• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 502
  • 310
  • 1
  • Tagged with
  • 813
  • 813
  • 813
  • 813
  • 813
  • 172
  • 170
  • 59
  • 51
  • 48
  • 42
  • 41
  • 36
  • 36
  • 33
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

A Socio-technical Analysis of Information Systems Security Assurance : A Case Study for Effective Assurance

Chaula, Job Asheri January 2006 (has links)
<p>This thesis examines the concepts of Information System (IS) security assurance using a socio-technical framework. IS security assurance deals with the problem of estimating how well a particular security system will function efficiently and effectively in a specific operational environment. In such environments, the IS interact with other systems such as ethical, legal, operational and administrative. Security failure in any of these systems may result in security failure of the whole system. </p><p>In this thesis a socio-technical framework is used to examine culture, usability problems, security internal controls, security requirements and re-use of security requirements of TANESCO information systems. TANESCO is the energy utility company in Tanzania where the case study was conducted. Results show that culture affects the way people approach IS security. Also results show that the socio-technical framework is effective in modeling systems security and its environment. The re-use of security requirements is also shown to significantly minimise the time taken when developing and improving security requirements for an IS. </p><p>The overall purpose of this thesis has been to develop a framework for information systems security assurance. The resulting framework of thinking brings together numerous assurance concepts into a coherent explanation that should be useful for any organisation or evaluators seeking to understand the underlying principals of systems security assurance. It contains organisational, cultural, and technical issues that should be looked at when considering and applying systems security assurance methods and techniques.</p>

ICT Security Readiness Checklist for Developing Countries : A Social-Technical Approach

Tarimo, Charles N. January 2006 (has links)
<p>The consequences of Information and Communication Technology (ICT) revolution on society are almost impossible to enumerate. New types of ICT products, services and capabilities are finding their way into our offices, schools and homes - almost on daily basis; impacting the way we work, learn and live. Following this revolution, governments around the world have recognised that the transformation from traditional government to electronic government is one of the most important public policy issues to embrace. Likewise, organisations and businesses around the world are transforming from traditional organisations and businesses to their electronic equivalent.</p><p>However, to be a part in this revolution, it is important for the concerned governments and organisations to have an ability to differentiate between implementing a new IT/ICT system and a transformation to e-government, e-organisation, and e-business. E-government is not simply about implementing new ICT systems, but it is about changing business models and processes to do things differently and better. ICT offers the solutions, but e-government, eorganisation, and e-business are about changing the way they operate to achieve their mission objectives.Implicitly there are a number of key issues to be considered in this transformation. One such key issue is security, since many of the technical and social security control mechanisms that are in place today are rendered ineffective by the ICT revolution. As such, we can no longer rely entirely on our traditional security controls—e.g. physical access controls, security guards and locks—to ensure the security of an organisation’s assets, processes and communications. The multiplicity of new technical possibilities gives rise not only to new products, services and more efficient and effective ways of doing things, but also to the possibility of misuse of the technology. Consequently, new social and technical security controls are imperative in this revolution. However, research findings show that, in many cases, security issues come as an-after-thought in the ongoing transformations to ICT-enabled organisational or governmental contexts.</p><p>In this thesis, the challenges of the process of computerisation and other changes due to ICT are investigated from a security point of view. An explorative study of both theoretical and practical aspects of addressing ICT security in organisations was performed. The findings from some organisations studied show that, organisations—as social-technical systems—are facing a myriad of problems in their effort to adequately and effectively implementing a sound ICT security program. As a result, the organisations, individuals, or nations as a whole; may fail in meeting the challenges of exploiting the benefits of ICT; due, in part, to their failure to manage the risks which ICT presents—not being ‘e-ready’ in ICT security matters.</p><p>In view of the above, the following are the end products of the research: a Model of Security Knowledge, and a Social-Technical ICT Security Readiness Checklist. These end products draw from the available ICT-security knowledge-body and a practical experience from an empirical study conducted in Tanzania. We believe the model and checklist would serve as a starting point in assisting organisations having a similar security situation as those studied, to meet the security challenges of exploiting the benefits of ICT. By providing means for evaluation, formation and implementation of ICT security controls—both social and technical ones—the checklist can be helpful in managing the risks that ICT presents.</p>

A Holistic Approach for Managing ICT Security in Non-Commercial Organisations : A Case Study in a Developing Country

Bakari, Jabiri Kuwe January 2007 (has links)
<p>The research reported here is about improvement of the ICT security management process in non-commercial organisations in order to reduce possible financial damage, taking into consideration the realities found in developing countries. The research took place in a developing country—Tanzania, where five organisations were involved. </p><p>The study is organised into seven papers covering: the state of ICT security management in the organisations; prerequisites when utilising the existing ICT security management approaches in attaining a solution for managing ICT security in the organisations; issues and challenges of managing ICT security; important aspects to be taken into consideration in order to successfully manage ICT security; and how the management of ICT security in non-commercial organisations could be improved. Among others, the research was motivated by the observed need for bridging the perception gap between the management and technicians when dealing with the ICT security problem, and consequently extending to a common understanding by the staff in the various departments and specialities within and between the departments. </p><p>The thesis contributes to increased empirical knowledge on the importance of the holistic ICT security management process. Particularly, our main contribution is the proposed holistic approach for managing ICT security in non-commercial organisations, organised in the form of guidelines with two main phases: the initialisation phase which involved the introduction of the ICT security management process in the organisation; and the internalised and continuous phase. </p>

Strategic Planning of Knowledge Management Systems : A Problem Exploration Approach

Aidemark, Jan January 2007 (has links)
<p>Knowledge management (KM) is focused on the problems and opportunities of using organizational knowledge as a resource. Information systems that are used to support KM processes are called knowledge management systems (KMS). A KMS is distinguished from any information system by the organizational processes that it supports, that is, creation, capture, storage and dissemination of competences and knowledge. The research area can be summarized as: “Perspectives and frameworks for the strategic planning of knowledge management systems, i.e. information systems for the support of organizational knowledge processes”. We approach the problem area from a strategic point of view, assuming that the problems of the area are based on a socio-technical dimension and that a multiple-paradigm approach is necessary for dealing with the problems of the various KM areas. The research strategy applied to achieve this is interpretative case studies. A number of case studies are used for exploring KM planning areas, developing frameworks for planning and testing the resulting approach. The empirical material consists of three main case studies, together with a number of secondary cases by other writers in the KM field. The outcome of the research is a planning approach, which is given the name: “The problem exploration approach”. The approach is intended for the generation of ideas of possible systems, as a strategic part of knowledge management systems planning. The purpose of the planning approach is to support the creation of a portfolio of KMS. A KMS portfolio is a structured set of information systems that could be developed for an organizational unit. The approach consists of five planning frameworks, all targeting different aspects of an organization. “The problem exploration approach” and its development process are then examined for more general insights into the subject of strategic KM planning. As an outcome of this examination a 12-point program for balancing a planning approach is presented. </p>

Plot, Spectacle, and Experience : Contributions to the Design and Evaluation of Interactive Storytelling

Laaksolahti, Jarmo January 2008 (has links)
<p>Interactive storytelling is a new form of storytelling emerging in the crossroads of many scholarly, artistic, and industrial traditions. In interactive stories the reader/spectator moves from being a receiver of a story to an active participant. By allowing participants to influence the progression and outcome of the story new experiences will arise. This thesis has worked on three aspects of interactive storytelling: plot, spectacle, and experience. The first aspect is concerned with finding methods for combining the linear structure of a story, with the freedom of action required for an interactive experience. Our contribution has focused on a method for avoiding unwanted plot twists by predicting the progression of a story and altering its course if such twists are detected.</p><p>The second aspect is concerned with supporting the storytelling process at the level of spectacle. In Aristotelian terms, spectacle refers to the sensory display that meets the audience of a drama and is ultimately what causes the experience. Our contribution focuses on graphically making changing emotions and social relations, important elements of dramatic stories in our vision, salient to players at the level of spectacle. As a result we have broadened the view of what is important for interactive storytelling, as well as what makes characters believable. So far not very much research has been done on evaluating interactive stories. Experience, the third aspect, is concerned with finding qualitative methods for evaluating the experience of playing an interactive story. In particular we were interested in finding methods that could tell us something about how a players experience evolved over time, in addition to qualities such as agency that have been claimed to be characteristic for interactive stories. Our contribution consists of two methods that we have developed and adapted for the purposes of evaluating interactive stories that can provide such information. The methods have been evaluated on three different interactive storytelling type games.</p>

Mobile Agent Approach to Congestion Control in Heterogeneous Networks

Nguyen, Hong Van January 2008 (has links)
<p>One of the motivations to study the behavior of the Internet is to find out the best way to maintain the relative stability of the global network. This leads into the investigations of events that impair the performance of the system such as congestion that occurs whenever the demand for resources exceed the available capacity. When the congestion is left uncontrolled the performance of the whole system degrades through severe delays, lost packets, and even a complete shutdown of the network. Hence, congestion management through monitoring, detection and control is necessary in order to sustain acceptable levels of network performance and this may be done via the transport protocols. Consequently, many modifications of the original TCP protocol have been implemented to manage the control. On the other hand, unlike TCP, UDP has no knowledge of congestion whatsoever and hence unresponsive to the network problems.</p><p>The work explores the possibility to influence and modify the unresponsive behavior of UDP or similar protocols via the mobile agent paradigm. The autonomous entities are able to migrate across the network and sense the state of the network and when needed tame the intensity of UDP or alike flows to prevent congestion. The proposed model is termed the Combined Model for Congestion Control (CM4CC) and has two different objectives. The first one is to employ the host centric or end-to-end (E2E) congestion control mechanisms for the TCP flows; the second one is to invoke the mobile agent paradigm to manage the non-TCP (or UDP) traffic. Both mechanisms must work together to avoid congestion. When it eventually appears, they have to assist the network in speedy recovery and return to the normal mode of operation. The validity of the CM4CC has been verified through numerous simulation scenarios using the Optimized Network Engineering Tool (OPNET). The results provide the basis for an environment that makes possible the coexistence of responsive and unresponsive flows.</p>

Information Security in Distributed Healthcare : Exploring the Needs for Achieving Patient Safety and Patient Privacy

Åhlfeldt, Rose-Mharie January 2008 (has links)
<p>In healthcare, patient information is a critical factor. The right information at the right time is a necessity in order to provide the best possible care for a patient. Patient information must also be protected from unauthorized access in order to protect patient privacy. It is furthermore common for patients to visit more than one healthcare provider, which implies a need for cross border healthcare and continuity in the patient process.</p><p>This thesis is focused on information security in healthcare when patient information has to be managed and communicated between various healthcare actors and organizations. The work takes a practical approach with a set of investigations from different perspectives and with different professionals involved. Problems and needs have been identified, and a set of guidelines and recommendations has been suggested and developed in order to improve patient safety as well as patient privacy.</p><p>The results show that a comprehensive view of the entire area concerning patient information management between different healthcare actors is missing. Healthcare, as well as patient processes, have to be analyzed in order to gather knowledge needed for secure patient information management.</p><p>Furthermore, the results clearly show that there are deficiencies both at the technical and the administrative level of security in all investigated healthcare organizations.</p><p>The main contribution areas are: an increased understanding of information security by elaborating on the administrative part of information security, the identification of information security problems and needs in cross border healthcare, and a set of guidelines and recommendations in order to advance information security measures in healthcare.</p>

A Dynamic and Adaptive Information Security Awareness (DAISA) Approach

Casmir, Respickius January 2005 (has links)
<p>Information systems fail not only because of problems with technology used and technical incompetence of professionals administering them but also because of lack of security awareness to the end users. In addition, various research results have revealed that security and reliability of IS/IT systems is a function of technology, processes and people.</p><p>This research has focused on the latter aiming at developing an integrated information security education, training and awareness learning continuum. Particularly, the research has focused on developing countries where a little has been done to address information security learning continuum. The research has been done in two cyclic phases in which cycle one has chiefly addressed security education and training aspects whereas cycle two has mainly focused on security awareness aspects. Based on empirical analysis of security practices in organisations; the thesis proposes a Dynamic and Adaptive Information Security Awareness (DAISA) approach. Founded on six interdependent pillars, the approach delineates high level guidelines for establishing and maintaining information security awareness programs at workplaces.</p>

Beyond Users : Grounding Technology in Experience

Ljungblad, Sara January 2008 (has links)
<p>This thesis goes beyond a user-centred design approach to explore potential future applications and modes of interaction. With several design cases, we investigate how early technology ideas can be matched with a specific practice to inspire novel design. This involves learning about existing experiences, interests and activities that can be relevant for a potential application, but which are not necessarily found among the intended users. Starting with early technology ideas and then finding a suitable practice to learn from is an alternative perspective of design activities. This can be useful for researchers and designers in Human Computer Interaction (HCI) who are interested in complementing approaches compared to user-centred design. Our approach is also relevant for researchers that face technology-driven starting points, and want to investigate future applications by grounding the design in existing practices.</p><p>A set of design cases show how the overall research goes from a usability-oriented perspective towards a more experience-oriented one, in order to accommodate technology-driven design situations. The design cases have involved different technical starting points, including information display technologies, surface-based networking, digital photography, and robot technology for everyday settings. The overall design process evolves towards matching the technology with a practice, and to investigate applications by developing one or more research prototypes. This has resulted knowledge of novel applications and interaction for the technology in question, as well as knowledge on how to employ empirical data to inspire novel design. Finally, we provide an overall reflection of the research process and show how a design approach that goes beyond users can benefit the design process.</p>

IT-supported Knowledge Repositories : Increasing their Usefulness by Supporting Knowledge Capture

Aggestam, Lena January 2008 (has links)
<p>Organizations use various resources to achieve business objectives, and for financial gain. In modern business, knowledge is a critical resource, and organizations cannot afford not to manage it. Knowledge Management (KM) aims to support learning and to create value for the organization. Based on three levels of inquiry (why, what, how), work presented in this thesis includes a synthesized view of the existing body of knowledge concerning KM and hence a holistic characterization of KM. This characterization reveals a strong dependency between KM and Learning Organization (LO). Neither of them can be successful without the other. We show that a KM project resulting in an IT-supported knowledge repository is a suitable way to start when the intention is to initiate KM work. Thus, our research focuses on ITsupported knowledge repositories.</p><p>Large numbers of KM projects fail, and organizations lack support for their KM undertakings. These are the main problems that our research addresses. In order for an IT-supported knowledge repository to be successful, it must be used. Thus, the content of the repository is critical for success. Our work reveals that the process of capturing new knowledge is critical if the knowledge repository is to include relevant and updated knowledge. With the purpose of supporting the capture process, this thesis provides a detailed characterization of the capture process as well as guidance aiming to facilitate the implementation of the capture process in such a way that knowledge is continuously captured, also after the KM implementation project is completed. We argue that the continuous capture of new knowledge which can potentially be stored in the knowledge repository will, in the long term perspective, have a positive influence on the usefulness of the repository. This will most likely increase the number of users of the repository and accordingly increase the number of successful KM projects.</p><p>All the work presented in this thesis is the result of a qualitative research process comprising a literature review and an empirical study that were carried out in parallel. The empirical study is a case study inspired by action research, which involved participation in the project Efficient Knowledge Management and Learning in Knowledge Intensive Organizations (EKLär).</p>

Page generated in 0.1591 seconds