Global ETD Search

251	Är roligt alltid bättre? : En kvalitativ studie om gamifications påverkan på inlärning av informationssäkerhet Toll, Malin, Klermyr, Tilde January 2022 (has links) Idag bearbetas, hanteras och lagras mer information än någonsin tidigare digitalt via IT. Detta medför ökade krav på IT-säkerhet. Ett vanligt problem inom IT-säkerhet är den mänskliga faktorn. För ett företag är det därför av stor vikt att utbilda sina anställda inom IT-säkerhet. Tidigare forskning visar att gamification (att använda spel-element i system eller applikationer som inte är spel) inom utbildning kan visa på goda resultat inom utbildning om det används på rätt sätt. Denna studie intresserar sig för att undersöka om gamification kan underlätta upplärning av IT-säkerhet jämfört med traditionell upplärning. Studiens fokus är att undersöka hur djup kunskap upplärningen ger via ett gamifierat verktyg kontra ett textdokument som innehåller samma information. Detta undersöks med hjälp av ett kvasiexperiment, där hälften av deltagarna får upplärning via gamification och hälften via text, som följs upp av semistrukturerade intervjuer. / Today, more information is processed, handled and stored digitally via IT than ever before. This, in turn, leads to increased requirements for IT security. A common problem in IT security is the human factor. For a company, it is therefore of great importance to train its employees in IT security. Previous research shows that gamification (using game elements in systems or applications that are not games) in education can yield good results in education if used correctly. The interest of this study is to examine and compare if gamification can facilitate the training of IT security compared to traditional training. The focus of the study is to investigate what depth of knowledge the learning provides using a gamified tool against a text document containing the same information. This is investigated with the help of a quasi-experiment, where half of the participants receive training via gamification and half via text, which is followed up by semi-structured interviews. Hotspot gamification IT-security learning SOLO-taxonomy quasi-experiment semi-structured interviews Hotspot gamification informationssäkerhet upplärning SOLO-taxonomi kvasiexperiment semistrukturerade intervjuer Information Systems, Social aspects
252	The impact of the NIS 2 directive on subcontractors in the transportation sector Sandström, Isabel January 2024 (has links) This study examines the impact of the NIS2 Directive on subcontractors in the transport sector, a critical infrastructure. By focusing on small and medium-sized enterprises (SMEs) operating as subcontractors, the study analyzes the challenges and obstacles these companies face in implementing the NIS2 requirements in their supply chain. The study also highlights the strategies used to ensure adequate cyber security within the transport sector's supply chain. A qualitative research method was used, where data was collected through semi-structured in-depth interviews and document analysis. The results show that companies with ISO/IEC 27001 certification have a solid foundation to meet the NIS2 requirements, while companies without such certification face greater challenges. The study also identifies the need for cooperation and knowledge sharing between companies to effectively navigate the new regulations and strengthen collective cyber security within the EU. The conclusions show that the NIS2 directive will require significant adaptations for SMEs, but also that it offers opportunities to improve their cyber security capabilities and strengthen the trust of customers and partners. The study emphasizes the importance of implementing robust information security to ensure continuity and protection of critical services, and that proactive adaptation and collaboration are key to achieving full compliance with NIS2 requirements. NIS2 directive Cyber security Subcontractors The transport sector Information security ISO/IEC 27001 Supply chain Risk management Incident management NIS2-direktivet Cybersäkerhet Underleverantörer Transportsektorn Informationssäkerhet ISO/IEC 27001 leverantörskedja Riskhantering Incidenthantering Other Engineering and Technologies Annan teknik
253	Potentiella säkerhetsrisker med växelriktare för solceller / Potential security risks associated with solar inverters Axelsson, Ebba, Tonell, Vera January 2024 (has links) This thesis investigates the risks associated with connected inverters in solar power installations, focusing on properties owned by Vasakronan, a real estate company with 166 properties, that has invested in solar panel installations on a majority of its buildings. The thesis explores the potential security measures related to both energy and information. Energy security encompasses multiple aspects of ensuring a reliable supply of energy within an infrastructure, necessitating tools for balancing energy production and usage and minimizing dependence on single resources. Robust information security requires the preservation of confidentiality, integrity and availability, which is considered given the organization, cloud and communication security. Interviews were conducted with representatives from Vasakronan’s suppliers of inverters, IT service provider, employees and external field experts. One property served as a case study to understand the internal real estate network structure and data on energy consumption, production and prices was collected. The risk of security breaches was assessed as the sum of factors influencing the likelihood of intrusion, as well as the consequences of such breach. Interviews with employees and IT service providers revealed Vasakronan’s awareness of information security and continuous efforts to enhance it. Interviews with inverter suppliers show varying levels of commitment to information security, with a general recognition of its importance but inconsistent knowledge of mitigation strategies. Many suppliers are cautious about production location, expressing skepticism about Chinese intelligence activities. However, the current risk for Vasakronan and the Swedish power grid is considered low, though the increasing use of solar panels may heighten this risk in the future. Specific threats such as extortion attempts, are identified as more probable, potentially resulting in production interruptions and increased energy costs. The importance of risk diversification through security measures and supplier diversification is concluded from the interviews with field experts. Data analysis indicates that security breaches primarily entail economic losses for Vasakronan, while the societal consequences are seen as potentially serious but unlikely in the short term. The thesis contributes to understanding the risks and the necessity of security measures in solar power installations through an analysis of potential energy and economic consequences of data breaches. Energisäkerhet informationssäkerhet sveriges säkerhetsläge växelriktare kommunikationssäkerhet organisationssäkerhet molnsäkerhet säkerhetsintrång bortfall av energi riskanalys sannolikhet säkerhetsintrång konsekvens säkerhetsintrång infrastruktur solcellsanläggning säker energiförsörjning solkraft i Sverige balansmarknaden Information Systems Energy Systems Energisystem Infrastructure Engineering Infrastrukturteknik Communication Systems Kommunikationssystem
254	Cyberpandemin: Att vaccinera sjukvården mot digitala hot / The cyber pandemic:Vaccinating healthcare against digital threats Hermansson, Sandra, Jönsson, Wilma January 2024 (has links) Digitaliseringens framväxt har utvecklat digitala arbetsmiljöer inom verksamheter där informationsteknologi tillämpas för att förbättra medarbetarnas produktivitet. Användningen av digital teknologi har ökat säkerhetsbehovet, med ett större fokus på cyber- och informationssäkerhet för att skydda mot digitala hot. Syftet med studien är att undersöka hur en offentlig verksamhet främjar IT-säkerhetsmedvetenhet i en digital arbetsmiljö, med fokus på hur en region inom hälso- och sjukvården arbetar med cyber- och informationssäkerhet. Forskningen grundar sig på en kvalitativ fallstudie där intervjuer har genomförts med medarbetare på säkerhetsavdelningen samt från sjukvården i den utvalda regionen. Resultatet visar att regionens arbete med att främja säkerhetsmedvetenhet i den digitala arbetsmiljön i flera avseenden anses vara bristfällig. Således belyser studien att en säkerhetsmedvetenhet kan främjas genom olika perspektiv såsom en tydlig kommunikation från verksamhetsledningen ut i organisationen samt att medarbetaren beaktar cyber- och informationssäkerhet som en del av det givna ansvarsområdet, oavsett arbetsuppgifter. Det är även väsentligt att anpassa den digitala arbetsmiljön där tekniken samspelar med människan. Ett förslag har utvecklats till regionen för att främja säkerhetsmedvetenhet och upprätthålla funktionsförmågan i en tidspressad arbetsmiljö, samtidigt som säkerheten prioriteras. / The rise of digitalization has developed digital work environments within organizations where information technology is applied to enhance employee productivity. The use of digital technology has increased security needs, with a greater focus on cyber and information security to protect against digital threats. This study aims to investigate how a public organization promotes IT security awareness in a digital work environment, focusing on a healthcare sector region's cyber and information security practices. The research, based on a qualitative case study where interviews have been conducted with employees of the security department and healthcare workers, indicates that the region's efforts to promote security awareness in the digital work environment are deficient in several respects. Thus, the study highlights that security awareness can be enhanced through various perspectives, such as clear communication from management throughout the organization and employees considering cyber and information security as part of their responsibilities, regardless of their work tasks. It is also essential to adapt the digital work environment where technology interacts with human elements. A proposal has been developed for the region to foster security awareness and maintain functionality in a time-sensitive work environment while prioritizing security. Cyber and Information Security IT Security Awareness Digital work environment Public Sector Healthcare Socio-technical perspective. Cyber- och informationssäkerhet IT-säkerhetsmedvetenhet Digital arbetsmiljö Offentlig verksamhet Hälso- och sjukvården Sociotekniskt perspektiv. Information Systems
255	Hur autentiseringsregler kan bli användarvänliga : En systematisk litteraturstudie inom autentiseringsreglers användarvänlighet / How authentication policies can become user friendly Malmström, Villy Malmström, Ringdahl, Tobias, Uhlmann, David January 2024 (has links) The human factor often plays a significant role in cyberattacks targeted against organisations. Therefore, controlling user behaviour is critical to companies’ cybersecurity strengthening efforts. A method used by companies for this is information security policies (ISP). User compliance is required for policies to be able to regulate user behaviour, but research suggests that compliance is often low. This study aims to improve authentication rules in ISP development by executing a systematic literature review. It does this by providing recommendations on how to better capture the user perspective based on the reviewed literature and the collected policies from the public sector. First a database search was conducted then backwards snowballing, which left us with 61 accepted articles that then underwent coding and ultimately a thematic analysis. This process identified eight key themes: authentication stress, password strength, password changing, password sharing, password reuse, password storage, user guidance and policy design. With these themes in hand, each area could be analysed and compared to corresponding area from the collected policies. This revealed discrepancies between the research and the organizational policies, enabling recommendations on how to improve policies from a user-based perspective to be put forward. The study is limited to authentication rules found in information security policies and excludes rules that might be found in different documents. Additionally, the systematic literature review is limited to digital databases. Information Security Policy (ISP) Policy Development Authentication Policy Information Security Literature Review User-centric Recommendations Informationssäkerhetspolicy (ISP) Policyutveckling Autentiseringspolicy Lösenord Informationssäkerhet Litteraturstudie Användarbaserad Rekommendationer Information Systems
256	Cyberepidemiologi : Hur kan utbrottsdetektion inom folkhälsa hjälpa IT-incidentsövervakning? Richter, Andreas January 2018 (has links) This study aims to shed light on what a comparison between cybersecurity intelligence and public health surveillance systems can yield in practical improvements. The issue at hand is best described by the amount of threats both systems must detect. Intelligent malicious software, malware, designed by humans to spread and reap havoc in the abundance of unprotected networks worldwide and contagious diseases with millions of years of evolution behind their design to bypass human defences, infect and multiply. These two threats stand as mighty competitors to actors who try to monitor their presence to be able to give advice on further action to hinder their spread. The sheer amount of experience in public health of dealing with surveillance of contagious disease can contribute with important lessons to cyber intelligence when malware is becoming an even more alarming threat against everybody who uses the Internet. To compare them both this study uses high reliability theory to understand how Folkhälsomyndigheten, Sweden’s main authority in public health surveillance, and CERT-SE, Sweden’s national computer emergency response team, operate to make their surveillance as reliable as possible to detect emerging threats. Some key findings of the study points to the lack of regional or global binding policy’s to share information in the cyber security sector of which CERT-SE takes part in. The major roll of trust-based information sharing can be subject to shifts in relationships between states and excludes states with which no bilateral arrangements are made, but who may possess information of urgent necessity. The lack of arrangements in the cybersecurity sector, correspondent to the International health regulations by World Health Organization in public health, stands as a major difference between the two sectors access to information. However, this study may not stretch as far as to prove that the greater access to information would have proved to be of ease in a specific cyberincident. Case studies of this kind or further research of how agreements can be made in an anarchistic domain like the Internet are to be continued from this study. cyber cyber security cyber intelligence cyber surveillance high reliability organisation high reliability theory public health epidemiology Folkhälsomyndigheten CERT-SE informationssäkerhet folkhälsa cybersäkerhet cyber cyberövervakning it-incident
257	Informationssäkerhetsrisker och organisatoriska sanktioner vid användandet av privata smarta enheter i Försvarsmakten : En studie om användning av privata smarta enheter Persson, Tobias, Andersson, Emil January 2020 (has links) Denna uppsats undersöker intentionen att använda smarta enheter i tjänst hos personal i Försvarsmakten, som är en organisation med högt behov av verksamhetssäkerhet. Verksamhetens säkerhet är direkt beroende av hur personal inom verksamheten agerar utifrån ett säkerhetsperspektiv. Syftet är att belysa hur Försvarsmakten förmedlar informationssäkerheten kring smarta enheter och hur personalen påverkas utifrån det. Det empiriska materialet har samlats in genom en kvalitativ fallstudie i form av semistrukturerade intervjuer med två olika grupper. Resultatet analyseras med hjälp av ett teoretiskt ramverk bestående av Protection Motivation Theory (PMT) och General Deterrence Theory (GDT) i syfte att belysa vad det är som avgör personalens beteende. Teorierna utgår från att beteendet påverkas av rädsla för sanktioner eller för hot mot verksamhet och individ. Resultatet visar att aspekter från de båda teorierna är närvarande hos personalen och att det som påverkar den enskildes agerande beror på vilken information organisationen delgett och individernas personliga uppfattningar. Personalen är medveten om de risker som följer av användningen av smarta enheter, men enheterna används ändå i stor utsträckning. Faktorer som spelar in i intentionen är kunskapsnivån, befattningen individen besitteroch arbetsområdet individen verkar inom. / This paper examines the intention to use smart devices by staff in the Swedish Armed Forces,which is an organization with a high need for operational security. The security of the business isdependent on how staff within the business behave, in a security perspective. The purpose is toelucidate how the Swedish Armed Forces conveys information security regarding smart devicesand how their staff are affected. The empirical material has been collected through a qualitativecase study in the form of semi-structured interviews with two different groups. The results areanalyzed using a theoretical framework consisting of Protection Motivation Theory (PMT) andGeneral Deterrence Theory (GDT) in order to elucidate what determines the behavior of the staff.The theories are based on the fact that behavior is affected by fear of sanctions or threats to thebusiness and individuals. The result shows that aspects in both theories are present in the staffbehavior. What influences the individual's actions depends on what information the organizationhas shared and the personal perceptions of the individuals. Factors that play into the intention arethe level of knowledge, the position the individual possesses and the area of work the individualoperates within. Smart devices Operations security Information security Information security awareness General Deterrence Theory Protection Motivation Theory Swedish Armed Forces. Smarta enheter Verksamhetssäkerhet Informationssäkerhet Information security awareness General Deterrence Theory Protection Motivation Theory Försvarsmakten Information Systems, Social aspects
258	Vem ser dig? : En fallstudie kring kameraövervakning och integritet på universitet. / Who sees you? Karabas, Emre, Gullin, Petter January 2021 (has links) The aim of this study is to examine how students and personnel at universities perceive camera surveillance and the handling of the data gathered by it. This is done through a qualitative research approach where the research strategy is a case study with interviews as a data collection method. The study is based on two perspectives - students and employees. The purpose of the study is to investigate how camera surveillance and management of the data collected is handled at a university, with Uppsala University as a case study. (The focus in the study is on awareness of and attitudes towards camera surveillance - to identify and gain a deeper understanding of university employees and students' attitudes towards camera surveillance and the management of the data that the university collects). The reason for camera surveillance at the University, perceived advantages and disadvantages as well as how the experience and importance of personal integrity, are affected by various factors such as the handling and use of surveillance data. Another issue is the respondents' knowledge of GDPR and the rights they have regarding camera surveillance. The survey is limited to people at Uppsala University. Other monitoring systems such as access systems and logging as well as the handling of this data are delimited from the study and excluded from the survey. / Uppsatsen avser undersöka studenters och universitetsanställdas inställning till kameraövervakning och hanteringen av de data som kan samlas in. Det görs genom en kvalitativ forskningsansats där forskningsstrategin är fallstudie med intervjuer som datainsamlingsmetod. Studien utgår från två perspektiv - studenter och anställda. Syftet med denna studie är att undersöka hur kameraövervakning och hantering av de data som samlas in fungerar på ett universitet, med Uppsala universitet som fallstudie. (Fokus i studien ligger på medvetenhet om och inställning till kameraövervakning - att identifiera och få en djupare förståelse för universitetsanställda och studenters inställning till kameraövervakning och hanteringen av de data som universitetet samlar in). Vad som motiverar (är anledningen till) kameraövervakning på Universitetet, upplevda för- och nackdelar samt hur upplevelsen och vikten av den personliga integriteten, påverkas av olika faktorer som til lexempel hanteringen och användandet av övervakningsdata. En annan frågeställning är respondenternas kunskaper kring GDPR och de rättigheter de har vid kameraövervakning. Undersökningen är avgränsad till personer vid Uppsala universitet. Andra övervakningssystem som till exempel inpasseringssystem och loggning liksom hantering av dessa data är avgränsade från studien och exkluderas från undersökningen. Camera surveillance Surveillance University Data storage Privacy Information security The Camera Surveillance Act GDPR. Kameraövervakning Övervakning Universitet Datalagring Personlig integritet Informationssäkerhet Kamerabevakningslagen GDPR Information Systems, Social aspects Computer and Information Sciences Data- och informationsvetenskap Information Systems Other Computer and Information Science Annan data- och informationsvetenskap
259	Mänskligt beteende - ett ofrånkomligt hot mot informationssäkerhet? Swartz, Erik January 2021 (has links) Information har idag kommit att bli så viktigt att det av många aktörer kallas för den nya digitala oljan, och med anledning av just detta är information idag en av de främsta tillgångar en organisation kan besitta. För att skydda informationen lägger organisationer massiva summor pengar på tekniska och fysiska åtgärder. Tillsammans med dessa åtgärder utfärdas även interna bestämmelser och riktlinjer för hur IT-system och information får eller inte får hanteras. Trots detta sker både intrång och andra säkerhetsrelaterade incidenter som kan härledas till mänskligt felaktigt beteende, eller den så kallade mänsklig faktorn. I den här uppsatsen har därför författaren gjort en djupdykning i ämnet för att studera vilka samband som kan finnas mellan beteendevetenskapliga teorier och efterlevnad av informationssäkerhet. Med kvalitativa metoder har bland annat litteraturstudier genomförts för att ta reda på vilka teorier som är mest relevanta i sammanhanget. Intervjuer har sedan nyttjats för att bredda författarens uppfattning om vilka faktorer som kan påverka mänskligt beteende. De personer som intervjuats har bland varit yrkesverksamma som säkerhetschefer, säkerhetskyddshandläggare och ledande forskare inom det specifika området. Information security compliance security culture human behavior general deterrence theory protection motivation theory social learning theory neutralization techniques Informationssäkerhet efterlevnad säkerhetskultur mänskligt beteende general deterrence theory protection motivation theory social learning theory neutralization techniques Computer and Information Sciences Data- och informationsvetenskap Information Systems, Social aspects Human Aspects of ICT Mänsklig interaktion med IKT
260	Nu får det vara slutlekt : Cybersäkerhetskraven för privata aktörer i ljuset av NIS2-direktivet / The Fun is Over : Cybersecurity Requirements for the Private Sector in light of the NIS2 Directive Dison, Ellinor January 2023 (has links) Cybersecurity threats have grown to become a global threat to private actors and states. While work processes are becoming more efficient, rapid technological developments are exposing network and information systems to vulnerabilities. The private sector plays a significant role in keeping the EU and Sweden safe in cyberspace since technological development is essentially controlled by private actors. When it comes to socially important activities, private actors both own and operate large parts of the market, which in turn means that attacks on private actors affecting trade secrets can pose a threat to market competition and economic prosperity. This thesis maps out how the EU has chosen to combat this with the NIS and NIS2 Directives. Specifically, this thesis maps out changes in cybersecurity requirements for private actors providing digital solutions in the light of NIS2. The previous NIS has shown to be inherently flawed with regards to the EU goal of achieving a high common level of security for network and information systems. The need for renewed legislation is therefore great and, as the investigation shows, NIS2 entails a change in the content, structure, and scope of important and essential entities. In short, the NIS2 Directive requires entities to perform their due diligence and document appropriate and proportionate measures based on an all-risk analysis. The increased and broadened requirements in NIS2, which are certainly justified by the increased cybersecurity threats, must also be weighed against an overly burdensome bureaucracy for authorities and private actors. In addition, this thesis analyzes the format of NIS2 and its potential impact on the internal market of the EU. Given the fact that it is a market regulation, a proportionality assessment is required in relation to the competitive disadvantages that an overly burdensome legislation may result in for private actors. At the same time, sanctions and enforcement measures must be sufficiently dissuasive. In conclusion, this thesis argues NIS2 to bring important changes, albeit still posing risks of further fragmenting the cybersecurity levels in the union due to the flexibility given to member states. However, NIS2 is a key step in the right direction towards achieving a high common level of cybersecurity across member states. NIS2 digital infrastructure digital providers NIS information security cybersecurity digitalization essential entity important entities EU Regulation EU Law NIS2 digital infrastruktur digitala leverantörer NIS EU-CyCLONe informationssäkerhet cybersäkerhet digitalisering väsentlig entitet viktiga entiteter EU-förordning EU-rätt Law and Society Juridik och samhälle

Search results