Global ETD Search

111	An Examination of an Information Security Framework Implementation Based on Agile Values to Achieve Health Insurance Portability and Accountability Act Security Rule Compliance in an Academic Medical Center: The Thomas Jefferson University Case Study Reis, David W. 01 January 2012 (has links) Agile project management is most often examined in relation to software development, while information security frameworks are often examined with respect to certain risk management capabilities rather than in terms of successful implementation approaches. This dissertation extended the study of both Agile project management and information security frameworks by examining the efficacy of implementing a security framework using a nontraditional project management approach. Such an investigation is significant because of the high rate of failed IT projects, gaps in the current security framework implementation literature, and increased regulatory pressure on Health Insurance Portability and Accountability (HIPAA)-covered entities to become compliant with the HIPAA Security Rule. HIPAA-covered entities have struggled to achieve HIPAA compliance since the Act's enforcement date. Specifically, academic medical centers have struggled to achieve and authoritatively document their compliance with the HIPAA Security Rule. To aid HIPAA-covered entities in confirming and documenting their HIPAA Security Rule compliance, the HITRUST Alliance has published the Common Security Framework. Thomas Jefferson University selected the Common Security Framework to help them assess and document their HIPAA Security Rule compliance. However, there is a documented gap in the literature on successful methods for implementing information security-related projects, particularly HIPAA compliance. In this single-case case study, the author examined the implementation of an Information Security Framework based on Agile values. Specifically examined were the values of (a) individuals and interactions over processes and tools; (b) working software over comprehensive documentation; (c) customer collaboration over contract negotiation; and (d) responding to change over following a plan. The results of this investigation indicated that an information security framework implementation based on Agile values is a viable approach for successfully implementing the Common Security Framework at an academic medical center. Agile HIPAA HITRUST Information Security Project Management Computer Sciences
112	Detection of Deviations From Authorized Network Activity Using Dynamic Bayesian Networks Ewell, Cris Vincent 01 January 2011 (has links) This research addressed one of the hard problems still plaguing the information security profession; detection of network activity deviations from authorized accounts when the deviations are similar to normal network activity. Specifically, when user and administrator type accounts are used for malicious activity, harm can come to the organization. Accurately modeling normal user network activity is hard to accomplish and detecting misuse is a complex problem. Much work has been done in the past with intrusion detection systems, but being able to detect masquerade events with high accuracy and low false alarm rates continues to be an issue. Bayesian networks have been successfully used in the past to reason under certainty by combining prior knowledge with observed data. The use of dynamic Bayesian Networks, such as multi-entity Bayesian network, extends the capability and can address complex problems. The goal of the research was to extend previous research with multi-entity Bayesian networks along with discretization methods to improve the effectiveness of the detection rate while maintaining an acceptable level of false positives. Preprocessing continuous variables has proven effective in prior research but has not been applied to multi-entity Bayesian networks in the past. Five different discretization methods were used in this research. Analysis using receiver operating characteristic curves, confusion matrix, and other comparison methods were completed as part of this research. The results of the research demonstrated that a multi-entity Bayesian network model based on multiple data sources and the relationship between the user attributes could be used to detect unauthorized access to data. The supervised top down discretization methods had better performance related to the overall classification accuracy. Specifically, the class-attribute interdependence maximization discretization method outperformed the other four discretization methods. When compared to previous masquerade detection methods, the class-attribute interdependence maximization discretization method had a comparable true positive rate with a lower false positive rate. Bayesian Networks Information Security Intrusion Detection Computer Sciences
113	Detecting Objective-C Malware through Memory Forensics Case, Andrew 13 May 2016 (has links) Memory forensics is increasingly used to detect and analyze sophisticated malware. In the last decade, major advances in memory forensics have made analysis of kernel-level malware straightforward. Kernel-level malware has been favored by attackers because it essentially provides complete control over a machine. This has changed recently as operating systems vendors now routinely enforce driving signing and strategies for protecting kernel data, such as Patch Guard, have made userland attacks much more attractive to malware authors. In this thesis, new techniques for detecting userland malware written in Objective-C on Mac OS X are presented. As the thesis illustrates, Objective-C provides a rich set of APIs that malware uses to manipulate and steal data and to perform other malicious activities. The novel memory forensics techniques presented in this thesis deeply examine the state of the Objective-C runtime, identifying a number of suspicious activities, from keystroke logging to pointer swizzling. Memory Forensics Objective-C Malware Analysis Incident Response Information Security
114	Capturing and Analyzing Network Traffic from Common Mobile Devices for Security and Privacy Overton, Billy 01 May 2014 (has links) Mobile devices such as tablets and smartphones are becoming more common, and they are holding more information. This includes private information such as contacts, financial data, and passwords. At the same time these devices have network capability with access to the Internet being a prime feature. Little research has been done in observing the network traffic produced by these mobile devices. To determine if private information was being transmitted without user knowledge, the mobile capture lab and a set of procedures have been created to observe, capture and analyze the network traffic produced by mobile devices. The effectiveness of the lab and procedures has been evaluated with the analysis of four common mobile devices. The data analyzed from the case studies indicates that, contrary to popular opinion, very little private information is transmitted in clear text by mobile devices without the user’s knowledge. security mobile traffic analysis traffic capture Information Security Systems Architecture
115	An Analysis of Faculty and Staff's Identification of Malware Threats Quesinberry, Malora 01 August 2016 (has links) This document presents findings related to faculty and staff member’s ability to identify malware threats. This study involved discovering the most common incidents of malware threats to higher education systems. From this research, eight categories of malware were identified to be the most common threats to higher education systems. This document also describes the impact of malware intrusions on higher education systems to emphasis the importance of recognizing malware threats. Faculty and staff members at a midsize southeastern university were presented with realistic scenarios to determine the ability to identify malware threats. The results indicate malware categories such as virus, Trojan, browser hijacker, adware, and ransomware were identifiable by faculty and staff. Additionally, the findings demonstrate malware threats in the worm, spyware, and rootkit categories were difficult for faculty and staff members to identify. A recommendation for educating faculty and staff members to better identify malware threats in the less identified categories was proposed to help mitigate future malware intrusions. Future recommendations include investigating new types of malware risks and students’ awareness, or recognition of malware threats and solutions for mitigating these risks. information technology information security security awareness Technology and Innovation
116	File Fragment Classification Using Neural Networks with Lossless Representations Hiester, Luke 01 May 2018 (has links) This study explores the use of neural networks as universal models for classifying file fragments. This approach differs from previous work in its lossless feature representation, with fragments’ bits as direct input, and its use of feedforward, recurrent, and convolutional networks as classifiers, whereas previous work has only tested feedforward networks. Due to the study’s exploratory nature, the models were not directly evaluated in a practical setting; rather, easily reproducible experiments were performed to attempt to answer the initial question of whether this approach is worthwhile to pursue further, especially due to its high computational cost. The experiments tested classification of fragments of homogeneous file types as an idealized case, rather than using a realistic set of types, because the types of interest are highly application-dependent. The recurrent networks achieved 98 percent accuracy in distinguishing 4 file types, suggesting that this approach may be capable of yielding models with sufficient performance for practical applications. The potential applications depend mainly on the model performance gains achievable by future work but include binary mapping, deep packet inspection, and file carving. Artificial Intelligence and Robotics Information Security Other Computer Sciences
117	An Analysis of the Size and Impact of Digital Footprints Maxwell, Whitney Nielsen 01 December 2017 (has links) Personal information available online is known as a digital footprint. While many have a digital footprint, few if any, know what it encapsulates or how to control it. Technology and personal information are becoming more intertwined as technology becomes more integrated with everyday activities. Personal information can be defined as details that apply to a person such as race or shopping habits. Shopping habits are considered personal information by many corporations who spend money to track, or even predict purchases of individuals, whereas more traditional forms of personal information are details like gender, birthdate, and home town. With a wide breadth of personal information available, not all of it is equally valuable or personally unique. This project is dedicated to determining the content and size of a digital footprint, and assessing its impact for an individual by defining the discoverability of that content. information security digital footprint personal information information privacy Systems Engineering
118	MULTI-WAY COMMUNICATION SYSTEM Chinnam, S. 01 March 2017 (has links) Videoconferencing is increasingly becoming a trend worldwide in applications where clients need to access lectures, meeting proceedings, communicating with family and friends etc. It provides a platform enabling the visual, audio and video communication between clients. The aim of this project is to utilize the open source Java software to build a desktop application enabling communication between clients. When a user needs to transfer a secured file, it’s unsafe to send it using social networking sites because of lack of security. So, with the “Multi-Way Communication System” (MWCS) we resolve some security issues. The MWCS is a highly secure way for file transfer, text and video conferencing. Multi-Way Computer Sciences Information Security Other Computer Sciences
119	Smartphone User Privacy Preserving through Crowdsourcing Rashidi, Bahman 01 January 2018 (has links) In current Android architecture, users have to decide whether an app is safe to use or not. Expert users can make savvy decisions to avoid unnecessary private data breach. However, the majority of regular users are not technically capable or do not care to consider privacy implications to make safe decisions. To assist the technically incapable crowd, we propose a permission control framework based on crowdsourcing. At its core, our framework runs new apps under probation mode without granting their permission requests up-front. It provides recommendations on whether to accept or not the permission requests based on decisions from peer expert users. To seek expert users, we propose an expertise rating algorithm using a transitional Bayesian inference model. The recommendation is based on aggregated expert responses and their confidence level. As a complete framework design of the system, this thesis also includes a solution for Android app risks estimation based on behaviour analysis. To eliminate the negative impact from dishonest app owners, we also proposed a bot user detection to make it harder to utilize false recommendations through bot users to impact the overall recommendations. This work also covers a multi-view permission notification design to customize the app safety notification interface based on users' need and an app recommendation method to suggest safe and usable alternative apps to users. Smartphone Security Privacy Recommendation Crowdsourcing Information Security Theory and Algorithms
120	Successful Operational Cyber Security Strategies for Small Businesses Barosy, Wileen 01 January 2019 (has links) Cybercriminals threaten strategic and efficient use of the Internet within the business environment. Each year, cybercrimes in the United States cost business leaders approximately $6 billion, and globally, $445 billion. The purpose of this multiple case study was to explore the operational strategies chief information security officers of high-technology companies used to protect their businesses from cyberattacks. Organizational learning theory was the conceptual framework for the study. The population of the study was 3 high-technology business owners operating in Florida who have Internet expertise and successfully protected their businesses from cyberattacks. Member checking and methodological triangulation were used to valid the data gathered through semistructured interviews, a review of company websites, and social media pages. Data were analyzed using thematic analysis, which supported the identification of 4 themes: effective leadership, cybersecurity awareness, reliance on third-party vendors, and cybersecurity training. The implications of this study for positive social change include a safe and secure environment for conducting electronic transactions, which may result in increased business and consumer confidence strengthened by the protection of personal and confidential information. The creation and sustainability of a safe Internet environment may lead to increased usage and trust in online business activities, leading to greater online business through consumer confidence and communication. Chief Information Security Officers Cyberattacks Small Businesses Business

Search results