Spelling suggestions: "subject:"2security colicy."" "subject:"2security bpolicy.""
141 |
Creating access control maps and defining a security policy for a healthcare communication system / Skapande av access control maps och säkerhetspolicy för ett kommunikationssystem inom sjukvårdenPetersson Lantz, Robert, Alvarsson, Andreas January 2015 (has links)
This report handles the creation of an access control map and the dening of asecurity policy for a healthcare communication system. An access control mapis a graphical way to describe the access controls of the subjects and objects ina system. We use a three step method to produce a graphical overview of theparts in the system, the interactions between them and the permissions of thesubjects. Regarding the security policy we create a read up and read down policylike the so called Ring policy, but adapt a write sideways approach. We alsoapply a mandatory access control which has a centralized authority that denesthe permissions of the subjects. Attribute restrictions is also included to thesecurity levels, to set an under limit for reading permissions.
|
142 |
INTRUSION EXECUTION SYSTEMS : Prototype: IMPETUSKayahan, Hüseyin January 2013 (has links)
In nature, it is inspiring to observe such an extensive variety of defensive skills distributed among species. The speed of an antelope, and the sting of a scorpion, wasp or a bee are some examples of such defensive tools or mechanisms important to survive against predators. However sophisticated the skills or tools are, the correct accurate use and on-time triggering of those tools is a matter of life and death for animals. With those defensive measures, animals come with a complementary ability called "vigilance". Vigilance is costly and the human tries to minimize vigilant behaviour in every aspect of life. The absence of vigilance, or negligence in other words, allows humans to spend more time and cognition on matters that he or she wants rather than on problems that need time. The human has an inherent and intricate mechanism that determine the vigilance level required for a particular problem. The consequences of the lack of vigilance in a work environment, more especially in the Information Technologies Security field are catastrophic and even lethal as humanity becomes an increasingly associated habitant of cyberspace ecosystem. Intrusion Execution Systems (IES) which is one of my conceptual propositions in this research, is my approach to reduce negligent behaviour in IT Security personnel. Impetus is the name of the first prototype for IES concept with limitations, which is included in this research. Impetus can successfully achieve desired behaviour in test environment, however the conceptual propositions in this research among with Impetus, should further be experimented in real-world in order to be convinced of its effectiveness.
|
143 |
Why do employees violate is security policies?:insights from multiple theoretical perspectivesVance, A. (Anthony) 12 October 2010 (has links)
Abstract
Employee violations of IS security policies is recognized as a key concern for organizations. Although interest in IS security has risen in recent years, little empirical research has examined this problem. To address this research gap, this dissertation identifies deliberate IS security policy violations as a phenomenon unique from other forms of computer abuse. To better understand this phenomenon, three guidelines for researching deliberate IS security violations are proposed. An analysis of previous behavioral IS security literature shows that no existing study meets more than one of these guidelines.
Using these guidelines as a basis, this dissertation examines IS security policy violations using three theoretical models drawn from the following perspectives: neutralization theory, rational choice theory, and protection motivation theory. Three field studies involving surveys of 1,423 professional respondents belonging to 7 organizations across 47 countries were performed for empirical testing of the models.
The findings of these studies identify several factors that strongly predict intentions to violate IS security policies. These results significantly increase our understanding of why employees choose to violate IS security policies and provide empirically-grounded implications for how practitioners can improve employee IS security policy compliance.
|
144 |
French Foreign and Security Policy Roles under François Hollande : A Role Theory Foreign Policy AnalysisRein, Hampus Carl Gustaf January 2017 (has links)
This bachelor’s thesis in Political Science, is essentially a study of contemporary French foreign and security policy ‘roles’. Drawing on a doctoral thesis by Lisbeth Aggestam (2004), it investigates French National Role Conceptions, using Foreign Policy Analysis Role Theory. It thoroughly examines the nature of foreign policy-making and, notably, it explores the notions of foreign policy ‘roles’, ‘identity’ and ‘national role conceptions’. The study encompasses over twenty key foreign and security policy centred allocutions delivered by the present French President, François Hollande, between the years 2012-16. Primarily, it aims at answering whether French National Role Conceptions, as conceived of by Aggestam at the turn of the millennium, are still relevant for the understanding of current French foreign and security policy and action. Aggestam’s French national ‘role-set’ therefore serves as the eminent point of reference and comparison throughout the analysis. In a broader sense, the essay also aims at investigating the ideational basis to contemporary French foreign and security policy roles. More narrowly, a special consideration has been accorded the notion of ‘Europe de la défense’ (Europe of defence), a key idea in modern French foreign and security policy. The principal findings of the analysis show that most of the French National Role Conceptions identified by Aggestam, continue to be relevant. On the ideational level, France’s current self-image is arguably even more intimately suffused by the notion of ‘Europe’. On the foreign and security policy area, this is reflected in the continued French aim of constructing ‘Europe de la défense’, which is central to the general understanding of the French role-set. Lastly, the investigation supports the notion that French foreign and security policy roles are nourished by a ‘realistic idealism’, as advanced by Aggestam.
|
145 |
Zhodnocení připravenosti podniku na zavedení ISO 27001 pomocí GAP analýzy / Evaluation of preparedness of a business for an implementation of ISO 27001 using Gap analysisZrcek, Tomáš January 2016 (has links)
The aim of the thesis is to evaluate the preparedness of an information security management system (ISMS) in a logistic company JASA s.r.o. for a certification by standard ISO/IEC 27001:2013. This enterprise oscillates between small and medium enterprise. It has already implemented the certificate on quality management ISO 9001:2008. For this reason, in the thesis there are presented advantages for a company that already has implemented one of ISO standards and decides to implement another. First of all, the present state of information security management system in Jasa s.r.o was compared to other businesses functioning in the Czech and European market. Then the company control environment was evaluated accordingly to the requirements of standard ISO/IEC 27001:2013. Furthermore, a scheme was created in order to evaluate specific controls based on the impact risk that could arise in case of ignoring the suggested recommendations. In the last part, the controls were evaluated accordingly to difficulty, so that the company can find cheap and fast solutions with adequate impact. The main contribution of the thesis is the evaluation of the approach to solve information security in one of many enterprises that are afraid or are starting to notice the increasing amount of security threats. This approach may be chosen by other companies that decide to go the similar way.
|
146 |
Proměny rakouské neutrality / The Transformation of Austrian neutralityPastrňáková, Zuzana January 2011 (has links)
This thesis deals with the transformation of Austrian neutrality. Austria became neutral in 1955 because neutrality was seen as the most appropriate option for Austria to become an independent state. Austria has always appreciated its neutrality because it enabled an undisturbed development during the period of the Cold War. Only the European integration remained during this time a sensitive issue. After the Cold War, Austria started to redefine its neutrality to be able to join the European Union. It also started to participate in the Partnership for Peace. The decision to join NATO was finally not made. The end of this thesis assesses the impacts of the Treaty of Lisbon on the Austrian neutrality and shows the possible development of the neutral status of Austria.
|
147 |
The transformation of the concept of the Westphalian sovereignty within the EU Common Foreign and Security Policy / Proměna pojetí Vestfálského suverenity v rámci Společné Zahraniční a Bezpečnostní Politiky Evropské UnieUzelman, Alexandra January 2012 (has links)
The work overviews the formation process of the European integration after the end of the Cold war and also the evolution of the notion of 'the Westphalian sovereignty' in the framework of the maintenance of the EU CFSP. It is assumed that under the conditions of a political transformation of the category 'the Westphalian sovereignty' in the framework of the EU CFSP it is intensified and requires again as a special political and practical attention, as scientific elaboration in order to figure out the perspectives of the development of the EU as the whole. As the object of this work the category of 'the Westphalia sovereignty' and its evolution in the framework of the European integration processes are taken. The subject of the work is connected with the analysis of the phenomenon of the Westphalian sovereignty in the frames of building of common European defense and security policy of the EU. The main purpose of the work is closely entwined with the identification of significant peculiarities of the ongoing transformation of the CFSP and their influence on the category of 'the Westphalian sovereignty'.
|
148 |
COIN-operationen i Afghanistan : Svårigheterna med de säkerhetspolitiska målsättningarnaWessén, Daniel January 2012 (has links)
Det kan vara svårt att göra korrekta bedömningar i konflikter likt Afghanistan idag. Nato har definerat insatsen i Afghanistan som en Counter-insurgency (COIN)-operation. Osäkerhetsfaktorerna är många och där skiftningar i framgångarna varierar kraftigt över tiden. Det gör också att i många fall måste det finnas parallella processer för det säkerhetspolitiska arbetet. Komplexiteten med detta har gjort att det har utvecklats multifunktionella strategier. Grundtanken är att samordna militära och civila ansatser för att nå största möjliga effekt. Syftet med uppsatsen är att belysa svårigheterna med de säkerhetspolitiska målsättningarna i en COIN-operation. Resultatet av undersökningen visar att de politiska målsättningarna måste vara tydliga och att det måste finnas en slutmålsättning (Exit Strategy). Den politiska nivån är även ansvarigt för att det finns en gemensam förståelse för vad som ska uppnås samt att samordna resurserna för bästa möjliga effekt. Ekonomiska medel är viktiga men inte självklara för att påverka utvecklingen i konflikten. Effekten av bistånd och utvecklingsarbetet är ifrågasätt p.g.a. korruption och dålig samordning. Utan tydliga målsättningar från den politiska nivån kommer det militära maktmedlet ha svårt att bidra till lösningen av konflikten då risken finns att ansträngningarna leder i fel riktning. Slutligen kan det konstateras att media har en stor inverkan på hur konflikten uppfattas och att oegentligheter kan påverka hela strategin och därmed att målsättningarna inte uppnås. / It can be difficult to make accurate assessments in conflicts like Afghanistan today. NATO has defined the operation in Afghanistan as a counterinsurgency (COIN) operation. The uncertainties are many and where the changes of success varies considerably over time. It also means that in many cases, there must be parallel processes for the security policy work. The complexity of this means it has developed multi-functional strategies. The basic idea is to coordinate military and civilian approaches to achieve maximum impact. The purpose of this paper is to highlight the difficulties of the security policy objectives in a COIN operation. The survey data shows that the political objectives must be clear and that there must be an end goal (Exit Strategy). The political aspect is also responsible for the existence of a common understanding of what is to be achieved, and to coordinate resources to best effect. Financial resources are important but not obvious to influence developments in the conflict. The effect of aid and development work is questionable due corruption and poor coordination. Without clear objectives from the political level, the military power may have difficulty in helping resolve the conflict and then the chances are that the effort will lead in the wrong direction. Finally, it is clear that the media has a huge impact on how conflict is perceived and that irregularities can affect the whole strategy and therefore that the objectives are not achieved.
|
149 |
Metodika zavedení síťové bezpečnosti v softwarové společnosti / Implementation Methodology of Network Security in the Software CompanyTomaga, Jakub January 2013 (has links)
This thesis deals with network security and its deployment in the real environment of the software company. The thesis describes information management framework with a specific concentration on computer networks. Network security policy is designed as well as network infrastructure modifications in order to increase the level of security. All parts of the solution are also analyzed from financial point of view.
|
150 |
Statická analýza počítačových sítí / Static Analysis of Computer NetworksHozza, Tomáš January 2012 (has links)
Some problems in configurations of network devices are difficult to identify. Access control lists present an important part of many configurations. Conflicts among rules of an access control list can cause holes in security policy or quality of service. In this paper we focus on identifying and classifying conflicts among rules of an access control list. Discovering all possible types of conflicts is not a trivial task. We present optimized algorithm for complete access control list analysis using tries, based on existing research by Baboescu and Varghese. The tool for detecting conflicts among access control list rules of one given Cisco, HP or Juniper device using tries based algorithm has been implemented. Bit vectors in tries use WAH compression method to reduce memory consumption. Implemented tool was tested for correctness and performance. The hypothesis that this solution would make the analysis of access lists significantly faster has been proven.
|
Page generated in 0.0609 seconds