31 |
Fighting Al Qaeda in the Arabian Peninsula on all fronts : a U.S. counterterrorism strategy in YemenSharkey, Kaitlin Kelly 02 October 2014 (has links)
The United States needs a long-term counterterrorism strategy in Yemen. Nearly three years in, the faltering Yemeni transition threatens to fall apart in the face of an economic crisis, ongoing internal conflict, and al Qaeda attacks. Unchecked, a failed Yemeni state will provide al Qaeda with a larger recruiting base and an expanded area for operations. To prevent this nightmare scenario, the United States should integrate military restructuring, political reform, and economic development policies into its greater strategy to counter al Qaeda in the Arabian Peninsula (AQAP). This report describes the dynamics of the 2011 Yemeni uprising, the subsequent political transition, and the simultaneous evolution of AQAP. The report then analyzes these phenomena in the context of U.S. national security policy to determine a long-term counterterrorism strategy in Yemen. To succeed in defeating AQAP and stabilizing Yemen, the U.S. government must engage with its Yemeni partners and regional actors; invest in Yemen's military restructuring, political transition, and economic reforms; and continue to attack AQAP through direct action operations and in tandem with Yemeni armed forces. / text
|
32 |
Organizacijos tinklo saugos politikos įgyvendinimo įvertinimas automatizuotomis priemonėmis / Assessment of enterprise network security policy implementation using automated meansGurejevas, Dmitrijus 25 August 2010 (has links)
Kiekviena organizacija apdoroja informacija kompiuterinėse sistemose ir negali apsieiti be organizacijos informacinių sistemų saugos. Stiprinant organizacijos saugą ir investuojant lėšas, yra poreikis žinoti saugos lygį. Norint išlaikyti saugą tame pačiame lygyje, saugos įvertinimo darbai turi būti atliekami dažnai. Bet jie yra sudėtingi, vykdomi lėtai, rezultatai yra aktualūs tik įvertinimo vykdymo metu. Šias problemas išspręs nuolatinis tinklo stebėjimas, automatizuotas pažeidimų fiksavimas, saugos lygio įvertinimo pateikimas skaitine reikšme, tam kad sekti saugos lygio kitimus laike. Todėl darbe yra sukuriamas automatizuotas įrankis kuris nuolat stebi tinklą ir atsižvelgiant į sukurtą metodiką fiksuoja pažeidimus. Metodika susieja organizacijos saugos politiką su automatizuotu įrankiu ir suteikia jam galimybę apskaičiuoti bendrą saugos įvertinimą atsižvelgiant į saugos politikos pažeidimų kiekį ir jų riziką. Pažeidimų fiksavimui yra pasirinktas „Snort“ įrankis dirbantis NIDS režimu pagal specialiai sukurtas taisykles. Pažeidimų informacija saugoma MySql duomenų bazėje. Saugos lygio įvertinimo skaičiavimui ir atvaizdavimui yra naudojama PHP kalba. / Every organization process information in information systems and cannot manage without the protection of organization information systems. Due to reinforcing protection of organization and investments, a need to know the level of protection exists. In order to retain the same level of protection, security assessment works should be performed regularly. However, they are complicated, performed slowly, and the results are relevant only during the assessment. The above mentioned problems can be solved constantly monitoring the network, registering the violations with the help of automated means, presenting the evaluation of the level of protection in numeric values, so that the changes in the level of security in time could be traced. Therefore, in the following work an automated mean, constantly monitoring the network and registering the violations according to the crated methodology, is created. Methodology relates organization security policy with the automated mean and provides it with the possibility to calculate the general evaluation of security considering the number and the level of risk of violations. The „Snort“ tool, working in NIDS mode according to specially created rules, is chosen to register the violations. Information regarding the violations is saved in MySql data base. PHP language is applied to calculate and map the assessment of the level of security.
|
33 |
Re-inventing German security and defense policy: a struggle to be understoodHill, Kevin L. 06 1900 (has links)
Approved for public release, distribution is unlimited / There has been much speculation and editorializing over the deterioration of trans-Atlantic relations, specifically between the United States and Germany, primarily as a result of the US-led war against Iraq beginning in March 2003. What can account for this so-called trans-Atlantic rift and the unhealthy US-German relationship of late? This thesis argues that this deterioration in trans-Atlantic relations stems from a profound misunderstanding of strategic culture. Specifically, this thesis takes the position that a failure to appropriately understand what Germany's unique strategic culture has been a leading cause of the present uncomfortable relationship between the United States and Germany. This thesis shows how a nation's values, beliefs, and preconceptions, can have a powerful influence upon foreign and security policy decisions. It highlights the importance of strategic culture as an important influence upon a nation's efforts to transform its armed forces. This thesis includes an examination of the various definitions and theories surrounding strategic culture and its impact upon the policy making process. It explores German defense reform since the end of the Cold War, and includes a look at how these issues have influenced German military transformation efforts since 1990. This case study concludes with a look at the current challenges facing German defense transformation, and makes observations about how a better understanding of Germany's national security culture can contribute to improved US-German and trans- Atlantic relations. / Major, United States Army
|
34 |
Power Relationships in Information Systems Security Policy Formulation and ImplementationLapke, Michael Stephen 01 January 2008 (has links)
This thesis argues that organizational power impacts the development and implementation of Information Systems (IS) Security policy. The motivation for this research stems from the continuing concern of ineffective security in organizations, leading to significant monetary losses. IS researchers have contended that ineffective IS Security policy is a precursor to ineffective IS Security (Loch et al. 1992; Whitman et al. 2001; David 2002; Solms and Solms 2004). Beyond this pragmatic aspect, there is a gap in the literature concerning power relationships and IS Security policy. This research intends to bridge the gap. The dissertation is a two phased study whereby the first phase seeks to understand the intricacies of IS Security policy formulation and implementation. In the first phase, a conceptual framework utilizes Katz's (1970) semantic theory. The conceptual framework provides the theoretical foundation for a case study that takes place at an educational institution's Information Technology (IT) Department. In the results, it is confirmed that a disconnect exists between IS Security policy formulation and implementation. Furthermore, a significant emergent finding indicates that power relationships have a direct impact on this observed disconnect. The second phase takes place as an in depth case study at the IT department within a large financial organization. The theoretical foundation for the second phase is based was Clegg's (2002) Circuits of Power. A conceptual framework for this phase utilizes this theory. This framework guides the study of power relationships and how they might affect the formulation and implementation of IS Security policy in this organization. The case study demonstrates that power relationships have a clear impact on the formulation and implementation of IS security policy. Though there is a strong security culture at the organization and a well defined set of processes, an improvement in the process and ensuing security culture is possible by accounting for the effect of power relationships.
|
35 |
THE SHAPING OF MANAGERS’ SECURITY OBJECTIVES THROUGH INFORMATION SECURITY AWARENESS TRAININGHarris, Mark 25 June 2010 (has links)
Information security research states that corporate security policy and information security training should be socio-technical in nature and that corporations should consider training as a primary method of protecting their information systems. However, information security policies and training are predominately technical in nature. In addition, managers creating security policies rely heavily on security guidelines, which are also technically oriented. This study created a series of information security training videos that were viewed by four groups of managers. One video discussed the socio-technical aspects of security, another discussed only the social aspects of security, the third detailed only the technical aspects of security, and the fourth was a control video unrelated to information security. Each group was shown the video, and after this viewing, each group’s values toward information security were ascertained and converted into security objectives following Keeney (1992)’s value-focused thinking approach. Each group’s list of security objectives were used as the input to Schmidt (1997)’s ranking Delphi methodology, which yielded a more concise and ranked list of security objectives. The results thus obtained, indicate that manager’s objectives towards information security are affected by the nature and scope of the information security training they receive. Information security policy based on each group’s value-based security objectives indicate that manager’s receiving socio-technical training would produce the strongest information security policy when analyzing the value-focused thinking list of security objectives. However, the quality of security policy decreases when analyzing the ranked Delphi list of security objectives, thus providing mixed results. The theoretical contribution of this research states that technically oriented information security training found in corporations today affects manager’s values and security objectives in a way that leads them to create and support technically oriented security policies, thus ignoring the social aspects of security. The practical contribution of this research states that managers should receive socio-technical information security training as a part of their regular job training, which would affect their values and lead to socio-technical information security policy based on the manager’s socio-technical security objectives. The methodological contribution of this research demonstrates the successful use of the value-focused thinking approach as the input to the ranking of the Delphi methodology.
|
36 |
Intrinsic Motivation and Information Systems Security Policy Compliance in OrganizationsAbdul Talib, Yurita Yakimin 01 January 2015 (has links)
Incidents of computer abuse, proprietary information leaks and other security lapses have been on the increase. Most often, such security lapses are attributed to internal employees in organizations subverting established organizational IS security policy. As employee compliance with IS security policy is the key to escalating IS security breaches, understanding employee motivation for following IS security policy is critical. In addition to several types of extrinsic motives noted in prior studies, including sanctions, rewards, and social pressures, this study adds that an important contributing intrinsic factor is empowerment. Per Thomas and Velthouse’s (1990) intrinsic motivation model, empowerment is the positive feelings derived from IS security task assessments. Through survey data collected from 289 participants, the study assesses how dimensions of psychological empowerment (i.e., competence, meaning, impact, and choice) as derived from IS security task may impact the IS security performance of the participants, measured by their compliance with IS security policy. The study demonstrates that the competence and meaning dimensions of psychological empowerment have a positive impact on participants’ IS security policy compliance intention, while impact has a marginal negative influence on compliance. Furthermore, dimensions of psychological empowerment can be predicted by structural empowerment facets, particularly IS security education, training, and awareness (SETA), access to IS security strategy and goals, and participation in IS security decision-making. In addition, the competence and meaning dimensions of psychological empowerment may act as mediators for the relations between structural empowerment and participants’ IS security policy compliance. Theoretical contributions, managerial implications, and directions for future research of this study will be discussed.
|
37 |
Změny v SZBP v Lisabonské smlouvě / Changes in common foreign and security policy in the Lisbon TreatyJirsenská, Lucie January 2010 (has links)
prfce v anglick6mjazyce Changesin CFSPin the Lisbon Treaty Europe's aspiration to gain position of important player in the international relations goesalong with the origins of the Europeanintegrationprocess.Common foreign and securitypolicy (CFSP)and its predecessor,Europeanpolitical cooperation,arevery important partsof the Europeanintegrationprocess.Lisbon Treaty shouldhavehelped the Union to build more effective and coherentfunctioning in general.That is why I decidedto elaboratea thesison thetheme,,Changesin CFSPin theLisbonTreatf'. The purposeof my thesisis to analyzethe most significantchangesin the CFSpthat wasintroducedby theLisbonTreaty. The thesis is composedof eight main chapters.The first one is introductory and containsthreemain hypothesisthat needto be answered.The secondchapterfocuses on main aspectsof CFSPfrom thehistoricalperspective. Chapterthree and four are dealing with the problem that the aims are not laid down specifically for CSFP,but generallyfor the externalaction, andtry to make systematic enlistmentof CFSParea. Chapterfour showsthat CFSPis still seperatedandhasspecialpositioneventhoughit is not saidsodirectly.We cansaywe havetwo-pillar structure. In chapter five it is written about the fact that the Union is finally grantedwith the legalpersonalityin theLisbonTreaty....
|
38 |
Sankce v rámci společné zahraniční a bezpečnostní politiky EU / Sanctions within the EU's Common Foreign and Security PolicyLekešová, Barbora January 2013 (has links)
Sanctions within the EU's Common Foreign and Security Policy The purpose of my thesis is to analyse the EU sanctions legislation, with the focus on the most problematic part - sanctions against non-state actors relating to the fight against terrorism. Within this objective I also focus on the analysis of relevant case law, in particular the latest developments at the Court of Justice, which has not yet been sufficiently reflected in the literature. The reason for my research is the intriguing development the application of sanctions has gone through in the EU, regarding the case law and the changes introduced by the Lisbon Treaty. The thesis is composed of five chapters. Chapter One is introductory and defines the term international sanctions and the context of their adoption at the UN level. Chapter Two examines the Common Foreign and Security Policy, which is the tool EU uses for the sanctions application. Chapter Three thoroughly analyses the relevant provisions of the primary law. First part of the chapter focuses on the pre-Lisbon legislation for its importance for the EU case law. Second part provides a detailed insight into the primary law provisions after the Lisbon Treaty and focuses on the latest Court of Justice decision concerning the application of articles 75 and 215 SFEU. Chapter...
|
39 |
Zahraniční a bezpečnostní politika EU s ohledem na Lisabonskou smlouvu / Foreign and security policy of the EU with regard to the Lisbon TreatyVyšinková, Jindra January 2011 (has links)
FOREIGN AND SECURITY POLICY OF THE EU WITH REGARD TO THE LISBON TREATY Common Foreign and Security Policy (CFSP) of the European Union (EU) is from its beginnings to the present time the area that is evolving very slowly with regard to other EU policies. It is a sensitive political issue, traditionally understood as a part of national sovereignty. That is why it has always been facing the reluctance of Member States to limit their powers in this area in favour of the Union. Union is constantly criticised for the lack of consistency of its external actions. Member states feel that it is necessary to "speak with one voice", if they want to have chance to be a legitimate partner to the world powers. It leads to slow enhancing of cooperation in the CFSP matters. Lisbon Treaty entered into force on the 1st December 2009 and brought many changes in the functioning of the EU. The aim of the thesis is to analyse the CFSP and the changes introduced by this Treaty without mentioning European Security and defence Policy. The thesis is divided into 5 chapters, each of them dealing with different aspects of CFSP. Chapter One is introductory and defines basic terminology used in the thesis and the context of external relations of the EU in order to explain the position of CFSP within EU policies. Part of this chapter is...
|
40 |
Investigating the Impact of Self-Control and Deterrents on Noncompliant Information Security BehaviorChuma, Ramadhan 01 January 2012 (has links)
Employees' noncompliance with information security policy and rules is a serious impediment to the effectiveness of security programs in organizations. The extant information security studies have used General Deterrence Theory (GDT) to investigate noncompliant information security behavior, yet most of the findings have not been effective in practice due to a lack of strong theoretical underpinning. Neglecting criminal propensity of the potential perpetrator has been identified to be one of the theoretical weaknesses of GDT-based studies. Any attempt to explain noncompliant information security behavior in organizational context, demands a well grounded framework to explain why employees transgress information security policies and rules. The purpose of this study was to empirically investigate the link between self-control (criminal propensity), deterrence perceptions, and noncompliant information security behavior. Criminal propensity was operationalized using the three perspectives of self-control: personality trait, social bond, and self-generated inhibitions. This study then examined the influence of the three self-control variables on deterrence perceptions (certainty, severity, and celerity). Further, the study investigated the impact of deterrence perceptions on noncompliant information security behavior.
Data collected from 421 employees in a Southern USA-based company was used to test the relationships between research model constructs using SPSS's Amos structural equation modeling software package. Results indicated that employees' perceptions on all three dimensions of deterrents were positively impacted by self-control based on self-generated inhibitions. The results also showed that only employees' perceptions on certainty of apprehension and celerity of punishment were positively impacted by social bond self-control. No significant relationships were established between deterrence perceptions and personality trait self-control. Further, employees' perceptions on certainty of apprehension and celerity of punishment were negatively associated with noncompliant information security behavior. The results also indicated that severity of punishment was not a significant predictor of noncompliant information security behavior. The uniqueness of this study provided evidence on the importance of incorporating criminal propensity in GDT-based studies. The current study also highlighted the importance of celerity of punishment dimension, which is highly neglected by GDT-based information security studies.
|
Page generated in 0.0276 seconds