Global ETD Search

1	Säkerhetsklassificering av IT-system på Fläkt Woods AB Bustos, Sebastian, Grek, Niklas January 2006 (has links) <p>This report presents a method for modelling a computer system from a security perspective. The questions that are going to be treated are:</p><p>• What defines a secure system and how does the company relate to these factors?</p><p>• What are the threats today based on hardware/software, human factors and company routines/policies?</p><p>• What measures should be taken for the organisation to reach a higher level of security for their systems?</p><p>• How do we develop a method for classification of security and what components should it contain?</p><p>• What changes are reasonable and necessary with the respect to the company’s resources?</p><p>The report has been done through interviews and analysis of existing systems on Fläkt Woods AB. From analysis of material, the aspects judged relevant to the subject and to the company’s needs, have been compiled to a document. It is a model for guidelines to work with security classification of IT-systems.</p><p>The combination of the method for information and the security classification has been clear through the work on the rapport. The method that has been developed for work with security classification of IT systems can therefore not be used as an isolated occurrence to reach the wanted results but should be integrated with the existing classification of information.</p><p>Our conclusions are reflected by the complexity of the project together with the fact that computer security is a topic that includes all parts in an IT- supported organisation. The analyses have given us a good picture of the threats to an organisation. It has clearly been shown, that much security related problems are based on direct organisational problems such as the lack of resources and requirements of system specific guidelines and policies.</p> IT-säkerhet Säkerhetsklassificering Säkerhetsmetod Sårbarhetsanalys Informationsklassificering Computer engineering Datorteknik
2	Säkerhetsklassificering av IT-system på Fläkt Woods AB Bustos, Sebastian, Grek, Niklas January 2006 (has links) This report presents a method for modelling a computer system from a security perspective. The questions that are going to be treated are: • What defines a secure system and how does the company relate to these factors? • What are the threats today based on hardware/software, human factors and company routines/policies? • What measures should be taken for the organisation to reach a higher level of security for their systems? • How do we develop a method for classification of security and what components should it contain? • What changes are reasonable and necessary with the respect to the company’s resources? The report has been done through interviews and analysis of existing systems on Fläkt Woods AB. From analysis of material, the aspects judged relevant to the subject and to the company’s needs, have been compiled to a document. It is a model for guidelines to work with security classification of IT-systems. The combination of the method for information and the security classification has been clear through the work on the rapport. The method that has been developed for work with security classification of IT systems can therefore not be used as an isolated occurrence to reach the wanted results but should be integrated with the existing classification of information. Our conclusions are reflected by the complexity of the project together with the fact that computer security is a topic that includes all parts in an IT- supported organisation. The analyses have given us a good picture of the threats to an organisation. It has clearly been shown, that much security related problems are based on direct organisational problems such as the lack of resources and requirements of system specific guidelines and policies. IT-säkerhet Säkerhetsklassificering Säkerhetsmetod Sårbarhetsanalys Informationsklassificering Computer Engineering Datorteknik
3	Struktur på den digitala arbetsplatsen / Structure in the digital workplace Gregebo, Victor, Nilsson, Jonas January 2017 (has links) Begreppet den digitala arbetsplatsen kan ses som ett samlingsnamn för alla de verktyg och IT-system som används i det digitala arbetet. På den digitala arbetsplatsen behövs en intern kommunikationsstrategi för hur information ska hanteras för att effektivisera arbetet samt för att få en struktur i de digitala verktygen. Fabriken anser att intranätet är det verktyg som kopplar samman alla verktyg i den digitala arbetsplatsen. Kommunikationsstrategierna beskriver var anställda kan hitta eller dela information inom verksamheten. Saknas en kommunikationsstrategi kan nackdelar som redundans, duplicerad information och svårigheter att hitta rätt information förekomma. Målet med studien är att ta fram en intern kommunikationsstrategi samt se om intranätet kan bli navet i Fabrikens digitala arbetsplats. Kommunikationsstrategin har tagits fram genom informationsinsamling med hjälp av intervjuer och workshop. För att realisera kommunikationsstrategin var tanken att utveckla en Proof of Concept (PoC) för att visa Fabriken vilka möjligheter strategin innebär om intresse för vidareutveckling finns. Denna PoC utvecklades dock aldrig på grund av tidsbrist. Studien resulterade i en kommunikationsstrategi samt förslag på förändringar på intranätet. Förändringarna omfattar bland annat intranätets tillgänglighet samt en lösning i form av en kunskapsbank. / The concept the digital workplace can be viewed as a collection of all tools and IT systems that are used while working digitally. The digital workplace needs an internal communication strategy that describes how information is being managed in order to get a better information structure in the digital tools. This structure is needed to make more efficient use of the tools. Fabriken believes the intranet is the tool that can connect all tools in the digital workplace. The strategies describe where employees can either find or share information within the organization. If a communication strategy has not been developed, disadvantages such as redundancy, duplicated information and difficulties in finding the correct information may occur. The goal of this study is to develop an internal communication strategy and explore whether the intranet could become a central part in Fabriken's digital workplace. The communication strategy has been developed by collecting data from interviews and workshops. To make the communication strategy a reality, a Proof of Concept (PoC) was planned to be developed. The objective of this PoC is to show possibilities of the strategy where Fabriken can decide if they want to further develop it. Due to lack of time a PoC was never developed. This study has resulted in a communication strategy and suggested changes to the intranet. These changes involve intranets availability and a solution consisting of a knowledge bank. Intranät Internwebb Informationsklassificering Kommunikationsstrategi Den digitala arbetsplatsen Social Collaboration Kunskapsbank Informationshantering Computer Sciences Datavetenskap (datalogi)
4	Strikt konfidentiell data i en molntjänst : Informationssäkerhetsutmaningar och möjligheter Johansson, Axel, Nyman, Oskar January 2022 (has links) This study aims towards analyzing how an organization within the Nordic financial industry handles strictly confidential data in an outsourced cloud service, as well as what information security challenges occur and what opportunities may arise. A case study was performed where qualitative semi-structured interviews were conducted and analyzed by using a content analysis in order to draw a conclusion based on our empirical data. Our results show that certain types of data lose all of its value as soon as it becomes public, this indicates that organizations must take precautions when handling such data. By classifying the different types of data the organization encounters around confidentiality, integrity and availability, as well as the business impact that it contains. Guidelines for how a certain class of data should be handled and protected can be established. For example, encryption, access control or other information security measures. Our results also show that controls are being used in order to ensure that the handling of strictly confidential data is performed in a secure way. Strictly confidential data is the highest level of confidentiality a certain type of data can possess, which indicates that it also has the highest amount of security. However, when protecting a specific type of data, the return on investment is an aspect that needs to be accounted for, in other terms a balance between the cost and the value of the data. Established frameworks such as NIST Cybersecurity framework, ISO 27001 and CIS 8 are also helpful when identiying, preventing and eliminating information security threats. Our results show that the organization strives to be CIS version 8 “level 2” compatible, which is good for the information security behind the handling of strictly confidential data. / Denna studie syftar till att analysera hur en organisation inom den nordiska finansbranschen hanterar strikt konfidentiell data i en utlagd molntjänst, samt vilka informationssäkerhetsutmaningar och möjligheter som kan uppstå. En fallstudie genomfördes där kvalitativa semistrukturerade intervjuer utformades och analyserades med hjälp av en innehållsanalys för att kunna dra en slutsats utifrån den insamlade empiri. Studiens resultat visar att specifika typer av data förlorar allt sitt värde om den skulle bli offentlig, detta indikerar att organisationer måste vidta försiktighetsåtgärder när de hanterar sådan data där detta utgör en risk. Genom att klassificera de olika typer av data som organisationen bemöter utifrån konfidentialitet, riktighet och tillgänglighet, samt den affärspåverkan som datan medför, kan riktlinjer för hur en viss typ av data hanteras och skyddas fastställas. Till exempel kryptering, åtkomstkontroll eller andra informationssäkerhetsåtgärder. Våra resultat visar också att kontroller används för att säkerställa att hanteringen av strikt konfidentiell data sker på ett säkert sätt. Strikt konfidentiell data är den högsta nivån av konfidentialitet en viss typ av data kan ha, vilket indikerar att den också har den högsta säkerheten. Vid skyddande av en specifik typ av data är “return on investment” en aspekt som måste beaktas, i andra termer en balans mellan kostnad och värdet av datan. Etablerade ramverk som NIST Cybersecurity framework, ISO 27001 och CIS 8 är också till hjälp vid identifiering, förebyggande och eliminering av informationssäkerhetshot. Våra resultat visar att organisationen strävar efter att vara CIS version 8 “level 2” kompatibla, vilket främjar informationssäkerheten i hanteringen av strikt konfidentiell data. Informationsklassificering informationssäkerhet kryptering molntjänster ramverk strikt konfidentiell data Information Systems
5	Förenklade informationsklassificeringsscheman hos svenska statliga myndigheter / Simplified classification schemes at Swedish state agencies Gustavsson, Fredrik January 2016 (has links) Information is a vital part for most organizations, not least for state agencies as they handle personal data for every citizen, such as medical records, social security numbers and other sensitive information. It is therefore critical to protect the information assets at a sufficient level according to its value. Information security aims to do this by preserving the properties of confidentiality, integrity and availability of the information. This means that accurate and complete information shall be accessible and usable by an authorized entity upon demand. Swedish state agencies are obliged to manage their information security by the implementation of an information security management system (ISMS). The ISMS has to be set up and operated in compliance with the international standards ISO/IEC 27001 and ISO/IEC 27002, but these standards are somewhat vague in describing how to perform certain procedures. One part of the ISMS consists of the process of classifying the information, a process that according to the result from a survey by the Swedish Civil Contingencies Agency (MSB) is troublesome (MSB, 2014), especially for smaller-sized agencies. In this classification process, a classification scheme is used to determine the consequences to the organisation if the confidentiality, integrity or availability of the information is jeopardized. The result of this process determines the level of protection that each piece of information asset will receive at a later stage. It is vital to classify the assets at a suitable level to avoid over or under classification, as the former can lead to unnecessary costs and difficulties in using the assets, and the latter can put the asset at risk of unauthorized access. The interest from the academic world have however been low regarding research focused on the 27000 series of standards, compared to the more mature ISO/IEC 9000 and ISO/IEC 14000 series. This thesis project aims to investigate how the classification scheme has been simplified and to identify enabling factors from the development and use of simplified classification schemes. The research questions for this thesis project are: In which ways have a number of Swedish state agencies simplified their information classification schemes? Which factors have influenced the development and use of a simplified classification scheme? A mixed method, an embedded case study, was used, including both a review of existing information security policies for the state agencies to gather information about current information classification models and schemes, as well as interviews with the chiefs of information security for the state agencies regarding the development and usage of a simplified information classification scheme. In total, 120 documents from 81 agencies were reviewed and 7 interviews were completed. The results from the study shows that the state agencies that have simplified their classification scheme do so by focusing on one aspect: confidentiality. The agencies motivate this by a number of reasons: The aspects integrity and availability are regarded complex and difficult for the end user to relate to and classify. In order to simplify for the end user these aspects are handled by the IT department and the IT environment The integrity and availability aspects are more or less built into the IT environment and thus handled automatically as long as the end user correctly classifies the information asset according to the confidentiality aspect and handles the information according to the handling guidelines The study also shows the need for a national, common set of handling guidelines and consequence levels for the classification scheme as this would simplify and improve the security in communication between the state agencies information security information classification classification scheme Swedish state agencies informationssäkerhet informationsklassificering klassificeringsschema svenska statliga myndigheter Computer Sciences Datavetenskap (datalogi)
6	Classification Storage : A practical solution to file classification for information security / Classification Storage : En praktisk lösning till fil klassificering för informationssäkerhet Sloof, Joël January 2021 (has links) In the information age we currently live in, data has become the most valuable resource in the world. These data resources are high value targets for cyber criminals and digital warfare. To mitigate these threats, information security, laws and legislation is required. It can be challenging for organisations to have control over their data, to comply with laws and legislation that require data classification. Data classification is often required to determine appropriate security measured for storing sensitive data. The goal of this thesis is to create a system that makes it easy for organisations to handle file classifications, and raise information security awareness among users. In this thesis, the Classification Storage system is designed, implemented and evaluated. The Classification Storage system is a Client--Server solution that together create a virtual filesystem. The virtual filesystem is presented as one network drive, while data is stored separately, based on the classifications that are set by users. Evaluating the Classification Storage system is realised through a usability study. The study shows that users find the Classification Storage system to be intuitive, easy to use and users become more information security aware by using the system. / I dagens informationsålder har data blivit den mest värdefulla tillgången i världen. Datatillgångar har blivit högt prioriterade mål för cyberkriminella och digital krigsföring. För att minska dessa hot, finns det ett behov av informationssäkerhet, lagar och lagstiftning. Det kan vara utmanande för organisationer att ha kontroll över sitt data för att följa lagar som kräver data klassificering för att lagra känsligt data. Målet med avhandlingen är att skapa ett system som gör det lättare för organisationer att hantera filklassificering och som ökar informationssäkerhets medvetande bland användare. Classification Storage systemet har designats, implementerats och evaluerats i avhandlingen. Classification Storage systemet är en Klient--Server lösning som tillsammans skapar ett virtuellt filsystem. Det virtuella filsystemet är presenterad som en nätverksenhet, där data lagras separat, beroende på den klassificeringen användare sätter. Classification Storage systemet är evaluerat genom en användbarhetsstudie. Studien visar att användare tycker att Classification Storage systemet är intuitivt, lätt att använda och användare blir mer informationssäkerhets medveten genom att använda systemet. Data Classification Information Classification UserDriven Classification Information Security Awareness Dataklassificering Informationsklassificering Användardriven Klassificering Informationssäkerhet Medvetenhet Computer Sciences Datavetenskap (datalogi)
7	Informationsklassificering : ett styrdokument för klassificering av informationssystem Larsson, Nicklas, Hallén, Kim January 2010 (has links) <p>Hantering av information blir allt viktigare i dagens informationssamhälle då information är en av de värdefullaste tillgångarna för verksamheter. Syftet med uppsatsen har varit att skapa ett styrdokument för IT-administratörer som hjälper dem vid klassificering av informationssystem. Styrdokumentet har som uppgift att kontrollera att informationssystem lever upp till verksamheternas krav som finns på konfidentialitet, integritet, tillgänglighet och spårbarhet. Styrdokumentets vetenskapliga värde har verifierats genom att utvalda IT-administratörer undersökt och utvärderat styrdokumentet. Resultatet visar att styrdokumentet kan användas som ett hjälpmedel. Det är lättförståeligt, lämpar sig för mindre tekniska personer och kan även i vissa fall effektivisera klassificeringsprocessen. Slutsatsen är att behovet av denna typ av styrdokument för klassificering av informationssystem behövs inom verksamheter.</p> / <p>Information management is increasingly important in today’s information society as information is one of the most valuable assets for businesses. The purpose of this paper was to create a steering document for IT administrators and to help them when classifying information systems. The steering document is responsible for verifying that information systems meet businesses requirements of confidentiality, integrity, availability, and traceability. The scientific value of the steering document has been verified by selected IT administrators, who have investigated and evaluated it. The results show that the steering document may be used as a guideline for information system classification. It is easily understandable, suitable for less technical people, and may in some cases make the classification process even more efficient. The conclusion is that this type of steering document for information system classification is needed within businesses.</p> Availability CIA-triad confidentiality information information classification information management information security integrity CIA-triangeln information informationshantering informationsklassificering informationssäkerhet integritet konfidentialitet tillgänglighet Computer science Datavetenskap
8	Informationsklassificering : ett styrdokument för klassificering av informationssystem Larsson, Nicklas, Hallén, Kim January 2010 (has links) Hantering av information blir allt viktigare i dagens informationssamhälle då information är en av de värdefullaste tillgångarna för verksamheter. Syftet med uppsatsen har varit att skapa ett styrdokument för IT-administratörer som hjälper dem vid klassificering av informationssystem. Styrdokumentet har som uppgift att kontrollera att informationssystem lever upp till verksamheternas krav som finns på konfidentialitet, integritet, tillgänglighet och spårbarhet. Styrdokumentets vetenskapliga värde har verifierats genom att utvalda IT-administratörer undersökt och utvärderat styrdokumentet. Resultatet visar att styrdokumentet kan användas som ett hjälpmedel. Det är lättförståeligt, lämpar sig för mindre tekniska personer och kan även i vissa fall effektivisera klassificeringsprocessen. Slutsatsen är att behovet av denna typ av styrdokument för klassificering av informationssystem behövs inom verksamheter. / Information management is increasingly important in today’s information society as information is one of the most valuable assets for businesses. The purpose of this paper was to create a steering document for IT administrators and to help them when classifying information systems. The steering document is responsible for verifying that information systems meet businesses requirements of confidentiality, integrity, availability, and traceability. The scientific value of the steering document has been verified by selected IT administrators, who have investigated and evaluated it. The results show that the steering document may be used as a guideline for information system classification. It is easily understandable, suitable for less technical people, and may in some cases make the classification process even more efficient. The conclusion is that this type of steering document for information system classification is needed within businesses. Availability CIA-triad confidentiality information information classification information management information security integrity CIA-triangeln information informationshantering informationsklassificering informationssäkerhet integritet konfidentialitet tillgänglighet Computer Sciences Datavetenskap (datalogi)

Search results