Global ETD Search

11	Security Assessment and nix Package Vulnerabilities Sandgren, Per* January 2018 (has links) Background. Vulnerabilities in software provides attackers with the means to fulﬁll unlawful behavior. Since software has so much power, gaining control over vulnerabilities can mean that an attacker gains unauthorized powers. Since vulnerabilities are the keys that let attackers attack, vulnerabilities must be discovered and mitigated. Scanning vulnerable machines is not enough, and scanning data results must be parsed to prioritize vulnerability mitigation and conduct security assessment. Objectives. Creating a parser is the ﬁrst objective, a tool that takes in input, ﬁlters it and gives output speciﬁed by the parser. The second objective is to have the parser connect found packages to known vulnerabilities. And the last objective is to have the parser give the output more information, sort them by severity and give information on what areas they are vulnerable. Methods. The interviews are conducted on experienced employees at Truesec AB. A parser is implemented with guidance from the supervisor at Truesec. The parser is experimented with to check practicality of parser. Results. The parser can ﬁnd vulnerabilities from the Centos tests and does not ﬁnd any from the Debian tests. From the interviews, we see that more information strengthens a security assessment. Expanding the scanning results will provide more information to the person(s) conducting security assessment. Conclusions. The amount of information gathered in security assessment needs to be expanded to make the assessment more reliable. Packages found can be connected with vulnerabilities by implementing a vulnerability database to match packages. The parser developed does not help in security assessment since the output is not reliable enough, this is caused by the phenomenon backporting. *nix Vulnerabilities Parsing IT-security Mitigation Computer Sciences Datavetenskap (datalogi)
12	Managing the risks associated with IT security and data privacy in the software development industry : Challenges related to operational, financial, and reputational risks Hintze, Elias, Lofterud, Lukas January 2022 (has links) This thesis examines how organisations within the IT software development industry manage risks associated with IT security and data privacy, with factors such as a growth in digitalisation and the Covid-19 pandemic. The research consists of four separate cases with interviewees in managerial positions in four different organisations. The research shows the risks and challenges from an operational, financial, and reputational perspective. Development of the existing methods has been identified using cryptocurrencies as means to expose system vulnerabilities, an increase in monitoring and surveillance, which comes with considerations of follow-up and communication, along with the concept of moral hazards and their future implications. Furthermore, IT security organisations strive towards a risk tolerance approaching zero, as a result, discrepancies can occur between growth and risk. Considerations towards the compliance of data privacy must also be made, as new legislations take shape while being attentive to the stakeholders' changes in demands and expectations. Contributions are made towards the field of risk management and IT security by taking a new era of digitalisation into consideration, giving the field an updated outlook for the future as the importance of data privacy and IT security is increasing. Therefore, the thesis provides valuable information that can be used as guidelines for organisations in this rapidly developing global environment. IT security Data privacy Digitalisation Risk management Business Administration Företagsekonomi
13	Enterprise Mobility : Defining and evaluating business digitalization Arlestedt, Rebecka, Lindh, Melenie January 2016 (has links) Mobile technology has developed rapidly in the recent years and considerably changed the way organizations work. Mobility can bring great benefits to the organizations of which they are at, by e.g. improving employee satisfaction and increase efficiency and productivity. Despite this the development of mobile solutions have grown much faster for individuals than for organizations, with a plethora of devices and applications. The slow enterprise adoption is partly due to the fact that companies need to take information security risks into account at the same time as IT systems need to be rebuilt and customized to accommodate the new mobile way of working. Employees, unlike most other technologies, largely drive mobile strategies at organizations. Organizations are not developing in a fast enough pace and many scientist are describing a research gap in organizations adoption of mobility. This study aims to examine how research in the area has been presented and how enterprise mobility is viewed and utilized. The study has been implemented through qualitative research with a interpretative and exploratory approach. A case study was conducted at two organizations, demonstrating the possibilities and obstacles of enterprise mobility, and also strengthened the existing definition of the field. Additionally the case study illustrated discrepancies in IT solutions and the adoption of enterprise mobility within two different industries. Both researchers and organizations have shown a great interest in exploring this area additionally. Further studies can be extended to include the effects of how companies have adapted to enterprise mobility. / Den mobila teknologin har utvecklats i snabb takt under de senaste åren och således förändrat organisationers sätt att arbeta. Mobilitet kan möjliggöra för organisationer att t.ex. förbättra de anställdas tillfredsställelse, öka effektiviteten och produktiviteten, samt minimera kostnader. Trots den snabba utveckling av såväl mobila lösningar som mobila enheter, så har utvecklingen gått betydligt snabbare för privatpersoner än för organisationer. Detta kan delvis förklaras av det faktum att organisationer, i större utsträckning än privatpersoner, måste ta hänsyn till de säkerhetsrisker som mobilt arbete kan medföra. Det kan också förklaras av att många IT-system kräver vidareutveckling och anpassning för att kunna möta det nya mobila sättet att arbeta. Att organisationer inte utvecklas i tillräcklig snabb takt ligger till grund för att många forskare beskriver att det finns ett forskningsgap i organisationers antagande av mobilitet. Denna studie syftar därför till att undersöka hur begreppet enterprise mobility presenteras i tidigare forskning samt hur det uppfattas och tillämpas bland anställda. Studien har använt en kvalitativ forskningsansats med ett undersökande och tolkande förhållningssätt. En fallstudie har genomförts på två olika organisationer för att identifiera möjligheter och utmaningar med enterprise mobility, men också för att stärka den befintliga definitionen av begreppet. Fallstudien presenterar också skillnader i anpassade IT-lösningar och antagandet av mobilitet inom två olika branscher. Både forskare och organisationer har uttryckt ett stort intresse av att utforska detta område ytterligare. Denna studie ligger till grund för att senare undersöka effekterna av hur företagen har anpassat sig till enterprise mobility. Enterprise mobility BYOD Digitalization IT security Enterprise mobility BYOD Digitalisering IT-säkerhet
14	Säkerhet och integritet i webbapplikationer : En orientering över säker utveckling / Security and Integrity in Web Applications : An orientation of safe development Nordlander, Mikael, Martinsson, Fredrik January 2010 (has links) <p>The use of Web applications is a growing area. While the possibilities and functionalities are increasing, so is the complexity of them, together with the threats against them because the complexity also opens up the application to vulnerabilities. It is therefore important for developers to know how a web application can be developed with security in mind.</p><p>This study’s intention has been to create an introductory documentation of what kind of techniques that exists which can produce higher security, which methods there can be within the development process and what to think about when programming secure web applications. In this paper we have investigated how theoretical manuals in the IT security department handles that area, and interviewed two developers from two different companies to see how they use security in their web applications.</p><p>The study has an exploratory technical perspective and does not explain how to practically use and interconnecting different security-enhancing technologies, but is more suppose to give a first glance at what is available and sow a seed for those interested to continue reading further about the subject. The results of the study was generated through comparison of the theoretical material with the empirical material, to then conclude the most prominent points of what are different and similar between those materials.</p><p>During the study some key points has been revealed for development: Responsibility for safety in the application lies, in the cases we looked at, with the developers to describe the technical possibilities and hence vulnerabilities when the client usually does not possess the same technical skills for that. The customer was, as the cases we studied, often not so proactive on safety and does not value it very high (if it was not a security-critical business such as being involved with defense technology). Because the customer in such cases didn’t put security as high priority, there existed a lack of motivation to spend extra money to combat threats that were not considered significant. In cases where extra recourses were spent on security, a measurement was developed that security should not cost more than the value of what it protects else the cost is unjustified. Finally it is noted that it is technically difficult to protect against human errors that can disarm the security, for example a simple or misplaced password.</p> IT-security web applications web development integrity Säkerhet webbapplikationer utveckling Informatics and systems science Informatik och systemvetenskap
15	Hotbilden i Sverige : <em>En undersökning av den digitala hotbilden mot ett medelstort svenskt företag</em> Carlsson, Maria January 2010 (has links) <p>Internet and information technology today has a rather obvious role in the activities of companies and organizations. All cash transactions within and between companies is digitized, communication within the company is done via e-mail, sales and marketing is done largely with marketing and ads on the Internet. This has resulted in economic benefits for companies and organizations, and facilitated the work for them. However, this has also led to new threats have emerged. Companies and organizations is well aware that there are numerous threats that comes with using the Internet and Information Technologies but exactly what those threats are for a mid-sized company in Sweden is not clarified anywhere. New reports made annually by various companies and government agencies around the world but no one puts a medium-sized Swedish business in focus. In this study several reports, made by different companies and government agencies are compared and compiled, too try too make an overview over the threats against a mid-sized company in Sweden. Together with interviews done with key people in the field of IT-security this study identifies the threats, draws conclusions of how to prevent them and also try to take a look into the future to see what threats a mid-sized company or organization can expect in just a matter of years. In the study we notice how all of the IT threats are increasing and that the digital crime are becoming more organized, that some of the key protections for a company is staff training and standard technical solutions such as antivirus software and firewalls. In the future operating systems will no longer be the target for intrusion, but instead web application be the major vulnerabilities. This essay is written in Swedish.</p> IT-security IT-threats Information Technology Informatics and systems science Informatik och systemvetenskap
16	Managing IT Security In Organizations : A look at Physical and Administrative Controls Asmah, Gilbert Yaw, Baruwa, Adebola Abdulrafiu January 2005 (has links) Introduction Information technology security or computing system security is one of the most impor-tant issues that businesses all over the world strive to deal with. However, the world has now changed and in essential ways. The desk-top computer and workstation have appeared and proliferated widely. The net effect of all this has been to expose the computer-based information system, i.e. its hardware, its software, its software processes, its databases, its communications to an environment over which no one—not end user, not network admin-istrator or system owner, not even government—has control. Purpose Since IT security has a very broad spectrum and encompasses a lot of issues, we want to focus our research by taking a critical look at how business organizations manage IT secu-rity with specific emphasis on administrative and physical controls. Methods When the authors of this paper approached the topic to be studied it soon became evident that the most relevant and interesting task was not merely to investigate how business and non business organizations manage their IT security, but in fact try to understand what lies behind them. The purpose of this paper demands a deeper insight of how organizations address the issue of computer security; the authors wanted to gain a deeper understanding of how security issues have been addressed or being tackled by the organizations. Thus, the qualitative method was most suitable for this study. Conclusion Based on the chosen approach, the result of this study has shown that both business and non-business organizations located in Jönköping recognize the importance of IT security, and are willing to protect their systems from threats such as unauthorized access, theft, fire, power outage and other threats to ensure the smooth running of their systems at all times. Computer System Security IT security Security Planning Security policy. Business studies Företagsekonomi
17	Säkerhet och integritet i webbapplikationer : En orientering över säker utveckling / Security and Integrity in Web Applications : An orientation of safe development Nordlander, Mikael, Martinsson, Fredrik January 2010 (has links) The use of Web applications is a growing area. While the possibilities and functionalities are increasing, so is the complexity of them, together with the threats against them because the complexity also opens up the application to vulnerabilities. It is therefore important for developers to know how a web application can be developed with security in mind. This study’s intention has been to create an introductory documentation of what kind of techniques that exists which can produce higher security, which methods there can be within the development process and what to think about when programming secure web applications. In this paper we have investigated how theoretical manuals in the IT security department handles that area, and interviewed two developers from two different companies to see how they use security in their web applications. The study has an exploratory technical perspective and does not explain how to practically use and interconnecting different security-enhancing technologies, but is more suppose to give a first glance at what is available and sow a seed for those interested to continue reading further about the subject. The results of the study was generated through comparison of the theoretical material with the empirical material, to then conclude the most prominent points of what are different and similar between those materials. During the study some key points has been revealed for development: Responsibility for safety in the application lies, in the cases we looked at, with the developers to describe the technical possibilities and hence vulnerabilities when the client usually does not possess the same technical skills for that. The customer was, as the cases we studied, often not so proactive on safety and does not value it very high (if it was not a security-critical business such as being involved with defense technology). Because the customer in such cases didn’t put security as high priority, there existed a lack of motivation to spend extra money to combat threats that were not considered significant. In cases where extra recourses were spent on security, a measurement was developed that security should not cost more than the value of what it protects else the cost is unjustified. Finally it is noted that it is technically difficult to protect against human errors that can disarm the security, for example a simple or misplaced password. IT-security web applications web development integrity Säkerhet webbapplikationer utveckling Informatics and systems science Informatik och systemvetenskap
18	A virtual machine architecture for IT-security laboratories Hu, Ji January 2006 (has links) This thesis discusses challenges in IT security education, points out a gap between e-learning and practical education, and presents a work to fill the gap. <br><br> E-learning is a flexible and personalized alternative to traditional education. Nonetheless, existing e-learning systems for IT security education have difficulties in delivering hands-on experience because of the lack of proximity. Laboratory environments and practical exercises are indispensable instruction tools to IT security education, but security education in conventional computer laboratories poses particular problems such as immobility as well as high creation and maintenance costs. Hence, there is a need to effectively transform security laboratories and practical exercises into e-learning forms. <br><br> In this thesis, we introduce the Tele-Lab IT-Security architecture that allows students not only to learn IT security principles, but also to gain hands-on security experience by exercises in an online laboratory environment. In this architecture, virtual machines are used to provide safe user work environments instead of real computers. Thus, traditional laboratory environments can be cloned onto the Internet by software, which increases accessibility to laboratory resources and greatly reduces investment and maintenance costs. <br><br> Under the Tele-Lab IT-Security framework, a set of technical solutions is also proposed to provide effective functionalities, reliability, security, and performance. The virtual machines with appropriate resource allocation, software installation, and system configurations are used to build lightweight security laboratories on a hosting computer. Reliability and availability of laboratory platforms are covered by a virtual machine management framework. This management framework provides necessary monitoring and administration services to detect and recover critical failures of virtual machines at run time. Considering the risk that virtual machines can be misused for compromising production networks, we present a security management solution to prevent the misuse of laboratory resources by security isolation at the system and network levels. <br><br> This work is an attempt to bridge the gap between e-learning/tele-teaching and practical IT security education. It is not to substitute conventional teaching in laboratories but to add practical features to e-learning. This thesis demonstrates the possibility to implement hands-on security laboratories on the Internet reliably, securely, and economically. / Diese Dissertation beschreibt die Herausforderungen in der IT Sicherheitsausbildung und weist auf die noch vorhandene Lücke zwischen E-Learning und praktischer Ausbildung hin. Sie erklärt einen Ansatz sowie ein System, um diese Lücke zwischen Theorie und Praxis in der elektronischen Ausbildung zu schließen. <br><br> E-Learning ist eine flexible und personalisierte Alternative zu traditionellen Lernmethoden. Heutigen E-Learning Systemen mangelt es jedoch an der Fähigkeit, praktische Erfahrungen über große Distanzen zu ermöglichen. Labor- bzw. Testumgebungen sowie praktische Übungen sind jedoch unverzichtbar, wenn es um die Ausbildung von Sicherheitsfachkräften geht. Konventionelle Laborumgebungen besitzen allerdings einige Nachteile wie bspw. hoher Erstellungsaufwand, keine Mobilität, hohe Wartungskosten, etc. Die Herausforderung heutiger IT Sicherheitsausbildung ist es daher, praktische Sicherheitslaborumgebungen und Übungen effektiv mittels E-Learning zu unterstützen. <br><br> In dieser Dissertation wird die Architektur von Tele-Lab IT-Security vorgestellt, die Studenten nicht nur erlaubt theoretische Sicherheitskonzepte zu erlernen, sondern darüber hinaus Sicherheitsübungen in einer Online-Laborumgebung praktisch zu absolvieren. Die Teilnehmer können auf diese Weise wichtige praktische Erfahrungen im Umgang mit Sicherheitsprogrammen sammeln. Zur Realisierung einer sicheren Übungsumgebung, werden virtuelle Maschinen anstatt reale Rechner im Tele-Lab System verwendet. Mittels virtueller Maschinen können leicht Laborumgebungen geklont, verwaltet und über das Internet zugänglich gemacht werden. Im Vergleich zu herkömmlichen Offline-Laboren können somit erhebliche Investitions- und Wartungskosten gespart werden. <br><br> Das Tele-Lab System bietet eine Reihe von technischen Funktionen, die den effektiven, zuverlässigen und sicheren Betrieb dieses Trainingssystems gewährleistet. Unter Beachtung angemessener Ressourcennutzung, Softwareinstallationen und Systemkonfigurationen wurden virtuelle Maschinen als Übungsstationen erstellt, die auf einem einzelnen Rechner betrieben werden. Für ihre Zuverlässigkeit und Verfügbarkeit ist das Managementsystem der virtuellen Maschinen verantwortlich. Diese Komponente besitzt die notwendigen Überwachungs- und Verwaltungsfunktionen, um kritische Fehler der virtuellen Maschinen während der Laufzeit zu erkennen und zu beheben. Damit die Übungsstationen nicht bspw. zur Kompromittierung von Produktivnetzwerken genutzt werden, beschreibt die Dissertation Sicherheits-Managementlösungen, die mittels Isolation auf System und Netzwerk Ebene genau dieses Risiko verhindern sollen. <br><br> Diese Arbeit ist der Versuch, die Lücke zwischen E-Learning/Tele-Teaching und praktischer Sicherheitsausbildung zu schließen. Sie verfolgt nicht das Ziel, konventionelle Ausbildung in Offline Laboren zu ersetzen, sondern auch praktische Erfahrungen via E-Learning zu unterstützen. Die Dissertation zeigt die Möglichkeit, praktische Erfahrungen mittels Sicherheitsübungsumgebungen über das Internet auf zuverlässige, sichere und wirtschaftliche Weise zu vermitteln. Computersicherheit VM E-Learning IT security virtual machine E-Learning Data processing Computer science
19	Managing IT Security In Organizations : A look at Physical and Administrative Controls Asmah, Gilbert Yaw, Baruwa, Adebola Abdulrafiu January 2005 (has links) <p>Introduction</p><p>Information technology security or computing system security is one of the most impor-tant issues that businesses all over the world strive to deal with. However, the world has now changed and in essential ways. The desk-top computer and workstation have appeared and proliferated widely. The net effect of all this has been to expose the computer-based information system, i.e. its hardware, its software, its software processes, its databases, its communications to an environment over which no one—not end user, not network admin-istrator or system owner, not even government—has control.</p><p>Purpose</p><p>Since IT security has a very broad spectrum and encompasses a lot of issues, we want to focus our research by taking a critical look at how business organizations manage IT secu-rity with specific emphasis on administrative and physical controls.</p><p>Methods</p><p>When the authors of this paper approached the topic to be studied it soon became evident that the most relevant and interesting task was not merely to investigate how business and non business organizations manage their IT security, but in fact try to understand what lies behind them. The purpose of this paper demands a deeper insight of how organizations address the issue of computer security; the authors wanted to gain a deeper understanding of how security issues have been addressed or being tackled by the organizations. Thus, the qualitative method was most suitable for this study.</p><p>Conclusion</p><p>Based on the chosen approach, the result of this study has shown that both business and non-business organizations located in Jönköping recognize the importance of IT security, and are willing to protect their systems from threats such as unauthorized access, theft, fire, power outage and other threats to ensure the smooth running of their systems at all times.</p> Computer System Security IT security Security Planning Security policy. Business studies Företagsekonomi
20	Identification of Security Relevant Characteristics in Distributed Information Systems / Identifiering av egenskaper relevanta för säkerheten i distribuerade informationssystem Stjerneby, Anna January 2002 (has links) <p>This thesis suggests a set of system characteristics to be used when evaluating or analyzing the IT security of a distributed information system. Each characteristic is meant to be considered in the evaluation of relevant distributed system components. This is considered to be the first step towards finding a technique for modeling and evaluating the security of a system. The work also includes a definition of distributed information system components and a categorization of the found characteristics. The means used to identify the set of characteristics include a thorough investigation of the literature on the relevant subject, as well as a brainstorming session. Thereafter the material has been structured to form the results presented in this thesis.</p> Informationsteknik IT security distributed information systems security architecture security-related system characteristics Informationsteknik Information technology Informationsteknik

Page generated in 0.0817 seconds