Global ETD Search

1	Seguran?a da informa??o no correio eletr?nico com base na ISO/IEC 17799 :um estudo de caso em uma institui??o superior com foco no treinamento / Information security in the electronic mail based on ISO/IEC 17799: a case study in a private superior education, with training focus Cavalcante, Sayonara de Medeiros 19 May 2006 (has links) Made available in DSpace on 2014-12-17T14:52:57Z (GMT). No. of bitstreams: 1 SayonaraMC.pdf: 1577994 bytes, checksum: 8c1104c0f89bd94527f5d3cd7e2f3b06 (MD5) Previous issue date: 2006-05-19 / The electronic mail service is one of the most Internet services that grow in the corporate environment. This evolution is bringing several problems for the organizations, especially to information that circulates inside of the corporate net. The lack of correct orientation to the people, about the usage and the security importance of these resources, is leaving breaches and causing misusage and overuse of service, for example. In recent literature, it starts to coming out several ideas, which has helped to rganizations how to plain and how to implement the information security system to the electronic mail in computer environment. However, these ideas are still not placed in practice in many companies, public or private. This dissertation tries to demonstrate the results of a research that has like goal, identify the importance that user training has over the information security policy, through a case study inside of private superior education institute in this state. Besides, this work had by basic orientation the ISO/IEC 17799, which talk about People Security. This study was developed over a proposed model to this research, which looked for offer conditions to guide the institution studied, how to plan better a information security policy to the electronic mail. Also, this research has an exploratory and descreptive nature and your type, qualitative. Firstly, it was applied na questionary to the information technology manager, as better way to get some general data and to deepen the contact which still then, it was being kept through e-mail. Thereupon this first contact, eleven interviews were done with the same manager, beside one interview with twenty-four users, among employees e students. After that to collect and transcript the interviews, were review with the manager all informations given, to correct any mistakes and to update that informations, to then, start the data analyze. The research suggests that the institution has a pro attitude about the information security policy and the electronic mail usage. However, it was clear that answers have their perception about information security under a very inexperient way, derived of a planning lack in relation to training program capable to solve the problem / O servi?o de correio eletr?nico ? um dos servi?os da Internet que mais cresce no ambiente corporativo. Essa evolu??o vem trazendo v?rios problemas para as organiza??es no que tange principalmente aos tipos de informa??es que circulam dentro da rede corporativa. A falta de orienta??o adequada, ?s pessoas, sobre a import?ncia do uso seguro destes recursos, vem deixando brechas e ocasionando tanto o mau uso quanto o abuso do servi?o, entre outros. Na literatura mais recente come?am a surgir conjuntos de id?ias consistentes, as quais t?m auxiliado as organiza??es em como planejar e implantar um sistema de seguran?a da informa??o para o correio eletr?nico em ambientes computacionais. Entretanto, tais id?ias ainda n?o foram devidamente postas em pr?tica em muitas empresas, p?blicas ou privadas. Esta disserta??o procura demonstrar os resultados de uma pesquisa que teve por objetivo identificar a import?ncia que o treinamento do usu?rio tem sobre a pol?tica de seguran?a das informa??es nas empresas, atrav?s de um estudo de caso feito em uma institui??o de ensino superior do Estado. Adicionalmente, o trabalho teve por orienta??o b?sica a diretriz da ISO/IEC 17799 (Tecnologia da informa??o C?digo de pr?tica para a gest?o da seguran?a da informa??o) a qual possui um t?pico dedicado ? Seguran?a de Pessoas. O estudo foi desenvolvido em cima de um modelo proposto para esta pesquisa, o qual procura oferecer condi??es de orienta??o para a institui??o estudada melhor planejar uma pol?tica de seguran?a da informa??o para o correio eletr?nico. Esta pesquisa teve natureza explorat?ria e descritiva e sua abordagem, qualitativa. Inicialmente, foi aplicado um question?rio junto a gerente de inform?tica da institui??o, como forma de melhor obter alguns dados gerais e tamb?m para aprofundar o contato que at? ent?o, vinha sendo mantido por e-mail. Logo ap?s este contato inicial, foram realizadas onze entrevistas com a mesma gerente, al?m de uma entrevista com vinte e quatro usu?rios, dispostos entre funcion?rios e alunos. Ap?s a fase de coleta e transcri??es das entrevistas, foram ainda revisadas com a gerente todas as informa??es fornecidas, a fim de corrigir quaisquer distor??es, bem como atualizar tais informa??es, para ent?o se come?ar a an?lise dos dados propriamente dita. A pesquisa sugere que a institui??o possui uma atitude pr?-ativa em rela??o ? seguran?a de suas informa??es e ? utiliza??o do correio eletr?nico. Entretanto, ficou evidenciado que os respondentes t?m sua percep??o sobre seguran?a da informa??o sob uma forma bastante inexperiente, derivada da falta de planejamento de uma pol?tica de treinamento capaz de sanar tal problema Tecnologia de informa??o Seguran?a da informa??o Correio eletr?nico ISO/IEC 17799 Treinamento Information technology Information security Electronic mail ISO/IEC 17799 Training
2	Framtagning av en informationssäkerhetspolicy Nordström, Roger January 2005 (has links) <p>This report was made for the company HordaGruppen AB to investigate how information security was handled. This report fits in the Master program of Internet Technology at School of Engineering in Jönköping University in Sweden.</p><p>The question at issue was how you protect your information against different threats. One question was how to make an information security policy and which guidelines you can follow in the Swedish Standard, SS-ISO/IEC 17799:2000.</p><p>Another question was to investigate the information sources at the company and which threats there are against it.</p><p>The work begins with a presentation about information security for the chief of information and the chief of quality in the company. The next thing was to do a survey of as thing are at present with a tool from Länsteknikcentrum called “Infosäkpulsen”. After the analysis was made of the survey, two reports were present with action plan for better information security for the company. The most important measures were of administrative kind and consist of a risk analysis of information resources and to make an information security policy with instructions for the users.</p><p>The risk analysis was made with the tool BITS from Krisberedskapsmyndigheten and the consequence was that base level for IT-security was enough for the company.</p><p>To fulfil the demand from the analyses so was an information security policy made and after that so create we information security instructions for the different kind of user group. One instruction was for ordinary users and the other was for management users.</p><p>Besides the part with policy and instructions so recommend the company to initiate incident management and register all kind of changes in their IT-system.</p><p>For further research it suggests to investigate how different standards can integrate to be only one standard that fulfils the goals in quality, environment and security standard</p> / <p>Rapporten var gjord som examensarbete på HordaGruppen AB och ingår i Breddmagisterprogrammet i Internetteknik på Ingenjörshögskolan i Jönköping.</p><p>Problemställningen som rapporten handlar om är hur man skyddar företagets information mot olika sorters hot. Frågeställningen var dels hur man tar fram en informationssäkerhetspolicy och vilka riktlinjer det finns i svensk standard för informationssäkerhet. Frågeställningen skulle också ta reda på företagets informationstillgångar och vilka hot det fanns mot dessa.</p><p>Arbetets inleds med en presentation på företaget om informationssäkerhet för Kvalitetschefen och IT-ansvarig. Därefter görs en nulägesanalys över informationssäkerheten med hjälp av verktyget Infosäkpulsen, en enkätundersökning från Länsteknikcentrum i Jönköping AB. Efter att svaren samlats in så sammanställdes en åtgärdsrapport och presenterades för företaget. De åtgärder som ansågs mest aktuella var av det administrativa slaget och bestod i att riskanalysera informationstillgångarna och att ta fram en informationssäkerhetspolicy med anvisningar för användarna.</p><p>Riskanalysen gjordes med verktyget BITS från Krisberedskapsmyndigheten och resulterade i att basnivå för it säkerhet räckte överlag för företaget.</p><p>För att uppfylla kraven från analyserna så togs en informationssäkerhetspolicy fram och därefter skapades informationssäkerhetsanvisningar till användare och till drift och förvaltning för att kunna uppfölja policyn.</p><p>Förutom att följa policyn och anvisningarna så rekommenderas företaget att införa incidenthantering och öka spårbarheten genom att dokumentera vilka ändringar som görs i IT-systemen. Ett uppslag för fortsatt arbete skulle kunna vara att integrera de olika standarderna till en anvisning som uppfyller målen för både kvalitet, miljön och säkerheten.</p> Datasäkerhet Informationssäkerhet IT-policy Riskanalys Svensk Standard SS-ISO/IEC 17799 Policy ITIL LIS Computer and systems science Data- och systemvetenskap
3	Framtagning av en informationssäkerhetspolicy Nordström, Roger January 2005 (has links) This report was made for the company HordaGruppen AB to investigate how information security was handled. This report fits in the Master program of Internet Technology at School of Engineering in Jönköping University in Sweden. The question at issue was how you protect your information against different threats. One question was how to make an information security policy and which guidelines you can follow in the Swedish Standard, SS-ISO/IEC 17799:2000. Another question was to investigate the information sources at the company and which threats there are against it. The work begins with a presentation about information security for the chief of information and the chief of quality in the company. The next thing was to do a survey of as thing are at present with a tool from Länsteknikcentrum called “Infosäkpulsen”. After the analysis was made of the survey, two reports were present with action plan for better information security for the company. The most important measures were of administrative kind and consist of a risk analysis of information resources and to make an information security policy with instructions for the users. The risk analysis was made with the tool BITS from Krisberedskapsmyndigheten and the consequence was that base level for IT-security was enough for the company. To fulfil the demand from the analyses so was an information security policy made and after that so create we information security instructions for the different kind of user group. One instruction was for ordinary users and the other was for management users. Besides the part with policy and instructions so recommend the company to initiate incident management and register all kind of changes in their IT-system. For further research it suggests to investigate how different standards can integrate to be only one standard that fulfils the goals in quality, environment and security standard / Rapporten var gjord som examensarbete på HordaGruppen AB och ingår i Breddmagisterprogrammet i Internetteknik på Ingenjörshögskolan i Jönköping. Problemställningen som rapporten handlar om är hur man skyddar företagets information mot olika sorters hot. Frågeställningen var dels hur man tar fram en informationssäkerhetspolicy och vilka riktlinjer det finns i svensk standard för informationssäkerhet. Frågeställningen skulle också ta reda på företagets informationstillgångar och vilka hot det fanns mot dessa. Arbetets inleds med en presentation på företaget om informationssäkerhet för Kvalitetschefen och IT-ansvarig. Därefter görs en nulägesanalys över informationssäkerheten med hjälp av verktyget Infosäkpulsen, en enkätundersökning från Länsteknikcentrum i Jönköping AB. Efter att svaren samlats in så sammanställdes en åtgärdsrapport och presenterades för företaget. De åtgärder som ansågs mest aktuella var av det administrativa slaget och bestod i att riskanalysera informationstillgångarna och att ta fram en informationssäkerhetspolicy med anvisningar för användarna. Riskanalysen gjordes med verktyget BITS från Krisberedskapsmyndigheten och resulterade i att basnivå för it säkerhet räckte överlag för företaget. För att uppfylla kraven från analyserna så togs en informationssäkerhetspolicy fram och därefter skapades informationssäkerhetsanvisningar till användare och till drift och förvaltning för att kunna uppfölja policyn. Förutom att följa policyn och anvisningarna så rekommenderas företaget att införa incidenthantering och öka spårbarheten genom att dokumentera vilka ändringar som görs i IT-systemen. Ett uppslag för fortsatt arbete skulle kunna vara att integrera de olika standarderna till en anvisning som uppfyller målen för både kvalitet, miljön och säkerheten. Datasäkerhet Informationssäkerhet IT-policy Riskanalys Svensk Standard SS-ISO/IEC 17799 Policy ITIL LIS Information Systems
4	Towards a framework for securing a business against electronic identity theft Bechan, Upasna 30 November 2008 (has links) The continuing financial losses incurred by individuals and companies due to identity information being phished are necessitating more innovative approaches to solving the problem of phishing attacks at the company level. Security standards are developed by respected experts in the profession and are widely accepted in the industry. The purpose of this study was to investigate whether a standard can be adapted to develop a framework that may guide companies in determining how to protect themselves against phishing attacks. A qualitative approach using design research as the methodology was used during the research. The data collection took place by means of a literature survey and semi-structured interviews. The artefact developed was a phishing-prevention framework based on the ISO/IEC 17799 standard, and the evaluation thereof took place through test cases. The findings communicated to the managerial audience was a set of recommendations as a further investment in their security protection against phishing attacks; the findings communicated to the technical audience was the successful adaptation of an existing security standard to produce a usable framework. Further research initiatives should extend the types of test cases that the phishing-prevention framework was evaluated against, and explore the use of tools for determining compliance with the framework. / Theoretical Computing / M. Sc. (Information Systems) Phishing Identity theft Standards Qualitative Design science ISO/IEC 17799 Interviews Framework Security 005.8 Phishing Identity theft Identity theft -- Prevention Identity theft -- Prevention Computer -- Access control
5	Návrh metodiky bezpečnosti informací v podniku / Design of Information Security Methodology in the Company Bartoš, Lukáš January 2013 (has links) This thesis proposes a design of information security methodology in the company. After the theoretical bases of this thesis is introduced company for which is intended this work. Then is performed analysis of risks based on selected assets and potential threats. Followed by design of the measures to minimize the creation of possible risks in the company.
6	Towards a framework for securing a business against electronic identity theft Bechan, Upasna 30 November 2008 (has links) The continuing financial losses incurred by individuals and companies due to identity information being phished are necessitating more innovative approaches to solving the problem of phishing attacks at the company level. Security standards are developed by respected experts in the profession and are widely accepted in the industry. The purpose of this study was to investigate whether a standard can be adapted to develop a framework that may guide companies in determining how to protect themselves against phishing attacks. A qualitative approach using design research as the methodology was used during the research. The data collection took place by means of a literature survey and semi-structured interviews. The artefact developed was a phishing-prevention framework based on the ISO/IEC 17799 standard, and the evaluation thereof took place through test cases. The findings communicated to the managerial audience was a set of recommendations as a further investment in their security protection against phishing attacks; the findings communicated to the technical audience was the successful adaptation of an existing security standard to produce a usable framework. Further research initiatives should extend the types of test cases that the phishing-prevention framework was evaluated against, and explore the use of tools for determining compliance with the framework. / Theoretical Computing / M. Sc. (Information Systems) Phishing Identity theft Standards Qualitative Design science ISO/IEC 17799 Interviews Framework Security 005.8 Phishing Identity theft Identity theft -- Prevention Identity theft -- Prevention Computer -- Access control
7	Fatores influenciadores da implementa??o de a??es de gest?o de seguran?a da informa??o :um estudo com executivos e gerentes de tecnologia da informa??o das empresas do Rio Grande do Norte / Factors influencing the implementation of information security managemente: an exploratory and empirical study of Executives and Chief Information Officers?perceptions Gabbay, Max Simon 19 May 2006 (has links) Made available in DSpace on 2014-12-17T14:52:56Z (GMT). No. of bitstreams: 1 Max Simon Gabbay.pdf: 1162582 bytes, checksum: 103ee5138ddeedcf7fa95d62fb665096 (MD5) Previous issue date: 2006-05-19 / Information is one of the most valuable organization s assets, mainly on a global and highly competitive world. On this scenery there are two antagonists forces: on one side, organizations struggle for keeping protected its information, specially those considered as strategic, on the other side, the invaders, leaded by innumerous reasons - such as hobby, challenge or one single protest with the intention of capturing and corrupting the information of other organizations. This thesis presents the descriptive results of one research that had as its main objective to identify which variables influence the Executives? and CIOs? perceptions toward Information Security. In addition, the research also identified the profile of Rio Grande do Norte s organizations and its Executives/CIOs concerning Information Security, computed the level of agreement of the respondents according to NBR ISO/IEC 17799 (Information technology Code of practice for information security management) on its dimension Access Control. The research was based on a model, which took into account the following variables: origin of the organization s capital, sector of production, number of PCs networked, number of employees with rights to network, number of attacks suffered by the organizations, respondent?s positions, education level, literacy on Information Technology and specific training on network. In the goal?s point of view, the research was classified as exploratory and descriptive, and, in relation of the approach, quantitative. One questionnaire was applied on 33 Executives and CIOs of the 50 Rio Grande do Norte s organizations that collected the highest taxes of ICMS - Imposto sobre Circula??o de Mercadorias on 2000. After the data collecting, cluster analysis and chi-square statistical tools were used for data analysis. The research made clear that the Executives and CIOs of Rio Grande do Norte s organizations have low level of agreement concerning the rules of the NBR ISO/IEC 17799. It also made evident that the Executives and CIOs have its perception toward Information Security influenced by the number of PCs networked and by the number of attacks suffered by the organizations / A informa??o ? um dos mais valiosos ativos das empresas, notadamente num mundo globalizado e altamente competitivo. Neste cen?rio, percebe-se a exist?ncia de duas for?as antag?nicas: de um lado encontram-se as empresas que lutam para manter protegidas suas informa??es, em especial as consideradas como estrat?gicas, e de outro, invasores, que, movidos por diversos fatores lazer, desafios ou um simples protesto - objetivam captar e adulterar as informa??es de outras entidades. Esta disserta??o apresenta os resultados descritivos de uma pesquisa que teve por objetivo identificar quais fatores influenciam os Executivos e Gerentes de Tecnologia da Informa??o nas suas percep??es em rela??o ? Seguran?a de informa??o. Adicionalmente, o trabalho levantou o perfil das empresas e dos Executivos e Gerentes de TI do Rio Grande do Norte em rela??o ? Seguran?a da informa??o e aferiu o n?vel de concord?ncia dos respondentes em rela??o ?s diretrizes da Norma NBR ISO/IEC 17799 (Tecnologia da informa??o C?digo de pr?tica para a gest?o da seguran?a da informa??o) na sua dimens?o Controle de Acesso. O estudo foi desenvolvido em cima de um modelo criado para esta pesquisa, o qual contemplava as seguintes vari?veis: origem do capital da empresa, setor de produ??o, tamanho do parque de inform?tica instalado, n?mero de empregados que acessam a rede, freq??ncia dos ataques sofridos, cargo do respondente, idade, n?vel de escolaridade, conhecimento geral de inform?tica e treinamentos espec?ficos em rede. Do ponto de vista de seus objetivos, a pesquisa foi explorat?ria e descritiva, e, em rela??o ? forma de abordagem, quantiativa. Foi aplicado um formul?rio junto a 33 Executivos e 33 Gerentes de TI dentre as 50 empresas do Rio Grande do Norte que apresentaram no ano de 2000 os maiores volumes de arrecada??o de ICMS - Imposto sobre Circula??o de Mercadorias. Ap?s a fase de coleta e tabula??o dos dados, foram utilizadas as ferramentas estat?sticas de An?lise de Conglomerados e qui-quadrado para a an?lise dos dados. A pesquisa sugere que os Executivos e Gerentes de TI das empresas do Rio Grande do Norte possuem baixo n?vel de concord?ncia em rela??o a Norma NBR ISO/IEC 17799. A pesquisa tamb?m evidenciou que os respondentes t?m sua percep??o em rela??o ? Seguran?a da informa??o influenciada pelo tamanho do parque instalado e pelo n?mero de ataques sofridos pela empresa Tecnologia da informa??o Seguran?a da informa??o Norma ISO/IEC Gest?o da informa??o Information technology Information security NBR ISO/IEC 17799 information management
8	En studie av SSL / A Studie Of SSL Petrusic, Dejan January 2004 (has links) Dokumentet är ett resultat av studier gjorda under kursen Kandidatarbete I Datavetenskap. Arbetet utforskade, genom fallstudie, två egenskaper av distribuerade informationssystem och relation mellan dessa: säkerhet och prestanda. Målet med fallstudien har varit att belysa nackdelen med användning av Secure Socker Layer (SSL) dvs. dess effekt på hastigheten och fördelen med SSL, dvs. SSL:s roll i informationssäkerhetsarbetet. Arbetet visar hur prestanda i ett tillämpad distribuerat informationssystem kan påverkas av en SSL tillämpning. Systemets responstid testades för skillnader mellan en SSL säkrad uppkoppling och utan. Det testade systemet var ett bokningssystem som används för administration av resor, utvecklat i DotNet utvecklingsplattform. Arbetet har dessutom visat genom studien av informationssäkerhetsstandarden ledningssystem för informationssäkerhet (LIS) vilken plats som SSL protokollet har i informationssäkerhetsarbetet i organisationer. Metoden för jämförelse utvecklades och baserades på interaktionsmodellen. Hypotesen för arbetet var att mjukvara som tillämpar SSL gör att responstiden blir längre men gör också att informationssystemet uppfyller krav enligt standarden för ledningssystem av informationssäkerhet SS-ISO/IEC 17799 och SS 62 77 99-2. Hypotesen bekräftades då resultatet för mätningen visade en ökning på 37,5 % i medel för klienten med säkrad SSL uppkoppling och att resultatet av LIS studien visade att organisationer uppfyller viktiga krav ställda i standarden genom at ha en SSL säkrad kommunikation i sitt informationssystem. / This study shows the impact of SSL application on performance in a distributed information system. Further, the case study shows also, through studies of information security standard SS-ISO/IEC 17799, the place that SSL has in applying information security in organisations. / dejanpetrusic@hotmail.com, is00dpe@student.bth.se informationssystem information systems distribuerade system distributed systems säkerhet security prestanda performance mätningar measurements SSL säkerhetsstandard security standard ss-iso/iec 17799 webbtjänster webservice .net SOAP XML integration ILT Booking System Computer Sciences Datavetenskap (datalogi)
9	Systém pro podporu auditu managementu informační bezpečnosti / System for Audit Support of Information Security Management Soukop, Tomáš January 2012 (has links) This master thesis describes creation of system for audit support of information security management. In the next chapters I will explain what is the information security, system of information security, audit system and what standards we have for this. Last but not least is described how to create a system for audit support. The whole design is created with usage of standards for quality management and information security management. System is oriented for web environment.

Search results