Global ETD Search

21	A Study of the Implementation, Maintenance and Continual Improvement of an Information Security Management System / En studie av implementering, underhåll och kontinuerlig förbättring av ledningssystemför informationssäkerhet ÖBERG, MIKAELA January 2016 (has links) The high adoption rate of cloud computing technology is changing the strategic, operational and functional aspects of businesses. Though, as cloud computing is seeing massive global investment, the vast concentration of resources and information argues for new sources of vulnerabilities and challenges for the cloud computing adopters. Hence, the cloud computing technology is argued to see its full potential once solid information security is established. There has been a palpable development of theories, guidelines and standards of how to implement, maintain and continually improve a security information management system. The outcome has resulted in recognized standards. However, the comprehensiveness and the complexity to implement, maintain and continually improve a security information management system remain. Therefore, this study aimed to investigate how cloud computing oriented firms succeed with the realization of an information security management system. This was done by identifying frameworks and processes used by cloud computing oriented organizations. information security management system cloud computing awareness tools Economics and Business Ekonomi och näringsliv
22	A Security Solution on Availability for Next Generation Telecommunication Networks Management Information Systems Wu, Ming-Yi 04 September 2009 (has links) With the development of the internet protocol (IP) and digitization for the global telecommunication industry, the convergence rate of communications and broadcasting has been improved. According to these motives, the domestic telecommunication industry modify present commercial operation managements and combine with the communication networks, the fixed-mobile communication (FMC) networks, and the mobile communication networks into the all-internet protocol (all-IP) communication network structure based on the extended upgrade communication network system. The domestic telecommunication industry expect that the integrated heterogeneous network, including the speech data, the video data, and the communication services, which can provide the omnipresent customizable mobile communication network services and obtain the advance business opportunities in terms of the future development of digital convergence. Hence, the domestic telecommunication industry not only build the next generation network structure to satisfy their demands, but also develop the management information system (MIS) to monitor the operation of telecommunication networks for ensure the quality of communication services and achieve the development of next generation networks. A primary consideration is to assure the usability of MIS for the telecommunication industry and the customers based on the profit rates and the omnipresent mobile network services, respectively¡C However, the current status of the telecommunication industry that meet the many difficult challenges and problems to construct the next generation MIS. For examples, the all-IP-based open network structure will be used instead of the close network structure, the different generation telecommunication systems combine with the operation and maintenance information system, the information security incident, and so on. It is must to consider highly of these situations between the major links above. Otherwise, the service usability of MIS will be destroyed. In this thesis, we adopt the case study approach to analyze the MIS construction process of the domestic telecommunication operator. During the build process, the MIS construction of next generation telecommunication networks must to suffice for the flexibility, the safety, and the stabilization and need to make sure the critical mission on stable operation condition, the lower service interruption, the higher usability. The implementation of the next generation MIS, which will help support the crucial operation procedure of the conglomerate and cope with the fast variation of the market demands. availability next generation network management information system Information Security Management System telecommunication networks security solution
23	Information Security Management: The Study of Lithuanian State Institutions / Informacijos saugumo valdymas: Lietuvos Respublikos valstybės institucijų atvejis Jastiuginas, Saulius 27 December 2012 (has links) Growing information security cases and scope illustrate that the relevance of information security issues becomes critical and present information security means are not sufficient enough to manage information security. Narrow comprehension of information security merely as technological problem is broadened by the research results of economic, managerial, psychological, legal and other related aspects’ influence to information security. Information is named as the object of information security management in this thesis, and new information security management solutions are searched in the information management sciences. Critical analysis of information management and information security management links, was established a theoretical basis to form an integral information security management model. Integral information security management model, constructed at a theoretical level, shows a complex approach towards information security, integrates information management and information security management. Integral information security management model allows indentifying information security management weaknesses in the Lithuanian State institutions, rectifying deficiencies, provide an integrated and efficient information security management. A practical research and obtained results grounded the constructed model’s applicability both for further theoretical academic research and for practical application in the Lithuanian State institutions. / Nuolat augantys informacijos saugumo incidentų atvejai ir mastai iliustruoja, kad informacijos saugumo problemų aktualumas tampa kritinis, o esamos informacijos saugumo valdymo priemonės nėra pakankamos informacijos saugumui valdyti. Siaurą informacijos saugumo, kaip technologinės problemos, supratimą plečia ekonominių, vadybinių, psichologinių, teisinių ir kitų susijusių aspektų įtaka informacijos saugumui. Disertacijoje teigiama, kad informacijos saugumo valdymo objektas yra informacija, todėl informacijos saugumui valdyti pasitelktini informacijos vadybos metodai ir būdai. Identifikavus ir kritiškai įvertinus informacijos vadybos bei informacijos saugumo valdymo diskursų sąsajas sukurtas teorinis pagrindas suformuoti integralų informacijos saugumo valdymo modelį. Teoriniame lygmenyje sukonstruotas integralus informacijos saugumo valdymo modelis atskleidžia kompleksinį požiūrį į informacijos saugumą, integruoja informacijos vadybą ir informacijos saugumo valdymą bei leidžia identifikuoti informacijos saugumo valdymo Lietuvos valstybės institucijose trūkumus, o šiuos trūkumus pašalinus, užtikrinti kompleksišką ir efektyvų informacijos saugumo valdymą. Empirinis tyrimas ir gauti rezultatai pagrindė teoriniame lygmenyje sukonstruoto modelio pritaikomumą tiek tolesniems teoriniams moksliniams tyrimams, tiek praktinėje Lietuvos valstybės institucijų veikloje. Communication and Information Information security Information security management Information management State institutions Informacijos saugumas Informacijos saugumo valdymas Informacijos vadyba Valstybės institucijos
24	Enhancing information security in organisations in Qatar Al-Hamar, Aisha January 2018 (has links) Due to the universal use of technology and its pervasive connection to the world, organisations have become more exposed to frequent and various threats. Therefore, organisations today are giving more attention to information security as it has become a vital and challenging issue. Many researchers have noted that the significance of information security, particularly information security policies and awareness, is growing due to increasing use of IT and computerization. In the last 15 years, the State of Qatar has witnessed remarkable growth and development of its civilization, having embraced information technology as a base for innovation and success. The country has undergone tremendous improvements in the health care, education and transport sectors. Information technology plays a strategic role in building the country's knowledge-based economy. Due to Qatar s increasing use of the internet and connection to the global environment, it needs to adequately address the global threats arising online. As a result, the scope of this research is to investigate information security in Qatar and in particular the National Information Assurance (NIA) policy. There are many solutions for information security some technical and some non-technical such as policies and making users aware of the dangers. This research focusses on enhancing information security through non-technical solutions. The aim of this research is to improve Qatari organisations information security processes by developing a comprehensive Information Security Management framework that is applicable for implementation of the NIA policy, taking into account Qatar's culture and environment. To achieve the aim of this research, different research methodologies, strategies and data collection methods will be used, such as a literature review, surveys, interviews and case studies. The main findings of this research are that there is insufficient information security awareness in organisations in Qatar and a lack of a security culture, and that the current NIA policy has many barriers that need to be addressed. The barriers include a lack of information security awareness, a lack of dedicated information security staff, and a lack of a security culture. These barriers are addressed by the proposed information security management framework, which is based on four strategic goals: empowering Qataris in the field of information security, enhancing information security awareness and culture, activating the Qatar National Information Assurance policy in real life, and enabling Qatar to become a regional leader in information security. The research also provides an information security awareness programme for employees and university students. At the time of writing this thesis, there are already indications that the research will have a positive impact on information security in Qatar. A significant example is that the information security awareness programme for employees has been approved for implementation at the Ministry of Administrative Development Labour and Social Affairs (ADLSA) in Qatar. In addition, the recommendations proposed have been communicated to the responsible organisations in Qatar, and the author has been informed that each organisation has decided to act upon the recommendations made.
25	Portais de governo eletrônico em Municípios do Estado da Paraíba: análise sob a óptica da segurança da informação Sena, Alnio Suamy de 02 August 2017 (has links) Submitted by Fernando Souza (fernando@biblioteca.ufpb.br) on 2017-10-04T11:56:00Z No. of bitstreams: 1 arquivototal.pdf: 3127385 bytes, checksum: 642b4f5b14587b1f9a6e45fb220f1cec (MD5) / Made available in DSpace on 2017-10-04T11:56:00Z (GMT). No. of bitstreams: 1 arquivototal.pdf: 3127385 bytes, checksum: 642b4f5b14587b1f9a6e45fb220f1cec (MD5) Previous issue date: 2017-08-02 / Electronic government can be characterized as the use of Information and Communication Technologies by public administration as support for internal government processes and the delivery of government products and services to citizens and industry in a fast and efficient way. It is essential that e-government prevents unauthorized access to ensure that Integrity, Availability and Confidentiality, basic principles of information security, are protected from electronic threats on the Internet. These threats place information assets at constant risk by taking advantage of the various vulnerabilities in the virtual environment where e-government is inserted. Thus, this research aimed to analyze the possible vulnerabilities in egovernment portals of the municipalities of Paraíba State. The 50 municipalities that represent the largest share of the Gross Domestic Product (GDP) of the state of Paraíba were considered as the research population. From these, it was possible to analyze the portals of 40. This research was characterized as a descriptive research, with a Quantitative approach. In order to collect data, we used Nestparker software, a vulnerability scanner whose function is to track and identify vulnerabilities in Web applications. As a result, 822 vulnerabilities were found, of which 15% are Critical and 15% High Criticality. In addition, 10% of the vulnerabilities were classified as Medium Criticality, which, in addition to other vulnerabilities with higher impacts, represents a scenario with more than 40% vulnerabilities found in the portals of the municipalities analyzed. Such vulnerabilities have the potential to allow malicious elements to negatively impact the continuity of the service. In addition to identifying the vulnerabilities of electronic security in e-government portals in the State of Paraíba, this research indicated how to correct the identified problems, which allows public managers to take actions that aim to minimize security breaches and the adoption of security strategies as well as the implementation of an information security policy. / O governo eletrônico pode ser caracterizado como a utilização das Tecnologias de Informação e Comunicação, pela administração pública, como apoio aos processos internos do governo e a entrega de produtos e serviços governamentais aos cidadãos e à indústria de forma célere e eficiente. É fundamental que o governo eletrônico se previna de acessos indevidos a fim de garantir que a Integridade, a Disponibilidade e a Confidencialidade, princípios basilares da segurança da informação, sejam protegidas de ameaças eletrônicas presentes na Internet. Essas ameaças colocam os ativos de informação em constante risco ao se aproveitarem das diversas vulnerabilidades existentes no ambiente virtual onde está inserido o governo eletrônico. Dessa forma, essa pesquisa analisa as possíveis vulnerabilidades existentes em portais de governo eletrônico em municípios do Estado da Paraíba. A população da pesquisa foram os 50 municípios que representam maior participação para a composição do Produto Interno Bruto (PIB) do Estado da Paraíba, sendo possível analisar os portais de 40 municípios. Esta pesquisa caracterizou-se como uma pesquisa descritiva, com abordagem quantitativa. Para a coleta dos dados utilizou-se o software Nestparker, um scanner de vulnerabilidades que tem como função rastrear e identificar vulnerabilidades em aplicações Web. Como resultado, foram encontradas 822 vulnerabilidades, das quais 15% são Críticas e 15% de Alta Criticidade. Além disso, 10% das vulnerabilidades foram classificadas como de Média Criticidade, o que, somada às outras vulnerabilidades de maiores impactos, representa um cenário com mais de 40% de vulnerabilidades encontradas nos portais dos municípios analisados. Tais vulnerabilidades tem o potencial de permitir que elementos mal-intencionados causem impactos negativos relevantes à continuidade do serviço. Essa pesquisa indicou, também, como corrigir os problemas identificados, o que pode permitir aos gestores públicos efetuarem ações que visem minimizar falhas de segurança e a adoção de estratégias de segurança, bem como a implantação de uma política de segurança da informação. Governo Eletrônico Gestão da segurança da informação Scanner de vulnerabilidades Electronic Government Information security management Vulnerability scanner CIENCIAS HUMANAS::EDUCACAO
26	Information Classification in Swedish Governmental Agencies : Analysis of Classification Guidelines Anteryd, Fredrik January 2015 (has links) Information classification deals with the handling of sensitive information, such as patient records and social security information. It is of utmost importance that this information is treated with caution in order to ensure its integrity and security. In Sweden, the Civil Contingencies Agency has established a set of guidelines for how governmental agencies should handle such information. However, there is a lack of research regarding how well these guidelines are followed as well as if the agencies have made accommodations of these guidelines of their own. This work presents the results from a survey sent to 245 governmental agencies in Sweden, investigating how information classification actually is performed today. The questionnaire was answered by 144 agencies and 54 agencies provided detailed documents of their classification process. The overall results show that the classification process is difficult, while those who provided documents proved to have good guidelines, but not always consistent with the existing recommendations. Information Security Management Systems Information Classification Classification Guidelines ISO/IEC 27000 Governmental agencies Computer and Information Sciences Data- och informationsvetenskap
27	Strategie pro rozvoj vzdělávání v oblasti bezpečnosti ICT na vysokých školách / Strategy for the development of education in the field of ICT security at universities Sulanová, Monika January 2017 (has links) The thesis deals with the problems of education in ICT security experts at universities in order to design a strategy for the development of education in present degree courses that dealing with this issue. The theoretical part focuses on the definition of ICT security and to familiarize the reader with the basic concepts of information security management and management of cyber security and gives an overview of the overall development of ICT security and the current trends in this area. It also describes the current situation on the labor market in relation to ICT security and the education of professionals in this field and characterizes the existing recommendations for education in ICT security. Practical part focuses on analyzing the current education ic ICT security and on analyzing the knowledge and skills requirements of the labor market to professionals in this area. Defines the basic professional role and knowledge domains that should be covered by this role. In the analytical part they are evaluated current profiles of graduates Master's degree programs focused on this area in order to find gaps in the knowledge base of graduates based on the requirements of the labor market and the existing recommendations. The results of the analysis are input to define a strategy on education in ICT security, which gives basic recommendations on how to eliminate the shortcomings.
28	Možnosti zajištění informační bezpečnosti pomocí definice standardního chování zaměstnanců / Options to ensure information security by defining a standard behavior of employees Dvořák, Martin January 2009 (has links) Continually the number of transactions carried out electronically via the internet has grown, as well as the number of users of IT (information technology). In the same way are accruing transactions that may be at risk in terms of information security as well as an increasing number of security incidents threatening financial gain or thefts of sensitive information. Attackers carried out attacks in order to make financial gains using more sophisticated methods, sophisticated not only using information technology but also using social engineering techniques. This growing trend is known about by governments and measures are being taken to help increase the information security of the state. This is evidenced by the fact that the European Parliament recently approved the following Directive Directive of the European parliament and of the council concerning measures to ensure a high common level of network and information security across the Union and the ensuing law on cyber security (Act No. 181/2014 Coll.) adopted by the Parliament of the Czech Republic in the summer of 2014. This act orders organizations which are maintaining critical infrastructure to implement a system to evaluate cybersecurity events (user behavior). So far no unified approach to implement such systems has been defined. Author defines standardized methodology for implementation of systems which evaluate user behavior with focus on optimization of data which these systems have to process to ensure their efficient functionality.
29	Návrh průmyslového řešení ISMS / Design of Industrial Solutions ISMS Havlík, Michal January 2017 (has links) Thesis deals with industrial solutions of ISMS mainly network infrastructure. First introduction into theoretical background of the thesis. Further analysis of the current situation in the company and its evaluation. Consequently, the design of solution done to meet the standards of ISO / IEC 27000.
30	Návrh zavedení řízení bezpečnosti informací s důrazem na budování bezpečnostního povědomí v příspěvkové organizaci / Proposal to introduce information security management with emphasis on building security awareness in a contributory organisation Chudoba, David January 2019 (has links) The thesis deals with the information security management system in the organization together with building of security awareness among employees. The theme is focused on the custom made proposal for a contributory organization in which personal and sensitive data are being processed. In the process of controlled change, the individual steps of the design will be gradually implemented in order to increase the security and bring the ongoing processes in the organization into line with the requirements of the GDPR.

Search results