• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 63
  • 35
  • 8
  • 2
  • 1
  • 1
  • Tagged with
  • 112
  • 112
  • 75
  • 44
  • 40
  • 34
  • 34
  • 32
  • 30
  • 24
  • 21
  • 20
  • 19
  • 14
  • 14
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
31

Compliance & Standards - The Journey To Security

Johan, Boström January 2021 (has links)
We are in the age of Information Technology (IT) and amazinginnovations are developed. Management systems are now completelydigitalized and it has enabled people to continue working remotely inthe midst of a pandemic. With great innovations there are those thatseek to misuse or destroy systems for personal gain. Therefore IT &Information security is paramount both for organisation and products.To offer both an international approach for common security practicesand provide best results for IT & Information security there existsstandards and frameworks. In this thesis, the standard frameworksgeneral impact and value from both an organisational and a vendorsperspective is evaluated and assessed. To answer the research questionsof this thesis, standards and supporting theory were analysed andinterviewees with security professionals were held. Standards provideorganisational goals for developing a well-functioning and resilientsecurity. Standards also provide a common baseline between customerand vendors, minimising the need for tailoring in products’ securityrequirements. Furthermore, a certification for standards can increasethe confidence of the organisation or product, and generate a businessvalue. Whilst there are many benefits, the standards offer a structure onhow security can be built, but an organisation needs to understand anddevelop a security adapted to their organisation. In addition to setting upa security framework and implementing controls, organisation need tocreate security assurance processes to continuously review and evaluatemeasures to ascertain security posture.
32

Posouzení informačního systému firmy a návrh změn / Information System Efectiveness Assessment and Proposal for ICT Modification

Zelenák, Tomáš January 2019 (has links)
The diploma thesis focuses on the assessment of the information system in the selected company. It analyzes the current state of the company and its equipment. Thesis includes proposals to minimize or eliminate identified deficiences and increase the level of work with information system, security and processes in company.
33

Budování bezpečnostního povědomí na střední a vyšší odborné škole / Increase Security Awareness at the Secondary and Higher Vocational Schools

Kornelly, Aleš January 2016 (has links)
This thesis describes the design and implementation of ISMS to a particular high school. The aim is to provide our own recommendations and suggestions to improve the current situation. Introductory section explains the various basic concepts related to ICT security, the next section describes the facilities of the school and the current state of the school. In the practical part are individually discussed the proposed security measures.
34

Design and implementation of a non-aggressive automated penetration testing tool : An approach to automated penetration testing focusing on stability and integrity for usage in production environments

Viggiani, Fabio January 2013 (has links)
The focus of this Master’s thesis project is automated penetration testing. A penetration test is a practice used by security professionals to assess the security of a system. This process consists of attacking the system in order to reveal flaws.  Automating the process of penetration testing brings some advantages, the main advantage being reduced costs in terms of time and human resources needed to perform the test. Although there exist a number of automated tools to perform the required procedures, many security professionals prefer manual testing. The main reason for this choice is that standard automated tools make use of techniques that might compromise the stability and integrity of the system under test. This is usually not acceptable since the majority of penetration tests are performed in an operating environment with high availability requirements. The goal of this thesis is to introduce a different approach to penetration testing automation that aims to achieve useful test results without the use of techniques that could damage the system under test. By investigating the procedures, challenges, and considerations that are part of the daily work of a professional penetration tester, a tool was designed and implemented to automate this new process of non-aggressive testing. The outcome of this thesis project reveals that this tool is able to provide the same results as standard automated penetration testing procedures. However, in order for the tool to completely avoid using unsafe techniques, (limited) initial access to the system under test is needed. / Det här examensarbete fokuserar i automatiserade penetrationstester.  Penetrationstester används av säkerhetsspecialister för att bedöma säkerheten i ett system. Processen av ett penetrationstest består av olika attacker mot ett system för att hitta säkerhetshål. Automatiserade penetrationstester har fördelar som faktumet att det kostar mindre i tid och i mänskliga resurser som krävs. Trots att det finns många olika automatiserade verktyg för penetrationstestning, väljer många säkerhetsspecialister att göra det manuellt. Den största anledningen till att det görs manuellt är för att automatiserade verktygen använder sig av tekniker som kan kompromissa systemets stabilitet samt integritet. Det tillåts ofta inte, eftersom majoriteten av penetrationstesterna utförs i produktionsmiljöer som kräver hög tillgänglighet. Målet för det här examensarbetet är att introducera ett nytt tillvägagångssätt för automatiserad penetrationstestning, som inriktar sig på att ta fram användbara resultat utan tekniker som kan störa system under drift. Genom att undersöka procedurerna, utmaningarna samt vad som en penetrationstestare tar hänsyn till kommer ett verktyg designas och implementeras för att automatisera flödet av ett icke-aggressivt test. Resultatet av examensarbetet visar på att verktyget utvecklat kan uppnå samma resultat som de standardiserade penetrations-procedurerna givet begränsad tillgång till systemet.
35

Säkerhetsarbete under distansarbete : Faktorer som kan påverka säkerheten under distansarbete / Security during remote work : Factors that may affect the security during remote work

Ryttare, Elin January 2021 (has links)
COVID-19 pandemin har tvingat många organisationer att implementera en digital arbetsmiljö och börja arbeta på distans. Anställda inom IT som behöver samarbeta för att uppnå företagets mål, behöver spendera mycket tid på att kommunicera genom digitala kanaler där det kan dröja att få svar jämfört med ansikte-mot-ansikte. Med distansarbete har en mängd utmaningar medföljt med att säkra de anställdas personliga nätverk och hemmakontor för att kunna utföra sina arbetsuppgifter lika bra hemifrån som på kontoret. Studiens syfte var att analysera skillnaderna mellan säkerheten när arbetet sker på distans jämfört med på kontoret. Skillnaderna har analyserats och några utmaningar med säkerheten under distansarbete har presenterats. Utifrån de presenterade utmaningarna, gavs förslag på hur IT-företag skulle kunna arbeta för att säkra deras arbete även under distansarbete. Studien fokuserar på dataintrång och informationsläckor. En kvalitativ forskningsmetod har använts med semi-strukturerade intervjuer som samlades in på ett ledande företag inom IT-branschen. Genom att använda CIA- triaden som fokuserar på konfidentialitet, integritet och tillgänglighet, analyserades företagets säkerhetsarbete och förslag kunde presenteras utifrån resultatet. En analys genomfördes utifrån det empiriska resultatet från intervjuerna där den empirisk datan analyserades och därefter jämfördes med den insamlade litteraturen från litteraturstudien. Diskussionen presenterade några stora utmaningar för IT-företag under distansarbete. Därefter gavs två förslag på hur IT-företag kan arbeta med och vad de behöver tänka på angående säkerheten, baserat på litteratur och empiriska data. Studien avslutas med förslag på fortsatt forskning som relaterar till områden i den här studien, som kan fördjupa området ytterligare. / The COVID-19 pandemic has forced many organizations to implement a digital work environment and start working from home. Employees, who may have to collaborate to reach their goals will have to put in extra time to communicate through digital channels instead of face-to-face. With the remote work came a lot of challenges with securing the employees personal networks and personal offices so they can perform their work as well from home as from their office. The purpose of this thesis was to analyze the differences between the work with security while working remote compared to in their office. The differences were analyzed, and some challenges were presented. With the presented challenges, some suggestions about how companies in IT can work to secure their work even during remote work. This paper only focuses on security breaches and information leaks. A qualitative study was conducted by using semi-structured interviews. The interviews were conducted on a leading company in the IT-industry. By using the theoretical framework CIA-triad, the security work by the interviewed company could be analyzed and suggestions could be given from the results. An analysis was made on the empirical result from the interviews with comparison to the conducted literature from previous chapters. The analysis showed how the literature were implemented and interpreted at a real company. The discussion was based on the analysis and big challenges for IT-companies during the remote work were presented. Furthermore, the conclusion presented two suggestions for IT-companies to work with and think about to improve their security, based on the literature and empirical data. The thesis end with suggestions of future work that relates to this subject and can be interesting to see results in those areas.
36

Recommender system for IT security scanning service : Collaborative filtering in an error report scenario / Rekommendationssystem för IT-säkerhetsscanner : Kollaborativ filtrering för risk-rapporter

Thunberg, Jonas January 2022 (has links)
Recommender systems have become an integral part of the user interface of many web applications. Recommending items to buy, media to view or similar “next choice”-recommendations has proven to be a powerful tool to improve costumer experience and engagement. One common technique to produce recommendations called Collaborative Filtering makes use of the unsupervised Nearest Neighbor-algorithm, where a costumers historic use of a service is encoded as a vector and recommendations are made such that if followed the resulting behaviour-vector would lie closer to the nearest neighboring vectors encoding other costumers. This thesis describes the adaptation of a Collaborative Filtering recommender system to a cyber security vulnerability report setting with the goal of producing recommendations regarding which of a set of found vulnerabilities to prioritize for mitigation. Such an error report scenario presents idiosyncrasies that do not allow a direct application of common recommender system algorithms. This work was carried out in collaboration with the company Detectify, whose product allows users to check for vulnerabilities in their internet facing software, typically web pages and apps. The finding mitigation priorities of historic customers have to be inferred from differences in their consecutive reports, i.e. from noisy vector valued signals. Further, as opposed to the typical e-commerce or media streaming scenario, as a user can not freely choose which item to increase their consumption of, instead, a user can only attempt to decrease their inventory of a limited subset (the vulnerabilities in their report) of all items (all possible vulnerabilities). This thesis presents an adapted Collaborative Filtering algorithm applicable to this scenario. The chosen approach to the algorithm is motivated by an extensive literature review of the current state of the art of recommender systems. To measure the performance of the algorithm, test data is produced which allows for comparison between recommendations based on noisy data and the actual change in a noiseless version. The results that are showcased give reference values as to under what levels of noise and data sparsity the developed algorithm can be expected to produce recommendations that align well with historic behavioural patterns of other customers. This thesis thus provides a novel variation of the Collaborative Filtering algorithm that extends its usability to a scenario that has not been previously addressed in the reviewed literature. / Rekommendationssystem är idag en självklar del av manga användargränssnitt. Exempel på dessa som många av oss interagerar med dagligen är system som föreslår nästa ord när vi skriver, nästa produkt när vi handlar online eller nästa media när vi använder streaming-tjänster. En vanlig teknik för att producera rekommendationer är Collaborativer Filtering, vilken använder Nearest Neighbor-algoritmer för att rekommendera så att en användares historik (beskriven som en vektor) förflyttas närmre de närmaste grannarna om rekommendationen följs. I denna uppsats redovisas en anpassning av ett Collaborative Filtering-rekommendationssystem för användning i samband med skanning efter it-säkerhetsrisker, med målet att producera rekommendationer rörande vilken säkerhetsrisk som bör prioriteras för åtgärd. Ett sådant error report scenario (riskrapport-scenario) för med sig vissa skillnader jämfört med ett e-handel/streaming-scenario som gör det nödvändigt att anpassa de typiska Collaboritve Filtering-systemet innan det är applicerbart. Det här arbetet utförs i samarbete med företaget Detectify, som tillhandahåller en produkt med vilken användare kan upptäcka säkerhetsrisker i deras internet-kopplade mjukvara (exempelvis hemsidor och web-applikationer). Historiska prioriteringar rörande åtgärdande av säkerhetsrisker måste beräknas ut tidigare användares rapporter om hunna risker, alltså från brusiga vektor-värda signaler. En användare kan inte heller fritt välja att öka sin konsumption av någon produkt i ett sortiment, utan istället måste en rekommendation röra vilket objekt i en användares befintliga innehav (de funna riskerna i deras senaste rapport) som användaren bör försöka minska antalet av. I den här uppsatsen presenteras ett Collaborative Filtering-rekommendationssystem anpassat till detta scenario. Algoritmen motiveras med en extensiv litteraturstudie av relevant litteratur och utvärderas med syntetisk data vilket möjliggör undersökning av hur olika nivåer av brus och gleshet (sparsity) inverkar på rekommendationerna. Resultaten som presenteras tillhandahåller referensnivåer för under vilken grad av brus och gleshet algoritmen kan förväntas prestera väl. Sammanfattningsvis utvecklas, utvärderas och presenteras en modifikation av Cillaborative Filtering-rekommendationssystem som möjliggör dessa användade i ett scenario som ej beskrivs i den genomgångna litteraturen.
37

IT security: Exploring the Benefits of Cloud Computing for Incident Response / IT-säkerhet: en utforskande studie av fördelarna med cloud computing för incident response

Öhman, Malin January 2023 (has links)
This study examines the potential of Cloud Computing in enhancing incident response in IT security. It explores how cloud computing features, such as rapid elasticity and on-demand self-service, can positively impact IT infrastructure decisions during incident response scenarios. Through interviews with IT security consultants, insights are gathered on the interplay between incident response and Cloud Computing. The research findings highlight the significant economic impact of security incidents that emerges as a critical concern for organizations. Furthermore, the study reveals that the aftermath of an incident presents a unique opportunity to strengthen an organization's security posture, which aligns with the theory that security measures are often perceived as unnecessary until a breach occurs. This study demonstrates that leveraging cloud computing characteristics can yield several advantages for IT infrastructure decisions in incident response scenarios in terms of speed and efficiency, and that Cloud Computing offers the potential for improved visibility, ease of investigation, and inherent security measures. However, organizations need to address the challenge of acquiring the necessary expertise to securely utilize cloud resources. The time aspect emerges as a prominent benefit, as cloud resources can be rapidly provisioned compared to the lengthy process of acquiring and implementing hardware. Overall, cloud computing presents a viable option for rebuilding IT infrastructure after security incidents, particularly when functional backups are lacking.
38

The effect of the IT/OT gap on the NIS 2 implementation

Andersson, Niklas January 2023 (has links)
Cyber attacks are steadily increasing, and their impact is becoming more significant. To combat this, the European Union has created directives to enhance the cyber security in critical services in the Union, one example being the NIS 2 directive. The directive comes into force during the fourth industrial revolution, where the Operational Technology (OT) is connected to the Information Technology (IT). This creates new vulnerabilities in the OT environments since they can now suffer from cyber attacks. The historical ways of securing OT and IT environments differ, which has caused what is called the IT/OT gap now that they are converging. In order to implement the NIS 2 directive and to enhance the cyber security of the entire organization, the IT/OT gap needs to be minimized. The problem this study then aims to investigate is how the effects of the IT/OT gap can be reduced in the implementation of the NIS 2 directive. This was done by answering the research question: To what extent is the IT/OT gap a challenge for the implementation of the NIS 2 directive in Sweden? The sub-question: In what areas is the IT/OT gap problematic for the implementation of the NIS 2 directive in Sweden? To gain an answer to the research question semi-structured interviews were conducted with respondents with knowledge in IT and OT security as well as the NIS 2 directive. The interviews were transcribed and analyzed using a thematic analysis. The thematic analysis resulted in 6 themes, Need for technical solutions, Lacking resources, Differences in security culture, Lack of cooperation, Supervisory authority and Standards, and six subthemes. The result showed that the IT/OT gap is a challenge for the implementation of the NIS 2 directive in a varying degree depending on the company. Further, it was shown that the IT/OT gap is most likely a problem in the areas regarding the supervisory authority, lacking resources, and cooperation. To comply with the directive and, more importantly, raise the level of cyber security, organizations and companies must handle all their risk in both IT and OT environments. The OT and IT personnel will need to talk to each other and collaborate to do it, and that might be a significant first step to minimizing the IT/OT gap in the long term.
39

Methods for Hospital Network and Computer Security

Hausrath, Nathaniel L. 16 August 2011 (has links)
No description available.
40

Asserting password crackers ability to target Swedish passwords : An analysis / Lösenordsknäckares förmåga att attackera svenska lösenord

Jensen, Casper January 2023 (has links)
In today's digital world, passwords are the keys that unlock our online lives, keeping our social media, financial accounts, and streaming services secure. Unfortunately, this makes password information a prime target for hackers, who can gain access to our entire digital existence. One significant vulnerability is that an individual's language and cultural background often influence password creation. This master's thesis explores the realm of password security by examining the ability of popular password cracking and mangling tools to target passwords created by Swedish speakers. The study compares attacks on passwords created by Swedish speakers to those created by international users. The tools under scrutiny include Probabilistic Context Free Grammar (PCFG), Ordered Markov Enumerator (OMEN), Odinn, and Hashcat. The study also examines a method for measuring the quality of the tools' password guesses. The findings revealed a noteworthy trend: all the tools demonstrated better performance when attacking passwords created by Swedish speakers compared to their international counterparts. PCFG, in particular, was nearly twice as effective against Swedish passwords after just 10,000 guesses, while OMEN outperformed significantly against Swedish targets after 1-5 million guesses. The quality measurements, gauged by the percentage of cracked passwords after specific guess increments of 10,000, 1-5 million, and 1 billion were used to evaluate the effectiveness of the tools. This research highlights the nuanced dynamics of password security, emphasizing the impact of linguistic and cultural factors on the vulnerability of passwords.

Page generated in 0.0654 seconds