Spelling suggestions: "subject:"forminformation 2security "" "subject:"forminformation bsecurity ""
61 |
Employees' Role in Improving Information Systems SecurityAliti, Admirim, Akkaya, Deniz January 2011 (has links)
Information security is one of the most essential concerns in today’s organizations. IT departments in larger organizations are tasked to implement security, by both ensuring to have pertinent hardware and software, and likewise enlighten, teach and educate organization’s employees about security issues. The aim of this research is to focus on the human factor of the organization, which impacts the security of the information, since technological solutions of technical problems become incomprehensible without human recognition about security. If the security is not addressed in firms, this might lead to essential data of the organization to be compromised. This study explores ways to enhance information security and improve the human factor by integrating the crucial information security elements in organizations. Social constructivist worldview is adopted throughout the study, and an inductive based - qualitative approach, a single case study design and hermeneutical analysis for analyzing the observations and interviews are utilized. The research setting for this study is Växjö Municipality in Sweden. The empirical investigation suggests that human factor plays an essential role in maintaining information security, and organizations can improve employees’ role by keeping their security policies up to date and find the best ways to disseminate that information. As a result, this research comes up with “information security human management model” for organizations.
|
62 |
Prevention is better than cure! Designing information security awareness programs to overcome users' non-compliance with information security policies in banksBauer, Stefan, Bernroider, Edward, Chudzikowski, Katharina 17 April 2017 (has links) (PDF)
In organizations, users' compliance with information security policies (ISP) is crucial for minimizing information security (IS) incidents. To improve users' compliance, IS managers have implemented IS awareness (ISA) programs, which are systematically planned interventions to continuously transport security information to a target audience. The underlying research analyzes IS managers' efforts to design effective ISA programs by comparing current design recommendations suggested by scientific literature with actual design practices of ISA programs in three banks. Moreover, this study addresses how users perceive ISA programs and related implications for compliant IS behavior. Empirically, we utilize a multiple case design to investigate three banks from Central and Eastern Europe. In total, 33 semi-structured interviews with IS managers and users were conducted and internal materials of ISA programs such as intranet messages and posters were also considered. The paper contributes to IS compliance research by offering a comparative and holistic view on ISA program design practices. Moreover, we identified influences on users' perceptions centering on IS risks, responsibilities, ISP importance and knowledge, and neutralization behaviors. Finally, the study raises propositions regarding the relationship of ISA program designs and factors, which are likely to influence users' ISP compliance.
|
63 |
Shaping information security behaviors related to social engineering attacksRocha Flores, Waldo January 2016 (has links)
Today, few companies would manage to continuously stay competitive without the proper utilization of information technology (IT). This has increased companies’ dependency of IT and created new threats that need to be addressed to mitigate risks to daily business operations. A large extent of these IT-related threats includes hackers attempting to gain unauthorized access to internal computer networks by exploiting vulnerabilities in the behaviors of employees. A common way to exploit human vulnerabilities is to deceive and manipulate employees through the use of social engineering. Although researchers have attempted to understand social engineering, there is a lack of empirical research capturing multilevel factors explaining what drives employees’ existing behaviors and how these behaviors can be improved. This is addressed in this thesis. The contribution of this thesis includes (i) an instrument to measure security behaviors and its multilevel determinants, (ii) identification of multilevel variables that significantly influence employees’ intent for behavior change, (iii) identification of what behavioral governance factors that lay the foundation for behavior change, (iv) identification that national culture has a significant effect on how organizations cope with behavioral information security threats, and (v) a strategy to ensure adequate information security behaviors throughout an organization. This thesis is a composite thesis of eight papers. Paper 1 describes the instrument measuring multilevel determinants. Paper 2 and 3 describes how security knowledge is established in organizations, and the effect on employee information security awareness. In Paper 4 the root cause of employees’ intention to change their behaviors and resist social engineering is described. Paper 5 and 8 describes how the instrument to measure social engineering security behaviors was developed and validated through scenario-based surveys and phishing experiments. Paper 6 and 7 describes experiments performed to understand reason to why employees fall for social engineering. Finally, paper 2, 5 and 6 examines the moderating effect of national culture. / <p>QC 20160503</p>
|
64 |
Explaining policy differences as a function of diverse governance institutionsFlowers, Jim David 27 May 2016 (has links)
This study asks the question: “How does the structure of cybersecurity policy relate to differences in structure of policy governance of universities and colleges?” The study has three objectives. First, the study seeks to add to the body of knowledge concerning the relationship between the structure of cybersecurity policy processes and the security policies developed by those processes. Second, the study seeks to demonstrate the usefulness of the Institutional Grammar Tool, Rules Configurations, and other methods employed to analyze institutional configurations. Third, the study seeks to provide pragmatic suggestions for cybersecurity practitioners to systematically identify deficiencies in policy structure that contribute to less than optimum outcomes. Research on this question is necessary as no integrative framework exists for describing or predicting how organizations adopt and implement cyber security policy. The study proposes such a framework by integrating an ideal model for cyber security governance with the principles of the Institutional Analysis and Design framework (IAD). Four research universities of the University System of Georgia are subjected to a cross-case comparison of information security policies. Interviews and policy documents provide a database of institutional statements that are analyzed using IAD methods and tools.
Prior research suggests that elements of policy structure, such as how the policy fits the organization’s objectives and culture, are linked to policy effectiveness. Research also suggests that how those elements of policy structure reflect external threats and organizational factors are determined by how the cybersecurity policy development is integrated into the governance of university wide policy.
In addition to demonstrating the utility of an integrated approach to studying the problem of creating effective policy, findings demonstrate how a well-integrated cybersecurity governance structure provides better fit, constructs policies of appropriate scope, and is more likely to include the components of governance necessary for policy effectiveness. Findings also suggest that policy form, the readability of policy, may be improved if the documents are analyzed using the institutional grammar tools suggested by the IAD and if collaboration with users and managers to construct policy is encouraged. The capability of the methods employed by the study to identify deficiencies in cyber security governance structure that are manifested in less effective policy outcomes may aid policy makers as they strive to develop policy solutions to an ever changing security threat
|
65 |
Non-intrusive continuous user authentication for mobile devicesKaratzouni, Sevasti January 2014 (has links)
The modern mobile device has become an everyday tool for users and business. Technological advancements in the device itself and the networks that connect them have enabled a range of services and data access which have introduced a subsequent increased security risk. Given the latter, the security requirements need to be re-evaluated and authentication is a key countermeasure in this regard. However, it has traditionally been poorly served and would benefit from research to better understand how authentication can be provided to establish sufficient trust. This thesis investigates the security requirements of mobile devices through literature as well as acquiring the user’s perspectives. Given the findings it proposes biometric authentication as a means to establish a more trustworthy approach to user authentication and considers the applicability and topology considerations. Given the different risk and requirements, an authentication framework that offers transparent and continuous is developed. A thorough end-user evaluation of the model demonstrates many positive aspects of transparent authentication. The technical evaluation however, does raise a number of operational challenges that are difficult to achieve in a practical deployment. The research continues to model and simulate the operation of the framework in an controlled environment seeking to identify and correlate the key attributes of the system. Based upon these results and a number of novel adaptations are proposed to overcome the operational challenges and improve upon the impostor detection rate. The new approach to the framework simplifies the approach significantly and improves upon the security of the system, whilst maintaining an acceptable level of usability.
|
66 |
An analysis of the impact of emerging technology on organisations’ internal controls11 September 2013 (has links)
M.Comm. (Computer Auditing) / This study presents an evaluation of emerging information communication technology (ICT) solutions to the security internal control systems in South African organisations. Information systems have enabled companies to communicate more efficiently, gain competitive advantage and get a larger market share. These information systems therefore need to be protected securely as they are the vehicles and containers for critical information assets in decision-making processes. Therefore, this research study seeks to provide an overview of the emerging ICT solutions used to conduct business transactions, and share and communicate information. It identifies and analyses the new security risk associated with the emerging technology, and, finally, outlines the ICT security frameworks that can be used to identify, assess and evaluate organisations‟ security internal controls.
|
67 |
An Examination of a Virtual Private Network Implementation to Support a Teleworking Initiative: The Marcus Food Company Inc. Case StudyFerguson, Jason 01 January 2010 (has links)
In this dissertation, the author examined the capabilities of virtual private networks (VPNs) in supporting teleworking environments for small businesses in the food marketing sector. The goal of this research was to develop an implementation model for small businesses in the food marketing sector that use a VPN solution to support teleworker access to corporate resources. The author conducted a case study of the Marcus Food Company (MFC) VPN implementation in conjunction with the system development life cycle (SDLC) methodology to achieve this objective.
The SDLC methodology was used to support the planning, design, and implementation of the MFC VPN. The SDLC consists of five phases. For Phase 1, the Research Phase, the author examined the business requirements for a VPN, conducted a survey of MFC employees, and performed participant observation. In Phase 2, the Analysis Phase, the author analyzed the data collected during Phase 1 to facilitate the development of a requirements list. Next, in Phase 3, the Logical Design Phase, the author designed and developed standardized diagrams of the MFC VPN implementation. In Phase 4, the Physical Design Phase, the author identified specific processes, procedures, and technologies. For Phase 5, the Implementation Phase, the author described the implementation processes for the MFC VPN initiative. Finally, the author analyzed and interpreted the data collected and then reported the results of the research.
The findings from this investigation demonstrate that the SDLC methodology was a framework for planning, designing, and implementing a secure and reliable VPN solution to support teleworking. Utilizing the SDLC methodology resulted in thorough documentation, including a review of in-place network documentation, results from a survey, prioritized functional and nonfunctional requirements lists, logical design diagram, and specific hardware/software components and configurations. Using the findings from the case study and SDLC methodology, the MFC VPN implementation model is presented. The MFC implementation model may be used in small businesses, of a size similar to MFC, in which VPN initiatives are being considered.
|
68 |
Categorization of Large Corpora of Malicious SoftwareKura, Deekshit 20 December 2013 (has links)
Malware is computer software written by someone with mischievous or, more usually, malicious and/or criminal intent and specifically designed to damage data, hosts or networks. The variety of malware is increasing proportionally with the increase in computers and we are not aware of newly emerging malware. Tools are needed to categorize families of malware, so that analysts can compare new malware samples to ones that have been previously analyzed and determine steps to detect and prevent malware infections.
In this thesis, I developed a technique to catalog and characterize the behavior of malware, so that malware families, the level of potential threat, and the effects of malware can be identified. Combinations of complementary techniques, including third-party tools, are integrated to scan and illustrate how malware may harm a target machine, search for related malware behavior, and organize malware into families, based on a number of characteristics.
|
69 |
Informationssäkerhet : en undersökning om säkerhetsarbetet bland företag i Dals-EdBengtsson, Jenny, Olsson, Jenny January 2003 (has links)
No description available.
|
70 |
Secret sharing using artificial neural networkAlkharobi, Talal M. 15 November 2004 (has links)
Secret sharing is a fundamental notion for secure cryptographic design. In a secret sharing scheme, a set of participants shares a secret among them such that only pre-specified subsets of these shares can get together to recover the secret. This dissertation introduces a neural network approach to solve the problem of secret sharing for any given access structure. Other approaches have been used to solve this problem. However, the yet known approaches result in exponential increase in the amount of data that every participant need to keep. This amount is measured by the secret sharing scheme information rate. This work is intended to solve the problem with better information rate.
|
Page generated in 0.1091 seconds