Spelling suggestions: "subject:"forminformation technology - 2security"" "subject:"forminformation technology - bsecurity""
11 |
Signature schemes in single and multi-user settingsUnknown Date (has links)
In the first chapters we will give a short introduction to signature schemes in single and multi-user settings. We give the definition of a signature scheme and explain a group of possible attacks on them. In Chapter 6 we give a construction which derives a subliminal-free RSA public key. In the construction we use a computationally binding and unconditionally hiding commitment scheme. To establish a subliminal-free RSA modulus n, we have to construct the secret primes p and q. To prove p and q are primes we use Lehmann's primality test on the commitments. The chapter is based on the paper, "RSA signature schemes with subliminal-free public key" (Tatra Mountains Mathematical Publications 41 (2008)). In chapter 7 a one-time signature scheme using run-length encoding is presented, which in the random oracle model offers security against chosen-message attacks. For parameters of interest, the proposed scheme enables about 33% faster verification with a comparable signature size than a construction of Merkle and Winternitz. The public key size remains unchanged (1 hash value). The main cost for the faster verification is an increase in the time required for signing messages and for key generation. The chapter is based on the paper "A one-time signature using run-length encoding" (Information Processing Letters Vol. 108, Issue 4, (2008)). / by Viktoria Villanyi. / Thesis (Ph.D.)--Florida Atlantic University, 2009. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2009. Mode of access: World Wide Web.
|
12 |
The institutionalisation of an information security culture in a petroleum organisation in the Western CapeMichiel, Michael January 2018 (has links)
Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2018. / In today’s world, organisations cannot exist without having information readily available. The protection of information relies not only on technology but also on the behaviour of employees. The failure to institutionalise an information security culture inside an organisation will cause the continued occurrence of security breaches. The aim of the research is to explore how an information security culture can be institutionalised within a petroleum organisation in the Western Cape. The primary research question is posed as follows: “What are the factors affecting the institutionalisation of an information security culture?” To answer the research question, a study was conducted at a petroleum organisation in the Western Cape. A subjectivist ontological and interpretivist epistemological stance has been adopted and an inductive research approach was followed. The research strategy was a case study. Data for this study were gathered through interviews (12 in total) using semi-structured questionnaires. The data collected were transcribed, summarised, and categorised to provide a clear understanding of the data. For this study, twenty-four findings and seven themes were identified. The themes are: i) user awareness training and education; ii) user management; iii) compliance and monitoring; iv) change management; v) process simplification; vi) communication strategy; and vii) top management support. Guidelines are proposed, comprising four primary components. Ethical clearance to conduct the study was obtained from the Ethics committee of CPUT and permission to conduct the study was obtained from the Chief Information Officer (CIO) of the petroleum organisation. The findings point to collaboration between employees, the Information Security department, and management in order to institute a culture of security inside the organisation.
|
13 |
Information security risk management in the South African small, medium and micro enterprise environmentVan Niekerk, Liesel 07 July 2008 (has links)
The small, medium and micro enterprise (SMME) environment of South Africa contributes 42% to the national gross domestic product. This is a high number for a largely under-regulated environment. The corporate governance and IT governance standards that apply to South African companies are not feasible for SMMEs, and neither are they enforced, although 80% of failures of SMMEs are attributable to lack of enterprise management skill. The first objective of this dissertation is to examine the South African SMME, and in so doing determine whether local regulatory standards can be used for this unique enterprise formation. The second objective of this dissertation is to determine whether international methodologies for information security risk management, as an inclusive of IT governance, may be used in the unique local SMME formation. The result of these two objectives creates a gap in a typical information security risk management methodology that is suitable for the South African regulatory and economic environment for SMMEs. A model has been created as a possible answer for filling the gap. The dissertation includes the Peculium Model, which answers the regulatory and economic requirements that resulted from the second objective. The Model allows the small enterprise a simple but effective method for managing risks to its information assets, with the control of corporate governance and IT governance included in its framework. The Model answers the methods for identifying and assessing risk in a tradition-based but feasible new qualitative technique. / Labuschagne, L., Prof.
|
14 |
Information security in health-care systems: a new approach to IT risk managementSmith, Elmé 16 August 2012 (has links)
Ph.D. / The present study originated from a realisation about the unique nature of the medical domain and about the limitations of existing risk-management methodologies with respect to incorporating the special demands and salient features of the said domain. A further incentive for the study was the long-felt need for proper Information Technology (IT) risk management for medical domains, especially in the light of the fact that IT is playing an ever-greater part in the rendering of health-care services. This part, however, introduces new information-security challenges every day, especially as far as securing sensitive medical information and ensuring patients' privacy are concerned. The study is, therefore, principally aimed at making a contribution to improving IT risk management in the medical domain and, for this reason, culminates in an IT risk-management model specifically developed for and propounded in the medical domain. While developing this model, special care was taken not only to take into consideration the special demands of the said domain when assessing IT risks but also that it would be suited to the concepts, terminology and standards used in and applied to this domain every day. The most important objectives of the study can be summarised as follows: A thorough investigation into modern trends in information security in the medical domain will soon uncover the key role IT is playing in this domain. Regrettably, however, this very trend also triggers a steep increase in IT riskincidence figures, which, in this domain, could often constitute the difference between life and death. The clamant need for effective risk-management methods to enhance the information security of medical institutions is, therefore, self-evident. After having explored the dynamic nature of the medical domain, the requirements were identified for a risk-management model aimed at effectively vi managing the IT risks to be incurred in a typical medical institution. Next, a critical evaluation of current risk-assessment techniques revealed that a fresh approach to IT risk management in medical domains is urgently necessary. An IT risk-management model, entitled "RiMaHCoF" (that is, "Risk Management in Health Care — using Cognitive Fuzzy techniques"), was developed and propounded specifically for the medical domain hereafter. The proposed model enhances IT risk management in the said domain in the sense that it proceeds on the assumption that the patient and his/her medical information constitute the primary assets of the medical institution.
|
15 |
An investigation of ISO/IEC 27001 adoption in South AfricaCoetzer, Christo January 2015 (has links)
The research objective of this study is to investigate the low adoption of the ISO/IEC 27001 standard in South African organisations. This study does not differentiate between the ISO/IEC 27001:2005 and ISO/IEC 27001:2013 versions, as the focus is on adoption of the ISO/IEC 27001 standard. A survey-based research design was selected as the data collection method. The research instruments used in this study include a web-based questionnaire and in-person interviews with the participants. Based on the findings of this research, the organisations that participated in this study have an understanding of the ISO/IEC 27001 standard; however, fewer than a quarter of these have fully adopted the ISO/IEC 27001 standard. Furthermore, the main business objectives for organisations that have adopted the ISO/IEC 27001 standard were to ensure legal and regulatory compliance, and to fulfil client requirements. An Information Security Management System management guide based on the ISO/IEC 27001 Plan-Do-Check-Act model is developed to help organisations interested in the standard move towards ISO/IEC 27001 compliance.
|
16 |
Information security awareness: generic content, tools and techniquesMauwa, Hope January 2007 (has links)
In today’s computing environment, awareness programmes play a much more important role in organizations’ complete information security programmes. Information security awareness programmes are there to change behaviour or reinforce good security practices, and provide a baseline of security knowledge for all information users. Security awareness is a learning process, which changes individual and organizational attitudes and perceptions so that the importance of security and the adverse consequences of its failure are realized. Therefore, with proper awareness, employees become the most effective layer in an organization’s security defence. With the important role that these awareness programmes play in organizations’ complete information security programmes, it is a must that all organizations that are serious about information security must implement it. But though awareness programmes have become increasing important, the level of awareness in most organizations is still low. It seems that the current approach of developing these programmes does not satisfy the needs of most organizations. Therefore, another approach, which tries to meet the needs of most organizations, is proposed in this project as part of the solution of raising the level of awareness programmes in organizations.
|
17 |
The computer incident response framework (CIRF)Pieterse, Theron Anton 10 October 2014 (has links)
M.Com. (Informatics) / A company’s valuable information assets face many risks from internal and external sources. When these risks are exploited and reports on information assets are made public, it is usually easy to determine which companies had a contingency plan to deal with the various aspects of these “computer incidents”. This study incorporates important factors of computer incidents into a framework which will assists the company in effectively dealing and managing computer incidents when they occur.
|
18 |
Region aware DCT domain invisible robust blind watermarking for color images.Naraharisetti, Sahasan 12 1900 (has links)
The multimedia revolution has made a strong impact on our society. The explosive growth of the Internet, the access to this digital information generates new opportunities and challenges. The ease of editing and duplication in digital domain created the concern of copyright protection for content providers. Various schemes to embed secondary data in the digital media are investigated to preserve copyright and to discourage unauthorized duplication: where digital watermarking is a viable solution. This thesis proposes a novel invisible watermarking scheme: a discrete cosine transform (DCT) domain based watermark embedding and blind extraction algorithm for copyright protection of the color images. Testing of the proposed watermarking scheme's robustness and security via different benchmarks proves its resilience to digital attacks. The detectors response, PSNR and RMSE results show that our algorithm has a better security performance than most of the existing algorithms.
|
19 |
Hardware and Software Codesign of a JPEG2000 Watermarking EncoderMendoza, Jose Antonio 12 1900 (has links)
Analog technology has been around for a long time. The use of analog technology is necessary since we live in an analog world. However, the transmission and storage of analog technology is more complicated and in many cases less efficient than digital technology. Digital technology, on the other hand, provides fast means to be transmitted and stored. Digital technology continues to grow and it is more widely used than ever before. However, with the advent of new technology that can reproduce digital documents or images with unprecedented accuracy, it poses a risk to the intellectual rights of many artists and also on personal security. One way to protect intellectual rights of digital works is by embedding watermarks in them. The watermarks can be visible or invisible depending on the application and the final objective of the intellectual work. This thesis deals with watermarking images in the discrete wavelet transform domain. The watermarking process was done using the JPEG2000 compression standard as a platform. The hardware implementation was achieved using the ALTERA DSP Builder and SIMULINK software to program the DE2 ALTERA FPGA board. The JPEG2000 color transform and the wavelet transformation blocks were implemented using the hardware-in-the-loop (HIL) configuration.
|
20 |
Segurança da informação para aplicações interativas no sistema brasileiro de televisão digital : uma metologia baseada em acesso Web Service em aplicações interativas / Information security for interactive applications in brazilian system of digital televisionRibeiro, Thatiane Cristina dos Santos de Carvalho, 1982- 24 August 2018 (has links)
Orientadores: Yuzo Iano, Vicente Idalberto Becerra Sablon / Tese (doutorado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação / Made available in DSpace on 2018-08-24T10:59:20Z (GMT). No. of bitstreams: 1
Ribeiro_ThatianeCristinadosSantosdeCarvalho_D.pdf: 1963833 bytes, checksum: bc17e39ab40793c079ca698ea4b032d1 (MD5)
Previous issue date: 2014 / Resumo: Apresenta-se neste trabalho uma metodologia que permite transmitir com segurança as informações no SBTVD ¿ Sistema brasileiro de Televisão digital. O modelo baseia-se no acesso a web service em aplicações de TVD interativas. A proposta têm como base a proteção da informação, via mecanismos de controle, contra possíveis ameaças ¿ seja por ação intencional, mau uso do aplicativo, defeitos ou falhas na programação ¿ que ocorram onde a informação estiver sendo criada, processada, armazenada ou transmitida. Uma implementação real dos serviços propostos serve como prova do conceito da eficácia no uso da metodologia apresentada. Na avaliação dos resultados realizada foi possível obter uma visão geral da situação atual em que se encontra a gestão da segurança da informação da organização, bem como verificar os pontos que estão de acordo com a normatização e daqueles que necessitam aprimoramentos no SBTVD / Abstract: This paper presents a methodology to securely transmit information in the SBTVD ¿ Brazilian Television Digital System. The model builds on noted access to web service in interactive digital TV applications. The proposal promotes the protection of information, mechanisms for control against possible threats - whether by intentional action, misuse of the application, defects or fail-ures in programming - that occur where information is being created, processed, stored or transmitted. A real implementation of the proposed services serves as proof of concept of the ef-fectiveness in the use of the methodology presented. In the evaluation of the results was performed can get an overview of the current situation that is managing the organization's information security, as well as verification of the points that conform to standards and those that need enhancements in the¿ Brazilian Television Digital System / Doutorado / Telecomunicações e Telemática / Doutora em Engenharia Elétrica
|
Page generated in 0.1102 seconds