Global ETD Search

41	Three Essays on Information Security Risk Management Ogbanufe, Obiageli 05 1900 (has links) Today's environment is filled with the proliferation of cyber-attacks that result in losses for organizations and individuals. Hackers often use compromised websites to distribute malware, making it difficult for individuals to detect. The impact of clicking through a link on the Internet that is malware infected can result in consequences such as private information theft and identity theft. Hackers are also known to perpetrate cyber-attacks that result in organizational security breaches that adversely affect organizations' finances, reputation, and market value. Risk management approaches for minimizing and recovering from cyber-attack losses and preventing further cyber-attacks are gaining more importance. Many studies exist that have increased our understanding of how individuals and organizations are motivated to reduce or avoid the risks of security breaches and cyber-attacks using safeguard mechanisms. The safeguards are sometimes technical in nature, such as intrusion detection software and anti-virus software. Other times, the safeguards are procedural in nature such as security policy adherence and security awareness and training. Many of these safeguards fall under the risk mitigation and risk avoidance aspects of risk management, and do not address other aspects of risk management, such as risk transfer. Researchers have argued that technological approaches to security risks are rarely sufficient for providing an overall protection of information system assets. Moreover, others argue that an overall protection must include a risk transfer strategy. Hence, there is a need to understand the risk transfer approach for managing information security risks. Further, in order to effectively address the information security puzzle, there also needs to be an understanding of the nature of the perpetrators of the problem – the hackers. Though hacker incidents proliferate the news, there are few theory based hacker studies. Even though the very nature of their actions presents a difficulty in their accessibility to research, a glimpse of how hackers perpetrate attacks can be obtained through the examination of their knowledge sharing behavior. Gaining some understanding about hackers through their knowledge sharing behavior may help researchers fine-tune future information security research. The insights could also help practitioners design more effective defensive security strategies and risk management efforts aimed at protecting information systems. Hence, this dissertation is interested in understanding the hackers that perpetrate cyber-attacks on individuals and organizations through their knowledge sharing behavior. Then, of interest also is how individuals form their URL click-through intention in the face of proliferated cyber risks. Finally, we explore how and why organizations that are faced with the risk of security breaches, commit to cyberinsurance as a risk management strategy. Thus, the fundamental research question of this dissertation is: how do individuals and organizations manage information security risks? hackers security risk management malware cyberinsurance risk transfer knowledge sharing social network analysis Computer security -- Management. Data protection. Hackers.
42	Bezpečnostní rizika podle standardu ISO 27001 / Security risks according to ISO 27001 Doubková, Veronika January 2020 (has links) This diploma thesis deals with the management of security information, according to ISO/IEC 27005 and it is implementation in the Verinice software environment. The risk information management process is applied to a critical infrastructure, that is connected to a optical fiber network. The work focuses on incidents aimed at threatening data from optical threats and active network elements in transmission systems. The result of the work is defined as a risk file in the .VNA format containing identified risks, for which appropriate measures are implemented in connection with the requirements of ISO/IEC 27001, for the protection of critical infrastructures and transmitted data in the transmission system.
43	Actions to enhance and support the informationsecurity risk assessment process in corporations / Åtgärder för att förbättra och stödja informationssäkerhetsriskbedömningsprocessen på företag Karlsson, Karolin January 2019 (has links) Information security is growing in importance as the world becomes more digital, at the same time the importance of usability implementation in software development is also growing. In this study, an evaluation was done on what affects usability and how important usability is in a reporting tool handling information security risk assessment (ISRA). The research question from which the study is based on: What actions can enhance and support the information security risk assessment process in corporations? In order to investigate the research question a study was organized consisting of a survey (N=30) and a think-aloud usability test (N=7). As a part of the analysis process a usability heuristic analysis was performed. According to this study, the ISRA process is complicated and creating a well-functioning supporting tool for it is complex. In order for the tool to facilitate for the users work, usability is an important aspect and should be taken in consideration early in the development process of a tool. Based on the findings in this study actions that can contribute to enhanced usability were discussed. The recommended actions are: 1) Include all types of roles in the ISRA process to determine the purpose of the tool and what it should support. 2) Implement clear guiding information in all parts of the tool, all people involved in the ISRA process should be able to understand the tool. 3) Keep an intuitive flow throughout the tool, the user should intuitively always know what the next step is and what to expect. 4) Have a search function that supports all aspects in the tool. / Informationssäkerheten växer i betydelse i takt med att världen blir mer digital, samtidigt så ökar även betydelsen av implementering av användbarhet i mjukvaruutveckling. I denna studie gjordes en utvärdering av vad som påverkar användbarheten och hur viktigt användbarheten är i ett rapporteringsverktyg som hanterar informationssäkerhetsriskbedömning (ISRB). Den forskningsfråga som studien bygger på: Vilka åtgärder kan förbättra och stödja informationssäkerhetsriskbedömningsprocessen i företag? För att undersöka forskningsfrågan organiserades en studie bestående av en enkätundersökning (N = 30) och ett användbarhetstest med ”Think-Aloud” (N = 7). Som en del av analysprocessen utfördes en användbarhets heuristisks analys. Enligt denna studie är ISRB-processen komplicerad och att skapa ett välfungerande stödjande verktyg för att det är komplext. För att verktyget ska underlätta för användarnas arbete är användbarheten en viktig aspekt och bör tas i beaktning tidigt i utvecklingsprocessen för ett verktyg. Baserat på resultaten i dessa studie så diskuterades åtgärder som kan bidra till ökad användbarhet. De rekommenderade åtgärderna är: 1) Inkludera alla typer av roller i ISRB-processen för att bestämma syftet med verktyget och vad det ska stödja. 2) Implementera tydlig guidande information i alla delar av verktyget, alla personer som är involverade i ISRB-processen ska kunna förstå och använda verktyget. 3) Ha ett intuitivt flöde genom alla delar i verktyget, användaren bör intuitivt alltid veta vad nästa steg är och vad de kan förvänta sig. 4) Har en sökfunktion som stöder alla aspekter i verktyget Computer and Information Sciences Data- och informationsvetenskap
44	Cyber Supply Chain Security and the Swedish Security Protected Procurement with Security Protective Agreement Dios Falk, Carina January 2023 (has links) Digitalisation and globalisation are increasing the number of integrated and interconnected information technology (IT) systems worldwide. Consequently, these relationships and dependencies develop technological relationships through their services. Identifying all these relations is for organisations a challenge and complex since it involves millions of source code lines and global connections. For this reason, cyber supply chain risk management (C-SCRM) is becoming ever more critical for organisations to manage risks associated with information technology and operational technology (OT). At the same time, during a press conference, the Swedish Minister for Defense Peter Hultquist estimated that there are approx. 100.000 cyber activities against Swedish targets every year that targets both the Private and Public sector. In response to the evolving threat landscape, Sweden is experiencing a paradigm shift in protective security processes with new legislation entering into force that aims to protect Sweden's security against espionage, sabotage, terrorist offences and other crimes against national security. These rules on protective security, the Protective Security Act (2018:585) and Protective Security Ordinance (2021:955) apply to operators that are important for Sweden's national security and affect how public procurement processes are regulated. This thesis aims to study how the Swedish Security Protected Procurement with Security Protective Agreements (SUA) process and Cyber Supply Chain Risk Management (C-SCRM) relate and to understand what practices increase and decrease the level of C-SCRM in the current SUA process. The research questions are Q1) How does the SUA process relate to C-SCRM? and Q2) How does the SUA process affect the level of C-SCRM? This research paper contributes to understanding C-SCRM in the context of the Swedish Security Protected Procurement with Security Protective Agreements (SUA). To answer the research questions a Case study strategy was used, and interviews were conducted with eight key experts as well as a document analysis. The results showed that audit, regulation and people and processes are essential to managing C-SCRM and that processes within other international models, including the CMMC and Cyber Essential Plus, should be adopted to the SUA process to better manage cyber supply chain risks. Cyber Security Protective Security Public Procurement Cyber Supply Chain Security Swedish National Security Risk Management Cyber Security Risk Management NIST 800-161 ISO/IEC 27036 NISTIR 8276 Computer Sciences Datavetenskap (datalogi)
45	Etické aspekty účasti vojáků Armády České republiky v zahraničních operacích / Ethical Aspects of the Participation Soldiers of the Czech Army in Foreign Operations ŠPÁNIKOVÁ, Jana January 2013 (has links) This thesis focuses on the ethical aspects of soldiers of the Army of the Czech republic participating in the foreign operations, not only in relation to the legality and legitimacy of military intervention, but also from the point of view of practical ethical questions of soldiers sent to perform tasks in these operations. The first part of this thesis introduces the Army of the Czech Republic as a tool to ensure national security and national sovereignty, built with emphasis to fulfill military traditions, virtues and professional ethics. Later, in historical and contemporary contexts summarizes the basic ethical solutions for the legitimate use of force to resolve international conflicts. The second part reflects the umanitarian and security operations taking place in the former Yugoslavia, Iraq and Afghanistan as the consequences of massive human rights violations, ethnic violence and global terrorism. In the context of the ethical and Christian dimension of legitimate use of military means, summarizes the basic issues while solving security threats and enforcing national interests.
46	Los riesgos percibidos de seguridad, privacidad y desempeño por el consumidor en relación con la adopción y uso de la banca online Cabrejo Pinto, Daniel Fernando, Romero Carbonel, Andrea Miki 26 February 2020 (has links) La presente investigación tiene como principal objetivo poder analizar los riesgos de la banca por internet y cómo afectan en el uso sobre el usuario del sector bancario peruano. Con la finalidad de determinar la relación de las variables riesgos percibido de seguridad, privacidad y desempeño con las variables confianza y actitud. Esto tiene importancia, ya que, la banca por internet se encuentra en constante crecimiento mundial debido a la pandemia surgida por el Covid-19, otorgándole una mayor importancia por parte del consumidor frecuente de la banca. Por ende, se busca determinar la influencia de los riesgos percibidos y si afecta en el uso de la banca por internet. La población sujeta a estudio fueron los clientes de los bancos mayores a 25 años, residentes de Lima Metropolitana. Para la recolección de datos se utilizó como instrumento la encuesta virtual, se estructuró las preguntas siguiendo las dimensiones identificadas para el tema de investigación las cuales son: riesgos percibidos; riesgo de seguridad, privacidad y desempeño; actitud; confianza y uso de la banca por internet. / The main objective of this research is to be able to analyze the risks of internet banking and how they affect the use of the user in the Peruvian banking sector. In order to determine the relationship of the variables perceived security, privacy and performance risks with the variables of trust and attitude. This is important, since online banking is in constant global growth due to the pandemic that arose from Covid-19, giving it greater importance by the frequent consumer of banking. Therefore, it seeks to determine the influence of perceived risks and whether it affects the use of internet banking. The population subject to study was the clients of banks over 25 years of age, residents of Lima. For data collection, the survey was used as an instrument, the questions were structured following the dimensions identified for the research topic, which are: perceived risks; security, privacy and performance risk; attitude; trust and use of internet banking. / Trabajo de investigación Banca por internet Riesgos percibidos Riesgo de seguridad Riesgo de privacidad Riesgo de desempeño Actitud Confianza Uso de la banca por internet Internet banking Perceived risks Security risk Privacy risk Performance risk Attitude Trust Use of internet banking
47	An investigation of the bombing of automated teller machines (ATMs) with intent to steal cash content : case study from Gauteng Sewpersad, Sarika 01 1900 (has links) An investigation of the bombing of automated teller machines (ATMs) with intent to steal cash contentof ATMs. This is inclusive of the impact on society (banks clients) and banking institutions as well as the danger it poses to the general public and public and private law enforcement personnel. / (M.Tech. (Security Management)) Automated teller machines Banking equipment Theft Security risk management ATM bombings Modus operandi
48	The challenges facing private security companies in retaining clients : a case study in Gauteng shopping malls Banda, Teboho Elliot 06 1900 (has links) The private security industry is tasked with protecting lives and property against an evolving array of personal and property threats. Rendering such services comes with many market related challenges for private security providers. These services are rendered to various types of clients like government departments, hospitals, universities and shopping malls amongst others. These clients have unique and different needs and expectations, therefore shopping malls as clients of the private security industry were selected for the purpose of this research. The qualitative research approach was used for this study wherein a questionnaire was used to obtain information from private security and shopping mall personnel working in shopping malls in Gauteng. The findings of this study reveals that there are indeed client retention challenges that are facing private security companies providing services to shopping malls. Based on the findings, recommendations for the private security providers and further research in shopping mall security management are made. / Security Risk Management / M.Tech. (Security Management) Client Client retention Customer Customer relationship management Private security industry Security risk management Security service Security threats Shopping mall Service level agreement 363.289096822
49	An investigation of the bombing of automated teller machines (ATMs) with intent to steal cash content : case study from Gauteng Sewpersad, Sarika 01 1900 (has links) An investigation of the bombing of automated teller machines (ATMs) with intent to steal cash contentof ATMs. This is inclusive of the impact on society (banks clients) and banking institutions as well as the danger it poses to the general public and public and private law enforcement personnel. / (M.Tech. (Security Management)) Automated teller machines Banking equipment Theft Security risk management ATM bombings Modus operandi
50	Dynamic Risk Management in Information Security : A socio-technical approach to mitigate cyber threats in the financial sector / Dynamisk riskhantering inom informationssäkerhet : Ett sociotekniskt tillvägagångssätt för att hantera cyberhot i den finansiella sektorn Lundberg, Johan January 2020 (has links) In the last decade, a new wave of socio-technical cyber threats has emerged that is targeting both the technical and social vulnerabilities of organizations and requires fast and efficient threat mitigations. Yet, it is still common that financial organizations rely on yearly reviewed risk management methodologies that are slow and static to mitigate the ever-changing cyber threats. The purpose of this research is to explore the field of Dynamic Risk Management in Information Security from a socio-technical perspective in order to mitigate both types of threats faster and dynamically to better suit the connected world we live in today. In this study, the Design Science Research methodology was utilized to create a Dynamic Information Security Risk Management model based on functionality requirements collected through interviews with professionals in the financial sector and structured literature studies. Finally, the constructed dynamic model was then evaluated in terms of its functionality and usability. The results of the evaluation showed that the finalized dynamic risk management model has great potential to mitigate both social and technical cyber threats in a dynamic fashion. / Under senaste decenniet har en ny våg av sociotekniska cyberhot uppkommit som är riktade både mot de sociala och tekniska sårbarheterna hos organisationer. Dessa hot kräver snabba och effektiva hotreduceringar, dock är det fortfarande vanligt att finansiella organisationer förlitar sig på årligen granskade riskhanteringsmetoder som både är långsamma och statiska för att mildra de ständigt föränderliga cyberhoten. Syftet med denna forskning är att undersöka området för dynamisk riskhantering inom informationssäkerhet ur ett sociotekniskt perspektiv, med målsättningen att snabbare och dynamiskt kunna mildra bägge typerna av hot för att bättre passa dagens uppkopplade värld. I studien användes Design Science Research för att skapa en dynamisk riskhanteringsmodell med syfte att hantera sociotekniska cyberhot mot informationssäkerheten. Riskhanteringsmodellen är baserad på funktionskrav insamlade genom intervjuer med yrkesverksamma inom finanssektorn, samt strukturerade litteraturstudier. Avslutningsvis utvärderades den konstruerade dynamiska modellen avseende dess funktionalitet och användbarhet. Resultaten av utvärderingen påvisade att den slutgiltiga dynamiska riskhanteringsmodellen har en stor potential att mitigera både sociala och tekniska cyberhot på ett dynamiskt sätt. DISRMM Dynamic Risk Management Adaptive Risk Management Socio-Technical Sociotechnical Social Triggers Technical Triggers Information Security Usability SEO Search Engine Optimization SEAREvasion SEAR Evasion Approach Dynamic Risk Management Socio-technical Threats Risk Management Finance Technical Risk Management Finance Social Risk Management Finance Socio-technical Model Design Science Research. Dynamisk Riskhantering Informationssäkerhet Finans Finansiell Organisation Dynamisk Informationssäkerhet Sociotekniska Cyberhot Riskhantering. Information Systems

Search results