sniffing fuzzing sakernas internet bärbara enheter cybersäkerhet intrångstestning avlyssning störningsattacker Computer and Information Sciences Data- och informationsvetenskap
279	Exploring information security culture within Swedish municipalities : A qualitative study Ameri, Haydar January 2023 (has links) The human aspect in the context of security has been a well-debated topic over the last two decades among researchers and practitioners. It has been recognized that technology alone cannot provide full protection, but should be combined with information security culture. This thesis explored how Swedish municipalities address the cultural aspects of information security. In addition, several important aspects and challenges were identified. Interviews were conducted as a data collection method with nine respondents from nine municipalities to gather their insights and experiences on the topic. The material from the interviews was then analyzed by applying thematic analysis. The results of this thesis have shown that most municipalities used what was feasible from the standards for the protection of information. One challenge was finding a balance between security measures and the various operations of the various entities to avoid hindrances to service delivery. With respect to training and awareness, initiatives employed diverse approaches, in some cases customized while in others not. The follow-up on information security culture was con[1]ducted using the tool Information Security Check provided by the Swedish Civil Contingencies Agency, along with measurements of security awareness through questionnaires, in some cases customized while in others not. Involving top management included diverse activities with support taking various forms beyond financial and human resources. However, the degree of follow-up, top management involvement, and support exhibited variations and in some cases were lacking. One notable discovery was the importance of educating not only the network of champions but also managers in information security, fostering a symbiotic relationship between the two. With respect to the lacking aspects, another finding was the importance of leadership and management knowledge/skills, not only essential for people in the security domain but also for other managerial roles in maintaining a positive information security culture. Municipality security awareness security culture information security cybersecurity Information Systems, Social aspects
280	A three-layered robustness analysis of cybersecurity: Attacks and insights Schweitzer, David 11 December 2019 (has links) Cybersecurity has become an increasingly important concern for both military and civilian infrastructure globally. Because of the complexity that comes with wireless networks, adversaries have many means of infiltration and disruption of wireless networks. While there is much research done in defending these networks, understanding the robustness of these networks is tantamount for both designing new networks and examining possible security deficiencies in preexisting networks. This dissertation proposes to examine the robustness of wireless networks on three major fronts: the physical layer, the data-link layer, and the network layer. At the physical layer, denial-of-service jamming attacks are considered, and both additive interference and no interference are modeled in an optimal configuration and five common network topologies. At the data-link layer, data transmission efficacy and denial-of-sleep attacks are considered with the goal of maximizing throughput under a constrained lifetime. At the network layer, valid and anomalous communications are considered with the goal of classifying those anomalous communications apart from valid ones. This dissertation proposes that a thorough analysis of the aforementioned three layers provides valuable insights to robustness on general wireless networks. cybersecurity deep learning mathematical programming mixed-integer programming network flow Jamming attacks denial-of-service attacks denial-of-sleep attacks botnet detection

Search results