Global ETD Search

11	Enhancing information security in organisations in Qatar Al-Hamar, Aisha January 2018 (has links) Due to the universal use of technology and its pervasive connection to the world, organisations have become more exposed to frequent and various threats. Therefore, organisations today are giving more attention to information security as it has become a vital and challenging issue. Many researchers have noted that the significance of information security, particularly information security policies and awareness, is growing due to increasing use of IT and computerization. In the last 15 years, the State of Qatar has witnessed remarkable growth and development of its civilization, having embraced information technology as a base for innovation and success. The country has undergone tremendous improvements in the health care, education and transport sectors. Information technology plays a strategic role in building the country's knowledge-based economy. Due to Qatar s increasing use of the internet and connection to the global environment, it needs to adequately address the global threats arising online. As a result, the scope of this research is to investigate information security in Qatar and in particular the National Information Assurance (NIA) policy. There are many solutions for information security some technical and some non-technical such as policies and making users aware of the dangers. This research focusses on enhancing information security through non-technical solutions. The aim of this research is to improve Qatari organisations information security processes by developing a comprehensive Information Security Management framework that is applicable for implementation of the NIA policy, taking into account Qatar's culture and environment. To achieve the aim of this research, different research methodologies, strategies and data collection methods will be used, such as a literature review, surveys, interviews and case studies. The main findings of this research are that there is insufficient information security awareness in organisations in Qatar and a lack of a security culture, and that the current NIA policy has many barriers that need to be addressed. The barriers include a lack of information security awareness, a lack of dedicated information security staff, and a lack of a security culture. These barriers are addressed by the proposed information security management framework, which is based on four strategic goals: empowering Qataris in the field of information security, enhancing information security awareness and culture, activating the Qatar National Information Assurance policy in real life, and enabling Qatar to become a regional leader in information security. The research also provides an information security awareness programme for employees and university students. At the time of writing this thesis, there are already indications that the research will have a positive impact on information security in Qatar. A significant example is that the information security awareness programme for employees has been approved for implementation at the Ministry of Administrative Development Labour and Social Affairs (ADLSA) in Qatar. In addition, the recommendations proposed have been communicated to the responsible organisations in Qatar, and the author has been informed that each organisation has decided to act upon the recommendations made.
12	Bilance zahraniční a bezpečnostní politiky 43. amerického prezidenta / Assessment of the Foreign and Security Policy of the 43rd American President Pospíšil, Tomáš January 2010 (has links) The main aim of the final thesis is to assess American foreign and security policy during 2001 -- 2008 using concepts of security and strategic culture. Security and strategic culture (SSC) are rather new concepts in IR, but always more attention is paid to them. Poststructuralist conception was chosen as to be the main approach towards these concepts, since it enables to work with discursive actions of strategic and security elites. On the theoretical plane, concepts of SSC are elaborated and theoretically separated. The practical level scrutinizes how the SSC influenced the key decisions within examined period and what impact strategic and security elites had on changes of SSC. The last, assessing level, analyzes how the changes of the SSC identified on practical level, influenced American foreign and security policy and also main doctrinal documents. The main focus is on the attacks of 9/11 which had a great impact on such turbulent times, wars in Afghanistan and Iraq, which were fought in response to the above mentioned attacks, and changes of the foreign and security policy of the USA in the light of the unsuccessful Global War on Terror.
13	Exploring information security culture within Swedish municipalities : A qualitative study Ameri, Haydar January 2023 (has links) The human aspect in the context of security has been a well-debated topic over the last two decades among researchers and practitioners. It has been recognized that technology alone cannot provide full protection, but should be combined with information security culture. This thesis explored how Swedish municipalities address the cultural aspects of information security. In addition, several important aspects and challenges were identified. Interviews were conducted as a data collection method with nine respondents from nine municipalities to gather their insights and experiences on the topic. The material from the interviews was then analyzed by applying thematic analysis. The results of this thesis have shown that most municipalities used what was feasible from the standards for the protection of information. One challenge was finding a balance between security measures and the various operations of the various entities to avoid hindrances to service delivery. With respect to training and awareness, initiatives employed diverse approaches, in some cases customized while in others not. The follow-up on information security culture was con[1]ducted using the tool Information Security Check provided by the Swedish Civil Contingencies Agency, along with measurements of security awareness through questionnaires, in some cases customized while in others not. Involving top management included diverse activities with support taking various forms beyond financial and human resources. However, the degree of follow-up, top management involvement, and support exhibited variations and in some cases were lacking. One notable discovery was the importance of educating not only the network of champions but also managers in information security, fostering a symbiotic relationship between the two. With respect to the lacking aspects, another finding was the importance of leadership and management knowledge/skills, not only essential for people in the security domain but also for other managerial roles in maintaining a positive information security culture. Municipality security awareness security culture information security cybersecurity Information Systems, Social aspects
14	Effects of COVID-19 to organization’s security culture : A case study on a Swedish organization with a focus on device security Askan, Bakay Heysem January 2022 (has links) COVID-19 pandemic was one of the most devastating events that happened in the 21st century. It created a lot of changes both socially and economically. For example, a lot of employees had to be laid off due to financial reasons. Also, a considerable amount of organisations had to employ working from home culture or hybrid work culture that are still in effect. All these changes have affected the device threat landscape as well. There were new vulnerabilities that surfaced due to working from home. For example, employees had to work in unmonitored networks. On top of that there were changes in attack trends as well. The ransom attacks became more destructive after COVID-19 pandemic. This study analyzed the effects of the change in threat landscape on the organization’s device security culture. A literature review was conducted to define the changes in the threat landscape through changes in vulnerabilities and changes in attack trends after the COVID-19 pandemic. As a result of the literature review, it was observed that working from home culture created a lot of vulnerabilities for the organisations that adopted it. Also, it was noticed that there were changes in ransomware and phishing trends. To observe the possible effects of those changes to the organisation’s device security culture, a case study was conducted on a Swedish organisation that underwent numerous transformations after the COVID-19 pandemic. The data for the case study was collected through interviews with various participants with different roles in the organisation. The results from the literature review regarding the changes in the device threat landscape helped formulate the interview questions. The case study showed that even though the changes in the threat landscape had affected the organisation’s security culture, other factors, such as the organization's goals and experiences, played a big part in the change of the organization’s device security culture. COVID-19 Threat Landscape Security Culture Information Systems, Social aspects Computer Sciences Datavetenskap (datalogi)
15	Risk Management Strategies to Prevent and Mitigate Emerging Operational Security Threats Larrimore, Nancy Page 01 January 2018 (has links) Dependence on technology brings security compromises that have become a global threat that costs businesses millions of dollars. More than 7.6 million South Carolinians incurred effects from the 162 security breaches reported in 2011-2015. The purpose of this multiple case study was to explore the risk management strategies small business leaders use to prevent and mitigate operational security threats that produce financial losses. The population for this study consisted of 6 business leaders in South Carolina who have demonstrated successful experience in preventing and mitigating operational security threats. Transformational leadership theory provided the conceptual framework for exploring the overreaching research question. Data collection consisted of semistructured interviews with each participant and the collection of company documents that pertained to security procedures, audits, and reviews. Conducting semistructured interviews allowed participants to provide details of real-life experiences. Recorded interviews and transcriptions were analyzed through Moustakas's modified van Kaam method of analysis to identify emerging topics. The 4 themes that emerged were: (a) operational security training and awareness, (b) operational security culture and behavioral effects, (c) operational security policy and compliance, and (d) operational security challenges and risk management. By developing strategies and processes that reflect these themes, small business leaders can reduce financial losses to improve profitability and reduce unemployment, achieving social changes that can benefit society as a whole. Leadership management strategies risk management security behavior security culture security threats Business Databases and Information Systems
16	Information Security Culture and Threat Perception : Comprehension and awareness of latent threats in organisational settings concerned with information security Lambe, Erik January 2018 (has links) A new challenge for organisations in the 21st century is how they should ensure information security in a time and environment where the widespread use of Information Communication Technologies (ICTs), such as smartphones, means that information has been made vulnerable in numerous new ways. Recent research on information security has focused on information security culture and how to successfully communicate security standards within an organisation. This study aims to examine how latent threats to information security are conceptualised and examined within an organisation in which information security is important. Since threats posed by ICTs are said to be latent, this study wishes to explore in what ways an inclusion of threat conceptualisation can have in understanding what constitutes an efficacious information security culture when the intention is to ensure information security. The study focuses on the Swedish armed forces, and compare how threats to information security posed by interaction with private ICTs are communicated in information security policies and how they are conceptualised by the members of the organisation. Through interviews conducted with service members, the findings of this study indicate that it is possible to successfully communicate the contents of information security policies without mandating the members of the organisation to read the sources themselves. Furthermore, the study identified a feature of information security culture, in this paper called supererogatory vigilance to threats to information security, which might be of interest for future studies in this area, since it offers adaptive protection to new threats to information security that goes beyond what the established sources protects against. Information security information security culture information security policy administration policy implementation latent threats ICT dynamic frame analysis Political Science Statsvetenskap
17	Cybersäkerhet - Att stärka den svaga länken : En flerfallsstudie om hur formella och informella styrmedel förebygger interna cyberhot i banksektorn Olsson, Sanna, Hultberg, Isabella January 2021 (has links) Bakgrund: Banker fyller en mycket viktig funktion i samhället och har sedan digitaliseringen varit särskilt utsatta för cyberhot. Samtidigt bygger bankens verksamhet till stor del på att upprätthålla förtroendet hos sina kunder, varpå det är av stor vikt för banker att ha en hög cybersäkerhet. Framför allt kan interna cyberhot i form av mänskliga misstag konstateras vara den svaga länken i bankers säkerhetsarbete idag. Därför är det intressant att undersöka hur banker i Sverige arbetar för att öka cybersäkerheten genom formella och informella styrmedel, som kan påverka anställdas beteenden. Syfte: Studien syftar till att bidra till ökad förståelse om hur banker styr sin verksamhet med formella och informella styrmedel för att förebygga interna cyberhot på arbetsplatsen. Metod: Studien har ett hermeneutiskt perspektiv och är utformad enligt en kvalitativ metod. Vidare har en abduktiv ansats format uppsatsen. Syfte och frågeställningar har besvarats genom en flerfallstudie av fyra olika banker i Sverige. Det empiriska materialet har inhämtats med hjälp av intervjuer med representanter från respektive bank som arbetar med säkerhet. Slutsats: För att förebygga interna cyberhot arbetar banker med formella styrmedel främst i form av regler, där de tar hjälp av globala standarder vid utformningen. Reglerna utformas även utifrån bankens kultur och uppdateras ofta. Vi har sett att kompetens och medvetenhet inom cybersäkerhet hos anställda är något som samtliga fallföretag värderar högt, och för att stärka kompetensen lägger bankerna stora resurser på utbildning. Att göra säkerhetstänket till en naturlig del av anställdas dagliga arbete har framför allt understrukits av respondenterna, samtidigt som arbetet med kultur till stor del görs passivt då det starka regelverket formar kulturen. Informella dialoger menas dock vara något som ökar medvetenheten och därmed stärker kulturen. Slutligen har vi identifierat att samtliga styrmedel nämnda ovan påverkar varandra, varpå det är viktigt att ha ett helhetstänk vid styrningsarbetet vad gäller cybersäkerhet. / Background: Banks play an important role in society and have since the increasing digitalization been particularly exposed to cyber threats. At the same time, the bank's operations are largely based on maintaining trust of its customers, and therefore it is of great importance for banks to have a high level of cyber security. Above all, internal cyber threats in the form of human error constitute one of the greatest risks to banks' security work today. Therefore, it is interesting to investigate how banks work to mitigate internal cyber threats through formal and informal management controls. Purpose: This study aims to contribute to an increased understanding of how banks use formal and informal management control to mitigate internal cyber threats in the workplace. Methodology: This study adopts a hermeneutic perspective and uses qualitative method. Furthermore, an abductive approach has shaped the essay. The purpose and research questions have been answered through a multiple case study of four different banks in Sweden. The empirical material has been obtained with the help of interviews with representatives from each bank who work with security. Conclusion: To prevent internal cyber threats, banks work with rules which global standards and the company’s culture help design. We have noted that competence and awareness in cyber security is something that is valued highly. To strengthen the competence banks invest large resources in training. Making the idea of safety a natural part of employees' daily work has above all been emphasized by, at the same time as cultural development is largely done passively as the strong regulations shape culture. Informal dialogues, however, increase awareness and thus strengthen culture. Finally, we have identified that all the management controls mentioned above affect each other. Therefore, it is important to have a holistic approach to the governance work regarding cyber security. Cyber security cyber threat management control bank security policy education security culture Cybersäkerhet cyberhot styrning bank standarder regler utbildning kultur Business Administration Företagsekonomi
18	Bezpečnostní kultura: Normativní chování a Ústřední zpravodajská služba USA v Globální válce proti teroru / Securitizing Culture: Normative Behavior and the US Central Intelligence Agency in the Global War on Terror Svítek, Filip Jakub January 2016 (has links) Bibliographic record SVÍTEK, Filip. Securitizing Culture: Normative Behavior and the US Central Intelligence Agency in the Global War on Terror. Prague, 2016. 82 p. Diploma work (Mgr.) Charles University, Faculty of Social Sciences, Institute of Political Studies. Department of Security Studies. Diploma work supervisor JUDr. PhDr. Tomáš Karásek, Ph.D. Abstract This monograph attempts to explore the system the intelligence community in the US from a constructivist perspective to understand domestic security policy as applied to international threats. The research questions examine how the US Central Intelligence Agency is able to functionally employ controversial tactics such as coercive interrogations and extrajudicial detention within a society that represents liberal normative democracy - one that in theory should prefer to uphold norms of human rights rather than infringe upon them. There appear to be two main concepts at play: security as an underlying culture (as a product) and security as a subjective act (as a process). Thus, this work will apply concepts of National Security Culture and securitization as product and process, respectively, using interrogations of suspected terrorists as a case example. The underlying results show that norms, rules, and culture of national security, utilized through...
19	Working from Home : The New Norm in a Post-COVID-19 World : Information and Cyber Security in the Digital Work from Home Environment Ringström, Sebastian January 2023 (has links) Work from Home (WFH) gained momentum as a result of the pandemic. When large portions of the world were under government mandated lockdowns, and forced to institute WFH, companies began to slowly realize that the WFH model come with significant benefits such as the possibility to reduce office space or obtaining access to talent globally. Employees too are incentivized to WFH as it allows them more freedom in where to live, reduce commuting costs, and allow employees to space out work during the day and better manage energy levels. The thesis investigated cybersecurity and information security risks connected to the WFH model through collecting qualitative data by conducting a systematic literature review to gain background knowledge on the topic which was then used to create the interview guide that was used to carry out semi-structured interviews with four heterogeneous Swedish companies of various sizes, working in different fields. The SLR identified social engineering attacks in general, and phishing attacks in particular, to be the greatest threat to employees working in a WFH model suggesting employee security awareness training to be the key security measure in protecting the WFH model. The semi-structured interviews revealed that companies working in a WFH model have also drawn the same conclusion and have made significant efforts to raise security awareness through employee training programs. Telework Work from Home WFH Remote Work Cybersecurity Information Security Incentives Cyberattacks Security Awareness Security Culture Information Systems
20	Cultura de segurança da informação: um processo de mudança organizacional na Petrobrás Vieira, Patrícia dos Santos 21 December 2009 (has links) Submitted by paulo junior (paulo.jr@fgv.br) on 2010-03-09T21:17:23Z No. of bitstreams: 1 Patricia dos Santos.pdf: 977688 bytes, checksum: 9e6fe91d2790db95dce8e99b8103981a (MD5) / Approved for entry into archive by paulo junior(paulo.jr@fgv.br) on 2010-03-09T21:17:38Z (GMT) No. of bitstreams: 1 Patricia dos Santos.pdf: 977688 bytes, checksum: 9e6fe91d2790db95dce8e99b8103981a (MD5) / Made available in DSpace on 2010-03-11T18:01:15Z (GMT). No. of bitstreams: 1 Patricia dos Santos.pdf: 977688 bytes, checksum: 9e6fe91d2790db95dce8e99b8103981a (MD5) Previous issue date: 2009-12-21 / This study aims to verify whether and to what degree the criteria proposed by Kotter to the implantation of an information security culture were attended at Petrobras. Petrobras, for several years, was an oil country-wide state company. As in several other companies, with the internationalization process, more players with interests in valuable information started interacting with the company. The necessity of conducting a change management process to implant an information security culture was verified. The model defined by Kotter has eight steps that, if followed, guarantee a successful change. In order to achieve the study’s purpose, bibliographic research and Petrobras’ files and documents research and field research were done. The period of study was from 2002 until 2009. The process evaluation has shown some fails at the steps defined by Kotter. It is possible to mention: high complacency; sense of urgency attributed only in the first moment; long-term vision was not widely declared; the reason of change was not explicit throughout time; information security organization structure in the fields is still deficient; there was not complete alignment of the company’s management systems; the existence of structures and systems that make the evaluation of the actions and the recognition of the people involved in the cultural change process more difficult; and lack of worrying in commemorating short-term achievements. / O estudo objetivou verificar até que ponto foi atendido o critério proposto por Kotter para a implantação de uma cultura de segurança da informação na Petrobras. A Petrobras, durante muitos anos, foi uma empresa estatal de petróleo com atuação nacional. Assim como diversas outras empresas, com o advento do processo de internacionalização, mais atores com interesses por informações valiosas começaram a interagir com a empresa. Verificava-se a necessidade de conduzir um processo de gestão da mudança para implantar uma cultura de segurança da informação. O modelo definido por Kotter possui oito etapas que, se seguidas, podem garantir uma mudança bem-sucedida. Para atingir o objetivo do estudo, utilizou-se pesquisa bibliográfica, pesquisa documental em arquivos e documentos da Petrobras e pesquisa de campo. O período analisado foi de 2002 a 2009. A avaliação do processo indicou que algumas falhas foram encontradas nas etapas definidas por Kotter. Pode-se citar: complacência alta; senso de urgência atribuído somente no primeiro momento; visão de longo prazo não foi amplamente declarada; o porquê da mudança, ao longo do tempo, não ficou explícito; estrutura organizacional de segurança da informação nas áreas ainda é deficiente; não houve total alinhamento dos sistemas de gestão da empresa; existência de estruturas e sistemas que dificultam a avaliação das ações e reconhecimento dos envolvidos no processo de mudança cultural e pouca preocupação em comemorar as conquistas de curto prazo. Cultura de segurança da informação Mudança organizacional Gestão da mudança Information security culture Change management Organizational change Administração de empresas Cultura organizacional - Estudo de casos

Search results