Spelling suggestions: "subject:"biosecurity"" "subject:"andsecurity""
51 |
Differences in security between native applications and web based applications in the field of health careDahl, Andreas, Nylander, Kristofer January 2015 (has links)
Developing native applications for different platforms with different resolutions and screen sizes is both time consuming and costly. If developers were able to develop one web based application which can be used on multiple platforms, yet retain the same level of security as a native application, they would be able to reduce both development time and costs. In this thesis we will investigate the possibilities of achieving a level of security in a web-based application that can equal that of a native application, as well as how to develop an application that uses the Mina Vårdkontakter (My Healthcare Contacts) framework.
|
52 |
Säkerhet i smarttelefoner : En jämförelsestudie mellan bärbara datorer och smarttelefoner i verksamheterOlsson, Per January 2013 (has links)
Smartphones have become more common as business tools within the workplace. With its many features and great flexibility, the smartphone has stormed the business world and become an alternative or complement to the laptop. As these mobile units' popularity has increased, the interest of businesses to invest in this new technology has increased, but has security kept up with the technology developments? This study aims to conduct a study to see if the companies in the IT industry have the same safety awareness for smart phones to laptops. The study shows that companies have greater safety awareness and higher safety requirements for laptops than smartphones. Meanwhile, both end-users and management are well aware of the risks and threats that the smartphone is facing.
|
53 |
Säkerhet i smarttelefoner : En jämförelsestudie mellan bärbara datorer och smarttelefoner i verksamheterJuhlin, Pär January 2013 (has links)
Smarttelefoner har blivit vanligare som affärsverktyg inom arbetslivet. Med sina många funktioner och stora flexibilitet har smarttelefonen stormat affärsvärlden och kommit att bli ett alternativ eller komplement till den bärbara datorn. Allt eftersom smarttelefoners popularitet har ökat, har även företagens intresse att investera i denna nya teknik vuxit, men har säkerheten följt med i denna snabba utveckling? Denna studies syfte är att genomföra en undersökning för att se ifall företag inom IT-branschen har samma säkerhetsmedvetande för smarttelefoner som för bärbara datorer. Studien visar att företag har ett större säkerhetsmedvetande och högre säkerhetskrav för bärbara datorer än smarttelefoner. Samtidigt är både slutanvändarna och företagsledningen väl medvetna om de risker och hot som smarttelefonen ställs inför. / Smartphones have become more common as business tools within the workplace. With its many features and great flexibility, the smartphone has stormed the business world and become an alternative or complement to the laptop. As these mobile units' popularity has increased, the interest of businesses to invest in this new technology has increased, but has security kept up with the technology developments? This study aims to conduct a study to see if the companies in the IT industry have the same safety awareness for smart phones to laptops. The study shows that companies have greater safety awareness and higher safety requirements for laptops than smartphones. Meanwhile, both end-users and management are well aware of the risks and threats that the smartphone is facing.
|
54 |
Sběr indikátorů kompromitace z operačních systémů / Collecting Indicators of Compromise from Operating SystemsProcházka, Jiří January 2019 (has links)
Focus of this thesis is on the design and implementation of an application for gathering indicators of compromise from the systems. In the thesis, there is an introduction to the term indicator of compromise and description of commonly used categories. Next, there is a summary of existing tools with a similar focus. In the thesis, there is a list of some existing formats for sharing of indicators of compromise and selection of format which resulting application uses. After the implementation, application was tested both locally and on infrastructure of cyber exercise.
|
55 |
Gestion du contrôle de la diffusion des données d’entreprises et politiques de contrôles d’accès / Access control policies and companies data transmission managementBertrand, Yoann 22 March 2017 (has links)
Cette thèse traite des problèmes de fuite de données accidentelles au sein des entreprises. Ces fuites peuvent être dues à l’utilisation conjointe de politiques de Contrôle d’Accès (CA) et de Contrôle de Transmission (CT). De plus, l’utilisation conjointe de ces deux types de politique génère plusieurs problèmes pour les personnes ayant la charge de créer et maintenir ces politiques. Parmi ces problèmes, nous pouvons citer des problèmes de généricité des modèles existants, de cohérence entre les règles de CA et de CT ainsi que des problèmes de densité, d’adaptabilité, d’interopérabilité et de réactivité. Dans cette thèse, nous proposons en premier lieu un méta-modèle pour prendre en compte la plupart des modèles de CA utilisés dans les entreprises. Nous proposons ensuite la génération cohérente et semi-automatique des politiques de CT à partir de politiques de CA existantes pour répondre au problème de cohérence. De plus, différentes fonctionnalités sont proposées pour résoudre les problèmes de densité, d’adaptabilité et d’interopérabilité. Afin de valider la pertinence de notre solution, nous proposons une étude (type questionnaire) auprès d’experts sécurité et d’administrateurs. Cette étude révèle des informations sur la taille des politiques gérées, la pénibilité à les définir ou encore l’utilité des fonctionnalités proposées pour résoudre les problèmes précédents. Enfin, nous testons notre preuve de concept sur des données aléatoires et réelles en prenant en compte les performances et la réactivité, validant ainsi que notre solution répond bien aux problèmes soulevés. / The main objective of this thesis is to solve the problem of unintentional data leakage within companies. These leaks can be caused by the use of both Access Control (AC) and Transmission Control (TC) policies. Moreover, using both AC and TC can lead to many problems for the security experts and the administrators that are in charge of the definition and maintenance of such policies. Among these problems, we can underline the genericity problem of existing models, the coherence problem between AC and TC rules and problems such as density, adaptability, interoperability and reactivity. In this thesis, we first define a meta-model to take into account the main AC models that are used within companies. We also propose a coherent and semi-automatic generation of TC policies based on existing AC to tackle the coherence problem. Moreover, several mechanisms have been proposed to tackle complexity, adaptability and interoperability issues. In order to validate the relevance of our solution, we have first conducted a survey among security experts and administrators. This survey has highlighted several information regarding the policies’ size and density, the tiresomeness of having to define them and the interest for several functionalities that can cover the aforementioned problems. Finally, our solution has been tested on stochastically generated and real policies in order to take performances and reactivity under consideration. Results of these tests have validated that our solution covers the underlined problems.
|
56 |
Social Media Risk Management : and the impact on organization IT securityHolmstedt, Malena January 2020 (has links)
The purpose of this study was to investigate and try to describe how social media risk management is performed and what impact social media risk management could have on organizations IT security. The outcome of this study is possible knowledge for researchers and for practitioners in the field, of how social media risk management was handled in some organizations in Sweden and what impact the chosen social media risk management could have on the IT security. This study looked at social media risk management and what impact it could have on organizations IT security through prior studies done and through data collected from semi structured interviews and surveys. Social media risk management was according to this study performed mostly reactive and a majority of the organizations did not have risk management specifically for social media. More organizations had a social media policy than performed risk management for social media. The risk management for social media in the IT organizations in this study was described in the interviews as reactive due to several reasons: old systems that made it hard to be proactive, lack of time for prioritizing social media risks or risk management for social media was currently being worked on. The proactive IT organizations described themselves to have a general security policy and risk management plans for basically everything. Social media risks can lead to risks that impacts organization IT security. In the interview notes five quotes was found that could be considered to suit the risks themes found in prior studies.
|
57 |
Security als komplexe Anforderung an agile Softwareentwicklung: Erarbeitung eines Anwendungsmusters zur Betrachtung der IT-Security in agilen Entwickungszyklen anhand eines metadatengestützen Testing-VerfahrensMatkowitz, Max 26 April 2022 (has links)
Agile Softwareentwicklung steht mit seinen Prinzipien für offene Kollaboration, leichtgewichtige Rahmenwerke und schnelle Anpassung an Änderungen. Mit diesen Charakteristika konnte sich Problemen und Unzufriedenheit in der traditionellen Software-Entwicklung gewidmet werden. Auf der Seite der IT-Sicherheit haben sich allerdings vielfältige Herausforderungen offenbart. Mit Static Application Security Testing (SAST) und Dynamic Application Security Testing (DAST) wurden erste Lösungsansätze dafür geliefert. Eine zufriedenstellende Möglichkeit zur Integration von Security-Testing in agile Softwareentwicklung, insbesondere im Cloud-Kontext, stellen diese allerdings nicht dar.
Die vorliegende Arbeit soll unter folgender Fragestellung bearbeitet werden: Wie kann ein praktisches Konzept zur Betrachtung der Sicherheit von Anwendungs-Code, Container und Cluster innerhalb von agilen Entwicklungszyklen realisiert werden, wenn ein metadatenbasiertes Testverfahren verwendet werden soll? Das Ziel teilt sich damit in die Konzeption und Realisierung von zwei Aspekten: das metadatenbasierte Security-Testing von Code/Container/Cluster und den Entwicklungsablauf zur Anwendung des Testing-Verfahrens.
Ein Fallbeispiel der Webentwicklung wurde zur qualitativen Evaluation eines Prototypen herangezogen, welcher mittels Python und GitLab umgesetzt wurde. Nach Erläuterung der Rahmenbedingungen, konnten konkrete Szenarien eines Entwicklungsprozesses durchlaufen werden. Die qualitative Untersuchung zeigte eine erfolgreiche Erkennung von Schwachstellen unterschiedlicher Kategorien (z.B. Broken Access Control). Insgesamt konnte eine gute Einbettung in den beispielhaften Entwicklungsablauf beobachtet werden. Der Aufwand für die Pflege der Metadaten ist nicht zu vernachlässigen, jedoch sollte dieser aufgrund der Orientierung am etablierten OpenAPI Schema nicht zu stark gewichtet werden. Dies gilt insbesondere dann, wenn durch den Einfluss von Metadaten Mehrwerte (Durchführbarkeit, Schnelligkeit, Komfortabilität) generiert werden können.:1 Einleitung
1.1 Problembeschreibung
1.2 Zielstellung
1.3 Stand der Technik und Entwicklungsmethoden
1.4 Methodik
2 Theoretische und Technische Grundlagen
2.1 Grundlagen der agilen Software-Entwicklung
2.2 GitLab
2.3 Grundlagen zum metadatengestützten Security-Testing
3 Konzeption
3.1 Low-Level Modell (Testablauf)
3.2 Synthese der beispielhaften Testfälle
3.3 Beschreibungsdatei
3.4 High-Level Modell (Entwicklungsablauf)
4 Implementation
4.1 Testablauf
4.2 CI/CD Pipeline
4.3 Fallbeispiel der agilen Softwareentwicklung
5 Auswertung und Ausblick
|
58 |
IT Security Risk Management of Cloud Computing Services in Critical InfrastructuresAdelmeyer, Michael 27 February 2020 (has links)
Due to the considerable advantages of cloud computing, such as cost efficiency, flexibility, and scalability, the technology has transformed the means of IT service provisioning. To realize the proclaimed benefits, critical infrastructure providers, as the backbone of societal life, increasingly deploy their IT services, processes, and functions in cloud environments. However, as the control over the underlying cloud infrastructure and the corresponding security measures is delegated to the cloud provider, the outsourcing to cloud environments exposes critical infrastructures to security risks. This is especially crucial since critical infrastructures highly rely on IT systems for dependable service provisioning. In addition, each cloud deployment is afflicted with individual risks depending on the selected cloud service and deployment model. Due to the strict requirements and regulations regarding the IT security of their landscapes, the management of IT security risks related to the adoption of cloud services is of significant importance for critical infrastructures. Thus, the objective of this thesis is to examine the IT security risk management of cloud services in critical infrastructures. For this purpose, frameworks, conceptual models, prototypical tools, action recommendations, and implications are developed. Besides the investigation of the status quo of cloud computing service adoption in German critical infrastructures, implications and methods for an adequate management of IT security and the corresponding risks resulting from the adoption of cloud computing services are derived. Further, in the context of the interaction between critical infrastructure and cloud computing service providers, the role of trust is examined. In addition, frameworks and prototypes for a tool support for the IT security risk management of cloud services in critical infrastructures are developed. As an underlying analytical framework, a multi-method approach is chosen to examine the field from a behavioral- as well as a design-oriented perspective by applying various qualitative and quantitative research methods. The results of this dissertation can support decision makers and researchers in the field of the IT security risk management of cloud computing services in critical infrastructures.
|
59 |
Konsekvenser av bristande användbarhet i ett säkerhetsklassat it-system / Consequences of lack of usability in a secure IT systemSwenning Leyser, Egil, Järpemo, August January 2021 (has links)
Det finns mycket forskning om designriktlinjer för att öka användbarheten i säkra it-system samt att problem med användbarheten kan ge problem i it-system. Men forskningen om vilka faktiska konsekvenser som kan uppstå av hur användbarhet implementerats i säkra it-system, är begränsad. Syftet med studien är att fylla denna kunskapslucka och genomfördes som en fallstudie som baserar sig på kvalitativa intervjuer med sju deltagare. Deltagarna intervjuades gällande deras användning av it-systemet PRIO, deras svar analyserades sedan för att hitta teman. Dessa teman användes som grund när vi arbetade genom resultatet. Vi hittade att PRIO har bristande användbarhet och hittade konsekvenser på grund av detta: brist på information och brist på enkelhet i it-systemet som leder till handhavandefel, dålig prestanda som leder till långa uppstartstider som i sin tur leder till säkerhetsrisker tack vare den mänskliga faktorn, samt att driftstörningar leder till att it-systemet inte går att använda. / There is a lot of research on design guidelines to increase the usability of secure IT systems and that problems with usability can cause problems in IT systems. However, research on the actual consequences that can arise from how usability has been implemented in secure IT systems is limited. The purpose of the study is to fill this gap of knowledge and the study was conducted as a case study based on qualitative interviews with seven participants. The participants were interviewed about their use of the IT system PRIO, their responses were then analyzed to find themes. These themes were used as a basis when we worked through the results. We found that PRIO has a lack of usability and found consequences because of this: lack of information and lack of simplicity in the IT system leading to handling errors, poor performance leading to long start-up times which in turn leads to security risks due to the human factor, and that operational disruptions leads to the IT system not being able to be used. / <p></p><p></p><p></p><p></p>
|
60 |
A risk based approach for managing information technology security risk within a dynamic environmentMahopo, Ntombizodwa Bessy 11 1900 (has links)
Information technology (IT) security, which is concerned with protecting the confidentiality, integrity and availability of information technology assets, inherently possesses a significant amount of known and unknown risks. The need to manage IT security risk is regarded as an important aspect in the daily operations within organisations. IT security risk management has gained considerable attention over the past decade due to the collapse of some large organisations in the world.
Previous investigative research in the field of IT security has indicated that despite the efforts that organisations use to reduce IT security risks, the trend of IT security attacks is still increasing. One of the contributing factors to poor management of IT security risk is attributed to the fact that IT security risk management is often left to the technical security technologists who do not necessarily employ formal risk management tools and reasoning. For this reason, organisations find themselves in a position where they do not have the correct approach to identify, assess and treat IT security risks.
The IT security discipline is complex in nature and requires specialised skills. Organisations generally struggle to find a combination of IT security and risk management skills in corporate markets. The scarcity of skills leaves organisations with either IT security technologists who do not apply risk management principles to manage IT security risk or risk management specialists who do not understand IT security in order to manage IT security risk.
Furthermore, IT is dynamic in nature and introduces new threats and vulnerabilities as it evolves. Taking a look at the development of personal computers over the past 20 years is indicative of how change has been constant in this field, from big desktop computers to small mobile computing devices found today. The requirement to protect IT against threats associated with desktops was far less than the requirement associated with protecting mobile devices. There is pressure for organisations to ensure that they stay abreast with the current technology and associated risks.
Failure to understand and manage IT security risk is often cited as a major cause of concern within most organisations’ IT environments because comprehensive approaches to identify, assess and treat IT security risk are not consistently applied. This is due to the fact that the trend of IT security attacks across the globe is on the increase, resulting in gaps when managing IT security risk.
Employing a formal risk based approach in managing IT security risk ensures that risks of importance to an organisation are accounted for and receive the correct level of attention. Defining an approach of how IT security risk is managed should be seen as a fundamental task and is the basis of this research. This study aims to contribute to the field of IT security by developing an approach that assists organisations in treating IT security risk more effectively. This is achieved through the use of a combination of existing best practice IT security frameworks and standards principles, basic risk management principles, as well as existing threat modelling processes.
The approach developed in this study serves to encourage formal IT security risk management practices within organisations to ensure that IT security risk is accounted for by senior leadership. Furthermore, the approach is anticipated to be more proactive and iterative in nature to ensure that external factors that influence the increasing trend of IT security threats within the IT environment are acknowledged by organisations as technology evolves. / Computing / M. Sc. (Computing)
|
Page generated in 0.0254 seconds