Bezpečnost 5G - Případová studie sekuritizace švédských 5G sítí / 5G Security - A Case Study on the Securitisation of Sweden's 5G Networks

Ekfeldt, Therese

January 2021

Over the last couple of years, the world has witnessed an intensifying competition over 5G networks, triggered to a large extent but not exclusively by the geopolitical rivalry between the United States and China. To the backdrop of allegations that the Chinese government could force Chinese telecom company Huawei and ZTE to spy, sabotage or take other action's on Beijing's behalf, Washington ordered prompt restrictions on products from Huawei and pressured its allies to do the same. From a European perspective, Sweden stood out early as a country with a strong stance on 5G security by outright banning Chinese telecom providers Huawei and ZTE from taking part in Sweden's 5G frequency auction. This thesis seeks to understand how the securitising process of Sweden's 5G networks was initiated and evolved, through a comparative case study of the four main securitising actors' official discourses. Derived from previous studies on cybersecurity and securitisation, this thesis constructed an analytical framework tailored for the securitisation of 5G networks. The thesis is carried out as an idea analysis, looking for articulated threats pertaining to three distinct threat dimensions: 'network security', 'data and information protection' and 'China's assertiveness'. The analysis showed that all four...

An information processing model and a set of risk identification methods for privacy impact assessment in an international context / 国際的な文脈におけるプライバシー影響評価のための情報取扱モデル及び一連のリスク特定手法

Kuroda, Yuki

25 September 2023

京都大学 / 新制・課程博士 / 博士(情報学) / 甲第24935号 / 情博第846号 / 新制||情||142(附属図書館) / 京都大学大学院情報学研究科社会情報学専攻 / (主査)教授 黒田 知宏, 教授 矢守 克也, 教授 曽我部 真裕 / 学位規則第4条第1項該当 / Doctor of Informatics / Kyoto University / DGAM

Privacy Impact Assessment

Risk identification

Data mapping

Privacy

Personal Information Protection

007

Vybudování efektivního Competitive intelligence systému v společnosti XXX / Building an Effective Competitive Intelligence System for XXX Corporation

Michalko, Miroslav

January 2009

This diploma thesis results from the need for Competitive Intelligence as a system for gathering, analyzing and communicating information about competitors to obtain a competitive advantage. The work attempts to analyze current knowledge gathering processes as well as an application of that information for strategic decision making inside the XXX corporation. After definition of basic terms several different methods and approaches to Competitive Intelligence are described. These methods are reviewed and those that suit XXX requirements best are picked up afterwards. In this thesis there are also identified some of the crucial information sources, to begin with public and commercial databases and catalogues, business publications, online sources, personal knowledge, but also data-mining and other sophisticated methods. The main contribution of this work is the proposal of Competitive Intelligence system itself, empathising an effective functionality that solves identified issues, and is based on our theoretical resources and on actual competence of the company.

Entwurf und Beschreibung wesentlicher Komponenten einer Sicherheitsarchitektur für medizinische Forschungsnetze / Design and Description of Major Components in Security Architecture for Medical Research Networks

Grenz, Michael

20 June 2012

No description available.

004 Informatik

AHK 650

MED 250

Mathematics and Computer Science

Datenschutz

Datensicherheit

Sicherheitsmaßnahmen

Medizinische Forschung

Information Protection

Computer Security

Security Measures

Medical Research

54.38

44.32

Exploring Techniques for Providing Privacy in Location-Based Services Nearest Neighbor Query

Asanya, John-Charles

01 January 2015

Increasing numbers of people are subscribing to location-based services, but as the popularity grows so are the privacy concerns. Varieties of research exist to address these privacy concerns. Each technique tries to address different models with which location-based services respond to subscribers. In this work, we present ideas to address privacy concerns for the two main models namely: the snapshot nearest neighbor query model and the continuous nearest neighbor query model. First, we address snapshot nearest neighbor query model where location-based services response represents a snapshot of point in time. In this model, we introduce a novel idea based on the concept of an open set in a topological space where points belongs to a subset called neighborhood of a point. We extend this concept to provide anonymity to real objects where each object belongs to a disjointed neighborhood such that each neighborhood contains a single object. To help identify the objects, we implement a database which dynamically scales in direct proportion with the size of the neighborhood. To retrieve information secretly and allow the database to expose only requested information, private information retrieval protocols are executed twice on the data. Our study of the implementation shows that the concept of a single object neighborhood is able to efficiently scale the database with the objects in the area. The size of the database grows with the size of the grid and the objects covered by the location-based services. Typically, creating neighborhoods, computing distances between objects in the area, and running private information retrieval protocols causes the CPU to respond slowly with this increase in database size. In order to handle a large number of objects, we explore the concept of kernel and parallel computing in GPU. We develop GPU parallel implementation of the snapshot query to handle large number of objects. In our experiment, we exploit parameter tuning. The results show that with parameter tuning and parallel computing power of GPU we are able to significantly reduce the response time as the number of objects increases. To determine response time of an application without knowledge of the intricacies of GPU architecture, we extend our analysis to predict GPU execution time. We develop the run time equation for an operation and extrapolate the run time for a problem set based on the equation, and then we provide a model to predict GPU response time. As an alternative, the snapshot nearest neighbor query privacy problem can be addressed using secure hardware computing which can eliminate the need for protecting the rest of the sub-system, minimize resource usage and network transmission time. In this approach, a secure coprocessor is used to provide privacy. We process all information inside the coprocessor to deny adversaries access to any private information. To obfuscate access pattern to external memory location, we use oblivious random access memory methodology to access the server. Experimental evaluation shows that using a secure coprocessor reduces resource usage and query response time as the size of the coverage area and objects increases. Second, we address privacy concerns in the continuous nearest neighbor query model where location-based services automatically respond to a change in object*s location. In this model, we present solutions for two different types known as moving query static object and moving query moving object. For the solutions, we propose plane partition using a Voronoi diagram, and a continuous fractal space filling curve using a Hilbert curve order to create a continuous nearest neighbor relationship between the points of interest in a path. Specifically, space filling curve results in multi-dimensional to 1-dimensional object mapping where values are assigned to the objects based on proximity. To prevent subscribers from issuing a query each time there is a change in location and to reduce the response time, we introduce the concept of transition and update time to indicate where and when the nearest neighbor changes. We also introduce a database that dynamically scales with the size of the objects in a path to help obscure and relate objects. By executing the private information retrieval protocol twice on the data, the user secretly retrieves requested information from the database. The results of our experiment show that using plane partitioning and a fractal space filling curve to create nearest neighbor relationships with transition time between objects reduces the total response time.

Engineering

Management of security information in the security industry

Govender, Doraval

06 1900

Incidents, threats and vulnerabilities have the potential to negatively affect an organisation’s assets. Information on these incidents, threats and vulnerabilities are important to security. It is therefore necessary for this security information to be effectively and efficiently managed, so that correct decisions may be made on the implementation of security risk control measures. This study explored the management of security information in the security industry by undertaking the following: • establishing the “status quo” of the collection and analysis of security information and the implementation of security risk control measures in practice; • identifying the nature and extent of problems experienced in the collection and analysis of security information and the implementation of security risk control measures; and the • discovery of a new Security Information Management Model (SIMM). Mixed methods research was used to study the management of security information in the security industry. The explorative research design was used for this purpose. Semi-structured and focus group interviews were conducted with senior security managers and operational security officers, respectively. The grounded theory research design was used to analyse the qualitative data in order to generate a substantive grounded theory. The theory is that security officers operate without a standardised framework to manage security information. The data from the semi-structured and the focus group interviews were used to design a questionnaire to conduct a survey using the quantitative approach. The non-experimental research design was used to conduct this self-administered questionnaire survey. The data from this questionnaire survey helped validate and confirm the substantive grounded theory. The study found that there was the need for a Security Information Management Model to manage security information in the security industry. Based on this finding the researcher recommended a new Security Information Management Model for the management of security information in the security industry. / Criminology / D. Litt. et Phil. (Criminology)

Security industry

Security information

Threat

Vulnerability

Incident

Information protection

Sharing of information

352.3790968

Criminal investigation -- South Africa

Crime analysis -- South Africa

Evidence, Criminal -- South Africa

求職者個人資訊保障之研究 / A Study on the Protection of Job Applicants’ Informational Privacy

詹岱蓉, Jan, Day Rong

Unknown Date

雇主在招募過程中，為了提高企業的生產力或行政組織的效率，防免契約、侵權責任的發生，必須謹慎挑選人才，因此通常會以詢問或檢測（如人格測驗）盡量蒐集與求職者相關的資訊，來遴選合適員工。但是，雇主得要求應徵者揭露多少資訊？求職者在雇主的要求下，為了提高獲聘的機會，是否只能拋棄個人的隱私利益？這些疑惑均值得思考，從中也顯現出了雇主與求職者間利益衝突的問題。 關於求職者個人資訊的保障，我國目前的基本規範為「個人資料保護法（簡稱個資法）」及「就業服務法（簡稱就服法）第5條第2項第2款」。雇主如欲蒐集求職者的個資，除必須符合個資法的特定條款外，假若涉及隱私資訊，尚須通過就服法第5條第2項第2款「就業所需」的檢驗。 在這看似簡明的基本架構中，事實上存有許多令人困惑的地方，以個資法特定條款的蒐集事由為例，如：「執行法定職務必要範圍內」的意涵具體所指為何；「與當事人有類似契約之關係」是否包含雇主可請求當事人以外的第三人（如：前雇主）協助為履歷調查；以及「經當事人同意」在勞動關係不對等時其有效性的爭議等。而就服法第5條第2項第2款最讓人頭痛之處則為應如何詮釋「就業所需」。是以，我們須要更多的實務及學說見解來填充個資法與就服法勾勒出的雇主與求職者間利益權衡框架。 本文將先探討雇主通常是基於什麼考量而對求職者為哪些詢問及檢測；而應徵者面對這些詢問及檢測往往會有什麼憂慮。接著借鏡美國法制，剖析我國針對求職者個人資訊保障的判準，並關注在個資法修正與就服法第5條第2項第2款增訂後，過往的實務見解是否依舊恰當或有所革新。最後比較美國與我國法制的異同，提出檢討與建議，期望能在保障求職者個資的同時，也兼顧到雇主的利益。 / In the hiring process, employers need to select workers cautiously in order to improve the productivity and efficiency of their enterprises, and to avoid the potential liability caused by reckless employees. To screen out the best possible candidate for a particular job, employers usually wish to gather as much information about job applicants as possible by making oral or written inquiries, or conducting different kinds of employment tests (such as personality tests). However, what kind of information can employers legally require job applicants to disclose? Do job applicants have no choice but to relinquish their personal privacy if they want to be employed? To answer these questions, we need to carefully balance the competing interests between employers and job applicants. In Taiwan, “Personal Information Protection Act (PIPA)” and “Employment Service Act (ESA) §5II②” form the basic framework of protecting job applicants’ informational privacy. Employers need to obey specific provisions of the PIPA before they can collect job applicants’ information; and if private information is to be collected, employers should further confirm their collecting actions meet the “job-related” requirement specified by §5II② of the ESA. This legal framework seems simple and clear, but there are many questions remain to be answered. For example, what is the exact scope of the term “within the scope of job functions provided by laws and regulations” of the PIPA? Does the condition “quasi-contractual relationship between the Parties” specified in PIPA allow employers to contact third parties (such as job applicants’ former employers) and conduct a reference check? Further, since there is a serious power-imbalanced problem in the employment relationship, can we truly expect the job applicants to offer a free and valid consent when they are requested to provide their personal information? Last but not the least, what is the precise meaning of the term “job-related” of §5II② of the ESA? More studies and court judgments are needed to delineate the boundaries between what employers are entitled to know and what job applicants should be able to keep private. This thesis begins with analyzing why employers need/hope to gather information about job applicants and what screening tools they prefer to use. It then discusses job applicants’ concerns when they face employers’ inquiries or employment tests. By comparing relevant U.S. legislation and judicial decisions regarding the protection of job applicants’ informational privacy, this thesis examines the standards used in Taiwan’s case-law when balancing employers’ and job applicants’ interests. Special attentions are paid to the issue whether these standards are still appropriate or should be updated in light of the latest amendments to the PIPA and ESA. Finally, through concrete cases, this thesis tries to provide practical recommendations on how we can better protect job applicants’ privacy while respecting employers’ legitimate interests in knowing their future employees.

求職者

隱私權

資訊隱私權

就業所需

個資法

反歧視法

job applicant

privacy

informational privacy

job-related

personal information protection act

anti-discrimination law

Dissemina??o e prote??o de informa??es no processo de inova??o tecnol?gica: um estudo do contexto regulat?rio aplicado ao caso brasileiro

Melhado, Jos? Paulo

19 April 2005

Made available in DSpace on 2016-04-04T18:36:24Z (GMT). No. of bitstreams: 1 Jose Paulo Melhado 1.pdf: 1151086 bytes, checksum: 59e50a893f8b1494865193871de36696 (MD5) Previous issue date: 2005-04-19 / This study investigates the protection and dissemination of technological innovation. Patent concession, technology transfer and secrecy are characterized as instruments of power and are analyzed in terms of the role they play in the Brazilian innovation system. At the present time, the growing economic importance associated with information and knowledge basically attached to the innovation technology by concepts given by Science Information framework is widely acknowledged by those who have power over their production and use, and, consequently, determine which social segments are to have access to innovation. National security and defense-related issues are equally relevant when deciding what must be protected or disseminated. The absorption or dissemination of relevant scientific information and innovation technology may be studied from the standpoint of political and economic alternatives related to the faculty of denying access to knowledge foundations. The methodology applied was based on an analysis of the instruments of power legal support and the ways of denial of acess given by the bibliographic survey. It might conclude that the legal adjustment of these instruments aimed at the intermediation of technology and technology learning and protection is necessary. / O presente estudo trata da prote??o e da dissemina??o da inova??o tecnol?gica com base na concess?o de patentes, na transfer?ncia de tecnologia e no segredo como instrumentos de poder para, em seguida, analis?-los ? luz de seu papel nos sistemas de inova??o, no caso brasileiro. Na atualidade, a crescente import?ncia econ?mica atribu?da ? informa??o e ao conhecimento, elementos essencialmente vinculados ? inova??o tecnol?gica por meio das ferramentas conceituais da Ci?ncia da Informa??o, ? plenamente reconhecida por aqueles que det?m o poder sobre a sua produ??o e uso, de forma a determinar condi??es de acesso ao resultado do esfor?o de inova??o para o restante da sociedade. Quest?es de seguran?a e defesa nacional s?o igualmente relevantes na tomada de decis?o sobre o que deve ser protegido ou disseminado. A absor??o ou a difus?o das informa??es de interesse da ci?ncia, tecnologia e inova??o, enfim, podem ser estudadas sob o foco de alternativas pol?ticas e econ?micas que dizem respeito ? faculdade de negar o acesso ao conhecimento. A metodologia de pesquisa utilizada baseou-se na an?lise do contexto legal dos citados instrumentos, relacionando-os a modos de nega??o de acesso identificados no levantamento bibliogr?fico. Tal aplica??o permitiu concluir pela adequa??o legal desses instrumentos a necessidades urgentes de intermedia??o tecnol?gica, aprendizado tecnol?gico e prote??o da informa??o relacionada ? inova??o.

inova??o tecnol?gica

sistema de inova??o

prote??o da informa??o

aprendizado tecnol?gico

patente

transfer?ncia de tecnologia

segredo

technological innovation

innovation system

information protection

technological learning

patent

technology transfer

secrecy

Intelligence Economique et Stratégique : protection et Exploitation des Informations Légales en Europe / Competitive and Strategic Intelligence : protection and Exploitation of Legal Information in Europe

Grèzes, Vincent

04 July 2014

Cette recherche porte sur l’identification des informations légales disponibles sur les entreprises en Europe, l’identification de mesures de protection de ces informations, ainsi que les méthodes utiles à leur exploitation dans une démarche d’intelligence économique et stratégique. Les informations légales sont entendues comme les informations structurelles et comptables des entreprises, soumises à une obligation légale de publicité. Les résultats de cette étude présentent un référentiel des informations légales sur les entreprises en Europe, ainsi qu’en Suisse et en Norvège, et l’analyse des différentes possibilités de protection, de collecte et d’exploitation de ces informations dans une démarche d’intelligence économique et stratégique. / This research focuses on the identification of legal information available on businesses in Europe, the identification of measures able to protect it, and the identification of methods able to exploit it in an economic and strategic intelligence process. Legal information is understood as structural and accounting information about enterprises, subject to legal disclosure requirement. The results of this study present a repository of legal information on companies in Europe, as well as Switzerland and Norway, and the analysis of different options regarding the protection, the collection and the use of this information in an economic and strategic intelligence process.

Intelligence Economique et Stratégique

Veille Stratégique

Informations Légales en Europe

Accessibilité des Informations

Protection des Informations

Exploitation des Informations

Competitive and Strategic Intelligence

Environmental Scanning

Legal Information in Europe

Information Accessibility

Information Protection

Information Exploitation

320

Management of security information in the security industry

Govender, Doraval

06 1900

Incidents, threats and vulnerabilities have the potential to negatively affect an organisation’s assets. Information on these incidents, threats and vulnerabilities are important to security. It is therefore necessary for this security information to be effectively and efficiently managed, so that correct decisions may be made on the implementation of security risk control measures. This study explored the management of security information in the security industry by undertaking the following: • establishing the “status quo” of the collection and analysis of security information and the implementation of security risk control measures in practice; • identifying the nature and extent of problems experienced in the collection and analysis of security information and the implementation of security risk control measures; and the • discovery of a new Security Information Management Model (SIMM). Mixed methods research was used to study the management of security information in the security industry. The explorative research design was used for this purpose. Semi-structured and focus group interviews were conducted with senior security managers and operational security officers, respectively. The grounded theory research design was used to analyse the qualitative data in order to generate a substantive grounded theory. The theory is that security officers operate without a standardised framework to manage security information. The data from the semi-structured and the focus group interviews were used to design a questionnaire to conduct a survey using the quantitative approach. The non-experimental research design was used to conduct this self-administered questionnaire survey. The data from this questionnaire survey helped validate and confirm the substantive grounded theory. The study found that there was the need for a Security Information Management Model to manage security information in the security industry. Based on this finding the researcher recommended a new Security Information Management Model for the management of security information in the security industry. / Criminology and Security Science / D. Litt. et Phil. (Criminology)

Security industry

Security information

Threat

Vulnerability

Incident

Information protection

Sharing of information

352.3790968

Criminal investigation -- South Africa

Crime analysis -- South Africa

Evidence, Criminal -- South Africa