18 December 2015
Abstract Microsoft’s Windows Operating System provides a logging service that collects, filters and stores event messages from the kernel and applications into log files (.evt and .evtx). Volatility, the leading open source advanced memory forensic suite, currently allows users to extract these events from memory dumps of Windows XP and Windows 2003 machines. Currently there is no support for users to extract the event logs (.evtx) from Windows Vista, Win7 or Win8 memory dumps, and Volatility users have to rely on outside software in order to do this. This thesis discusses a newly developed evtxlogs.py plugin for Volatility, which allows users the same functionality with Windows Vista, Win7 and Win8 that they had with Windows XP and Win 2003’s evtlogs.py plugin. The plugin is based on existing mechanisms for parsing Windows Vista-format event logs, but adds fully integrated support for these logs to Volatility.
It is commonly acknowledged that using Internet applications is an integral part of an individual’s everyday life, with more than three billion users now using Internet services across the world; and this number is growing every year. Unfortunately, with this rise in Internet use comes an increasing rise in cyber-related crime. Whilst significant effort has been expended on protecting systems from outside attack, only more recently have researchers sought to develop countermeasures against insider attack. However, for an organisation, the detection of an attack is merely the start of a process that requires them to investigate and attribute the attack to an individual (or group of individuals). The investigation of an attack typically revolves around the analysis of network traffic, in order to better understand the nature of the traffic flows and importantly resolves this to an IP address of the insider. However, with mobile computing and Dynamic Host Control Protocol (DHCP), which results in Internet Protocol (IP) addresses changing frequently, it is particularly challenging to resolve the traffic back to a specific individual. The thesis explores the feasibility of profiling network traffic in a biometric-manner in order to be able to identify users independently of the IP address. In order to maintain privacy and the issue of encryption (which exists on an increasing volume of network traffic), the proposed approach utilises data derived only from the metadata of packets, not the payload. The research proposed a novel feature extraction approach focussed upon extracting user-oriented application-level features from the wider network traffic. An investigation across nine of the most common web applications (Facebook, Twitter, YouTube, Dropbox, Google, Outlook, Skype, BBC and Wikipedia) was undertaken to determine whether such high-level features could be derived from the low-level network signals. The results showed that whilst some user interactions were not possible to extract due to the complexities of the resulting web application, a majority of them were. Having developed a feature extraction process that focussed more upon the user, rather than machine-to-machine traffic, the research sought to use this information to determine whether a behavioural profile could be developed to enable identification of the users. Network traffic of 27 users over 2 months was collected and processed using the aforementioned feature extraction process. Over 140 million packets were collected and processed into 45 user-level interactions across the nine applications. The results from behavioural profiling showed that the system is capable of identifying users, with an average True Positive Identification Rate (TPIR) in the top three applications of 87.4%, 75% and 61.9% respectively. Whilst the initial study provided some encouraging results, the research continued to develop further refinements which could improve the performance. Two techniques were applied, fusion and timeline analysis techniques. The former approach sought to fuse the output of the classification stage to better incorporate and manage the variability of the classification and resulting decision phases of the biometric system. The latter approach sought to capitalise on the fact that whilst the IP address is not reliable over a period of time due to reallocation, over shorter timeframes (e.g. a few minutes) it is likely to reliable and map to the same user. The results for fusion across the top three applications were 93.3%, 82.5% and 68.9%. The overall performance adding in the timeline analysis (with a 240 second time window) on average across all applications was 72.1%. Whilst in terms of biometric identification in the normal sense, 72.1% is not outstanding, its use within this problem of attributing misuse to an individual provides the investigator with an enormous advantage over existing approaches. At best, it will provide him with a user’s specific traffic and at worst allow them to significantly reduce the volume of traffic to be analysed.
01 June 2019
We currently live in a day and age where nearly everyone uses electronic devices and connects to the web. Whether it be from a desktop, laptop, or smartphone, staying connected and having information at your fingertips is easier than ever. Although technology has become so intermingled with our daily lives, the idea around security is not as momentous as it should be. As mentioned by the Multi-State Information Sharing and Analysis Center (MS-ISAC), “based on recent statistics, the average unprotected computer can be compromised in a matter of minutes. The majority of individuals who thought their computers were safe…were wrong.” (MS-ISAC 2) This paper specifically investigates what types of security practices individuals in Southern California are aware of, how much of these practices are actively implemented and how can we not only further spread awareness, but also keep them engaged in these practices. This study shows that most of the participants feel confident about their level of knowledge regarding basic cyber security practices. Similarly, they were also confident in their active and frequent implementation of security practices. Nonetheless, it is imperative that implementing security measures become an active part of people’s behavior. As technology and interconnectedness continues to grow, security will only become even more at risk. Since it is a difficult task to change the behavior of people, this study suggests the best route is to begin consistently teaching people at a young age. By doing so, many of these practices can become embedded within people and nearly function as second nature as they mature. Although this suggestion does not focus on security awareness and implementation on those individuals who currently use smartphones, computers, and other devices, it is a sure way of ensuring the future populations become more engaged in understanding the importance of security measures and practice them.
Armstrong, Helen L.
The key theme of this research is the planning and management of information security and in particular, the research focuses on the involvement of information stakeholders in this process. The main objective of the research is to study the ownership of, and acceptance of responsibility for, information security measures by stakeholders having an interest in that information.
Information Security Service Industry - EverGreen International Development Co Ltd.. - Entrepreneur Case StudyHsu, Yu-Tsung 07 September 2004 (has links)
With the increasing number of enterprises which provides e-business via Internet and the complex of information system, Information Security becomes more and more important to a company. Information Security not only can improve a company¡¦s information system but also can protect its information asset. It becomes a basic element for e-business. In addition, since information today goes beyond boundaries, a company may face the threat of being attacked by hackers or virus all the time. Maintaining system operation and protecting internal information become an essential issue to a company. Due to this new trend, Information Security Service Industry becomes one of the newly developed industries. At present, a company has the urgent need of adopting information technology to increase competitive advantages. The importance of Information Security is increasing day by day. This research mostly focuses on Taiwan Information Security Service Industry which is still lack of research literatures. The research uses a local Information Security Service company as its research target. Case study, field observation, and reading company¡¦s related materials help to understand how entrepreneurs analyze environment and evaluate opportunities, required resources, threats, and key success/failure factors. The research mainly focuses on how environment and opportunities analysis, entrepreneur team and organization structure, product strategy and operating model, consumers and market, product competitive advantage and implementation influence a company¡¦s success.
08 October 2004
There are many studies about information security, but merely limited in the technologic and managerial fields. The purpose of this research is to discover information security advertisement in two ways ¡V the time trends and the advertising presentation. The research uses the content analysis with four variances ¡V time, category of products, type of enterprises, and targeted customers to analyze information security advertisement on computer magazines in the past ten years (1994~2003). According to research findings, there are some obvious changes in category of product, appeal strategy, amount of advertising message, topic reply and brand image in time trends. On the other hand, picture-headline effect, proportion structure, appeal strategy, presentation type, and brand image have apparent differences in advertising presentation. It can be concluded to eight findings from research results: 1.¡¨product¡¨ is always the main marketing objective; 2.advertising presentation is from ration to emotion; 3.follow the ¡§product life period¡¨ and ¡§advertising strategy¡¨ rule; 4.the amount of topic reply has gradually decreased; 5.different advertising purposes have different advertising presentation; 6.¡§expression of safety¡¨ is primary objective; 7.huge amounts of image usage; 8.the amount of advertising messages in information security advertisement is more than other types of advertisements.
25 July 2009
The internet network and e- commerce become more and more popular currently. Various applications of the network and services already become the indispensable important tools to most enterprises, such as the application of e mail , to establish the entry website of company, installing server to provide employees with information sharing, etc.. As the internet network providing the convenience and business opportunity , as well as e commerce be further developed, all of such IT applications created unbelievable values to enterprises. However, the security of the internet network becomes an endless issues. The external attacks , such as the electronic virus , the worm, special Lip river depends on the hobbyhorse ( Trojan Horse), procedure of back door, spy's software, the network hacker's depend event and activities have never been stopped. From which, the enterprises suffered with great losses. Therefore, the IT people of company are requested to develop and installed a suitable protection system to guarantee the security of company information assets. The case company specified in my paper is the biggest ISP in Taiwan. It owns more than three millions of customers. The company also provides its over 20,000 staffs with internal network and management network equipment for conducting routine jobs. The network and information security concerns are more complicated than that of regular commercial companies. This research will discuss the management & Network Security planning of this company from the structure and system views. Not only to create potential benefit of rigid information Security for existing network, but also to offer IT planning people with valuable reference as they are performing the related works.
Australian Universities increasingly rely on Information Technology (IT) systems for essential business operations, including administration, teaching, learning and research. Applying information security to university IT systems is strategically important to maintaining overall business continuity in universities. However, the process of effectively implementing information security management in the university sector is challenging for security practitioners. University environments consist of a cultural mix of academic freedoms, student needs and compliance mandates. Consequently, unique and divergent demands are placed on securing and accessing university IT systems. This research undertook a qualitative based exploratory analysis of information security management in Australian universities. The aims and objectives of the research (represented as the research questions) were to determine: 1) What is the current status of information security management practices in the Australian university sector? 2) What are the key issues and influencing factors surrounding the effectiveness of information security management practices? 3) How could improvements in information security management be achieved? The findings from the research led to a comprehensive and insightful examination of the current status, issues and challenges facing information security practitioners in Australian universities. The research findings culminated in the development of a Security Practitioner's Management Model. An essential aim of the model is to assist security practitioners to successfully implement and progress information security in the Australian university environment. The research improves current understanding of information security issues and reinforces the pertinence of information security management as a strategically important business function for Australian universities.
Empathy in Security: The Effect of Personalized Awareness and Training Initiatives on Information Security Attitude and Behavioral IntentionDonaldson, Jacob 19 May 2021 (has links)
No description available.
14 December 2013
The purpose of this present study is to understand the role of habit in information security behaviors. The automatic aspect of habit and its impact on secure behavior and the intention-behavior relationship was explored in this dissertation through the lens of protection motivation theory. Three secure behaviors were selected for the investigation after following a rigorous process to identify habitual secure behaviors. The three behaviors that were investigated are: locking the PC when leaving it unattended, verifying the recipient email addresses before sending email and visiting only verified websites. Separate pilot studies were conducted for each of the behaviors followed by a main investigation. Habit was measured with a first-order reflective and second-order formative scale that captured the multidimensional aspects of habit: Lack of Awareness, Uncontrollability and Mental Efficiency. Data were collected for each of the behaviors separately via separate online surveys using Amazon Mechanical-Turk. The results of the data analyses indicate that habit significantly influence the performance of secure behavior while negatively moderating the intention-behavior relationship for each of the three behaviors. The findings also confirm that when certain behaviors are habitual, the cognitive resources needed to make decisions on performing behavior reduce. Several alternate models were analyzed as a part of the post hoc phase of the study. The findings of this study provide several contributions to the IS research and practice. This study investigated the role of habit in an information security context using a second-order formative scale. The findings indicate that habit play a significant role in the performance of secure behaviors and verifies the relationship between intention and behavior in an information security context. The findings provide directions to organizations in understanding habits of their employees and to foster positive habits while breaking negative habits. The findings of this study provide several future research directions and highlight the importance of further exploration of habit in an information security context.
Page generated in 0.0996 seconds