Management zabezpečovacího systému firmy / Security System Management of the Company

Moravec, Lukáš

January 2016

This master thesis deals with the design of complex security system for company area with using PZTS and CCTV system. The thesis is divided into three separate parts, first part is focused on analysis the company and the current physical security state. Second part of thesis deals with theoretical bases. And the final part covers the concept of the PZTS and CCTV system solution. Here are all the chosen elements which will be used for realization

The Experiences of Sailors with Antiterrorism Force Protection Training at Off-Installation Sites

Harrison, Jessica

01 January 2018

Enhancing antiterrorism force protection (ATFP) training at off-installation sites to allow employees to survive a life threatening situation is a necessity after recent events at such military installations. However, little is known about how service members perceive their current ATFP training experiences and how those experiences impact their self-confidence for responding to a threat. The purpose of this qualitative study was to explore how current training experiences impact confidence levels in learning basic security fundamentals to respond to a threat, as well as possible training changes that might improve confidence levels. This study used social constructivism, andragogy theory, heutagogy, and problem-based learning as the conceptual frameworks. Participants were 15 sailors from 5 off-site locations. Data sources were semistructured interviews. Data were analyzed using provisional and open coding strategies to identify themes of supports and barriers to learning ATFP concepts. Results indicated that existing instruction resulted in sailors engaging in supplemental self-training activities to reach what they believed were strong preparedness levels. They also indicated that instruction that emphasizes authentic adult education practices such as learner-center instruction and hands-on drills under the framework of problem-based learning and heutagogy were necessary to increase self-reported levels of confidence in responding to a threat. This study impacts positive social change by providing guidelines for effective terrorist and threat preparedness instruction, regardless of organization, institution, or location that can be used by administrators to improve their confidence and ability to deal with terrorist actions.

Andragogy

Antiterrorism

Heutagogy

Military Training

Physical Security

Problem-Based Learning

Higher Education Administration

Higher Education and Teaching

Game-Theoretic and Machine-Learning Techniques for Cyber-Physical Security and Resilience in Smart Grid

Wei, Longfei

29 October 2018

The smart grid is the next-generation electrical infrastructure utilizing Information and Communication Technologies (ICTs), whose architecture is evolving from a utility-centric structure to a distributed Cyber-Physical System (CPS) integrated with a large-scale of renewable energy resources. However, meeting reliability objectives in the smart grid becomes increasingly challenging owing to the high penetration of renewable resources and changing weather conditions. Moreover, the cyber-physical attack targeted at the smart grid has become a major threat because millions of electronic devices interconnected via communication networks expose unprecedented vulnerabilities, thereby increasing the potential attack surface. This dissertation is aimed at developing novel game-theoretic and machine-learning techniques for addressing the reliability and security issues residing at multiple layers of the smart grid, including power distribution system reliability forecasting, risk assessment of cyber-physical attacks targeted at the grid, and cyber attack detection in the Advanced Metering Infrastructure (AMI) and renewable resources. This dissertation first comprehensively investigates the combined effect of various weather parameters on the reliability performance of the smart grid, and proposes a multilayer perceptron (MLP)-based framework to forecast the daily number of power interruptions in the distribution system using time series of common weather data. Regarding evaluating the risk of cyber-physical attacks faced by the smart grid, a stochastic budget allocation game is proposed to analyze the strategic interactions between a malicious attacker and the grid defender. A reinforcement learning algorithm is developed to enable the two players to reach a game equilibrium, where the optimal budget allocation strategies of the two players, in terms of attacking/protecting the critical elements of the grid, can be obtained. In addition, the risk of the cyber-physical attack can be derived based on the successful attack probability to various grid elements. Furthermore, this dissertation develops a multimodal data-driven framework for the cyber attack detection in the power distribution system integrated with renewable resources. This approach introduces the spare feature learning into an ensemble classifier for improving the detection efficiency, and implements the spatiotemporal correlation analysis for differentiating the attacked renewable energy measurements from fault scenarios. Numerical results based on the IEEE 34-bus system show that the proposed framework achieves the most accurate detection of cyber attacks reported in the literature. To address the electricity theft in the AMI, a Distributed Intelligent Framework for Electricity Theft Detection (DIFETD) is proposed, which is equipped with Benford’s analysis for initial diagnostics on large smart meter data. A Stackelberg game between utility and multiple electricity thieves is then formulated to model the electricity theft actions. Finally, a Likelihood Ratio Test (LRT) is utilized to detect potentially fraudulent meters.

Cyber-Physical Security

Game Theory

Machine Learning

Reliability

Resilience

Smart Grid

Information Security

Power and Energy

Systems and Communications

Theory and Algorithms

One key to rule them all : Sårbarheter och spårbara artefakter i säkerhetsnycklar / One key to rule them all : Vulnerabilities and traceable artefacts in security keys

Gunnarsson, Philip, Isenstierna, Emmi

January 2023

Att skydda sin data idag kommer med flera utmaningar då lösenord som enda autentiseringsmetod är otillräcklig. Lösenord är ofta användarvänliga, enkla att hålla koll på och är utan kostnad för användaren. Det går alltid att göra lösenord säkrare men det upplevs ofta som svårhanterligt. I stället för detta kan man även använda ytterligare autentiseringsmetod. Många sidor och tjänster använder idag så kallad två- eller flerfaktorsautentisering genom t.ex. BankID eller säkerhetsnycklar. Med all ny teknik följer nya säkerhetsaspekter att ta hänsyn till, speciellt om denna teknik lämnar efter sig spår som kan utnyttjas av t.ex. hackare. Arbetets syfte är att undersöka spårbara artefakter som är kopplade till de fysiska säkerhetsnycklarna Solo 1 och YubiKey 5 NFC i Windows Registret i Windows 10 Pro N, samt utvärdera om tidigare kända sårbarheter kan bidra till insikter om säkerhetsnycklars säkerhet. Detta genomförs med hjälp av två kvalitativa metoder, dels genom en kartläggning av sårbarheter, dels genom ett experiment. Baserat på de funna sårbarheterna som har hittats så går det inte att säga huruvida de säkerhetsnycklarna skiljer sig i säkerhetsnivå, men det är tydligt att det främst är i firmware och mjukvara där sårbarheterna finns. Huruvida den ena säkerhetsnyckeln är säkrare än den andra går inte att fastställa, samt om en öppen källkod har någon betydelse vad gäller säkerhet. Dessutom går det att konstatera att spårbara artefakter från en säkerhetsnyckel kan hittas i ett Windows operativsystem. Baserat på de funna sårbarheterna som har hittats så går det inte att säga huruvida de säkerhetnycklarna skiljer sig i säkerhetsnivå, men det är tydligt att det främst är i firmware och mjukvara där sårbarheterna finns. Huruvida den ena säkerhets-nyckeln är säkrare än den andra går inte att fastställa, samt om öppen källkod har någon betydelse vad gäller säkerhet. Dessutom går det att konstatera att spår-bara artefakter från en säkerhetsnyckel kan hittas i ett Windows operativsystem. / Protecting your data today comes with several challenges since a password as the only authentication method is insufficient. Passwords are often user-friendly, easy to keep track of, and at no cost for the user. Passwords can always be made more secure, but this task is often perceived as tedious. Instead, additional authentication methods may be used. Many sites and services today use so-called two- or multifactor authentication, e.g. BankID (a type of eID) or security keys. all new technology comes with unique security aspects to consider, especially if this technology leaves behind traces that can be exploited by, e.g., hackers. This study aims to investigate traceable artifacts associated with the physical security key Solo 1 and YubiKey 5 NFC in the Windows Registry in Windows 10 Pro N and to evaluate whether previously known vulnerabilities can contribute to insights into security key security. The study uses two qualitative methods, one mapping out the vulnerabilities and another through an experiment. Based on the vulnerabilities that was found, it is not possible to conclude whether the security keys differ in security level. Still, it is mainly in the firmware and software where the vulnerabilities exist. Whether one security key is more secure than the other is inconclusive, and whether open-source code has any implications regarding security. In addition, it is ascertained that traceable artifacts from a security key can be found in a Windows operating system.

Vulnerabilities

physical security key

SoloKeys

YubiKey

Windows Registry

Registry Editor

Sårbarheter

fysisk säkerhetsnyckel

SoloKeys

YubiKey

Windows Registret

Registereditorn

Övrig annan teknik

<b>A COMPREHENSIVE FRAMEWORK FOR ENHANCING LARGE-SCALE EVENT SECURITY</b>

Santino P Alteri (19929723)

23 October 2024

<p dir="ltr">Large-scale events pose significant challenges for security professionals, requiring robust and redundant, comprehensive frameworks to mitigate potential threats and ensure the safety of attendees. This dissertation presents a multifaceted approach to enhancing large-scale event security, incorporating diverse methodologies and technologies. The study examines security screening technologies, hardened cyber-physical fortifications, and modeling & simulation methods for staffing and resource allocation. Experiments were conducted on the technical evaluation of the XTRACT technology, as well as the implementation of secret shoppers to unveil security vulnerabilities. A comparative analysis was then conducted to reveal the distinguishing characteristics of each experiment and their benefit to human-tech security. Recommendations for future research encompass the application of artificial intelligence (AI) in event planning and security, highlighting the potential benefits and ethical challenges, as well as methods for improving military installation (cyber) physical defense.</p>

Technology, crime and surveillance

large-event security

XTRACT technology

secret shopper

cyber security

physical security

artificial intelligence

military

military installations

military security

Návrh přístupového systému jako součást řešení fyzické bezpečnosti / Design of Access System as a Part of Physical Security Solution

Dohnal, Matěj

January 2017

This master’s thesis deals with design of an access system as a part of physical security solution for an energy company in the Czech Republic. The access system is designed to meet all legal requirements and conform to ISO 27001 certification. Implementation of the proposed access system is demonstrated on the selected company object, a representative example of connecting the critical infrastructure element and the company's common facility.

Návrh elektronického zabezpečovacího systému jako část fyzického zabezpečení energetických objektů kritické infrastruktury / Proposal of an electronic security system as part of the physical securing of critical infrastructure energetic objects

Mihálik, Andrej

January 2018

This master's thesis deals with the design of an electronic security system as part of the physical security for the energy company in the Czech Republic. The electronic security system is designed to meet all legal requirements, internal directives and has also passed ISO 27001 certification. The Implementation of the security system is demonstrated on the selected object of the company that belongs to the elements of the critical infrastructure.

Inovace procesů zpracování osobních údajů u státní organizace / Innovation Processes Personal Data for the State Organization

Cahová, Veronika

January 2009

Master's thesis "Innovation processes personal data for the state organization," deals with the protection of personal data for processing, both in paper, as well as electronic form. The main topic is security policy, the assessment of security risks resulting proposals for the introduction of innovative processes aimed to prevent possible leakage and misuse of personal data.

Management informační bezpečnosti ve zdravotnickém zařízení / Information Security Management in Healthcare Organization

Mikulová, Aneta

January 2011

The topic of my thesis is "Information security management in healthcare organization." Medical facilities are generally the ones who should put emphasis on information security. For my thesis I chose aesthetic private clinic called Visage, I underwent safety analysis. The analysis showed that only a small part of the security process is documented in the clinic. This is particularly deficient in terms of business. There may be a leak of sensitive information on the health status of individual patients. It is necessary to better treat the handling of these data. The aim of this thesis is a security manual that will describe the personal, physical and IT security.

Návrh metodiky bezpečnosti informací v podniku provozující elektronický obchod / Draft of Information Security Methodology in Company Running Electronic Commerce

Mráčková, Kateřina

January 2013

The work deals with the analysis of security management in company selling goods trought the stone shop and the electronic commerce. The assets and threats affecting them were identified and an analysis of risks and selected measures was evaluated. The work is based on the theoretical background from series of standards ISO/IEC 27000 given in the first part of it.