• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 329
  • 95
  • 95
  • 83
  • 15
  • 13
  • 11
  • 9
  • 9
  • 8
  • 7
  • 5
  • 3
  • 2
  • 2
  • Tagged with
  • 872
  • 872
  • 233
  • 215
  • 182
  • 152
  • 132
  • 131
  • 106
  • 98
  • 98
  • 94
  • 90
  • 86
  • 85
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
11

Management of operational risks related to information security in financial organizations

Mehmood, Furhan, Rafique, Rajia January 2010 (has links)
<p><strong>Date</strong>: 30<sup>th</sup> May 2010</p><p><strong>Authors</strong>: Rajia Rafique, Furhan Mehmood</p><p><strong>Tutor:</strong> Dr. Michael Le Duc, Dr. Deepak Gupta</p><p><strong>Title:</strong> Management of Operational Risks related to Information Security in Financial Organizations</p><p><strong>Introduction: </strong>Information security is very significant for organizations, especially for financial organizations where customer information and their satisfaction are considered the most important assets for financial organizations. Therefore customer information must be sustained from information security breaches in order to satisfy customers. Financial organizations use their customer’s information several times a day to deal with different operations. These operations contain several types of risks. Operational risks related to information security are becoming sensational for financial organizations. Financial organizations concentrate to reduce the exposure of operational risk related to information security because these risks can affect the business to a great extent. Financial organizations need such policies and techniques which can be used to reduce the exposure of operational risk and to enhance information security. Several authors discuss about several types of operational risk related to information security, and several authors discuss about the techniques to avoid these risks in order to enhance information security.</p><p><strong>Problem:</strong> Investigate the concept of Operational Risks related to Information Security and how it is perceived in Financial Organization?<strong><em> </em></strong></p><p><strong>Purpose: </strong>The aspiration of writing this report is to describe and analyze operational risks related to information security in financial organizations and then to present some suggestions in form of polices or techniques which can be used by financial organizations to enhance their information security.</p><p><strong>Method:</strong> Since the type of our thesis is Qualitative based, therefore exploratory research approach is used to carry out research. Authors tried to use secondary source of information as well as primary source of information in order to get maximum knowledge about the topic and to come up with maximum possible output.</p><p><strong>Target Audience</strong></p><p>The target audience in our mind for this paper consists of both, academic readers and professionals who have interest and some knowledge about information security and operational risks. Target audience for this research work includes professionals, academic readers and both investigated organizations (NCCPL and CDC).</p><p><strong>Conclusion</strong></p><p>By critically analyzing the literature written by various authors and the worthy information provided by our primary sources gave us the opportunity to develop a solution to keep the operations secure from risks and to fix the current problems related to information security. We found that there are different types of operational risks related to information security which can affect the business of financial organizations and there are various techniques which can be used by financial organizations to solve the current issue related to operational risks in order to enhance information security. It was also found that top management in financial organizations is interested in issues about information security operational risk and they showed their keen interest in adopting new effective techniques.</p><p><strong>Keywords:</strong> Information Security, Information Security Risks, Operational Risks, Operational Risk Management, Operational Risks in Financial Organizations.</p>
12

Management of operational risks related to information security in financial organizations

Mehmood, Furhan, Rafique, Rajia January 2010 (has links)
Date: 30th May 2010 Authors: Rajia Rafique, Furhan Mehmood Tutor: Dr. Michael Le Duc, Dr. Deepak Gupta Title: Management of Operational Risks related to Information Security in Financial Organizations Introduction: Information security is very significant for organizations, especially for financial organizations where customer information and their satisfaction are considered the most important assets for financial organizations. Therefore customer information must be sustained from information security breaches in order to satisfy customers. Financial organizations use their customer’s information several times a day to deal with different operations. These operations contain several types of risks. Operational risks related to information security are becoming sensational for financial organizations. Financial organizations concentrate to reduce the exposure of operational risk related to information security because these risks can affect the business to a great extent. Financial organizations need such policies and techniques which can be used to reduce the exposure of operational risk and to enhance information security. Several authors discuss about several types of operational risk related to information security, and several authors discuss about the techniques to avoid these risks in order to enhance information security. Problem: Investigate the concept of Operational Risks related to Information Security and how it is perceived in Financial Organization? Purpose: The aspiration of writing this report is to describe and analyze operational risks related to information security in financial organizations and then to present some suggestions in form of polices or techniques which can be used by financial organizations to enhance their information security. Method: Since the type of our thesis is Qualitative based, therefore exploratory research approach is used to carry out research. Authors tried to use secondary source of information as well as primary source of information in order to get maximum knowledge about the topic and to come up with maximum possible output. Target Audience The target audience in our mind for this paper consists of both, academic readers and professionals who have interest and some knowledge about information security and operational risks. Target audience for this research work includes professionals, academic readers and both investigated organizations (NCCPL and CDC). Conclusion By critically analyzing the literature written by various authors and the worthy information provided by our primary sources gave us the opportunity to develop a solution to keep the operations secure from risks and to fix the current problems related to information security. We found that there are different types of operational risks related to information security which can affect the business of financial organizations and there are various techniques which can be used by financial organizations to solve the current issue related to operational risks in order to enhance information security. It was also found that top management in financial organizations is interested in issues about information security operational risk and they showed their keen interest in adopting new effective techniques. Keywords: Information Security, Information Security Risks, Operational Risks, Operational Risk Management, Operational Risks in Financial Organizations.
13

Biometrics - Evaluation of Current Situation

Zahidi, Salman January 2011 (has links)
Information security has always been a topic of concern in the world as an emphasis on new techniques to secure the identity of a legitimate user is regarded as top priority. To counter such an issue, we have a traditional way of authentication factors “what you have” and “what you know” in the form of smart cards or passwords respectively. But biometrics is based on the factor “who are you” by analyzing human physical or behavioral characteristics. Biometrics has always been an efficient way of authorization and is now considered as a $1500 million industry where fingerprints dominate the biometrics while iris is quickly emerging as the most desirable form of biometric technique.The main goal of this thesis is to compare and evaluate different biometrics techniques in terms of their purpose, recognition mechanism, market value and their application areas. Since there are no defined evaluating criteria, my method of evaluation was based on a literature survey from internet, books, IEEE papers and technical surveys. Chapter 3 is focused on different biometrics techniques where I discuss them briefly but in chapter 4, I go deeper into Iris, fingerprints, facial techniques which are prominent in biometrics world. Lastly, I had a general assessment of the biometrics, their future growth and suggested specific techniques for different environment like access controls, e-commerce, national ids, and surveillance.
14

Enterprise Information Security - Backup Systems Planning and Practice

Lin, Gary 05 July 2002 (has links)
It is well understood that competitiveness is the foundation of business. Efficient information acquisition, distribution and protection proves to not only improve business¡¦ competitiveness but also extend business value to both business partners and customers. Consequently, Information Security has been the rigorous and sustaining challenge to the business. Thanks to the booming evolution of information technology, business nowadays has proliferated it widely for business operations. Sept 11 catastrophe in US has brought to business a significant yet unforeseen impact ¡V information security reassessment on both backup systems and disaster recovery planning. This document aims at exploring the status quo of domestic enterprises in this regard as well as possible obstacles of the implementation. Through field research and thorough understanding, we¡¦ve observed the differentiation among the industries we investigated. Meanwhile, we hoped to come out some solid recommendations and awareness to the business by applying generally acknowledged standard ¡V BS7799 rules and policies. With that in mind, enterprises then would be able to move themselves faster toward globalization. For a long time, IT professionals tend to use tape or jukebox as primary data backup media. Today, we can only rely on those tools for alternatives. By current working field, I¡¦m taking the advantage by introducing high-level technologic system frameworks, practices and experiences from international key players in this field. Enterprises are also recommended to start the ¡§BIA ¡V Business Impact Analysis¡¨ to outline a proper DR and Contingency Plan for the sake of substantial and continual support to business interests and long-term benefits!
15

Challenges, collaborative interactions, and diagnosis performed by IT security practitioners : an empirical study

Werlinger, Rodrigo 11 1900 (has links)
This thesis investigates four different aspects of information security management: challenges faced by security practitioners, interactive collaborations among security practitioners and other stakeholders, diagnostic work performed by security practitioners during the response to incidents, and factors that impact the adoption of an intrusion detection system in one organization. Our approach is based on qualitative analyzes of empirical data from semi-structured interviews and participatory observation. For each theme under study, the contributions of the qualitative analysis are twofold. First, we provide a richer understanding of the main factors that affect the security within organizations. Second, equipped with this richer understanding, we provide recommendations on how to improve security tools, along with opportunities for future research. Our findings contribute to the understanding of the human, organizational, and technological factors that affect security in organizations and the effectiveness of security tools. Our work also highlights the need for continued refinement of how factors interplay by obtaining more rich data (e.g., contextual inquiry), and the need to generalize and validate these findings through other sources of information to study how these factors interplay (e.g., surveys).
16

Challenges, collaborative interactions, and diagnosis performed by IT security practitioners : an empirical study

Werlinger, Rodrigo 11 1900 (has links)
This thesis investigates four different aspects of information security management: challenges faced by security practitioners, interactive collaborations among security practitioners and other stakeholders, diagnostic work performed by security practitioners during the response to incidents, and factors that impact the adoption of an intrusion detection system in one organization. Our approach is based on qualitative analyzes of empirical data from semi-structured interviews and participatory observation. For each theme under study, the contributions of the qualitative analysis are twofold. First, we provide a richer understanding of the main factors that affect the security within organizations. Second, equipped with this richer understanding, we provide recommendations on how to improve security tools, along with opportunities for future research. Our findings contribute to the understanding of the human, organizational, and technological factors that affect security in organizations and the effectiveness of security tools. Our work also highlights the need for continued refinement of how factors interplay by obtaining more rich data (e.g., contextual inquiry), and the need to generalize and validate these findings through other sources of information to study how these factors interplay (e.g., surveys).
17

Cultivating and assessing information security culture

Da Veiga, Adele 24 April 2009 (has links)
The manner in which employees perceive and interact (behave) with controls implemented to protect information assets is one of the main threats to the protection of such assets and the effective use of information security controls. Should the interaction not be conducive to the protection of the information assets, it could have a profound impact on the profit of an organisation, productive working hours could be lost, confidential information might be disclosed to unauthorised people and compliance with legal and regulatory regulations could be affected - all this, despite the fact that adequate technical and procedural controls might be in place. Current research highlights the importance of a strong information security culture to address the threat that employee behaviour poses to the protection of information assets. Various research perspectives propose how an acceptable level of information security culture should be cultivated, and how to assess this culture to determine whether it is on an acceptable level. These approaches are however not adequate to cultivate information security culture, as all the relevant information security components and the influences on the information security culture have to be considered. This leads to the question as to whether the assessment instruments proposed to assess the information security culture are indeed adequate and valid. The main contribution of this research relates to the development of an information security culture framework and process consisting of an assessment instrument to assess information security culture. In order to develop the information security culture framework, the researcher developed a Comprehensive Information Security Framework (CISF) that equips organisations with a holistic approach to the implementation of information security. The framework provides a single point of reference for the governance of information security. The Information Security Culture Framework (ISCF) is developed using the CISF as foundation. The ISCF can be used by organisations to cultivate an information security culture conducive to the protection of information assets. It considers all the components required for information security culture, namely information security, organisational culture and organisational behaviour. It integrates the aforementioned concepts and illustrates the influence between the components. The ISCF further serves as a basis for designing an information security culture assessment instrument. This instrument is incorporated as part of an Information Security Culture Assessment process (lSCULA) defined by the researcher. ISCULA provides management with the steps to conduct an information security culture assessment, as well as the steps to validate the assessment instrument. The application of ISCULA is tested in an empirical study conducted in an organisation. It illustrates how to validate an information security culture assessment instrument by ensuring that it is designed based on the ISCF and meets the statistical requirements for a valid and reliable assessment instrument. Both the ISCF and the ISCULA process can ultimately be deployed by organisations to minimise the threat that employee behaviour poses to the protection of information assets. / Thesis (PhD)--University of Pretoria, 2009. / Computer Science / unrestricted
18

Challenges, collaborative interactions, and diagnosis performed by IT security practitioners : an empirical study

Werlinger, Rodrigo 11 1900 (has links)
This thesis investigates four different aspects of information security management: challenges faced by security practitioners, interactive collaborations among security practitioners and other stakeholders, diagnostic work performed by security practitioners during the response to incidents, and factors that impact the adoption of an intrusion detection system in one organization. Our approach is based on qualitative analyzes of empirical data from semi-structured interviews and participatory observation. For each theme under study, the contributions of the qualitative analysis are twofold. First, we provide a richer understanding of the main factors that affect the security within organizations. Second, equipped with this richer understanding, we provide recommendations on how to improve security tools, along with opportunities for future research. Our findings contribute to the understanding of the human, organizational, and technological factors that affect security in organizations and the effectiveness of security tools. Our work also highlights the need for continued refinement of how factors interplay by obtaining more rich data (e.g., contextual inquiry), and the need to generalize and validate these findings through other sources of information to study how these factors interplay (e.g., surveys). / Applied Science, Faculty of / Electrical and Computer Engineering, Department of / Graduate
19

Near Real-time Risk Assessment Using Hidden Markov Models

Pak, Charles 01 January 2011 (has links)
Business objectives and methods in an organization change periodically. Their supporting Information Systems (ISs) change even more dynamically for various reasons: system upgrades, software patches, routine maintenance, and intentionally or unintentionally induced attacks. Unless regular, routine, and timely risk assessments are conducted, changes in IS risks may never be noticed. Risk assessments need to be performed more frequently and faster in order to discover potential threats and to determine the changes that must be made to corporate computing environments to address them. Furthermore, conducting risk assessments on organizational assets can be time consuming, burdensome, and misleading in many cases because of the dynamically changing security states of assets. In theory, each asset can change its security states from one of secure, mitigated, vulnerable, or compromised. However, the secure state is only temporary and imaginary; it may never exist. Therefore, it is more accurate to say that each asset changes its security state from mitigated, vulnerable, or compromised. If we can predict an asset's future security state based on its current security state, we would have a good indicator of risk for the organization's mission-critical assets. Similarly, if risk factors of each mission critical asset could be quantified in near real-time, a risk assessment could be valuable in informing organizational stakeholders of the level of risk of their mission critical assets, which would then aid in their risk mitigation decisions. Quantifying organizational IS risk factors could be meaningful to an organization because quantifying risk levels could prompt a solution space in mitigating risks. In this research, we introduce an effective risk assessment using hidden Markov models (HMMs) in order to predict future security states and to quantify dynamically changing organizational IS assets by exploring possible security states from an insider user's perspective. HMMs have been used in many scientific fields to predict future states based on current states. Using these models, organizational mission critical assets could be assessed for their risk levels in a near real-time basis to determine the future risk level of each dynamically changing asset due to internally or externally induced threats.
20

Discovery and Evaluation of Finite State Machines in Hardware Security

Geist, James 01 January 2023 (has links) (PDF)
In the decades since the invention of the integrated circuit (IC), IC's have become ubiquitous, complex, and networked. High transistor density and the low cost of production at scale have made it economically feasible to use complex custom IC's in almost any engineering application. While IC's provide a powerful tool for solving many engineering problems, the low cost comes from outsourcing production and reusing existing design components. Both of these dependencies introduce security risk; unwanted functionality may be inserted either from opaque third party libraries used in a design or by any outside vendor involved in the fabrication process. As it is far easier to verify that specified functionality works as intended than to discover unwanted functionality, verifying that a design has not been tampered with is an important, difficult problem. In stateful designs, Finite State Machines (FSM's) choreograph the operation of the design. With knowledge of the primary inputs and the current state, an FSM instructs other subsystems what to do next. Given this central role, an FSM is an obvious target for malicious exploitation. A bad actor can add states to an FSM that may only be entered via a non-obvious sequence of inputs; these states may then leak information via a side channel, or corrupt operation of the device in a denial of service attack. Such exploitation can be avoided both proactively and reactively. This dissertation introduces methods for discovering, extracting, modifying, and analyzing FSM's in post-compilation netlists. Such netlists may be acquired either in house directly after a design is compiled, or recovered by microscopy techniques post-fabrication. This dissertation introduces several methods applicable to the problem. In order to study FSM's in a netlist, the FSM's must first be located. One method to find FSM's is to search for the control signals which drive it. A proposed algorithm for discovering control signals, RELIC-FUN, provides more accurate results than other algorithms on specific designs. Once an FSM is discovered, state transition enumeration is key to comparing the FSM's behavior to the original design. This dissertation introduces two new tools, RECUT and REFSM-SAT, which provide significantly better performance than existing enumeration algorithms. Noting that FSM's, both structurally and semantically, are graph theoretical constructs, a new graphical environment, NetViz, is introduced. NetViz is an environment for hardware security which allows chaining of analysis algorithms and graphical display of, and interaction with, analysis results. Finally, an existing logic locking algorithm, SANSCrypt, is shown to be insecure due to structural FSM analysis techniques.

Page generated in 0.1357 seconds