Global ETD Search

551	A risk analysis and risk management methodology for mitigating wireless local area networks (WLANs) intrusion security risks Abdullah, Hanifa 12 October 2006 (has links) Every environment is susceptible to risks and Wireless Local Area Networks (WLANs) based on the Institute of Electrical and Electronics Engineers (IEEE) 802.11 standard are no exception. The most apparent risk of WLANs is the ease with which itinerant intruders obtain illicit entry into these networks. These intrusion security risks must therefore be addressed which means that information security risk analysis and risk management need to be considered as integral elements of the organisation’s business plan. A well-established qualitative risk analysis and risk management methodology, the Operationally Critical Threat Asset and Vulnerability Evaluation (OCTAVE) is selected for conducting the WLAN intrusion security risk analysis and risk management process. However, the OCTAVE risk analysis methodology is beset with a number of problems that could hamper a successful WLAN intrusion security risk analysis. The ultimate deliverable of this qualitative risk analysis methodology is the creation of an organisation-wide protection strategy and risk mitigation plan. Achieving this end using the OCTAVE risk analysis methodology requires an inordinate amount of time, ranging from months to years. Since WLANs are persistently under attack, there is a dire need for an expeditious risk analysis methodology. Furthermore, the OCTAVE risk analysis methodology stipulates the identification of assets and corresponding threat scenarios via a brainstorming session, which may be beyond the scope of a person who is not proficient in information security issues. This research was therefore inspired by the pivotal need for a risk analysis and risk management methodology to address WLAN intrusion attacks and the resulting risks they pose to the confidentiality, integrity and availability of information processed by these networks. Copyright / Dissertation (MSc (Computer Science))--University of Pretoria, 2006. / Computer Science / unrestricted Ooda cycle Risk Risk analysis Risk management Octave Risk assessment Wireless intrusion detection system Wireless local area network (WLAN) UCTD
552	Risk analysis of the 9-1-1 system using failure mode, effects, and criticality analysis (FMECA) Giberson, Stacey E. 02 February 2010 (has links) <p>More than twenty-five percent of the risk of failure for the 9-1-1 system can be contributed to blocked lines. The second major failure mode is unhelpful or improperly trained telecommunicators. The quick dispatch of emergency response teams in the event of any disaster or accident through the use of the 9-1-1 system is crucial to the well-being of the public. These potential failure modes prevent desperately awaited help from arriving as soon as possible. Therefore, the reliability and effectiveness of the system must be evaluated.</p> <p> The objective of this report is to identify failure modes of the 9-1-1 system, calculate their criticality, prioritize them in order of risk, and propose economical and feasible alternative solutions.</p> <p> Failure mode, effects, and criticality analysis (FMECA) is an evaluation tool that proves extremely useful when a system is desired to be kept highly effective and reliable. In this report, it is applied within the Systems Engineering Process to analyze areas of weakness throughout the New Jersey 9-1-1 system. FMECA is widely used throughout the military and commercial industry. It illustrates the interrelationships between causes and effects of failure modes, and helps to focus attention on high risk areas so that proper precautions may be taken.</p> <p> First, the use of FMECA is reviewed. The step-by-step procedures are next illustrated, and it is noted that FMECA must be tailored to each system relative to its characteristics and desired application. The New Jersey 9-1-1 system is analyzed in detail and is found to be an effective emergency communications network. However, technology has not yet provided solutions to all possible failures. In fact, technology adds to the failure possibilities. Possible future areas of development are included.</p> <p> / Master of Science systems engineering 9-1-1 system FMECA risk analysis LD5655.V851 1996.G534
553	NIG distribution in modelling stock returns with assumption about stochastic volatility : Estimation of parameters and application to VaR and ETL Kucharska, Magdalena, Pielaszkiewicz, Jolanta Maria January 2009 (has links) We model Normal Inverse Gaussian distributed log-returns with the assumption of stochastic volatility. We consider different methods of parametrization of returns and following the paper of Lindberg, [21] we assume that the volatility is a linear function of the number of trades. In addition to the Lindberg’s paper, we suggest daily stock volumes and amounts as alternative measures of the volatility. As an application of the models, we perform Value-at-Risk and Expected Tail Loss predictions by the Lindberg’s volatility model and by our own suggested model. These applications are new and not described in the literature. For better understanding of our caluclations, programmes and simulations, basic informations and properties about the Normal Inverse Gaussian and Inverse Gaussian distributions are provided. Practical applications of the models are implemented on the Nasdaq-OMX, where we have calculated Value-at-Risk and Expected Tail Loss for the Ericsson B stock data during the period 1999 to 2004. NIG distribution Value at Risk Expected Tail Loss Lindberg method EM algorithm risk analysis ETL VaR Mathematics Matematik
554	Analyse de la transition vers les énergies renouvelables en Tunisie : Risques, enjeux et stratégies à adopter / Analysis of the transition to renewable energies in Tunisia : Risks, challenges and strategies Omri, Amna 05 September 2016 (has links) L’objectif principal de cette thèse est de déterminer les risques et les barrières d’investissement dans le secteur des énergies renouvelables, en Tunisie, et d’en déduire les stratégies et les mécanismes à adopter pour accélérer le processus de transition vers les énergies renouvelables. Bien que les fondements de cette thèse soient basés sur l’analyse économique, elle privilégie, plutôt, une approche interdisciplinaire de management du risque. Nous avons procédé à une étude de cas d’un projet d’énergie solaire thermodynamique à concentration (le projet « TuNur ») qui aura lieu au sud de la Tunisie. Nous avons utilisé la méthode d’Analyse Globale des Risques (AGR) qui permet de déterminer les cartographies des risques (le diagramme de Kiviat et le diagramme de Farmer) ainsi que les moyens pour les réduire. L’application de cette méthode nous a permis de dégager la liste des 8 risques majeurs ainsi que les mécanismes et les stratégies à adopter pour les réduire. A la fin de cette thèse, nous avons présenté les différentes formes de gouvernance énergétique qui permettent de faciliter la diffusion des énergies renouvelables en Tunisie. Nous avons expliqué le fait que la politique énergétique de transition vers les énergies renouvelables doit être faite par les autorités publiques, au début, mais elle doit progresser rapidement vers d’autres formes de gouvernance, en passant par la participation du secteur privé et la gouvernance locale participative jusqu’à arriver à un stade où la gouvernance des risques devient nécessaire. / The main objective of this thesis is to identify and analyze the risks and barriers faced by renewable energy investors, in Tunisia, and to deduce strategies and mechanisms that should be adopted to accelerate the process of transition to renewable energies. Although the foundations of this thesis are based on the economic analysis, it favors, rather, an interdisciplinary approach of risk management.We conducted a case study of a project of concentrating solar power (the “TuNur” project) which will be held in southern Tunisia. We used the Global Risk Analysis method (GRA) which permits the determination of cartographies of risks (Kiviat diagram and Farmer diagram) and the ways to reduce them. The application of this method allowed us to generate a list of 8 major risks and the mechanisms and strategies to reduce them. At the end of this thesis, we presented the different forms of energy governance that facilitate the diffusion of renewable energies in Tunisia. We explained that the energy policy of transition to renewable energies must be made by public authorities, at the beginning, but it must quickly move to other forms of governance, through private sector participation and participative local governance until we get to a stage where the risk governance becomes necessary. Projet TuNur Analyse globale des risques Concentrating solar power Renewable energies Global risk analysis
555	Erstellung quantitativer Risikoanalysen - Erstellung quantitativer Risikoanalysen für ausgewählte sächsische Betriebe mittels einer durch die Bundesanstalt für Materialforschung und -prüfung entwickelten Methodik und Vergleich der Ergebnisse mit den Ergebnissen qualitativer Risikoanalysen auf Basis vorliegender Sicherheitsberichte Schalau, Bernd, Drewitz, Yvonne 28 July 2009 (has links) Für zwei ausgewählte sächsische Betriebe wurden quantitative Risikoanalysen auf der Grundlage der vorliegenden Sicherheitsberichte mit einem von der Bundesanstalt für Materialforschung und -prüfung (BAM) entwickelten Verfahren erstellt. Nach der Darstellung von bekannten Verfahren zur Durchführung von Risikoanalysen wird die daraus abgeleitete Methodik unter Berücksichtigung der Randbedingungen in Deutschland erläutert. Nach der Beschreibung der Modelle für die Auswirkungsbetrachtungen werden die möglichen Ansätze für die Bewertung der Auswirkungen von Stoff- und Energiefreisetzungen diskutiert. Ein wesentlicher Teil der Risikoanalyse umfasst die Berechnung der Eintrittshäufigkeiten der Szenarien. Hierfür sind Angaben über die Ausfallhäufigkeit von Anlagenteilen, insbesondere von Störfall verhindernden und -begrenzenden Einrichtungen erforderlich. Ausführlich werden die in der Literatur gefundenen Angaben miteinander verglichen und ein einheitlicher Datensatz für die Berechnungen zusammengestellt. info:eu-repo/classification/ddc/630 ddc:630
556	Riskfördelning i implementeringen av ERTMS i Sverige / Risk Allocation in the Implementation of ERTMS in Sweden Mogefors, Daniel January 2013 (has links) Implementeringen av trafikstyrningssystemet European Rail Traffic Management System (ERTMS), som för närvarande det största infrastrukturprojektet i Sverige, kommer successivt att ersätta det nuvarande systemet Automatic Train Control (ATC) fram till 2035. På grund av Sveriges nyligen slutförda avreglering av järnvägsmarknaden är de viktigaste aktörerna i implementationsprocessen de aktörer som ansvarar för tågen (tågoperatörerna) och den som ansvarar för infrastrukturen (Trafikverket). Arbetet är utfört på uppdrag av Trafikverket och syftar till att undersöka riskfördelningen mellan huvudintressenterna i samband med implementeringen av ERTM. En riskanalys med avseende på tekniska risker och finansiella risker är utförd samt en litteraturstudie och intervjuer med relevanta personer inom sektorn. Resultaten visar en motvilja från operatörerna att implementera tekniken och betydande skillnad i den risk som de två aktörerna är utsatta för. Operatörerna exponeras för en relativt hög risk i varje scenario som undersöks och som potentiellt kräver riskreducerande åtgärder. I ett scenario exponeras operatörerna för oacceptabelt hög finansiell risk som kräver riskreduceringsåtgärder. Transportverket är föremål för låg risk i alla scenarier som undersökts. Data från studien tyder på att motviljan från operatörerna mot implementeringen av ERTMS beror på att de risknivåer som denna grupp utsätts för inte lever upp till de fördelar de förväntar sig att systemet kommer leverera. / Currently the largest infrastructure project in Sweden, the implementation of the rail traffic management system European Rail Traffic Management System (ERTMS) will gradually replace the incumbent system Automatic Train Control (ATC) until 2035. Due to Sweden’s recently completed deregulation of the railway market the main stakeholders in this implementation process are the actors responsible for operations (the train companies) and the actor responsible for the infrastructure (the Swedish Transportation Administration). The thesis is commissioned by the Swedish Transportation Administration and aims at examining the allocation of risk associated with the implementation of ERTMS among key stakeholders. A risk analysis with regards to technological risk and financial risk is conducted as well as a literature study and interviews with relevant persons in the sector. The results reveal a hesitation from operators to implement the technology and considerable difference in the risk the two main stakeholders are subject to. The operators maintain a relatively high level of risk in every scenario examined, potentially requiring risk reduction measures. In one scenario the operators are subject to inacceptable levels of financial risk that demands risk reduction measures. The Swedish Transportation Administration is subject to low levels of risk in all scenarios examined. Data from the study suggests that the hesitation from operators to implement the technology may be due to the levels of risk they are exposed to do not match the benefit they expect the system will provide. Risk assessment Risk analysis Development process Implementation process Market deregulation ERTMS Riskbedömning Riskanalys Utvecklingsprocess Implementeringsprocess Avreglering ERTMS Mechanical Engineering Maskinteknik
557	Minska risk för vindskador i granbestånd – hur fungerar ett verktyg för riskanalys i praktiken / Reducing the risk of wind damage in spruce forest stands – evaluating a practical tool Wimarson, Anders January 2021 (has links) Starka vindar orsakar stora skador för det svenska skogsbruket och samhället. Därför är det viktigt att kunna hitta de bestånd som har hög sannolikhet att drabbas av dessa skador. För att lyckas med detta krävs ett enkelt verktyg där bestånden kan bedömas med denutrustning och den kunskap som finns ute på de svenska skogsgårdarna.Den här studien utvärderar och testar ett verktyg som är framtagen av Olofsson & Blennow (2005). Resultatet visar att verktyget fungerar och att det är användarvänligt. Av 90 undersökta bedömningarresulterade 23 % i hög sannolikhet för stormskador på den undersökta gården i norra Halland. Studien visar också på vikten av att använda aktuella data och arbeta med hög noggrannhet i framtagandet avbeståndsdata. De viktigaste parametrarna för att bedömasannolikheten var beståndskantshöjd och HD-kvot. Wind damage spruce risk analysis decision trees climate change Vindskador gran riskanalys beslutsträd klimatförändring Forest Science Skogsvetenskap
558	Analysis of Mobility and Traffic Safety with Respect to Changes in Volumes; Case Study: Stockholm, Sweden Johansson, Sofia, Vasireddy, Sri January 2021 (has links) The growing population and motorization generate more movements. In many cities, the increase of population and motorization is much greater than the development of the capacity of the transportation network. For unprotected road users, the risk of getting in a traffic accident increases and the risk of being more severely injured in an accident. In March 2020, a pandemic was declared because of a Coronavirus. More people started to work/study from home to prevent the virus from spreading by avoiding unnecessary trips, gatherings, and crowded areas. Therefore, travel behaviours have shifted during the pandemic compared to previous years. This project aims to get knowledge of how mobility and traffic accidents are affected by significant shifts of travel flow, predict the effect of traffic accidents based on mobility, and evaluate the risk of travelling on a particular road segment. / <p>Examensarbetet är utfört vid Institutionen för teknik och naturvetenskap (ITN) vid Tekniska fakulteten, Linköpings universitet</p> Transport Systems and Logistics Transportteknik och logistik
559	Sécurité des équipements grand public connectés à Internet : évaluation des liens de communication / Security of consumer devices connected to the Internet : communication channel evaluation Bachy, Yann 09 July 2015 (has links) Aujourd’hui, les équipements intégrant du logiciel et connectés à Internet sont de plus en plus nombreux et variés. Avec l’arrivée de l’“Internet des objets” et la tendance au “tout connecté”, de nombreux équipements de notre quotidien bénéficient maintenant d’une connexion à Internet : les Smart-TVs, les lecteurs DVD, les systèmes d’alarmes, les systèmes domotiques, jusqu’aux équipements facilitant l’hospitalisation à domicile de patients par exemple. Ces évolutions technologiques s’accompagnent malheureusement de problèmes de sécurité. L’utilisation massive du réseau Internet a facilité la propagation de logiciels malveillants, qui peuvent aujourd’hui cibler tout type d’équipement informatique et notamment les équipements connectés. Alors qu’il existe déjà des normes permettant d’évaluer la sécurité d’équipements informatiques industriels, leur application aux équipements grand public est encore limitée. La présence et la criticité des vulnérabilités qui peuvent affecter ces équipements sont encore mal connues car elles n’ont pas fait l’objet d’études approfondies. C’est précisément l’objectif de cette thèse, qui propose une méthode permettant de mener une analyse de vulnérabilités des équipements grand public connectés à Internet. Cette méthode est constituée de deux grandes phases : une phase d’analyse des risques suivie d’unephase d’expérimentations. L’analyse de sécurité d’un équipement, quelle qu’elle soit, nécessite une bonne connaissance de l’environnement de celui-ci. Afin de guider l’évaluateur dans cette tâche, nous proposons, dans une première phase, de nous fonder sur des méthodes d’analyse des risques existantes. Ces méthodes sont aujourd’hui bien éprouvées et permettent à l’évaluateur d’obtenir une vue globale des risques encourus par l’utilisation de l’équipement étudié. Ensuite, lors de la seconde phase de l’étude, l’évaluateur se concentre sur les risques les plus importants afin de montrer la faisabilité technique des scénarios menant aux risques considérés, à l’aide d’expérimentations. Étant donné le grand nombre et la diversité des connexions présentes sur les équipements connectés, il est important de mettre l’accent sur les scénarios d’attaque qui peuvent s’avérer riches, même si ces scénarios ont pour origine une vulnérabilité locale simple. Pour cette seconde phase, une méthode d’expérimentation est donc proposée pour étudier ces scénarios d’attaque, qui, de plus, ciblent des équipementsdont les spécifications ne sont pas forcément disponibles. Afin d’illustrer la méthode globale, cette thèse se fonde sur deux cas d’étude : les box ADSL et les téléviseurs connectés. Ces études ont été menées sur un panel d’équipements provenant des principaux fournisseurs d’accès à Internet et des principaux fabricants de téléviseurs, ce qui nous a permis de comparer les différents équipements présents sur le marché. Les vulnérabilités mises en évidence concernent en particulier les liens de communication (boucle locale pour les Box ADSL, interface DVB-T pour les Smarts TVs) reliant les équipements à leurs fournisseurs de service (FAI pour les Box ADSL, TV et VoD pour les Smart TVs). Ces liens de communication sont habituellement considérés de confiance et ne sont à notre connaissance pas ou peu étudiés jusqu’à présent. Cette thèse contribue ainsi à l’analyse de sécurité sur ces liens particuliers des équipements connectés et met en lumière des chemins d’attaque originaux.Enfin, cette thèse se termine par la présentation des différents mécanismes de protection existants afin d’empêcher l’introduction ou l’exploitation des failles de sécurité identifiées. / Today, equipment embedding software and an Internet connection are more and more numerous and various. With the emergence of “the internet of things” and the trend to interconnect everything, many equipment used in our every day life are now connected to the internet: Smart-Tvs, DVD players, alarm and home automation systems, and even health assistance home devices, for example. Unfortunately, these technological evolutions also introduce new security threats. The massive use of internet facilitates the propagation of malware, capable of targeting any computer device, and more specifically any internet connected device. Although several methods allowing security analysis of industrial systems exist, their application to home devices is still limited. The existence and the criticality of potential vulnerabilities in these devices are not well-known, because they have not been thoroughly studied. This is precisely the objective of this thesis, which presents a method allowing to carry out a vulnerability analysis of internet connected home devices. This method is composed of two main phases: a risk analysis phasefollowed by an experimental phase. The security analysis of any type of equipement, requires a good knowledge ofits environment. In order to guide the evaluator in this task, we propose, as a first step, to rely on existing risk analysis methods. These methods are now mature, and allow the evaluator to obtain a global view of the risks incurred by the usage of anequipment. Then, during the second step of our method, the evaluator concentrates on the most important risks in order to demonstrate the technical feasibility of the scenarios leading to the considered risks, by carrying out several experiments.Considering the large amount and the diversity of I/Os on connected devices, it is important to focus on specifically rich attack scenarios, possibly depending on a simple local vulnerability. For this second step, an experimental method is proposedin order to study these attack scenarios, which, moreover, target equipement whose specifications are not necessarily available.In order to illustrate the entire method, this thesis presents two case studies: Integrated Access Devices and Smart-Tvs. These studies are carried out on a panel of devices from major internet service providers and TV manufacturers, allowing us to compare several devices available on the market. The vulnerabilities pointed out, mainly concern the communication means (local loop for the IAD, DVB-T interface for the smart-TVs) connecting these devices to their service providers (ISP for the IAD, TV and VoD for the smart-TVs). These communication links are usually considered safe, and have been, to our knowledge, seldom explored. Thisthesis thereby contributes to the security analysis of these particular communication means for connected devices and points out some original attack paths. Finally, this thesis ends by presenting different existing security mechanisms that can be used to avoid exploitation of the identified weaknesses Vulnérabilités Analyse des risques UAI Téléviseur connecté DVB Internet Vulnerability IAD Smart-TV Risk analysis Local Loop DVB-T 005.8
560	Modelování a simulace rizik veřejných investičních projektů / Modeling and simulation of public investment project risk Pavelková, Martina January 2015 (has links) The results of the investment projects are dependent on the quality of project preparation in the pre-investment stage and well-executed implementation. High-quality preparation of the projects, their evaluation and selection of require key risk factors and uncertainties, the impact of these factors on the results of the project and consider measures on their elimination or reduction. The purpose of the risk management of the project is therefore in advance to know the sources of possible threats to the project and to prepare measures that would lead to a reduction in the potential impacts for the project to an acceptable value. The basic aim of project risks management is then increase the likelihood of their success and to minimize the risk of such failure, including their rejection of the venture project too, which could threaten the financial stability of the investor and lead to its decline. The thesis is focused on the examination of the different approaches to identification of risks and uncertainties and their subsequent evaluation on investment project of public corporations, including the impact of the preparation of the project on its own implementation and subsequent operation. At the same time they recommended possible measures to reduce the risk of this project in terms of their costs and the size of the risk reduction. Part of the work is also an analysis of the risks and benefits of the projects planned, realized and terminated by The South Moravian Region and the draft Project Risk Register and the Project Opportunities Register, where appropriate, the risk management process for The Regional Authority of The South Moravian Region.

Search results