Global ETD Search

1	Information Privacy and Security Associated with Healthcare Technology Use Amin, M A Shariful 07 1900 (has links) This dissertation consists of three studies that investigate the information privacy & security associated with healthcare technology use. Essay 1 PRISMA-style systematically reviews the existing literature on privacy information disclosure in IoT technology and serves as the theoretical foundation of the current research. It is crucial to comprehend why, how, and under what consequences individuals choose to disclose their personal and health information since doing so is beneficial to the company. This SLR method allows us to find those factors that significantly impact individuals' behavioral intention to disclose personal information while using IoT technologies. Essay 2 posits, develops, and tests a comprehensive theoretical framework built upon the theory of planned behavior and the health belief model to examine factors affecting willingness to disclose PHI in order to use WFDs. A research survey is designed and distributed to a crowdsourcing platform, Mechanical Turk (M-Turk). Research hypotheses are tested using partial least square – structural equation modeling (PLS-SEM). To achieve this purpose, Essay 3 extends the findings from the previous essay and further investigates the caregiver context. Therefore, we developed a novel theoretical model utilizing privacy calculus theory and the technology acceptance model to investigate the willingness of the elderly to disclose personal health information needed to use caregiver robots. Survey data were collected using crowdsourcing utilizing Amazon's Mechanical Turk (M-Turk) and Prolific. Research hypotheses are tested using partial least square – structural equation modelling (PLS-SEM). The findings provide value for academia, practitioners, and policymakers. Privacy & Security Healthcare Technology InfoSec
2	Derivation of metrics for effective evaluation of vulnerability assessment technology Ammala, Darwin Edward 08 May 2004 (has links) Vulnerability in software receives constant attention in the media and in research. Yearly rates of disclosure of vulnerabilities in software have doubled. The discipline of Information Assurance lacks metrics that are useful in understanding vulnerability. In the problem of vulnerability assessment tool selection, users must make product choices based on results found in non-peer reviewed publications or subjective opinion. Users of vulnerability assessment tools must sift through volumes of data about their systems and are shown broad indications of the severity of the problems ? often a high-medium-low ranking, which varies between tools. A need exists for metrics and a selection model for tool quality assessment. This study addresses these needs by analysis of the discipline of vulnerability assessment and remediation from first principles, and presents an organized approach and a bestit metrics based model for selecting vulnerability assessment tools. infosec scanning tools security audit selection criteria
3	The value of cybersecurity : Stock market reactions to security breach announcements / Värdet av datasäkerhet : Marknadsreaktioner på datasäkerhetsincidenter Nyrén, Paul, Isaksson, Oscar January 2019 (has links) Companies around the world invest an increasing amount of money trying to protect themselves from cybercrime and unauthorized access of valuable data. The nature of these covert threats makes it seemingly impossible to quantify the risk of getting attacked. While it is possible to estimate the tangible costs of a security breach it is much harder to asses what a company stands to lose in terms of intangible costs. This thesis uses the Event Study methodology to determine the intangible losses of listed American companies who suffered data breaches. On average, the companies in the dataset loses 0.21% of their market cap after a security breach which, although not being statistically significant, translates to $267 million. Despite looking at several parameters to find significant predictors, only one turned out to be statistically significant, namely the number of records breached. These weak correlation is a result in itself; because of the low impact of a breach perhaps the companies lack proper incentives to protect their users' data. / Det ständigt växande cyberhotet gör att allt fler företag väljer att göra stora investeringar i datasäkerhet. Den dolda hotbilden gör det i stort sett omöjligt att kvantifiera sannolikheten för att råka ut för en attack. Även om det går att avgöra och förutspå de direkta kostnaderna kring ett dataintrång så är det nästintill omöjligt att avgöra de indirekta kostnaderna kring ett dataintrång. Detta arbete använder eventstudie-metodologin för att uppskatta de indirekta kostnaderna hos börsnoterade amerikanska företag efter att de haft ett dataintrång. Företagen i den undersökta datamängden förlorar i genomsnitt 0.21% av sitt marknadsvärde vilket, även om det saknar statistisk signifikans, motsvarar $267 miljoner. Arbetet undersöker ett antal parametrar för att hitta signifikanta prediktorer men endast en av de prediktorer vi undersökte var statistiskt signifikant, nämligen antalet läckta uppgifter. Dessa svaga samband är i sig intressanta; den till synes svaga inverkan av dataintrång på företagens börsvärde antyder att de kanske inte har så stora finansiella incitament att skydda sina kunders data. Cybersecurity Information security InfoSec Event study cyberinsurance data breach Datasäkerhet informationssäkerhet infosec Eventstudie cyberförsäkring dataintrång Engineering and Technology Teknik och teknologier
4	How Attitude Toward the Behavior, Subjective Norm, and Perceived Behavioral Control Affects Information Security Behavior Intention Johnson, David Philip 01 January 2017 (has links) The education sector is at high risk for information security (InfoSec) breaches and in need of improved security practices. Achieving data protections cannot be through technical means alone. Addressing the human behavior factor is required. Security education, training, and awareness (SETA) programs are an effective method of addressing human InfoSec behavior. Applying sociobehavioral theories to InfoSec research provides information to aid IT security program managers in developing improved SETA programs. The purpose of this correlational study was to examine through the theoretical lens of the theory of planned behavior (TPB) how attitude toward the behavior (ATT), subjective norm (SN), and perceived behavioral control (PBC) affected the intention of computer end users in a K-12 environment to follow InfoSec policy. Data collection was from 165 K-12 school administrators in Northeast Georgia using an online survey instrument. Data analysis occurred applying multiple linear regression and logistic regression. The TPB model accounted for 30.8% of the variance in intention to comply with InfoSec policies. SN was a significant predictor of intention in the model. ATT and PBC did not show to be significant. These findings suggest improvement to K-12 SETA programs can occur by addressing normative beliefs of the individual. The application of improved SETA programs by IT security program managers that incorporate the findings and recommendations of this study may lead to greater information security in K-12 school systems. More secure school systems can contribute to social change through improved information protection as well as increased freedoms and privacy for employees, students, the organization, and the community. Behavior InfoSec K-12 Security SETA User Databases and Information Systems Education
5	Educational Information Security Laboratories : A Literature Review Khoshbin, SeyedAli January 2016 (has links) Educational centers are investigating the feasibility of creating InfoSec laboratory for their students in order to enhance their practical experience. Experiments could be performed in either physical or virtual labs. The advantage of virtual lab compared to physical lab is utilization of minimal components with the aid of hypervisor software. In addition, reverting back computer configuration to original state rapidly, capability of altering resource configuration immediately and managing all virtual machines via a single console are some features that highlighted the use of this technology in the laboratories. Despite the virtual laboratory tremendous advantages, literature lacks a comprehensive review on implemented virtual labs. The purpose of this thesis is to fill this gap by inspecting the implemented virtual labs in education center. Consequently, the thesis outcome would provide an insight to other institutes and researchers to utilize these labs as models to decrease the effort and expenses for implementing InfoSec labs. The offered assignments of these labs would be elaborated in order to provide a sample for execution of these experiments for other researchers in their own environment. Furthermore, comparison of the discovered virtual labs based on availability, maintainability and security would be performed. Finally, a suggested physical layout of virtual lab is being presented. Twelve universities had been scrutinized which are aligned with the thesis goal. Educational centers InfoSec laboratory Virtual lab Hypervisor Computer Sciences Datavetenskap (datalogi)
6	Vulnerable data interactions — augmenting agency Carlsson, Nicole January 2018 (has links) This thesis project opens up an interaction design space in the InfoSec domain concerning raising awareness of common vulnerabilities and facilitating counter practices through seamful design.This combination of raising awareness coupled with boosting possibilities for deliberate action (or non-action) together account for augmenting agency. This augmentation takes the form of bottom up micro-movements and daily gestures contributing to opportunities for greater agency in the increasingly fraught InfoSec domain. Interaction Design Seamful Design Privacy InfoSec Security Research through Design Performativity Engineering and Technology Teknik och teknologier
7	Integration of CTI into security management Takacs, Gergely January 2019 (has links) Current thesis is a documentative approach to sum up experiences of a practical projectof implementing Cyber Threat Intelligence into an existing information securitymanagement system and delivering best practices using action design researchmethodology. The project itself was delivered to a multinational energy provider in 2017.The aim of the CTI-implementation was to improve the information security posture ofthe customer. The author, as participant of the delivery team presents an extensive reviewof the current literature on CTI and puts the need for threat intelligence into context. Theauthor claims that traditional security management is not able to keep up with currentcybersecurity threats which makes a new approach required. The thesis gives an insightof an actually working and continuously developed CTI-service and offers possible bestpractices for InfoSec professionals, adds theoretical knowledge to the body of knowledgeand opens up new research areas for researchers. Cyber Threat Intelligence CTI security management information security InfoSec operational CTI technical CTI threat intelligence TIP threat information portal cybersecurity threat management risk management InfoSec management Computer Systems Datorsystem
8	Intrusion Attack & Anomaly Detection in IoT Using Honeypots Kulle, Linus January 2020 (has links) This thesis is presented as an artifact of a project conducted at MalmöUniversity IoTaP LABS. The Internet of Things (IoT) is a growing field and its usehas been adopted in many aspects of our daily lives, which has led todigitalization and the creation of smart IoT ecosystems. However, with the rapidadoption of IoT, little or no focus has been put on the security implications,device proliferations and its advancements. This thesis takes a step forward toexplore the usefulness of implementing a security mechanism that canproactively be used to aid understanding attacker behaviour in an IoTenvironment. To achieve this, this thesis has outlined a number of objectivesthat ranges from how to create a deliberate vulnerability by using honeypots inorder to lure attacker’s in order to study their modus operandi. Furthermore,an Intrusion Attack Detection (Model) has been constructed that has aided withthis implementation. The IAD model, has been successfully implemented withthe help of interaction and dependence of key modules that have allowedhoneypots to be executed in a controlled IoT environment. Detailed descriptionsregarding the technologies that have been used in this thesis have also beenexplored to a greater extent. On the same note, the implemented system withthe help of an attack scenario allowed an attacker to access the system andcircumnavigate throughout the camouflaged network, thereafter, the attacker’sfootprints are mapped based on the mode of attack. Consequently, given thatthis implementation has been conducted in MAU environment, the results thathave been generated as a result of this implementations have been reportedcorrectly. Eventually, based on the results that have been generated by thesystem, it is worth to note that the research questions and the objective posedby the thesis have been met. honeypot honeypots iot cyber cybersecurity information security infosec cybersec anomaly detection intrusion detection iot security Engineering and Technology Teknik och teknologier

Search results