A structured approach to the identification of the significant risks related to enterprise mobile solutions at a mobile technology component level

Sahd, Lize-Marie

04 1900

Thesis (MComm)--Stellenbosch University, 2015. / ENGLISH ABSTRACT: The consumerisation of mobile technology is driving the mobile revolution and enterprises are forced to incorporate mobile solutions into their business processes in order to remain competitive. While there are many benefits relating to the investment in and use of mobile technology, significant risks are also being introduced into the business. The fast pace of technological innovation and the rate of adoption of mobile technology by employees has, however, created an environment where enterprises are deploying mobile solutions on an ad hoc basis. Enterprises are only addressing the risks as they are occurring and resulting in losses. The key contributing factor to this lack of governance and management is the fact that those charged with governance do not understand the underlying mobile technology components. The purpose of this research is to improve the understanding of the underlying components of mobile technology. The research further proposes to use this understanding to identify the significant risks related to mobile technology and to formulate appropriate internal controls to address these risks. The findings of the research identified the following underlying components of mobile technology: mobile devices; mobile infrastructure, data delivery mechanisms and enabling technologies; and mobile applications. Based on an understanding of the components and subcategories of mobile technology, a control framework was used to identify the significant risks related to each component and subcategory. The significant risks identified included both risks to the users (including interoperability, user experience, connectivity and IT support) as well as risks to the enterprise’s strategies (including continuity, security, cost and data ownership). The research concludes by formulating internal controls that the enterprise can implement to mitigate the significant risks. This resulted in two matrixes that serve as quick-reference guides to enterprises in the identification of significant risks at an enterprise specific mobile technology component level, as well as the relevant internal controls to consider. The matrixes also assist enterprises in determining the best mobile solutions to deploy in their business, given their strategies, risk evaluation and control environment. / AFRIKAANSE OPSOMMING: Die mobiele revolusie word deur die verbruiker van mobiele tegnologie aangedryf en, ten einde kompeterend te bly, word ondernemings gedwing om mobiele tegnologie in hul besigheidsprosesse te implementeer. Terwyl daar baie voordele verbonde is aan die investering in en gebruik van mobiele tegnologie, word die besigheid egter ook blootgestel aan wesenlike risiko’s. Die vinnige tempo waarteen mobiele tegnologie ontwikkel en deur werknemers aangeneem word, het egter ʼn omgewing geskep waarin ondernemings mobiele tegnologie op ʼn ad hoc basis ontplooi. Besighede spreek eers die risiko’s aan nadat dit reeds voorgekom het en verliese as gevolg gehad het. Die hoof bydraende faktor tot die tekort aan beheer en bestuur van mobiele tegnologie is die feit dat diegene verantwoordelik vir beheer, nie onderliggend mobiele tegnologie komponente verstaan nie. Die doel van hierdie navorsing is om die begrip van die onderliggende komponente van mobiele tegnologie te verbeter. Die navorsing poog verder om die wesenlike risiko’s verbonde aan mobiele tegnologie te identifiseer en om toepaslike interne beheermaatreëls te formuleer wat die risiko’s sal aanspreek. Die bevindinge van die navorsing het die volgende onderliggende komponente van mobiele tegnologie geïdentifiseer: mobiele toestelle; mobiele infrastruktuur, data afleweringsmeganismes, en bemagtigende tegnologieë; en mobiele toepassings. Gebaseer op ʼn begrip van die komponente en subkategorieë van mobiele tegnologie, is ʼn kontrole raamwerk gebruik om die wesenlike risiko’s verbonde aan elke komponent en subkategorie van die tegnologie, te identifiseer. Die wesenlike risiko’s sluit beide risiko’s vir die gebruiker (insluitend kontinuïteit, gebruikerservaring, konnektiwiteit en IT ondersteuning) sowel as risiko’s vir die onderneming se strategieë (insluitend kontinuïteit, sekuriteit, koste en data eienaarskap) in. Die navorsing sluit af met die formulering van die beheermaatreëls wat geïmplementeer kan word om die wesenlike risiko’s aan te spreek. Dit het gelei tot twee tabelle wat as vinnige verwysingsraamwerke deur ondernemings gebruik kan word in die identifisering van wesenlike risiko’s op ʼn onderneming-spesifieke tegnologie komponentvlak asook die oorweging van relevante interne beheermaatreëls. Die tabelle help ondernemings ook om die beste mobiele tegnologie vir hul besigheid te implementeer, gebaseer op hul strategie, risiko evaluering en beheeromgewing.

Mobile computing

Mobile communication systems

Mobile computing -- Security measures

Computer security

Mobile computing -- Risk management

UCTD

Benefits, business considerations and risks of big data

Smeda, Jorina

04 1900

Thesis (MComm)--Stellenbosch University, 2015. / ENGLISH ABSTRACT: Big data is an emerging technology and its use holds great potential and benefits for organisations. The governance of this technology is something that is still a big concern and as aspect for which guidance to organisations wanting to use this technology is still lacking. In this study an extensive literature review was conducted to identify and define the business imperatives distinctive of an organisation that will benefit from the use of big data. The business imperatives were identified and defined based on the characteristics and benefits of big data. If the characteristics and benefits are clear, the relevant technology will be better understood. Furthermore, the business imperatives provide business managers with guidance to whether their organisation will benefit from the use of this technology or not. The strategic and operational risks related to the use of big data were also identified and they are discussed in this assignment, based on a literature review. The risks specific to big data are highlighted and guidance is given to business managers as to which risks should be addressed when using big data. The risks are then mapped against COBIT 5 (Control Objectives for Information and Related Technology) to highlight the processes most affected when implementing and using big data, providing business managers with guidance when governing this technology. / AFRIKAANSE OPSOMMING: ‘Big data’ is 'n ontwikkelende tegnologie en die gebruik daarvan hou baie groot potensiaal en voordele vir besighede in. Die bestuur van hierdie tegnologie is egter ʼn groot bron van kommer en leiding aan besighede wat hierdie tegnologie wil gebruik ontbreek steeds. Deur middel van 'n uitgebreide literatuuroorsig is die besigheidsimperatiewe kenmerkend van 'n besigheid wat voordeel sal trek uit die gebruik van ‘big data’ geïdentifiseer. Die besigheidsimperatiewe is geïdentifiseer en gedefinieer gebaseer op die eienskappe en voordele van ‘big data’. Indien die eienskappe en voordele behoorlik verstaan word, is 'n beter begrip van die tegnologie moontlik. Daarbenewens bied die besigheidsimperatiewe leiding aan bestuur sodat hulle in staat kan wees om te beoordeel of hulle besigheid voordeel sal trek uit die gebruik van hierdie tegnologie of nie. Die strategiese en operasionele risiko's wat verband hou met die gebruik van ‘big data’ is ook geïdentifiseer en bespreek, gebaseer op 'n literatuuroorsig. Dit beklemtoon die risiko's verbonde aan ‘big data’ en daardeur word leiding verskaf aan besigheidsbestuurders ten opsigte van watter risiko's aangespreek moet word wanneer ‘big data’ gebruik word. Die risiko's is vervolgens gekarteer teen COBIT 5 (‘Control Objectives for Information and Related Technology’) om die prosesse wat die meeste geraak word deur die gebruik van ‘big data’ te beklemtoon, ten einde leiding te gee aan besigheidsbestuurders vir die beheer en kontrole van hierdie tegnologie.

UCTD

Big data

Big data -- Risk management

A framework for correlation and aggregation of security alerts in communication networks : a reasoning correlation and aggregation approach to detect multi-stage attack scenarios using elementary alerts generated by Network Intrusion Detection Systems (NIDS) for a global security perspective

Alserhani, Faeiz

January 2011

The tremendous increase in usage and complexity of modern communication and network systems connected to the Internet, places demands upon security management to protect organisations' sensitive data and resources from malicious intrusion. Malicious attacks by intruders and hackers exploit flaws and weakness points in deployed systems through several sophisticated techniques that cannot be prevented by traditional measures, such as user authentication, access controls and firewalls. Consequently, automated detection and timely response systems are urgently needed to detect abnormal activities by monitoring network traffic and system events. Network Intrusion Detection Systems (NIDS) and Network Intrusion Prevention Systems (NIPS) are technologies that inspect traffic and diagnose system behaviour to provide improved attack protection. The current implementation of intrusion detection systems (commercial and open-source) lacks the scalability to support the massive increase in network speed, the emergence of new protocols and services. Multi-giga networks have become a standard installation posing the NIDS to be susceptible to resource exhaustion attacks. The research focuses on two distinct problems for the NIDS: missing alerts due to packet loss as a result of NIDS performance limitations; and the huge volumes of generated alerts by the NIDS overwhelming the security analyst which makes event observation tedious. A methodology for analysing alerts using a proposed framework for alert correlation has been presented to provide the security operator with a global view of the security perspective. Missed alerts are recovered implicitly using a contextual technique to detect multi-stage attack scenarios. This is based on the assumption that the most serious intrusions consist of relevant steps that temporally ordered. The pre- and post- condition approach is used to identify the logical relations among low level alerts. The alerts are aggregated, verified using vulnerability modelling, and correlated to construct multi-stage attacks. A number of algorithms have been proposed in this research to support the functionality of our framework including: alert correlation, alert aggregation and graph reduction. These algorithms have been implemented in a tool called Multi-stage Attack Recognition System (MARS) consisting of a collection of integrated components. The system has been evaluated using a series of experiments and using different data sets i.e. publicly available datasets and data sets collected using real-life experiments. The results show that our approach can effectively detect multi-stage attacks. The false positive rates are reduced due to implementation of the vulnerability and target host information.

621.382

Whether using encryption in SCADA systems, the services performance requirements are still met in OT IT environment over an MPLS core network?

Chego, Lloyd

January 2016

A Research Project Abstract submitted in fulfillment of the requirements for Master of Science in Engineering [Electrical]: Telecommunications at the University Of The Witwatersrand, Johannesburg 07 June 2016 / Utilities use Supervisory Control and Data Acquisition systems as their industrial control system. The architecture of these systems in the past was based on them being isolated from other networks. Now with recent ever changing requirements of capabilities from these systems there is a need to converge with information technology systems and with the need to have these industrial networks communicating on packet switched networks there are cyber security concerns that come up. This research project looks at the whether using encryption in an IP/MPLS core network for SCADA in an OT IT environment has an effect on the performance requirements. This was done through an experimental simulation with the results recorded. The research project also looks at the key literature study considerations. The key research question for the research project of this MSc 50/50 mini-thesis is “whether using encryption in SCADA systems, the services performance requirements are still met in OT/ IT environment over an MPLS core network”? The research project seeks to determine if SCADA performance requirements are met over an encrypted MPLS/IP core network in an OT/IT environment. The key focus area of the research project is only encryption in the whole cyber security value chain versus SCADA services performances. This means that the research project only focused on the encryption portion of the whole cyber security value chain and the scope did not focus on other aspects of the value chain. This suffices for an MSc 50/50 mini-thesis research project as a focus on the whole value chain would require a full MSc thesis. Thus the primary objective for the research project is to research and demonstrate that encryption is essential for secure SCADA communication over a MPLS/IP core network. As aforementioned encryption forms an essential part of the Cyber Security value chain which has to achieve the following objectives. Confidentiality: ensuring that the information source is really from that source. Integrity: ensuring that the information has not been altered in any way. Availability: ensuring that system is not comprised but that it is available. These objectives of encryption should be met with SCADA service performance requirements not violated which is the objective of the research project. / M T 2016

Computer networks--Security measures

Industries--Security measures

Data encryption (Computer science)

Automation--Security measures

Process control--Security measures

Computer security

An uncertainty-aware reputation system in mobile networks: analysis and applications

Unknown Date

Many emerging mobile networks aim to provide wireless network services without relying on any infrastructure. The main challenge in these networks comes from their self-organized and distributed nature. There is an inherent reliance on collaboration among the participants in order to achieve the aimed functionalities. Therefore, establishing and quantifying trust, which is the driving force for collaboration, is important for applications in mobile networks. This dissertation focuses on evaluating and quantifying trust to stimulate collaboration in mobile networks, introducing uncertainty concepts and metrics, as well as providing the various analysis and applications of uncertainty-aware reputation systems. Many existing reputation systems sharply divide the trust value into right or wrong, thus ignoring another core dimension of trust: uncertainty. As uncertainty deeply impacts a node's anticipation of others' behavior and decisions during interaction, we include it in the reputation system. Specifically, we use an uncertainty metric to directly reflect a node's confidence in the sufficiency of its past experience, and study how the collection of trust information may affect uncertainty in nodes' opinions. Higher uncertainty leads to higher transaction cost and reduced acceptance of communication. We exploit mobility to efficiently reduce uncertainty and to speed up trust convergence. We also apply the new reputation system to enhance the analysis of the interactions among mobile nodes, and present three sample uncertainty-aware applications. We integrate the uncertainty-aware reputation model with game theory tools, and enhance the analysis on interactions among mobile nodes. / Instead of reactively protecting the mobile networks from existing attacks as in the traditional security paradigms, the analysis in this dissertation gives more insights on nodes' rationality in the interaction, which will enable the mechanism design in mobile networks to be security and incentive compatible. Moreover, we present three sample applications, in which we clearly identify the challenges, specifically formalize the problems, and cleverly employ the uncertainty mitigation schemes. These applications show that the uncertainty definition and mitigation schemes can benefit a broad range of applications, including fields such as security, network services, and routing. / by Feng Li. / Vita. / Thesis (Ph.D.)--Florida Atlantic University, 2009. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2009. Mode of access: World Wide Web.

Computer network architectures

Mobile computing

Implementing security in an IP Multimedia Subsystem (IMS) next generation network - a case study

Unknown Date

The IP Multimedia Subsystem (IMS) has gone from just a step in the evolution of the GSM cellular architecture control core, to being the de-facto framework for Next Generation Network (NGN) implementations and deployments by operators world-wide, not only cellular mobile communications operators, but also fixed line, cable television, and alternative operators. With this transition from standards documents to the real world, engineers in these new multimedia communications companies need to face the task of making these new networks secure against threats and real attacks that were not a part of the previous generation of networks. We present the IMS and other competing frameworks, we analyze the security issues, we present the topic of Security Patterns, we introduce several new patterns, including the basis for a Generic Network pattern, and we apply these concepts to designing a security architecture for a fictitious 3G operator using IMS for the control core. / by Jose M. Ortiz-Villajos. / Thesis (M.S.C.S.)--Florida Atlantic University, 2009. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2009. Mode of access: World Wide Web.

Computer networks--Security measures

Internet payment system--: mechanism, applications & experimentation.

January 2000

Ka-Lung Chong. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2000. / Includes bibliographical references (leaves 80-83). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgments --- p.iii / Chapter 1 --- Introduction & Motivation --- p.1 / Chapter 1.1 --- Introduction --- p.1 / Chapter 1.2 --- Internet Commerce --- p.3 / Chapter 1.3 --- Motivation --- p.6 / Chapter 1.4 --- Related Work --- p.7 / Chapter 1.4.1 --- Cryptographic Techniques --- p.7 / Chapter 1.4.2 --- Internet Payment Systems --- p.9 / Chapter 1.5 --- Contribution --- p.16 / Chapter 1.6 --- Outline of the Thesis --- p.17 / Chapter 2 --- A New Payment Model --- p.19 / Chapter 2.1 --- Model Description --- p.19 / Chapter 2.2 --- Characteristics of Our Model --- p.22 / Chapter 2.3 --- Model Architecture --- p.24 / Chapter 2.4 --- Comparison --- p.30 / Chapter 2.5 --- System Implementation --- p.30 / Chapter 2.5.1 --- Acquirer Interface --- p.31 / Chapter 2.5.2 --- Issuer Interface --- p.32 / Chapter 2.5.3 --- Merchant Interface --- p.32 / Chapter 2.5.4 --- Payment Gateway Interface --- p.33 / Chapter 2.5.5 --- Payment Cancellation Interface --- p.33 / Chapter 3 --- A E-Commerce Application - TravelNet --- p.35 / Chapter 3.1 --- System Architecture --- p.35 / Chapter 3.2 --- System Features --- p.38 / Chapter 3.3 --- System Snapshots --- p.39 / Chapter 4 --- Simulation --- p.44 / Chapter 4.1 --- Objective --- p.44 / Chapter 4.2 --- Simulation Flow --- p.45 / Chapter 4.3 --- Assumptions --- p.49 / Chapter 4.4 --- Simulation of Payment Systems --- p.50 / Chapter 5 --- Discussion of Security Concerns --- p.54 / Chapter 5.1 --- Threats to Internet Payment --- p.54 / Chapter 5.1.1 --- Eavesdropping --- p.55 / Chapter 5.1.2 --- Masquerading --- p.55 / Chapter 5.1.3 --- Message Tampering --- p.56 / Chapter 5.1.4 --- Replaying --- p.56 / Chapter 5.2 --- Aspects of A Secure Internet Payment System --- p.57 / Chapter 5.2.1 --- Authentication --- p.57 / Chapter 5.2.2 --- Confidentiality --- p.57 / Chapter 5.2.3 --- Integrity --- p.58 / Chapter 5.2.4 --- Non-Repudiation --- p.58 / Chapter 5.3 --- Our System Security --- p.58 / Chapter 5.4 --- TravelNet Application Security --- p.61 / Chapter 6 --- Discussion of Performance Evaluation --- p.64 / Chapter 6.1 --- Performance Concerns --- p.64 / Chapter 6.2 --- Experiments Conducted --- p.65 / Chapter 6.2.1 --- Description --- p.65 / Chapter 6.2.2 --- Analysis on the Results --- p.65 / Chapter 6.3 --- Simulation Analysis --- p.69 / Chapter 7 --- Conclusion & Future Work --- p.72 / Chapter A --- Experiment Specification --- p.74 / Chapter A.1 --- Configuration --- p.74 / Chapter A.2 --- Experiment Results --- p.74 / Chapter B --- Simulation Specification --- p.77 / Chapter B.1 --- Parameter Listing --- p.77 / Chapter B.2 --- Simulation Results --- p.77 / Bibliography --- p.80

Electronic commerce--Security measures

Electronic funds transfers

Internet--Security measures

World Wide Web--Security measures

Computer security

Defining the Information Security Posture: An Empirical Examination of Structure, Integration, and Managerial Effectiveness

Young, Randall Frederick

08 1900

The discipline of information security management is still in its infancy as evidenced by the lack of empirical scholarly work in this area. Most research within the information security domain focuses on specific technologies and algorithms and how it impacts the principles of confidentiality, integrity, and availability. But, an important area receiving little attention is the antecedents of effective information security management at the organizational level (Stanton, Guzman, Stam & Caldera, 2003). The little empirical research that has been conducted in this area has shown that information security management in many organizations is poor (Baskerville, 1993; Shimeall & McDermott, 1999). Several researchers have identified the need for methods to measure the organization-wide information security posture of organizations (Eloff & Von Solms, 2000; James, 1996). This dissertation attempts to measure the organization-wide information security posture by examining benchmark variables that assess role, planning orientation, and performance structure within the organization. Through this conceptualization of an organization's information security posture, a means is presented to measure overall information security and how it impacts the effective utilization of information security strategies. The presence of the dependent variable, effectiveness, gives academics and practitioners a success measure which can guide more effective decision making in the information security domain. An additional aim of this dissertation is to empirically examine the influence of management practices and decisions on effective use of information security strategies within the organization. The issues of centralization versus decentralization of information security activities will be evaluated along with its impact on information security posture of organizations and the effectiveness of the organization's information security strategies. Data was collected from 119 IT and information security executives. Results show that how the organization structures information security activities is not correlated with more effective utilization of information security strategies. Meanwhile, the organization's information security posture is significantly correlated with more effective utilization of information security strategies. The implications of this research is discussed.

recovery

centralization

Information security

decentralization

prevention

deterrence

detection

Computer networks -- Security measures.

Computer security -- Management.

Integrated planning of modern distribution networks incorporating UK utility practices

Mansor, Nurulafiqah Nadzirah

January 2018

Distribution system plays a significant role in the overall electrical power system due to its impact on electricity costs, reliability as well as security of supplied energy. Optimal development planning of modern distribution system is mainly required to satisfy continuous change in customer demands and generations in a cost-effective manner, utilizing the available smart solutions. All these aspects need to be addressed in modern distribution planning methodology that can be applied today in real-life. Review has shown that there are no distributions planning models that adequately model security of supply of radially operated networks. Moreover, the optimal development planning models still do not consider multiple operating regimes, which has become a necessity due to connection of low carbon technologies. Numerous techniques published on this subject tend to ignore the regulations and planning standards that must be complied during system development, resulting in methodology that is not in-tuned with business practices. Furthermore, a comprehensive model that integrates all major components of today’s real-life distribution planning is still lacking, even though many of them have been addressed individually. In this thesis, integrated planning methodology for development of distribution system is proposed, incorporating utility practices in the UK. The overall methodology built on two independent stages, investment stage and operation stage. The operation stage is further cast into two sub-stages, quality of supply planning and minimization of operation costs planning. The overall planning methodology incorporates the novel probabilistic decision tree concept for distribution system planning to consider probable network uncertainties. The first model which is the investment stage determines the new construction and reinforcement of circuits and switchgear, along with circuit decommissioning. Multiple operating regimes due to fluctuation in generation and load profiles are considered, in addition to explicit modelling of N-1 security constraint according to P2/6 planning standards. The quality of supply planning determines the allocation of switchgear and its automation to maximise the reliability benefits from the regulatory incentive regime. Finally, the operation model determines the optimal network configuration that minimises the total operation costs of distribution system. The final outputs are list of cables and switchgear for construction, reinforcement, and decommission, benefits harvested due to quality of supply investments on switchgear, optimal network running arrangement, etc. These studies have proven to be important in formulating effective strategies for development of distribution system, in compliance to the planning standards and resulted in higher network operation capabilities.

A framework for system fingerprinting

Radhakrishnan, Sakthi Vignesh

29 March 2013

The primary objective of the proposed research is to develop a framework for smart and robust fingerprinting of networked systems. Many fingerprinting techniques have been proposed in the past, however most of these techniques are designed for a specific purpose, such as Operating System (OS) fingerprinting, Access Point (AP) fingerprinting, etc. Such standalone techniques often have limitations which render them dysfunctional in certain scenarios or against certain counter measures. In order to overcome such limitations, we propose a fingerprinting framework that can combine multiple fingerprinting techniques in a smart manner, using a centralized decision making engine. We believe that any given scenario or a counter measure is less likely to circumvent a group of diverse fingerprinting techniques, which serves as the primary motivation behind the aforementioned method of attack. Another major portion of the thesis concentrates on the design and development of a device and device type fingerprinting sub-module (GTID) that has been integrated into the proposed framework. This sub-module used statistical analysis of packet inter arrival times (IATs) to identify the type of device that is generating the traffic. This work also analyzes the performance of the identification technique on a real campus network and propose modifications that use pattern recognition neural networks to improve the overall performance. Additionally, we impart capabilities to the fingerprinting technique to enable the identification of 'Unknown' devices (i.e., devices for which no signature is stored), and also show that it can be extended to perform both device and device type identification.

Access control

Device type fingerprinting

Device fingerprinting

System Fingerprinting

GTID

Security framework

Computer networks Security measures