Global ETD Search

131	A simplified ISMS : Investigating how an ISMS for a smaller organization can be implemented Asp Sandin, Agnes January 2021 (has links) Over the past year, cyber threats have been growing tremendously, which has led to an essential need to strengthen the organization's security. One way of strengthening security is to implement an information security management system (ISMS). Although an ISMS will help improve the information security work within the business, organizations struggle with its implementation, and significantly smaller organizations. That results in smaller organization's information being potentially less protected.This thesis investigates how an ISMS based on MSB can be simplified to make it suitable for a small organization to implement. This thesis aims to open for further research about how it can be simplified and if it has a value of doing it.The study is based on a qualitative approach where semi-structured interviews with experts were conducted. This thesis concludes that it is possible to simplify an ISMS based on MSB for a small organization by removing external analysis, information classification, information classification model, continuity management for information assets, and incident management. In addition, the study provides tips on what a small organization should think about before and during implementation. Information security management system ISMS Information security ISO/IEC 27001 Simplify ISO/IEC 27000 MSB Computer Sciences Datavetenskap (datalogi)
132	Organisationers användning av molntjänster : En studie om regelefterlevnad, riskhantering och imitation Jenny, Do, Oskar, Nyman January 2024 (has links) Följande studie är en explorativ intervjustudie som undersöker hur regelefterlevnad, riskhantering och imitation påverkar organisationers användning av molntjänster. Studien tar en kvalitativ ansats där semistrukturerade intervjuer utförts med tre olika typer av organisationer, konsultbolag, banker och offentliga verksamheter, som ligger till grund som primärdata. Resultatet analyserades med det utformande teoretiska ramverk bestående av nyinstitutionell teori och standarden ISO/IEC 27005:2022 som avser att förstå riskhanteringsprocessen för informationssäkerhet. Med studiens dubbla perspektiv, från både företagsekonomi och informationssystem, har vi kunnat undersöka vilka faktorer som spelar in för organisationers inställningar, attityder och beteenden kring användandet av molntjänster. Resultatet visar att varje enskild organisation står inför individuella utmaningar och möjligheter kopplade till användandet av molntjänster. Det går att identifiera att varje verksamhet har specifika behov och krav. Regelefterlevnad, riskhantering och imitation är tre faktorer som påverkar utfallet av organisationernas användning av molntjänster. Avslutningsvis går det att identifiera att respektive organisation i studien har det gemensamma målet att säkerställa konfidentialitet, integritet och tillgänglighet av data och information. / This thesis is an exploratory case study examining how compliance, risk management and imitation affect the usage of cloud services in organizations. The thesis is of qualitative character, where semi structured interviews with consulting firms, banks and the public sector serve as the primary data source. The result was analyzed based on our theoretical framework comprising New Institutional theory and the standard ISO/IEC 27005:2022, which aims to understand the risk management process for information security. By incorporating a dual perspective, from both business administration and information systems it allowed us to gain a deeper understanding for which factors influence organizations' attitudes and behaviors towards the use of cloud computing. The findings revealed that each organization faces challenges and opportunities related to cloud usage. It is evident that each organization has their unique needs and requirements. The discussion concludes that compliance, risk management and imitation indeed significantly affect the outcome of organizations' usage of cloud computing. Additionally, respective organizations share the common objective of maintaining confidentiality, integrity and availability of data and information. Compliance Risk Management Imitation Cloud Computing New Institutional Theory ISO/IEC 27005:2022 Regelefterlevnad riskhantering imitation molntjänster nyinstitutionell teori ISO/IEC 27005:2022 Social Sciences Samhällsvetenskap
133	Régulation transcriptionnelle du récepteur P2X[indice inférieur 7] et son rôle dans le trafic membranaire du transporteur à glucose Glut2 dans les cellules épithéliales intestinales L'Ériger, Karine January 2009 (has links) Le récepteur ionotropique P2X[indice inférieur 7] (P2X[indice inférieur 7]R) est impliqué dans divers rôles physiologiques tels la prolifération, l'apoptose, la réponse inflammatoire et le trafic membranaire dans plusieurs types cellulaires. Cependant, peu est connu quant aux rôles physiologiques du P2X[indice inférieur 7]R dans les cellules épithéliales intestinales (CEIs). Dans la littérature scientifique, le P2X[indice inférieur 7]R est connu pour activer la protéine kinase Dl (PKD1/PKC[mu]) qui est impliquée dans le transport des protéines membranaires. Comme l'un des rôles physiologiques majeurs des CEIs est le transport et l'absorption du glucose, le transporteur à glucose de type 2 (Glut2) a été ciblé afin d'étudier son transport membranaire suite à l'activation du P2X[indice inférieur 7]R. Glut2 est un élément clé dans le métabolisme du glucose par les CEIs. Une hypothèse stipulant que le P2X[indice inférieur 7]R serait impliqué dans le trafic membranaire de Glut2 par une voie dépendante de la PKD1/PKC[mu] a été émise. Les objectifs majeurs de l'étude étaient de déterminer le profil d'expression du P2X[indice inférieur 7]R selon le stade de différenciation des CEIs, d'élucider les mécanismes moléculaires régulant l'expression du P2X[indice inférieur 7]R, d'étudier la signalisation intracellulaire affectant l'expression membranaire de Glut2 induite par l'activation du P2X[indice inférieur 7]R. D'abord, le profil d'expression du P2X[indice inférieur 7]R en fonction de la différenciation des CEIs a été déterminé par immunofluorescence indirecte sur des sections de jéjunum de souris normales et par immunobuvardage de type western sur des lysats de cellules Caco-2/15 prolifératives et différenciées. Ensuite, la signalisation induite par l'activation du P2X[indice inférieur 7]R a été étudiée en stimulant des cellules IEC-6 avec de l'ATP ou du BzATP, deux agonistes du P2X[indice inférieur 7]R, et en prétraitant les cellules avec de l'oATP, un antagoniste du P2X[indice inférieur 7]R. Différents inhibiteurs pharmacologiques tels le UO126 (MEK1/2) et la rottlerine (PKC[delta]) ont été utilisés pour déterminer l'ordre des protéines dans les voies de signalisation. Également, différents chélateurs de calcium, comme le BAPTA-AM et l'EGTA, ont été utilisés pour étudier la dépendance des voies trouvées au calcium. L'expression de Glut2 à la membrane plasmique suite à la stimulation du P2X[indice inférieur 7]R a été étudiée par immunofluorescence indirecte et par biotinylation des protéines membranaires de surface. Finalement, la régulation transcriptionnelle du P2X[indice inférieur 7]R dans les cellules HEK 293T et Caco-2/15 a été étudiée par des essais luciférase qui permettent de visualiser l'interaction entre le promoteur du P2X[indice inférieur 7]R et des facteurs de transcription cibles comme Cdx-2, GATA-4, HNF-4[alpha], C/EBP[alpha] et C/EBP[bêta]. Les résultats obtenus démontrent que l'expression du P2X[indice inférieur 7]R augmente en fonction de l'état de différenciation des cellules Caco-2/15, ce qui coïncide avec sa localisation dans les deux tiers supérieurs de la villosité de jéjunum de souris normales. Aussi, l'activation du P2X[indice inférieur 7]R amène une augmentation de la phosphorylation des protéines PKD1/PKC[mu], PKC[delta], ERK1/2, MEK1/2, SAPK/JNK, p90RSK et CREB. Également, la PKC[delta] est en amont des protéines MEK1/2 et ERK1/2 qui elles-mêmes sont en amont de la PKD1/PKC[mu]. Cette voie PKC[delta]/MEK/ERK/PKD est également indépendante du calcium extracellulaire et intracellulaire. Aussi, il y a internalisation et diminution de l'expression membranaire de Glut2 suite à l'activation du P2X[indice inférieur 7]R par le BzATP. Finalement, le P2X[indice inférieur 7]R est régulé au niveau transcriptionnel par les facteurs de transcription HNF-4[alpha], C/EBP[alpha] et C/EBP[bêta] mais pas par Cdx-2 et GATA-4. En résumé, les résultats démontrent que le P2X[indice inférieur 7]R est impliqué dans l'internalisation et la diminution de l'expression membranaire de Glut2 par un mécanisme qui semble dépendant de la voie PKC[delta]/MEK/ERK/PKD calcium-indépendante. IEC-6 Glut2 PKD/PKC[mu] BzATP P2X[indice inférieur 7]
134	Implementation and Certification of ISO/IEC 29110 in an IT Startup in Peru García Paucar, Luis Hernán, Laporte, Claude Y, Arteaga, Yaylli, Bruggmann, Marco 18 March 2015 (has links) This article presents the implementation of ISO/IEC 29110 in a four-person IT startup company in Peru. After completing the implementation of the ISO/IEC 29110 project management and software implementation processes using an agile approach, the next step was to execute these processes in a project with an actual customer: software that facilitates communication between clients and legal consultants at the second-largest insurance companies in Peru. Managing the project and developing the software took about 900 hours. Using ISO/ IEC 29110 software engineering practices enabled the startup to plan and execute the project while expending only 18 percent of the total project effort on rework (i.e., wasted effort). In this article, the authors also describe the steps and the effort required by the VSE to be granted an ISO/IEC 29110 certificate of conformity. The startup became the first Peruvian VSE to obtain an ISO/IEC 29110 certification. The ISO/IEC 29110 certification facilitated access to new clients and larger projects. Agile methods Certification ISO ISO/IEC 29110 Implementation Process Software Standard Startup Very small entity Rework
135	Speciační analýza chromu v prachových částicích / Speciation analysis of chromium in particulate matter of urban dust Rybínová, Marcela January 2010 (has links) Anion-exchange chromatography with inductively coupled plasma - atomic emission spectrometry (ICP-AES) has been used for the speciation of chromium (Cr). Chromium speciation has attracted attention because of the different toxicity, Cr(III) is relatively non-toxic and Cr(VI) has been classified as a human carcinogen. The aim of the present study was to develop simple method for the speciation analysis of Cr (Cr(III) and Cr(VI)) in particulate matter of urban dust. A combination of 2% KOH + 3% Na2CO3 has been chosen as the optimal reagent for the extraction of chromium from particular matter. It was found that there was no conversion of Cr(VI) into Cr(III). The effect of separation parameters such as acidity of mobile phase was also studied. The detection limit for Cr(VI) was about 12 ng.ml-1 . Results for the determination of Cr(VI) were confirmed by the analysis of standard reference material (BCR CRM 545, Cr(VI) in welding dust loaded on a filter) with good agreement between certified (40,16 ± 0,60 μg.g-1 ) and found (37,83 ± 1,14 μg.g-1 ) values.
136	Implementation of an IEC 61850 Sampled Values Based Line Protection IED with a New Transients-Based Hybrid Protection Algorithm Kapuge Kariyawasam Mudalige, Sachintha Kariyawasam 26 May 2016 (has links) Over the course of the last decade, IEC 61850 has become the leading standard for electrical substation automation the world over. This thesis presents the work done towards implementing an IEC 61850 sampled values based line protection Intelligent Electronics Device (IED) on a desktop computer. This IED is capable of subscribing, decoding and processing the sampled values published by a source to be used in line protection algorithms. The novel hybrid line protection algorithm implemented in the IED combines a distance protection scheme with a transients-based unit protection method that uses sampled values complying with IEC 61850-9-2-LE. Application of the line protection relay for protecting a series compensated transmission line was examined using hardware-in-the-loop simulations. Results indicate that (i) the implemented algorithms are robust and reliable, and (ii) the class of transients based protection algorithms examined in this thesis can be successfully implemented with IEC 61850 sampled values. / October 2016
137	Modelo de evaluación de riesgos de seguridad de la información basado en la ISO/IEC 27005 para analizar la viabilidad de adoptar un servicio en la nube Quispe Loarte, Javier Esai, Pacheco Pedemonte, Diego Ludwing 01 September 2018 (has links) El propósito del proyecto es proponer un modelo de evaluación de riesgos de seguridad de la información en base a la ISO/IEC 27005 para determinar la viabilidad de obtener un servicio en la nube, ya que en toda organización es necesario conocer los riesgos de seguridad de información que asumen actualmente con los controles de seguridad implementados, y los riesgos que podría asumir con la adquisición de un nuevo servicio en cloud, y así poder tomar la decisión de optar por el mismo. El modelo fue realizado en base a 3 fases. En primer lugar, se realizó una investigación pertinente de las buenas prácticas en seguridad de la información. en la investigación se utilizó la ISO/IEC 27001, que nos da una visión general de un sistema de gestión de seguridad de información. Asimismo, se optó por la ISO/IEC 27005 orientada a la gestión de riesgos de seguridad de información en una organización. En segundo lugar, se presenta la propuesta de modelo y se describe sus fases como contextualización de la organización, Identificación de riesgos, Evaluación de Riesgos y Tratamiento de Riesgos. Finalmente, se desplego el modelo en el proceso de Exámenes parciales y Finales del área de Registros académicos de la Universidad Peruana de Ciencias aplicadas. / The purpose of the project is to propose an information security risk assessment model based on ISO / IEC 27005 to determine the feasibility of obtaining a service in the cloud, since in every organization it is necessary to know the security risks of information that they currently assume with the security controls implemented and those that could be assumed with the acquisition of a new service in the cloud so that they can make the decision to opt for one or the other. The model was made based on 3 phases. First, a relevant investigation of good practices in information security was carried out. In the research, ISO / IEC 27001 was used, which gives us an overview of an information security management system. Likewise, the ISO / IEC 27005 is chosen oriented to the management of information security risks in an organization. Second, the model proposal is presented and its phases are described as contextualization of the organization, risk identification, risk assessment and risk treatment. Finally, the model was deployed in the process of partial and final examinations of the area of academic records of the “Universidad Peruana de Ciencias Aplicadas”. / Tesis Modelo de riesgos ISO/IEC 27005 Servicios en la nube Seguridad de la información Risk model Cloud services Information security
138	Modelo de gestión de riesgos de seguridad de la información para pymes en el Perú / Information security risk management model for Peruvian SMEs García Porras, Johari Chris, Huamani Pastor, Sarita Cecilia 18 June 2019 (has links) Actualmente, toda empresa debería tener el conocimiento de qué tan importante es y cómo debe tratarse la información para su negocio, ya que es uno de sus activos más importante. Lamentablemente, no todas tienen claro su valor, exponiéndose a grandes pérdidas. Según un estudio de EY, el 41% de empresas consideran que poseen probidades mínimas para detectar un ataque sofisticado. El motivo principal son las restricciones presupuestarias y la falta de recursos especializados. Para proteger la información, las empresas deben determinar su exposición al riesgo, lo recomendable es emplear metodologías, marcos de referencia o estándares de análisis de riesgo de seguridad de la información. Este proyecto consiste en implementar un modelo de gestión de riesgos de seguridad de la información para Pymes, integrando la metodología OCTAVE-S y la norma ISO/IEC 27005. Se abarca el análisis de las metodologías y normas de gestión de riesgos, el diseño del modelo de gestión de riesgos de seguridad de la información, la validación del modelo en una Pyme en el proceso de ventas. La integración proporciona una identificación oportuna y eficaz de los riesgos del enfoque cualitativo y permite aprovechar los valores identificados para los activos del enfoque cuantitativo. Asimismo, permite identificar los principales riesgos valorizándolos, para luego proceder a un tratamiento de acuerdo a las necesidades de la empresa. Se espera que este modelo ayude en la gestión de riesgos de seguridad de la información dentro de las Pymes, para poder reducir el impacto de riesgos a los que pueden estar expuestas. / Nowadays, every company should be aware of the importance and the way business information should be treated since it is one of their most important assets. Unfortunately, not all are sure about their actual value, and so, they may be exposed to large losses. According to EY, 41% of companies consider that they have minimum probabilities to detect a sophisticated attack. The main reason that hinders the effectiveness of information security is due to budgetary restrictions and the lack of specialized resources. To protect the information, companies must determine their risk exposure, for which it’s advisable to use methodologies, reference frameworks or standards for information security risk analysis. This project consists on implementing an information security risk management model for SMEs, integrating the OCTAVE-S methodology and the ISO/IEC 27005 standard. This covers the analysis of methodologies and risk management standards, the design of the information security risk management model, the validation of the model in a SME in the sales process. This integration provides a timely and effective identification of the risks of the qualitative approach and makes it possible to take advantage of the values identified for the assets of the quantitative approach. Furthermore, this allows identifying the main information security risks by rating and treating them according to the needs of the company. It’s expected that this model will help in the management of information security risks within SMEs, in order to reduce the impact of risks to which they may be exposed. / Tesis Modelo de Gestión de riesgos Seguridad de la Información OCTAVE ISO/IEC 27005 Risk Management model Information Security
139	Gestão de qualidade para teste de software conforme NBR ISO/IEC 12207 Pavão, Ivan Carlos 28 April 2009 (has links) Made available in DSpace on 2015-02-04T21:45:27Z (GMT). No. of bitstreams: 1 Ivan Carlos Pavao.pdf: 616818 bytes, checksum: 850e5f08c45a01696eaa2190085b2c9d (MD5) Previous issue date: 2009-04-28 / Com a exigência de apresentar um diferencial ao mercado e garantir a sua integração em um ambiente de negócios competitivos, muitas organizações buscam conquistar a alta qualidade em todos os seus processos, tanto nos produtos ou serviços, quanto nas atividades essenciais da empresa. Devido a essa busca, o termo "qualidade" está em crescente evidência e para obtê-la no processo de desenvolvimento de software, é necessário que as organizações mudem hábitos, quebrem os paradigmas e adotem processos que garantam melhorias não somente em uma fase, mas em todo o processo de desenvolvimento do software. Este trabalho aborda a qualidade de testes de software, mostrando que no planejamento de todos os processos do ciclo de vida de software, há a possibilidade de se obter bons resultados qualitativos necessários ao produto final. Para que isto aconteça, é necessário que se aplique a "qualidade" desde o processo inicial (levantamento de requisitos) até a conclusão e entrega do sistema de software ao cliente. ciclo de vida NBR ISO/IEC 12207 processo qualidade software teste.
140	Uso do diagrama sequencial funcional como linguagem de programação para um robô cílindrico (sic) de 5 graus de liberdade acionado pneumaticamente Leonardelli, Pablo January 2015 (has links) O presente trabalho tem como objetivo o desenvolvimento de uma estratégia de programação para um robô de cinco graus de liberdade com acionamento pneumático. A proposta para tal estratégia de programação utiliza como base a linguagem SFC (Sequential Function Chart) normatizada pela IEC 61131-3. A principal característica deste tipo de linguagem é a simplicidade na integração com diversos elementos presentes em ambiente fabril, juntamente a garantia do sequenciamento das ações e a facilidade de programação. O estudo foi realizado em três etapas: a primeira, destina-se à criação de sub-rotinas em linguagem SFC para movimentação ponto a ponto, pick and place, e paletização. Desta forma, através da definição de alguns dados de entrada, é possível reprogramar o robô de forma gráfica e intuitiva; a segunda etapa do estudo constituiu na criação de um Programa Tradutor em linguagem baseada em scripts de Matlab que, através de um servidor OPC (Ole for Process Control), faz a interpretação do programa em linguagem SFC e o traduz para a linguagem do sistema de controle do robô; já, a última etapa destina-se à realização de testes utilizando um CLP Compact Logix da AllenBradley em conjunto com o software de programação RSLogix 5000, o software Matlab e o sistema de controle do robô pneumático. A partir dos resultados, Conclui-se que a aplicação e utilização este tipo de programação para tarefas de movimentação de robôs é plenamente viável, o que pode vir a simplificar as etapas de programação, e ampliando a integração entre os diversos sistemas fabris, na medida em que os seus elementos poderão trocar facilmente informações necessárias à automação. / The present study has as main goal to present a differentiated form of programming for a prototype of a robot of five degrees of freedom with pneumatic drive. This program is based on the language SFC (Sequential Function Chart) standardized by IEC 61131-3. The main feature of this type of language is simplicity in integration with various elements present in the manufacturing environment, ensuring the sequencing of actions and ease of programming. The system used as a test bench consists of a pneumatic robot which currently control actions are carried out through specific programming routines combined with dedicated control boards, working with Matlab software. The study was conducted in three stages: the first, for creating subroutines in SFC language to linear movement, pick and place movement and palletizing movement, thus, by setting some input data it is possible to reprogram the robot for tasks in a graphical and intuitive way; the second stage of the study consisted in creating a translator program in Matlab language based on scripts that, through an OPC server (Ole for Process Control), interpreters the program in SFC language and translates it into the language of the control system robot; the last step was intended for testing this programming approach by using a PLC Compact Logix from Allen-Bradley in conjunction with RSLogix 5000 programming software, Matlab and the control system of the pneumatic robot. It was concluded that the implementation and use of this type of programming for robot handling tasks are both feasible. It simplifies the programming steps and enhances the integration between the various manufacturing systems, since the elements could directly exchange information, because they are in the same language. Manipuladores robóticos Controlador programável Robotics Sequential function chart PLC OPC IEC 61131-3

Search results