Global ETD Search

361	Modeling and Pattern Matching Security Properties with Dependence Graphs Fåk, Pia January 2005 (has links) With an increasing number of computers connected to the Internet, the number of malicious attacks on computer systems also raises. The key to all successful attacks on information systems is finding a weak spot in the victim system. Some types of bugs in software can constitute such weak spots. This thesis presents and evaluates a technique for statically detecting such security related bugs. It models the analyzed program as well as different types of security bugs with dependence graphs. Errors are detected by searching the program graph model for subgraphs matching security bug models. The technique has been implemented in a prototype tool called GraphMatch. Its accuracy and performance have been measured by analyzing open source application code for missing input validation vulnerabilities. The test results show that the accuracy obtained so far is low and the complexity of the algorithms currently used cause analysis times of several hours even for fairly small projects. Further research is needed to determine if the performance and accuracy can be improved. information security static analysis dependence graphs pattern matching Computer Sciences Datavetenskap (datalogi)
362	Medvetenhet kring informationssäkerhet på internet : En kvantitativ jämförelse mellan Sverige och Israel / Information security awareness online : A quantitative comparison between Sweden and Israel Almgren, Olivia, Hoang, Kit Yan January 2017 (has links) The increasing amount of information on the internet entails an increasing need for privacy protection. Information security is becoming a vital part of everyday lives due to digitization. There has been relatively little research on information security awareness, especially from a cultural, age- and knowledge perspective. This study aims to examine and to gain knowledge about information security awareness of users and their view of privacy online. By replicating the method of an israeli research paper by Halperin and Dror (2016), a comparison between Israel and Sweden is possible. Data were collected through surveys and the results show differences and similarities between Sweden and Israel. In particular when looking at age and knowledge. / Den ökade mängden information på internet medför ett ökat behov gällande skyddandet av den personliga integriteten. Digitaliseringen gör att informationssäkerhet blir en vital del av vardagen. Det finns relativt lite forskning om medvetenheten kring informationssäkerhet, ur ett kulturellt, ålders- och kunskapsperspektiv. Den här studien har haft som avsikt att undersöka och få en förståelse för internetanvändares medvetenhet kring informationssäkerhet samt hur de ser på personlig integritet på internet. Studiens metod bygger på en israelisk undersökning av Halperin och Dror (2016). Metodiken har replikerats för att möjliggöra en jämförelse mellan Israel och Sverige. Studiens empiri har samlats in via enkäter. Resultaten visar på att det finns skillnader och likheter mellan Sverige och Israel, framför allt ålders- och kunskapsmässigt. Information security awareness privacy social exclusion Informationssäkerhet medvetenhet personlig integritet socialt utanförskap Media and Communication Technology Medieteknik
363	Gestão de segurança da informação : implementação da Norma BS7799-2:2002 em uma instituição financeira Lessa, Guilherme Gonçalves January 2006 (has links) Na sociedade contemporânea, não há dúvidas sobre a importância, a relevância e o poder que a informação possui. Nas organizações, também são crescentes a sua importância estratégica e os riscos que lhe são associados, bem como a necessidade de uma boa Gestão da Informação. Certos eventos de maiores conseqüências, tais como os ocorridos em 11 de setembro de 2001, nos Estados Unidos da América, apresentaram uma nova realidade relacionada às necessidades de um sistema para a preservação adequada de informações e aos impactos da integridade destas informações sobre a continuidade dos negócios. A partir de preocupações relacionadas a este tema, foram estabelecidos os fundamentos da Segurança da Informação. A presente pesquisa identifica quais as melhores práticas atualmente existentes para uma gestão adequada da Segurança da Informação nas organizações, a partir de um estudo de caso sobre o processo de implementação de um Sistema de Gestão de Segurança de Informação em uma Instituição Financeira de pequeno porte, baseado na norma BS7799-2:2002. Ao final do presente trabalho, será apresentado o modelo genérico resultante desta pesquisa, contendo as etapas e as atividades necessárias para a implementação de um Sistema de Gestão de Segurança de Informação, os principais componentes a serem implementados e alguns dos principais fatores críticos de sucesso desta implementação. / In modern society, there is no doubt upon the importance, the relevance or the power that information possesses. Within organizations, its strategic importance and its associated risks are also growing, as well as the needs for a good Information Managing. Certain events with more significant consequences, such as the ones occurred in September 11, 2001, in the United States of America, have presented a new reality related to the necessity of an adequate system to preserve information, as well as related to this integrity impacts on business continuity. From questions concerning this subject, were established the main points of Information Security. The present research identifies the best current existing practices for an adequate Information Security Management in organizations, from a case study performed on the implementation process of a System of Information Security Management in a small size Financial Institution, based on the norm BS7799-2:2002. At the end of the present work, it will be presented the generic model that resulted from this research, containing the different steps and activities which are necessary for implementing of a System of Information Security Management, and the main components to be implemented, and some of the most critical success factors on this implementation. Gestão da informação Informação : Segurança Tecnologia da informação Estudo de caso Information security BS7799 Risk management Information technology
364	Metodologia para detecção de incoerências entre regras em filtros de pacotes / Methodology for incoherencies identification among packet filters rules Favero, Andre Luis January 2007 (has links) Embora firewall seja um assunto bastante discutido na área de segurança da informação, existem lacunas em termos de verificação de firewalls. Verificações de firewalls têm o intuito de garantir a correta implementação dos mecanismos de filtragem e podem ser realizadas em diferentes níveis: sintaxe das regras; conformidade com a política; e relacionamento entre as regras. Os aspectos referentes a erros de sintaxe das regras são geralmente tratados pela ferramenta de filtragem em uso. O segundo nível, no entanto, depende da existência de uma política formal e documentada, algo não encontrado na maioria das organizações, e de uma metodologia eficaz que, através da entrada da política de segurança e do conjunto de regras de firewall implementado, possa comparálas e apontar as discrepâncias lógicas entre a especificação (política) e a implementação (regras). O último, verificação dos relacionamentos entre regras, não requer qualquer documentação, uma vez que somente o conjunto de regras do firewall é necessário para a identificação de incoerências entre elas.Baseado nessas considerações, este trabalho objetivou o estudo e a definição de uma metodologia para a análise de relacionamentos entre regras, apontando erros e possíveis falhas de configuração. Três metodologias já existentes foram estudadas, analisadas e utilizadas como base inicial para uma nova metodologia que atingisse os requisitos descritos neste trabalho. Para garantir a efetividade da nova metodologia, uma ferramenta protótipo foi implementada e aplicada a três estudos de caso. / Although firewalls are a well discussed issue in the information security field, there are gaps in terms of firewall verification. Firewall verification is aimed at enforce the correct filtering mecanisms implementation and can be executed in three distinct levels: rules syntax, policy compliance and rules relationship. The aspects related to rule syntax errors are usually addressed by the filtering tool in use. However, the second level depends on the existance of a formalized and documented policy, something not usual in most organizations, and on an efficient metodology that, receiving the security policy and the firewall rules set as inputs, could compare them and point logical discrepancies between the specification (policy) and the implementation (rules set). The last level, rules relationship verification, doesn't require any previous documentation, indeed only the firewall rule set is required to conduct a process of rules incoherencies identification. Based on those considerations, this work aimed at studying and defining a methodology for analysis of rules relationships, pointing errors and possible misconfigurations. Three already existent methodologies were studied, analyzed and used as a initial foundation to a new methodology that achieve the requirements described in this work. To assure the effectivity of the new methodology, a prototype tool were implemented and applied to three case studies. Redes : Comunicacao : Dados Seguranca : Redes : Computadores Filtros : Pacotes Firewall Packet filters Incoherence in rules Information security
365	Dominerande affärsmodeller inom området informationssäkerhet / Business models within information security. (Which are the dominant in the area?) Lindell, Joakim, Nilsson, Anders January 2009 (has links) Computers together with Internet have been growing enormously, during the last decade and the area of information technology has been growing in the same speed. As long as the surrounding environment evolves, the business models must within the IT-area, keep the same pace. So, how do business corporations handle this change to attract customers? How do the dominant business models look like? In many cases, they are apparently much the same. But what differences can we see and what areas can be improved? We have showed that the IT area isn’t just one, it consist of several segments. These segments are pretty different but can still in many ways use similar business models. To have a chance to explore existing dominant business models, we decided to simplify existing models. The result of our simplified model showed that “a packaged solution” is one business model that companies utilize in large extent. We could also confirm that education is something that has been left behind. (This was confirmed already 2002 by M. Gustafsson and C. Heed). If companies have the possibility to integrate education in their existing models, they could attain much greater market shares. This work will show what segments information technology consists of and which kind of dominant business models that is in use. It will also provide knowledge for further examinations, which we also see as necessary. Business models Information Security IT-Security Administrative Security Computer Sciences Datavetenskap (datalogi) Business Administration Företagsekonomi
366	Evaluation of Collaborative Reputation System against Privacy-Invasive Software / Utvärdering av Kollaborerande Ryktessystem mot Privacy-Invasive Majeed, Salman January 2007 (has links) As computers are getting integral part of daily lives, threats to privacy and personal information of users are increasing. Privacy-Invasive Software (PIS) is common problem now days. A reputation system named the PISKeeper system has been developed as countermeasure against PIS. This thesis aims at evaluating this system in order to know how and to what extent the PISKeeper system helps users in selecting the right software for their computers. Quantitative approach was adapted to evaluate the PISKeeper system. An experiment was designed and executed on computer users from different age groups and experiences in controlled lab environment. The results have proved that the PISKeeper system helped users in selecting right software for their computer by providing essential information about the specific software and comments from previous users of that software. Apart for evaluating the PISKeeper system, this thesis also aims to suggest improvements for the system. Sometimes PIS is bundled with legitimate software and users are informed about this by stating in End User License Agreement (EULA). Usually the users do not read EULA before accepting it giving consent to whatever written in it. This thesis also aims at suggesting an alternative way to present EULA content so the user may be informed about the behavior of the software in more convenient way. Spyware PISKeeper Privacy Invasive Computer Security Information Security Computer Science Computer Sciences Datavetenskap (datalogi)
367	Information Security Management of Healthcare System Mahmood, Ashrafullah Khalid January 2010 (has links) Information security has significant role in Healthcare organizations. The Electronic Health Record (EHR) with patient’s information is considered as very sensitive in Healthcare organization. Sensitive information of patients in healthcare has to be managed such that it is safe and secure from unauthorized access. The high-level quality care to patients is possible if healthcare management system is able to provide right information in right time to right place. Availability and accessibility are significant aspects of information security, where applicable information needs to be available and accessible for user within the healthcare organization as well as across organizational borders. At the same time, it is essentials to protect the patient security from unauthorized access and maintain the appropriate level in health care regarding information security. The aim of this thesis is to explore current management of information security in terms of Electronic Health Records (EHR) and how these are protected from possible security threats and risks in healthcare, when the sensitive information has to be communicated among different actors in healthcare as well as across borders. The Blekinge health care system was investigated through case study with conduction of several interviews to discover possible issues, concerning security threats to management of healthcare. The theoretical work was the framework and support for possible solutions of identified security risks and threats in Blekinge healthcare. At the end after mapping, the whole process possible guidelines and suggestions were recommended for healthcare in order to prevent the sensitive information from unauthorized access and maintain information security. The management of technical and administrative bodies was explored for security problems. It has main role to healthcare and in general, whole business is the responsibility of this management to manage the sensitive information of patients. Consequently, Blekinge healthcare was investigated for possible issues and some possible guidelines and suggestions in order to improve the current information security with prevention of necessary risks to healthcare sensitive information. / muqadas@gmail.com Information Security Electronic Health Records Information Communication Technology patient privacy and security Computer Sciences Datavetenskap (datalogi)
368	Organizational effects and management of information security : A cross-sectoral case study of three different organizations / Organisatoriska effekter och hanteringen av Informationssäkerhet : En studie av tre olika organisationer Thomsson, Johan January 2017 (has links) Information technology (IT) can be used to empower an organization to enable it to continue evolving. One aspect in which an organization can evolve is in the form of information security. Previously, information security has been seen as a concern only for the IT-department. However, as the number of threats towards information has rapidly grown over the years, the concern for information security has also increased. The issue on how to keep information safe from unauthorized people has become more important as well as questioned over the years. During the last decades, the concept of information security has evolved to become a multi-dimensional concern affecting entire communities, societies, and organizations. This means that information security has been managed differently in the past, but today, new and other measures are required to ensure the secrecy of certain information. Due to this, organizations are forced to implement certain measures to counter these threats, but what are the effects of this? This thesis compares three different organizations over three different sectors and the purpose is to investigate the effects information security might have within an organization as well as how these effects are managed. With a focus on policies, training, and education of employees as well as the employee awareness, this thesis aims to answer how organizations see information security. Further, it aims to find out what consequences these effects have on their daily work. The results from this study have shown that increased security measures need to be highly motivated and in continuous dialogue with the employees to bring incentives for further use of the measures. An increase in information security can have a damaging effect on efficiency. Therefore, it is important that the organization is able to ensure the desired effect of increased security. With larger openness and accessibility, employees will have easier and quicker access to the information needed, which is essential for the effectivity within the organization, as well as higher incentives for attacks and malpractice of information. / Denna uppsats jämför tre olika organisationer verksamma i olika sektorer, syftet är att undersöka effekterna informationssäkerhet kan ha på en organisation men även hur dessa effkter är hanterade. Med fokus på policy, träning av anställda men också medvetenheten så siktar denna uppsats på att svara på hur organisationer ser informationssäkerhet. Den kommer också att försöka hitta vad konsekvenserna av informationssäkerhet i det dagliga arbetet. Resultatet från denna studie visar att ökad informationssäkerhet måste vara motiverat och i konstant dialog med användarna och implementera incitament för att öka motivet. Ökad informationssäkerhet kan ha en skadande effekt på effektiviteten, därför är det viktigt att organisationerna får den önskade effekten de vill av den ökade säkerheten. Genom mer transparans och tillgänglighet så medför det också att anställda har lättare att hitta rätt information som behös vilket är nödvändigt för effektivitet inom organisationen, men detta ökar även incitament för olika typer av attacker och misskötsel av information. Information security effects organization IT-Security organizational effects. Information Systems
369	Secure hypervisor versus trusted execution environment : Security analysis for mobile fingerprint identification applications Sundblad, Anton, Brunberg, Gustaf January 2017 (has links) Fingerprint identification is becoming increasingly popular as a means of authentication for handheld devices of different kinds. In order to secure such an authentication solution it is common to use a TEE implementation. This thesis examines the possibility of replacing a TEE with a hypervisor-based solution instead, with the intention of keeping the same security features that a TEE can offer. To carry out the evaluation a suitable method is constructed. This method makes use of fault trees to be able to find possible vulnerabilities in both systems, and these vulnerabilities are then documented. The vulnerabilities of both systems are also compared to each other to identify differences in how they are handled. It is concluded that if the target platform has the ability to implement a TEE solution, it can also implement the same solution using a hypervisor. However, the authors recommend against porting a working TEE solution, as TEEs often offer finished APIs for common operations that would require re-implementation in the examined hypervisor. tee information security hypervisor attack trees fault trees Information Systems
370	Informationssäkerhetspolicy och Säkerhetsmedvetenhet : En undersökning av kommunala förvaltningars praktiska arbete med att uppnå informationsäkerhet Malis, Johanna, Falck, Josette January 2016 (has links) No description available. Information security Information security policy Security awareness Informationssäkerhet Informationssäkerhetspolicy Säkerhetsmedvetenhet Information Systems

Search results