Global ETD Search

41	Diffusion of Cybersecurity Technology - Next Generation, Powered by Artificial Intelligence / Diffusion av Cybersäkerhetsteknologi: Nästa Generation Drivet av Artificiell Intelligens Kang, Johan, Westskytte, Sebastian January 2018 (has links) The cyber world is growing as more information is converted from analogue to digital form. While convenience has been the main driver for this change little effort has been made on securing the data. Data breaches are growing in number and each breach is growing in severity. Combined with regulatory pressure organizations are starting to realize the importance of security. The increased threat level is also driving the security market for more potent solutions and artificial intelligence (AI) have in recent years been implemented to enhance the capabilities of security technologies. The thesis aims to investigate the adoption of AI enabled cybersecurity technologies within the financial industry which is often perceived as the market leader regarding security. Using a qualitative method through a multiple case study, valuable insights were gained regarding how firms are working with security and what needs they have. To identify factors that influence the rate of diffusion of AI enabled security technologies the diffusion of innovation theory combined with the TOE framework was used in this study. The thesis has contributed to the field of innovation management by enriching an area within IT innovation management by bridging the gap between security innovation and AI innovation. The study revealed that environmental factors, such as regulations and threat landscape, are forcing organizations to take action and control both how organizations work with security but also what technological attributes are perceived as advantageous. Detection and automation are two technological attributes that the companies are looking for to fill their needs. AI solutions are already being implemented to increase detection and automation we believe that the rate of adoption for AI enabled security innovation will only continue to grow. The results and findings contribute to an expanded understanding on the factors that affect adoption of AI security innovations within the financial industry. / Den digitala världen fortsätter att växa eftersom mer information omvandlas från analog till digital form. Medan bekvämlighet har varit den viktigaste drivkraften för denna förändring, så har lite ansträngning gjorts för att säkra upp den data som företagen besitter. Dataintrången växer i antal, och varje ny incident får allvarligare konsekvenser än den förra. Detta faktum kombinerat med strängare regelverk har fått företagen att inse vikten av att säkra sin miljö. Den förstärkta hotbilden driver också säkerhetsmarknaden framåt med nya lösningar, och artificiell intelligens (AI) har under de senaste åren i allt större utsträckning implementerats i säkerhetslösningar för att förstärka skyddet. Uppsatsens syfte är att undersöka spridningen av AI-säkerhetsinnovationer inom finansbranschen, som ofta uppfattas som marknadsledande när det gäller säkerhet. Med hjälp av en kvalitativ metod genom en fallstudie på tre företag erhölls värdefulla insikter om hur företagen arbetar med säkerhet och vilka behov de har. För att identifiera faktorer som påverkar spridningshastigheten för AI-säkerhetslösningar användes ”diffusion of innovation”-teorin i kombination med TOE-ramverket i denna studie. Uppsatsen har bidragit till innovation management-området genom att berika ett område inom IT-innovation genom att brygga mellan säkerhetsinnovation och AI-innovation. Studien visade att miljöfaktorer, såsom regelverk och hotbild, kontrollerar både hur organisationer arbetar med säkerhet och vilka tekniska egenskaper som uppfattas som fördelaktiga. Detektion och automatisering är två tekniska egenskaper som företagen har stora behov av. AI-lösningar implementeras redan för att öka de egenskaperna. Vi argumenterar för att, utifrån de behoven som företagen har kombinerat med miljöfaktorerna, kommer spridningstakten att öka för AI-säkerhetsinnovation. Cybersecurity IT-security Artificial Intelligence Diffusion of Innovation Technology Adoption IT innovation Security Strategy Cybersecurity IT-security Artificial Intelligence Diffusion of Innovation Technology Adoption IT innovation Security Strategy Economics and Business Ekonomi och näringsliv
42	Developing a concept for handling IT security with secured and trusted electronic connections Hockmann, Volker January 2014 (has links) In this day and age, the Internet provides the biggest linkage of information, personal data and information, social contact facilities, entertainment and electronic repository for all things including software downloads and tools, online books and technical descriptions, music and movies - both legal and illegal [Clarke, 1994]. With the increasing bandwidth in the last few years worldwide, it is possible to access the so-called "Triple-Play-Solutions" - Voice over lP, High-Speed-Internet and Video on Demand. More than 100 million subscribers have signed on across Asia, Europe, and the Americas in 2007, and growth is likely to continue steadily in all three. As broadband moves into the mainstream, it is reshaping the telecommunications, cable and Internet access industrie [Beardsley, Scott and Doman, Andrew, and EdinMC Kinsey, Par, 2003]. Cisco [Cisco, 2012], one of the biggest network companies, will expect more than 966 exabytes (nearly 1 zettabyte) per year or 80.5 exabytes per month in 2015 and the "Global IP traffic has increased eightfold over the past 5 years, and will increase fourfold over the next 5 years. Overall, IP traffic will grow at a compound annual growth rate (CAGR) of 32 percent from 2010 to 2015" . More and more types of sensible data flow between different recipients. News from around the world are transferred within seconds from the one end to the other end of the world, and affect the financial market, stock exchange [Reuters, 2012] and also bring down whole governments. For instance, worldwide humoil might ensue if a hacker broke into the web-server of an international newspaper or news channel like N-TV in Germany or BBC in England and displayed messages of a political revolution in Dubai or the death of the CEO from Microsoft or IBM. 005.8
43	Sicheres Cloud Computing in der Praxis Reinhold, Paul 11 April 2017 (has links) (PDF) In dieser Dissertation werden verschiedene Anforderungen an sicheres Cloud Computing untersucht. Insbesondere geht es dabei um die Analyse bestehender Forschungs- und Lösungsansätze zum Schutz von Daten und Prozessen in Cloud-Umgebungen und um die Bewertung ihrer Praxistauglichkeit. Die Basis für die Vergleichbarkeit stellen spezifizierte Kriterien dar, nach denen die untersuchten Technologien bewertet werden. Hauptziel dieser Arbeit ist zu zeigen, auf welche Weise technische Forschungsansätze verglichen werden können, um auf dieser Grundlage eine Bewertung ihrer Eignung in der Praxis zu ermöglichen. Hierzu werden zunächst relevante Teilbereiche der Cloud Computing Sicherheit aufgezeigt, deren Lösungsstrategien im Kontext der Arbeit diskutiert und State-of-the-Art Methoden evaluiert. Die Aussage zur Praxistauglichkeit ergibt sich dabei aus dem Verhältnis des potenziellen Nutzens zu den damit verbundene erwartenden Kosten. Der potenzielle Nutzen ist dabei als Zusammenführung der gebotenen Leistungsfähigkeit, Sicherheit und Funktionalität der untersuchten Technologie definiert. Zur objektiven Bewertung setzten sich diese drei Größen aus spezifizierten Kriterien zusammen, deren Informationen direkt aus den untersuchten Forschungsarbeiten stammen. Die zu erwartenden Kosten ergeben sich aus Kostenschlüsseln für Technologie, Betrieb und Entwicklung. In dieser Arbeit sollen die zugleich spezifizierten Evaluierungskriterien sowie die Konstellation der obig eingeführten Begriffe ausführlich erläutert und bewertet werden. Für die bessere Abschätzung der Eignung in der Praxis wird in der Arbeit eine angepasste SWOT-Analyse für die identifizierten relevanten Teilbereiche durchgeführt. Neben der Definition der Praktikabilitätsaussage, stellt dies die zweite Innovation dieser Arbeit dar. Das konkrete Ziel dieser Analyse ist es, die Vergleichbarkeit zwischen den Teilbereichen zu erhöhen und so die Strategieplanung zur Entwicklung sicherer Cloud Computing Lösungen zu verbessern. Cloud Computing IT Sicherheit Technologieevalierung Bewertungsverfahren Cloud Computing IT-Security Technology Evaluation Evaluationprocess ddc:000 Cloud Computing Bewertung
44	Strong user authentication mechanisms / Starka användarverifieringsmekanismer Haraldsson, Emil January 2005 (has links) <p>For Siemens Industrial Turbomachinery to meet its business objectives a modular authentication concept has to be implemented. Such a mechanism must be cost- effective while providing a well-balanced level of security, easy maintenance and be as user-friendly as possible. </p><p>Authenticating users securely involves the combination of two fields, theory of authentication mechanisms in information systems and human computer interaction. To construct a strong user authentication system the correlations of these fields has to be understood and provide guidance in the design. </p><p>Strong user authentication mechanisms enforce the use of two-factor authentication or more. The combinations implemented rely on knowledge, possession and sometimes logical-location. </p><p>A user authentication system has been implemented using leading industrial products as building blocks glued together with security analysis, programming and usability research. </p><p>The thesis is divided into two parts, the first part giving the theoretical background of cryptography, authentication theory and protocols needed for the understanding of the second part, providing security analysis, blueprints, and detailed discussions on the implemented system. </p><p>Conclusions have been drawn regarding the implemented system and its context as well as from strict theoretical reasoning regarding the authentication field in general. Conclusions include: </p><p>· The unsuitability of remote authentication using biometrics</p><p> · The critical importance of client security in remote authentication</p><p> · The importance of a modular structure for the security of complex network-based systems</p> Informationsteknik kryptografi verifiering nätverk matematik säkerhet informationsteknologi datasäkerhet cryptography authentication mathematics security informationtechnology computersecurity it-security Informationsteknik Information technology Informationsteknik
45	Towards evaluating security implementations using the Information Security Maturity Model (ISMM) Alaboodi, Saad Saleh January 2007 (has links) Information security is a common and ever-present concern for both private and public sector organizations. Information security protects information from a wide range of threats, risks, and vulnerabilities in order to ensure information availability, integrity and confidentiality, and hence business continuity. This research seeks to use a heuristic-based investigation of the Information Security Maturity Model (ISMM), developed by the author, combined with a thorough review of existing models, to suggest considerable extensions. This shall merit various applications leading to establish a connective body of knowledge and bridge a gap in existing literature and industry regarding the information security implementation in light of use of international standards and models. The ISMM model is neither based on a specific technology/protocol (e.g. PKI, IPSec, SSL) nor a certain system/product (e.g. Firewall, Antivirus, IDS), but rather an engineering approach towards a structured and efficient implementation of those technologies. The ISMM is a security-centric model that consists of five distinctive and ordered security layers, each of which has its own definition, scope, and characteristics. The model reflects the three key security processes (prevention, detection and recovery) and captures effects of people (visibility and sophistication) on every layer. It aims essentially to assess the maturity of any security implementation of any size and type (i.e. device, system, or environment). New extensions of the ISMM work are put forward. Literature review is augmented by introducing a new classification of information security models. Additionally, new abstractions are introduced, first: the abstraction of security conceptual boundaries, which signifies rational priorities and captures the unavoidable interferences between information and physical security in any security context, second: the abstraction of ratios of resources utilization (i.e. computational power, energy, memory, and other costs). Further extensions include a new attack model that classifies attacks in terms of their impact. This leads to a new approach for analyzing attacks and study adversary’s capabilities at different layers of both the ISMM and network models in the whole system, as one integrated entity against both single and hybrid attacks. As an example of one possible mapping and compatibility of the ISMM with other security-related models, the ISMM layers are mapped to their pertinent peers in network models (i.e. ISO/OSI and TCP/IP), which offers more information about security controls at each layer and its contribution to the actual overall security posture. The ISMM offers a prompt and structured approach to identify the current security state of small communication devices, computing platforms, and large computing environments in a consistent manner. A cost-effective realization is achieved through the optimization of IT and security expenditure. Therefore, the model assists to minimize deficiencies in security implementation. Also, the identification of needs and goals of the following level in the ISMM hierarchy allows a strategic approach proportional to allowable resources to take place, as a result, both goals are reached and cost is reduced much faster. This work is believed to facilitate grounds for future research endeavors such as applying these propositions on simulated examples, real life case studies, and developing a formula for the optimized distribution of security resources in a consistent manner with the best possible security level. maturity model information security IT security security processes attack model optimal security cost of information security Electrical and Computer Engineering
46	Towards evaluating security implementations using the Information Security Maturity Model (ISMM) Alaboodi, Saad Saleh January 2007 (has links) Information security is a common and ever-present concern for both private and public sector organizations. Information security protects information from a wide range of threats, risks, and vulnerabilities in order to ensure information availability, integrity and confidentiality, and hence business continuity. This research seeks to use a heuristic-based investigation of the Information Security Maturity Model (ISMM), developed by the author, combined with a thorough review of existing models, to suggest considerable extensions. This shall merit various applications leading to establish a connective body of knowledge and bridge a gap in existing literature and industry regarding the information security implementation in light of use of international standards and models. The ISMM model is neither based on a specific technology/protocol (e.g. PKI, IPSec, SSL) nor a certain system/product (e.g. Firewall, Antivirus, IDS), but rather an engineering approach towards a structured and efficient implementation of those technologies. The ISMM is a security-centric model that consists of five distinctive and ordered security layers, each of which has its own definition, scope, and characteristics. The model reflects the three key security processes (prevention, detection and recovery) and captures effects of people (visibility and sophistication) on every layer. It aims essentially to assess the maturity of any security implementation of any size and type (i.e. device, system, or environment). New extensions of the ISMM work are put forward. Literature review is augmented by introducing a new classification of information security models. Additionally, new abstractions are introduced, first: the abstraction of security conceptual boundaries, which signifies rational priorities and captures the unavoidable interferences between information and physical security in any security context, second: the abstraction of ratios of resources utilization (i.e. computational power, energy, memory, and other costs). Further extensions include a new attack model that classifies attacks in terms of their impact. This leads to a new approach for analyzing attacks and study adversary’s capabilities at different layers of both the ISMM and network models in the whole system, as one integrated entity against both single and hybrid attacks. As an example of one possible mapping and compatibility of the ISMM with other security-related models, the ISMM layers are mapped to their pertinent peers in network models (i.e. ISO/OSI and TCP/IP), which offers more information about security controls at each layer and its contribution to the actual overall security posture. The ISMM offers a prompt and structured approach to identify the current security state of small communication devices, computing platforms, and large computing environments in a consistent manner. A cost-effective realization is achieved through the optimization of IT and security expenditure. Therefore, the model assists to minimize deficiencies in security implementation. Also, the identification of needs and goals of the following level in the ISMM hierarchy allows a strategic approach proportional to allowable resources to take place, as a result, both goals are reached and cost is reduced much faster. This work is believed to facilitate grounds for future research endeavors such as applying these propositions on simulated examples, real life case studies, and developing a formula for the optimized distribution of security resources in a consistent manner with the best possible security level. maturity model information security IT security security processes attack model optimal security cost of information security Electrical and Computer Engineering
47	Smarta Kort : En del av en intelligent IT-lösning i hälso- och sjukvården? Isaksson, Johanna, Sanne, Therése January 2006 (has links) <p>Background: IT-security is included in the concept of information security, which considers all the security of handling information within an organisation. Good IT-security is about finding the right level of measurement, however, it is hard to implemement new IT-solutions in an organisation, particularly within the health care field, where sensitive information are handled daily. Lately the Swedish government, together with county- and city council, understand the importance of IT and health care. Carelink, an organisation of interest, is working actively for the presumption of benefit by using IT within the health care field. During spring 2006 the Swedish government introduced a national IT-strategy. SITHS, Säker IT inom Hälso- och sjukvården, is a project running by Carelink and is based upon using Smart Cards as an identification. Smart Cards can be used as accesscards for logging on to a computersystem in an organsiation in order to secure an indentity.</p><p>Purpose: The purpose with this thesis is to investigate the assumptions for how Smart Cards, as a part of a total security solution, can increase the ITsecurity within the Healt Care field.</p><p>Method: The study was initiated with literature and suitable references to informationssecurity, Smart Cards and Healthcareinformatic. Our empirical study was carried out at Ryhov Hospital in Jönköping, one of Sweden’s newest hospitals. Both qualitative and quantitative studies were conducted, because we chose to do interviews and surveys. The interviews were conducted in order to get a deeper understanding for the organisation and the survey was made in order to investigate the attitudes among the nurses and doctors about the security of computer use.</p><p>Result: Smart Cards can, according to our studie, increase the IT-security within the Health Care field by creating a safer identification with the use of ITsupport. Smart Cards can also make the process of logging on and off to a computer system easier, which leads to better logging and mobilisation. The study also demonstrates that users are not afraid of the changes a smart card will represent within their organization.</p> / <p>Bakgrund: IT-säkerhet ingår i begreppet informationssäkerhet som avser all säkerhet vid hantering av information inom en organisation. God IT-säkerhet handlar om att hitta rätt nivå med tillhörande åtgärder och nya IT lösningar, men detta är inte enkelt att införa i organisationer och speciellt inte i vården som dagligen hanterar känslig information. Under senare år har regeringen tillsammans med landsting och kommuner fått upp ögonen för vilken nytta IT kan utgöra inom vården. Intresseorganisationen Carelink arbetar aktivt för att skapa förutsättningar att använda IT inom vården, och under våren 2006 har även regeringen presenterat en Nationell IT-strategi. Projektet SITHS, Säker IT inom Hälso- och Sjukvården, drivs av Carelink och bygger på att använda smarta kort som säker identifikation. Korten kan bland annat användas som passerkort och vid inloggning till ett datasystem för att säkerhetsställa en identitet.</p><p>Syfte: Syftet med denna uppsats är att undersöka förutsättningarna för hur smarta kort, som en del av en total säkerhetslösning, kan förbättra IT-säkerheten inom hälso- och sjukvården.</p><p>Metod: Studien påbörjades med en genomgång av lämplig litteratur om informationssäkerhet, smarta kort samt vårdinformatik. Den empiriska studien utfördes sedan på Länssjukhuset Ryhov i Jönköping, som är ett av Sveriges nyaste sjukhus. Här genomfördes både kvalitativa och kvantitativa studier, då vi valde att göra ett antal intervjuer samt en enkätundersökning bland vårdgivarna. Intervjuerna gjordes för att få en djupare förståelse för organisationen, och enkätundersökningen för att undersöka attityderna till dagens datoranvändning samt hur säkerheten kring datoriseringen upplevs bland de anställda.</p><p>Resultat: Enligt studien kan smarta kort förbättra IT-säkerheten inom hälso- och sjukvården genom att skapa en säker identifiering vid användning av ITstöd. Smarta kort kan även bidra till en förenklad in- och utloggningsprocess i ett datorsystem, vilket i sin tur leder till bättre spårbarhet samt ökad mobilitet bland användarna. Undersökningen visar att majoriteten av användarna inte är emot den förändring ett smart kort kan bidra till, utan snarare tvärt om.</p> Smart Cards Information security IT-security IT-strategy Smarta kort Aktiva kort Informationssäkerhet Nationell IT-strategi Informatics Informatik
48	IT security for small and medium-sized enterprises : A didactical concept of a dynamical questionnaire Covic, Mirjana, Kohler, Thomas January 2009 (has links) <p>This master thesis has been written at the School of Mathematics and System Engineering (MSI) at Växjö University in the field of computer science. IT security has become one of the main topics of every enterprise since they all use information technology in their business. Investments have to be done in order to achieve a high protection status of the IT environments. Specially small and medium-sized enterprises need more knowledge and advisory how to handle their IT security. This thesis analyses management tools that have the goal to improve the IT security. The second and main part of the thesis is the design of a tool that should helps to solve the described problems.</p> IT security questionnaire Advisory System recommendation as-is-analysis management tool didactics small and medium-sized enterprises SME Computer science Datavetenskap
49	Prevention of Cyber Security Incidents within the Public Sector : A qualitative case study of two public organizations and their way towards a sustainable cyber climate / Förebyggandet av cybersäkerhetsincidenter inom offentlig sektor : En kvalitativ fallstudie av två offentliga organisationer och deras väg mot ett hållbart cyber klimat Enocson, Julia, Söderholm, Linnéa January 2018 (has links) Title: Prevention of Cyber Security Incidents within the Public Sector - A qualitative case study of two public organizations and their way towards a sustainable cyber climate Authors: Julia Enocson and Linnéa Söderholm Supervisor: Ida Lindgren Keywords: Cyber Security, Incident, Prevention, Public Sector, IT Security, Information Security Background: In today’s digital environment it has become crucial for organizations to protect themselves against cyber security attacks and incidents. Emerging technologies pose security risks and the number of cyber security incidents are increasing. Within the public sector it is considered as one of the most challenging phenomenons that governments face today, and awareness is limited. However, studies show that a majority of cyber security incidents could have been prevented. In addition, evidence indicates that incidents often occurs due to internal actions, and not external threats. Purpose: The purpose of our study is to identify factors that may impact public organizations’ capability to prevent cyber security incidents, and subsequently how they could work towards maintaining a proactive prevention. Methodology: This study has adopted a qualitative research strategy with the design of a case study of cyber security incident prevention in the public sector, examined through two organizations. In order to collect empirical data, semi-structured interviews were conducted. Conclusion: In this study we have, based on previous literature and empirical data, identified seven influential factors that may be of importance for public organizations to take into consideration when working with cyber security incident prevention. Our findings have subsequently resulted in insights that may inspire public organizations as to how they could work proactively towards preventing incidents. The identified factors revolve around the importance of performing internal and external analyses, defining roles and responsibilities, formulating goals and regulatory documents, educating and communicating to employees, the aspect of organizational culture, and consistent evaluation. How, and to what extent, public organizations work with these factors, indicate the level of preparation to prevent future cyber security incidents. Cyber Security Incident Prevention Public Sector IT Security Information Security Övrig annan samhällsvetenskap
50	Identification of Security Relevant Characteristics in Distributed Information Systems / Identifiering av egenskaper relevanta för säkerheten i distribuerade informationssystem Stjerneby, Anna January 2002 (has links) This thesis suggests a set of system characteristics to be used when evaluating or analyzing the IT security of a distributed information system. Each characteristic is meant to be considered in the evaluation of relevant distributed system components. This is considered to be the first step towards finding a technique for modeling and evaluating the security of a system. The work also includes a definition of distributed information system components and a categorization of the found characteristics. The means used to identify the set of characteristics include a thorough investigation of the literature on the relevant subject, as well as a brainstorming session. Thereafter the material has been structured to form the results presented in this thesis. Informationsteknik IT security distributed information systems security architecture security-related system characteristics Informationsteknik Computer and Information Sciences Data- och informationsvetenskap

Search results