Toward securing links and large-scale

Delgosha, Farshid.

January 2007

Thesis (Ph.D)--Electrical and Computer Engineering, Georgia Institute of Technology, 2008. / Committee Chair: Fekri, Faramarz; Committee Member: Boldyreva, Alexandra O.; Committee Member: Ji, Chuanyi; Committee Member: McLaughlin, Steven W.; Committee Member: Sivakumar, Raghupathy. Part of the SMARTech Electronic Thesis and Dissertation Collection.

Technology, society and democracy the social impact of, and democratic control over technology, with special reference to information technology and data protection /

Van Meurs, Philip.

January 1989

Thesis (Ph. D.)--University of London, 1989. / Includes bibliographical references (p. 346-372) and index.

Die ontwikkeling en implementering van 'n formele model vir logiese toegangsbeheer in rekenaarstelsels

Edwards, Norman Godfrey

25 March 2014

M.Com. (Computer Science) / The area covered in this study is that of logical security models. A logical security model refers to the formal representation of a security policy which allows the subsequent movement of rights between subjects and objects in a system. The best way to illustrate the goal of this study, is with the following abstract from the submitted article, which originated from this study. 'The original protection graph rewriting grammar used to simulate the different operations of the Take/Grant model is reviewed. The productions of the PGR-grammar is then expanded, by adding a new context which is based on the different security classes found in the Bell Grid LaPadula model [14].' The first goal of this study was to take the Take/Grant security -model and expand it. This expansion included the concept of assigning a different security class to each subject and object in the model. This concept was derived from the Bell and LaPadula model as discussed in chapter 2 of this study. The next goal that was defined, was to expand the PGR-grammar of [28], so that it would also be able to simulate .the operations of this expanded Take/Grant model. The .PGR-grammar consisted of different permitting and forbidding node and edge contexts. This PGR-grammar was expanded by adding an additional context to the formal representation. This expansion is explained in detail in chapter 5 of this study. The third goal was to take the expansions, mentioned above, and implement them in a computer system. This computer system had to make use of an expert. system in order to reach certain conclusions. Each of the operations of the Take/Grant model must be evaluated, to determine whether that rule can be applied or not. The use of the expert system is explained in chapters 6 and 7 of this study. This study consists out of eight chapters in the following order. Chapter 2 starts of with an introduction of some of the most important logical security models. This chapter gives the reader background knowledge of the different models available, which is essential for the rest of the study. This chapter, however, does not discuss the Take/Grant model in detail. This is done in chapter 3 of the study. In this chapter the Take Grant model is discussed as a major input to this study. The Send Receive model is also discussed as a variation of the Take/Grant model. In the last section of the chapter a comparison is drawn between these two models. Chapter 4 formalizes the Take/Grant model. The protection graph rewriting grammar (PGR-grammar), which is used to simulate the different operations of the Take/Grant model, is introduced...

Computers - Access control

Data protection

A framework for information security management in local government

De Lange, Joshua

January 2017

Information has become so pervasive within enterprises and everyday life, that it is almost indispensable. This is clear as information has become core to the business operations of any enterprise. Information and communication technology (ICT) systems are heavily relied upon to store, process and transmit this valuable commodity. Due to its immense value, information and related ICT resources have to be adequately protected. This protection of information is commonly referred to as information security.

Computer security -- Management

Data protection

Comparative data protection and security : a critical evealuation of legal standards

London, R. W.

09 1900

This study1 addresses the key information technology issues of the age and its unintended consequences. The issues include social control by businesses, governments, and information age Star Chambers. The study focuses on a comparative analysis of data protection, data security, and information privacy (DPSIP) laws, regulations, and practices in five countries. The countries include Australia, Canada, South Africa, the United Kingdom, and the United States. The study addresses relevant international legal standards and justifications. This multidisciplinary analysis includes a systems thinking approach from a legal, business, governmental, policy, political theory, psychosocial, and psychological perspective. The study implements a comparative law and sociolegal research strategy. Historic, linguistic, and statistical strategies are applied. The study concludes with a next step proposal, based on the research, for the international community, the five countries in the study, and specifically, South Africa as it has yet to enact a sound DPSIP approach. / LL.D. (Laws)

Australia data protection

Canada data protection

Data protection

Data security

Information privacy

Information privacy laws

Information technology

International data

Protection legal standards

Social control

Sciolegal information privacy,

South Africa data protection

United Kingdom

United States information protection

342.858068

Data protection

Data protection -- Law and legislation

Computer security -- Government policy.

Empirical investigation of the role of privacy and data protection in the implementation of electronic government in Ghana

Agyei-Bekoe, Eric

January 2013

This study investigates the role of privacy and data protection in the implementation of e-government in developing countries. It examines the privacy and data protection issues which arise when e-government is introduced in Ghana. E-government is a way that governments liaise with their various departments and agencies through the use of information and communication technologies (ICTs). Through e-government, governments are able to provide better, effective and efficient services to their citizens. This new form of governments’ delivering services electronically to their citizens, businesses and various departments potentially offers benefits (for example, economic development, low costs and improved services) to society. However the implementation of e-government carries potential risks to users. The potential for online identity theft and fraud raises privacy concerns. From a theoretical foundation, fieldwork in Ghana, through interviews and focus groups, is used to investigate the issue of privacy and data protection in e-government implementation in an empirical setting. Interviewees included senior civil servants, political leaders, members of the Select Committee on Communication, academics, university students as well as stakeholders from private and public organisations. The research borrowed from the Straussian grounded theory approach as a technique to analyse the fieldwork data. The results of the study indicate that privacy and data protection does not currently play a significant role in e-government implementation in a developing country such as Ghana. Other factors such as access to information and communication technologies (Internet accessibility) and e-skills were found to be challenges which significantly impact individuals’ use of e-government. The study found that there is a low privacy concern among Ghanaian citizens. This was found to be significantly related to a lack of awareness of privacy issues; and also the national cultural dimensions of Ghanaian society. The study concludes by emphasising the importance of government investing in ICT infrastructure and public education to raise awareness of e-government services, as well as privacy and data protection issues. Implications for research and policy makers are discussed. The study suggests future research to investigate the further impact of privacy awareness on individuals’ adoption of e-government in a collectivist society such as Ghana.

004

Design of Anonymity scheme for communication systems

Zhang, Cong, 張聰

January 2002

published_or_final_version / Computer Science and Information Systems / Master / Master of Philosophy

Data protection.

Cryptography.

Computer networks - Security measures.

Cyberciege scenario illustrating integrity risks to a military like facility

Fielk, Klaus W.

09 1900

Approved for public release; distribution is unlimited. / Note: the appendix file for this item is not available. / As the number of computer users continues to grow, attacks on assets stored on computer devices have increased. Despite an increase in computer security awareness, many users and policy makers still do not implement security principles in their daily lives. Ineffective education and the lack of personal experience and tacit understanding might be a main cause. The CyberCIEGE game can be used to convey requisite facts and to generate tacit understanding of general computer security concepts to a broad audience. This thesis asked if a Scenario Definition File (SDF) for the CyberCIEGE game could be developed to educate and train players in Information Assurance on matters related to information integrity in a networking environment. The primary educational concern is the protection of stored data. Another goal was to test whether the game engine properly simulates real world behavior. The research concluded that it is possible to create SDFs for the CyberCIEGE game engine to teach specifically about integrity issues. Three specific SDFs were developed for teaching purposes. Several SDFs were developed to demonstrate the game engine's ability to simulate real world behavior for specific, isolated educational goals. These tests led to recommendations to improve the game engine. / Lieutenant, German Navy

Data protection

Computer security

Computer games

Programming

Reconceptualise investigatory powers again? : an argument for a comprehensive single statute regulating the acquisition of expression-related data for investigative purposes by UK public authorities

Glover, Philip Bruce

January 2015

Communications-related investigatory powers are ostensibly regulated within the Regulation of Investigatory Powers Act (RIPA) 2000, under the descriptive headings: 'interception of communications'; 'acquisition and disclosure of communications data' and 'investigation of data protected by encryption'. The scope, legality and extent of these hitherto infrequently examined powers experienced increased scrutiny following the controversial 2013 disclosures of fugitive United States National Security Agency contractor Edward Snowden, scrutiny generally founded on subjective conceptions of 'privacy', 'intrusiveness' or 'security'. This research however, adopts 'communications' as its conceptual common denominator. It comprehensively explores the separate politico-legal evolution of RIPA's communications-related investigatory powers, whilst identifying and critically analysing alternative statutory provisions that permit circumvention of RIPA's purported human rights-centric integrity. The detailed chronology provides conclusive evidence that current UK Secretaries of State and their executive agencies possess virtually unlimited communications-related information acquisition powers bequeathed by their predecessors. Perhaps more importantly, its simultaneous exposure of an executive culture of secrecy and deference to the UK's intelligence community assists in explaining why any fettering of the current powers will be so difficult to achieve. Drawing from Intelligence Studies, Information Science and Computer Science, this research logically deconstructs RIPA's communications-related powers, finding them more accurately describable as narrowly defined techniques facilitating the acquisition of communications-related data. Consequently, RIPA fails to envisage or regulate all types of acquisition, such as that obtained extra-jurisdictionally or via Computer Network Exploitation, thus partially legitimizing the status quo. The research also examines RIPA's seemingly all-encompassing definition of 'communication', finding it under-utilised, in that communications from the mind into electronic storage ('expression-related data') are not included. Consequently, the boundaries between 'communication', 'expression' and 'property,' and between RIPA's powers and those enabling Computer Network Exploitation are currently unnecessarily complicated. It concludes by recommending the enactment of a single statute regulating all investigative expression-related data acquisition.

340

Sekerheid in elektroniese data-uitruiling

17 November 2014

M.Sc. (Computer Science) / Please refer to full text to view abstract

Electronic data interchange

Computer security

Data protection