Global ETD Search

21	Intrusion Management Olsson, Fredrik January 2006 (has links) <p>Information security is tasked with protecting the confidentiality, integrity, and availability of an organizations information resource. A key aspect in protecting these resources is developing an</p><p>understanding of the threats, vulnerabilities, and exposures that they face by using Risk Management.</p><p>The objective of Risk Management is to identify, quantify and manage information security risks to achieve organizations objectives through a number of tasks utilizing key Risk Management techniques.</p><p>Risk Management is a process that ensures that the impact of threats exploiting vulnerabilities is within acceptable limits and at an acceptable cost.</p><p>With the increased complexity of modern dynamic networks, traditional defence mechanisms are failing and as a result cyber crime is on the rise [FBI03]. This puts organizations and corporations at risk as the defences are ill-fitted and weak [KBM04].</p><p>No information system can be absolutely secure, especially large and complex systems. Embedded security works for isolated, dedicated systems with few users but does not offer cost effective security, and even worse does not always handle security based on a real threat (this is manly due to it inherent inflexibility). A military strategy within the field of information operations suggests a method of information superiority bases on the OODA-loop. This theses propose a method of information security protection based on a combination of risk management techniques and information operation (foremost the OODA-loop). This is in order to ensure a cost effective and a viable future for information security in large</p><p>and complex systems, where the war at least at present time is lost to the “black hats”, a term often used to describe a menaced hacker.</p> Information Security IT-Security Military strategy IDS Risk Management OODA-loop Computer science Datavetenskap
22	Actual and Perceived Information Systems Security Oscarson, Per January 2007 (has links) As the Internet becomes the major information infrastructure in most sectors, the importance of Information Systems (IS) security steadily increases. While reaching a certain level of actual IS security is vital for most businesses, this level must also be perceived as acceptable by stakeholders. Businesses have to maintain a certain level of security and be able to assess the level of other actors’ security. IS security is abstract and complex, however, and difficult to estimate and measure. This thesis uses epistemic and ontological frameworks to study the conceptual nature of IS security and separate the concepts of actual and perceived IS security. A well-known event is used to illustrate the conceptual discussion: the Sasser worm that was spread around the world in 2004. This study also includes a smaller case study from the City of Stockholm, where about 4,000 computers were infected by Sasser. The outcome of the study is that actual IS security should be treated as a dynamic condition that is influenced by three different objects: information assets, threat objects and security mechanisms. Incidents are processes that are ruled by the conditions of these three objects and affect the states of confidentiality, integrity and availability of information assets. The concepts of threat, risk and trust remain at epistemic level, i.e. perceptions. Perceptions of IS security can differ depending on their social establishment and are classified as subjective judgements, inter-subjective judgements or institutional facts. While actual IS security conditions can influence actors’ perceptions of IS security, perceived IS security can also influence actual IS security. Information systems security IS security IT security Information security Actual and perceived Information science Informationslära
23	IT-säkerhetspolicy : - en studie kring anställdas kunskap om två verksamheters IT-säkerhetspolicys Bertilsson, Linus, Granvik, Jim January 2014 (has links) IT-användandet bland Sveriges företag är mycket stort och utvecklingen går snabbt framåt. Samtidigt som teknologin skapar möjligheter så skapar den även hot mot företagen själva. Dessa hotbilder glöms ofta bort och konsekvenserna kan bli att känslig information hamnar i fel händer. Undersökningen handlar om anställdas kunskap om den egna verskamhetens IT-säkerhetspolicy. I undersökningen granskas och jämförs även IT-säkerhetspolicys från ett mindre företag och en större kommunal organisation. Som metod har enkäter och intervjuer använts. Resultatet visar att kunskapen hos de anställda kring den egna IT-säkerhetspolicyn är varierande och att de båda policyerna ser mycket olika ut. En IT-säkerhetspolicy bör inte anses som en problemlösare i sig, utan användandet kan även ge nackdelar. Den kan ge stöd och tydlighet i arbetet och kan underlätta i beslutsfattande situationer och öka säkerheten i företaget. Det räcker dock inte med att ha en detaljrik och heltäckande IT-säkerhetspolicy, om de anställda inte känner till att den finns eller inte vet vad den innehåller. En IT-säkerhetspolicy bör vara ett levande dokument som tas upp för gemensam diskussion och revideras med jämna mellanrum. Nyckelord: IT-strategi, IT-säkerhetspolicy, organisation, enkät, intervju. IT IT-security computersecurity IT-policy IT-securitypolicy IT forensik it-säkerhet it-policy it-säkerhetspolicy
24	The Effectiveness of Social Engineering as a Cyber - Attacking Vector : People Do Use Unknown USB Drive, They Find Ferguson, Isaac Yaw January 2017 (has links) Information security importance is rising. Information security awareness' is spreading, and this gives a clear picture of the growing demand for information security. Information security does not only consist of essential information but also the customer. An information system could be either a system user or a device. Protecting vital information is one of the security issues facing our modern technology, but also protecting system users. System users are the weakest link in information security chain due to wrong prioritizing of information security.Standardization of information security must not differ across organizations. Although every organization has a prioritized level of protection, managing information security should not be completely different from one organization over the other. However, this is not the case. The standards of information security across multiple organizations differ. The gap between organizations concerning information security is enormous. The difference between organizations is due to how organizations value their information access. One of the main security issues confronting information security is the end-user security. System users are still the weakest link in the information security chain. An organization's security cannot depend only on the implemented system, but also, the security level of the system users. The end-users within an organization are essential in cultivating better information security practices. Neglecting end users' importance in information security makes it easier for cyber-attacks and end-users manipulations.The inability to protect end-users as a physical system exposes the possibilities of manipulating end-users through various Social Engineering techniques to elicit essential information. Social Engineering is the term used to influence a person without their knowledge to give out sensitive information. Social Engineering comprises of different factors; psychology and computer science. Social Engineering acquires vital information by manipulating the weakest link in information security chains, the system user.Social Engineering proves that end-users are still the weakest link in the information security chain. This experiment demonstrates that people do use unknown USB drive they find. The consequences of this act, in general, could be harmful. Moreover, that, there are possibilities through Social Engineering, to expose organizations' systems infrastructures to cyber-attacks.The result from this project visualizes that, the most valuable assets an organization has are the people within the organization. An organization employee could expose a well-secured system to cyber-attacks without knowing about it. Social engineering IT security USB hacking Information Systems
25	Design and Implementation of an Environment to Support Development of Methods for Security Assessment Bengtsson, Johan, Brinck, Peter January 2008 (has links) There is no debate over the importance of IT security. Equally important is the research on security assessment; methods for evaluating the security of IT systems. The Swedish Defense Research Agency has for the last couple of years been conducting research on the area of security assessment. To verify the correctness of these methods, tools are implemented. This thesis presents the design and implementation of an environment to support and aid future implementations and evaluations of security assessment methods. The aim of this environment, known as the New Tool Environment, NTE, is to assist the developer by facilitating the more time consuming parts of the implementation. A large part of this thesis is devoted to the development of a database solution, which results in an object/relational data access layer. IT Security Security Assessment Security Assessment Tool Information Systems
26	Mathematical foundation needed for development of IT security metrics Bengtsson, Mattias January 2007 (has links) IT security metrics are used to achieve an IT security assessment of certain parts of the IT security environment. There is neither a consensus of the definition of an IT security metric nor a natural scale type of the IT security. This makes the interpretation of the IT security difficult. To accomplish a comprehensive IT security assessment one must aggregate the IT security values to compounded values. When developing IT security metrics it is important that permissible mathematical operations are made so that the information are maintained all the way through the metric. There is a need for a sound mathematical foundation for this matter. The main results produced by the efforts in this thesis are: • Identification of activities needed for IT security assessment when using IT security metrics. • A method for selecting a set of security metrics in respect to goals and criteria, which also is used to • Aggregate security values generated from a set of security metrics to compounded higher level security values. • A mathematical foundation needed for development of security metrics. IT security metrics mathematics aggregation interpretation assessment Information Systems
27	Intrusion Management Olsson, Fredrik January 2006 (has links) Information security is tasked with protecting the confidentiality, integrity, and availability of an organizations information resource. A key aspect in protecting these resources is developing an understanding of the threats, vulnerabilities, and exposures that they face by using Risk Management. The objective of Risk Management is to identify, quantify and manage information security risks to achieve organizations objectives through a number of tasks utilizing key Risk Management techniques. Risk Management is a process that ensures that the impact of threats exploiting vulnerabilities is within acceptable limits and at an acceptable cost. With the increased complexity of modern dynamic networks, traditional defence mechanisms are failing and as a result cyber crime is on the rise [FBI03]. This puts organizations and corporations at risk as the defences are ill-fitted and weak [KBM04]. No information system can be absolutely secure, especially large and complex systems. Embedded security works for isolated, dedicated systems with few users but does not offer cost effective security, and even worse does not always handle security based on a real threat (this is manly due to it inherent inflexibility). A military strategy within the field of information operations suggests a method of information superiority bases on the OODA-loop. This theses propose a method of information security protection based on a combination of risk management techniques and information operation (foremost the OODA-loop). This is in order to ensure a cost effective and a viable future for information security in large and complex systems, where the war at least at present time is lost to the “black hats”, a term often used to describe a menaced hacker. Information Security IT-Security Military strategy IDS Risk Management OODA-loop Computer Sciences Datavetenskap (datalogi)
28	Dominerande affärsmodeller inom området informationssäkerhet / Business models within information security. (Which are the dominant in the area?) Lindell, Joakim, Nilsson, Anders January 2009 (has links) Computers together with Internet have been growing enormously, during the last decade and the area of information technology has been growing in the same speed. As long as the surrounding environment evolves, the business models must within the IT-area, keep the same pace. So, how do business corporations handle this change to attract customers? How do the dominant business models look like? In many cases, they are apparently much the same. But what differences can we see and what areas can be improved? We have showed that the IT area isn’t just one, it consist of several segments. These segments are pretty different but can still in many ways use similar business models. To have a chance to explore existing dominant business models, we decided to simplify existing models. The result of our simplified model showed that “a packaged solution” is one business model that companies utilize in large extent. We could also confirm that education is something that has been left behind. (This was confirmed already 2002 by M. Gustafsson and C. Heed). If companies have the possibility to integrate education in their existing models, they could attain much greater market shares. This work will show what segments information technology consists of and which kind of dominant business models that is in use. It will also provide knowledge for further examinations, which we also see as necessary. Business models Information Security IT-Security Administrative Security Computer Sciences Datavetenskap (datalogi) Business Administration Företagsekonomi
29	Organizational effects and management of information security : A cross-sectoral case study of three different organizations / Organisatoriska effekter och hanteringen av Informationssäkerhet : En studie av tre olika organisationer Thomsson, Johan January 2017 (has links) Information technology (IT) can be used to empower an organization to enable it to continue evolving. One aspect in which an organization can evolve is in the form of information security. Previously, information security has been seen as a concern only for the IT-department. However, as the number of threats towards information has rapidly grown over the years, the concern for information security has also increased. The issue on how to keep information safe from unauthorized people has become more important as well as questioned over the years. During the last decades, the concept of information security has evolved to become a multi-dimensional concern affecting entire communities, societies, and organizations. This means that information security has been managed differently in the past, but today, new and other measures are required to ensure the secrecy of certain information. Due to this, organizations are forced to implement certain measures to counter these threats, but what are the effects of this? This thesis compares three different organizations over three different sectors and the purpose is to investigate the effects information security might have within an organization as well as how these effects are managed. With a focus on policies, training, and education of employees as well as the employee awareness, this thesis aims to answer how organizations see information security. Further, it aims to find out what consequences these effects have on their daily work. The results from this study have shown that increased security measures need to be highly motivated and in continuous dialogue with the employees to bring incentives for further use of the measures. An increase in information security can have a damaging effect on efficiency. Therefore, it is important that the organization is able to ensure the desired effect of increased security. With larger openness and accessibility, employees will have easier and quicker access to the information needed, which is essential for the effectivity within the organization, as well as higher incentives for attacks and malpractice of information. / Denna uppsats jämför tre olika organisationer verksamma i olika sektorer, syftet är att undersöka effekterna informationssäkerhet kan ha på en organisation men även hur dessa effkter är hanterade. Med fokus på policy, träning av anställda men också medvetenheten så siktar denna uppsats på att svara på hur organisationer ser informationssäkerhet. Den kommer också att försöka hitta vad konsekvenserna av informationssäkerhet i det dagliga arbetet. Resultatet från denna studie visar att ökad informationssäkerhet måste vara motiverat och i konstant dialog med användarna och implementera incitament för att öka motivet. Ökad informationssäkerhet kan ha en skadande effekt på effektiviteten, därför är det viktigt att organisationerna får den önskade effekten de vill av den ökade säkerheten. Genom mer transparans och tillgänglighet så medför det också att anställda har lättare att hitta rätt information som behös vilket är nödvändigt för effektivitet inom organisationen, men detta ökar även incitament för olika typer av attacker och misskötsel av information. Information security effects organization IT-Security organizational effects. Information Systems
30	Hotbilden i Sverige : En undersökning av den digitala hotbilden mot ett medelstort svenskt företag Carlsson, Maria January 2010 (has links) Internet and information technology today has a rather obvious role in the activities of companies and organizations. All cash transactions within and between companies is digitized, communication within the company is done via e-mail, sales and marketing is done largely with marketing and ads on the Internet. This has resulted in economic benefits for companies and organizations, and facilitated the work for them. However, this has also led to new threats have emerged. Companies and organizations is well aware that there are numerous threats that comes with using the Internet and Information Technologies but exactly what those threats are for a mid-sized company in Sweden is not clarified anywhere. New reports made annually by various companies and government agencies around the world but no one puts a medium-sized Swedish business in focus. In this study several reports, made by different companies and government agencies are compared and compiled, too try too make an overview over the threats against a mid-sized company in Sweden. Together with interviews done with key people in the field of IT-security this study identifies the threats, draws conclusions of how to prevent them and also try to take a look into the future to see what threats a mid-sized company or organization can expect in just a matter of years. In the study we notice how all of the IT threats are increasing and that the digital crime are becoming more organized, that some of the key protections for a company is staff training and standard technical solutions such as antivirus software and firewalls. In the future operating systems will no longer be the target for intrusion, but instead web application be the major vulnerabilities. This essay is written in Swedish. IT-security IT-threats Information Technology Information Systems

Search results