Global ETD Search

1	Risk analysis in biometric-based border inspection system Sacanamboy Franco, Mayra A. January 1900 (has links) Thesis (M.S.)--West Virginia University, 2009. / Title from document title page. Document formatted into pages; contains ix, 92 p. : ill. (some col.). Includes abstract. Includes bibliographical references (p. 76-79).
2	A Risk-Based Optimization Framework for Security Systems Upgrades at Airports Berbash, Khaled January 2010 (has links) Airports are fast-growing dynamic infrastructure assets. For example, the Canadian airport industry is growing by 5% annually and generates about $8 billion yearly. Since the 9/11 tragedy, airport security has been of paramount importance both in Canada and worldwide. Consequently, in 2002, in the wake of the attacks, the International Civil Aviation Organization (ICAO) put into force revised aviation security standards and recommended practices, and began a Universal Security Audit Program (USAP), in order to insure the worldwide safeguarding of civil aviation in general, and of airports in particular, against unlawful interference. To improve aviation security at both the national level and for individual airport, airport authorities in North America have initiated extensive programs to help quantify, detect, deter, and mitigate security risk. At the research level, a number of studies have examined scenarios involving threats to airports, the factors that contribute to airport vulnerability, and decision support systems for security management. However, more work is still required in the area of developing decision support tools that can assist airport officials in meeting the challenges associated with decision about upgrades; determining the status of their security systems and efficiently allocating financial resources to improve them to the level required. To help airport authorities make cost-effective decisions about airport security upgrades, this research has developed a risk-based optimization framework. The framework assists airport officials in quantitatively assessing the status of threats to their airports, the vulnerability to their security systems, and the consequences of security breaches. A key element of this framework is a new quantitative security metric ; the aim of which is to assist airport authorities self-assess the condition of their security systems, and to produce security risk indices that decision makers can use as prioritizing criteria and constraints when meeting decisions about security upgrades. These indices have been utilized to formulate an automated decision support system for upgrading security systems in airports. Because they represent one of the most important security systems in an airport, the research focuses on passenger and cabin baggage screening systems. Based on an analysis of the related threats, vulnerabilities and consequences throughout the flow of passengers, cabin baggage, and checked-in luggage, the proposed framework incorporates an optimization model for determining the most cost-effective countermeasures that can minimize security risks. For this purpose, the framework first calculates the level of possible improvement in security using a new risk metric. Among the important features of the framework is the fact that it allows airport officials to perform multiple “what-if” scenarios, to consider the limitations of security upgrade budgets, and to incorporate airport-specific requirements. Based on the received positive feedback from two actual airports, the framework can be extended to include other facets of security in airports, and to form a comprehensive asset management system for upgrading security at both single and multiple airports. From a broader perspective, this research contributes to the improvement of security in a major transportation sector that has an enormous impact on economic growth and on the welfare of regional, national and international societies. Airport Security Systems Security Risk Assessment Optimization Framework Civil Engineering
3	A Risk-Based Optimization Framework for Security Systems Upgrades at Airports Berbash, Khaled January 2010 (has links) Airports are fast-growing dynamic infrastructure assets. For example, the Canadian airport industry is growing by 5% annually and generates about $8 billion yearly. Since the 9/11 tragedy, airport security has been of paramount importance both in Canada and worldwide. Consequently, in 2002, in the wake of the attacks, the International Civil Aviation Organization (ICAO) put into force revised aviation security standards and recommended practices, and began a Universal Security Audit Program (USAP), in order to insure the worldwide safeguarding of civil aviation in general, and of airports in particular, against unlawful interference. To improve aviation security at both the national level and for individual airport, airport authorities in North America have initiated extensive programs to help quantify, detect, deter, and mitigate security risk. At the research level, a number of studies have examined scenarios involving threats to airports, the factors that contribute to airport vulnerability, and decision support systems for security management. However, more work is still required in the area of developing decision support tools that can assist airport officials in meeting the challenges associated with decision about upgrades; determining the status of their security systems and efficiently allocating financial resources to improve them to the level required. To help airport authorities make cost-effective decisions about airport security upgrades, this research has developed a risk-based optimization framework. The framework assists airport officials in quantitatively assessing the status of threats to their airports, the vulnerability to their security systems, and the consequences of security breaches. A key element of this framework is a new quantitative security metric ; the aim of which is to assist airport authorities self-assess the condition of their security systems, and to produce security risk indices that decision makers can use as prioritizing criteria and constraints when meeting decisions about security upgrades. These indices have been utilized to formulate an automated decision support system for upgrading security systems in airports. Because they represent one of the most important security systems in an airport, the research focuses on passenger and cabin baggage screening systems. Based on an analysis of the related threats, vulnerabilities and consequences throughout the flow of passengers, cabin baggage, and checked-in luggage, the proposed framework incorporates an optimization model for determining the most cost-effective countermeasures that can minimize security risks. For this purpose, the framework first calculates the level of possible improvement in security using a new risk metric. Among the important features of the framework is the fact that it allows airport officials to perform multiple “what-if” scenarios, to consider the limitations of security upgrade budgets, and to incorporate airport-specific requirements. Based on the received positive feedback from two actual airports, the framework can be extended to include other facets of security in airports, and to form a comprehensive asset management system for upgrading security at both single and multiple airports. From a broader perspective, this research contributes to the improvement of security in a major transportation sector that has an enormous impact on economic growth and on the welfare of regional, national and international societies. Airport Security Systems Security Risk Assessment Optimization Framework Civil Engineering
4	A systematic methodology for privacy impact assessments: a design science approach Spiekermann-Hoff, Sarah, Oetzel, Marie Caroline January 2014 (has links) (PDF) For companies that develop and operate IT applications that process the personal data of customers and employees, a major problem is protecting these data and preventing privacy breaches. Failure to adequately address this problem can result in considerable damage to the company's reputation and finances, as well as negative effects for customers or employees (data subjects). To address this problem, we propose a methodology that systematically considers privacy issues by using a step-by-step privacy impact assessment (PIA). Existing PIA approaches cannot be applied easily because they are improperly structured or imprecise and lengthy. We argue that companies that employ our PIA can achieve "privacy-by-design", which is widely heralded by data protection authorities. In fact, the German Federal Office for Information Security (BSI) ratified the approach we present in this article for the technical field of RFID and published it as a guideline in November 2011. The contribution of the artefacts we created is twofold: First, we provide a formal problem representation structure for the analysis of privacy requirements. Second, we reduce the complexity of the privacy regulation landscape for practitioners who need to make privacy management decisions for their IT applications.
5	Security Risk Analysis based on Data Criticality Zhou, Luyuan January 2020 (has links) Nowadays, security risk assessment has become an integral part of network security as everyday life has become interconnected with and dependent on computer networks. There are various types of data in the network, often with different criticality in terms of availability or confidentiality or integrity of information. Critical data is riskier when it is exploited. Data criticality has an impact on network security risks. The challenge of diminishing security risks in a specific network is how to conduct network security risk analysis based on data criticality. An interesting aspect of the challenge is how to integrate the security metric and the threat modeling, and how to consider and combine the various elements that affect network security during security risk analysis. To the best of our knowledge, there exist no security risk analysis techniques based on threat modeling that consider the criticality of data. By extending the security risk analysis with data criticality, we consider its impact on the network in security risk assessment. To acquire the corresponding security risk value, a method for integrating data criticality into graphical attack models via using relevant metrics is needed. In this thesis, an approach for calculating the security risk value considering data criticality is proposed. Our solution integrates the impact of data criticality in the network by extending the attack graph with data criticality. There are vulnerabilities in the network that have potential threats to the network. First, the combination of these vulnerabilities and data criticality is identified and precisely described. Thereafter the interaction between the vulnerabilities through the attack graph is taken into account and the final security metric is calculated and analyzed. The new security metric can be used by network security analysts to rank security levels of objects in the network. By doing this, they can find objects that need to be given additional attention in their daily network protection work. The security metric could also be used to help them prioritize vulnerabilities that need to be fixed when the network is under attack. In general, network security analysts can find effective ways to resolve exploits in the network based on the value of the security metric. network security risk assessment attack graph data criticality security metric threat modeling Software Engineering Programvaruteknik
6	Internet of Things based Smart Homes : Security Risk Assessment and Recommendations Ali, Bako January 2016 (has links) The Internet of Things (IoT) is an emerging paradigm focusing on the inter-connection of things or devices to each other and to the users. Over time, the most of connections in IoT are shifting from ‘Human to Thing’ to ‘Thing to Thing’. This technology is anticipated to become an essential milestone in the development of smart homes to bring convenience and efficiency into our lives and our homes. But, by bringing this IoT technology into our homes there will be important implications for security in these technologies. Connecting every smart objects inside the home to the internet and to each other results in new security and privacy problems, e.g., confidentiality, authenticity, and integrity of data sensed and exchanged by objects. These technologies are very much vulnerable to different security attacks that make an IoT-based smart home unsecure to live in and therefore it is necessary to evaluate the security risks to judge the situation of the smart homes. For any technology to be successful and achieve widespread use, it needs to gain the trust of users by providing sufficient security and privacy assurance. As in all sectors, maintaining security will be a critical challenge to overcome. As homes are increasingly computerized and filled with devices, potential computer security attacks and their impact on residents need to be investigated. This report uses OCTAVE Allegro Methodology which focuses mainly on information assets and considers containers (technical, physical and people) and conducts a security risk assessment with the goal of highlighting various security flaws in IoT-based smart home, impacts and proposing countermeasures to the identified issues satisfying most of security requirements. Finally, it comes up with some recommendations to the users. The research findings documented into a thesis paper for secure IoT-based smart home systems and the resulted list and recommendations will be some useful contribution which can be used as a foundation for the specification of security requirements. For future work, the assessment will be extended to include more types of smart home applications rather than just typical one. / <p>Validerat; 20160620 (global_studentproject_submitter)</p> Social Behaviour Law Internet of Things Smart Homes Intelligent Homes Building Automation Smart Buildings Security Risk Assessment Security Recommendations Security Threats Security Countermeasures Samhälls- beteendevetenskap juridik
7	Security Requirements and Practices for Smart Grids Gopalakrishnan, Pavithra January 2021 (has links) The electricity sector has a huge role in decarbonization of the energy system in order to meet climate targets and achieve net zero emission goals in different countries across the world. Present day electric power systems are increasingly dependent on less carbon intensive renewable energy sources for power generation. Rapid penetration of renewables leads to an increase in distributed generation and active consumer participation resulting in complex interactions within the power system. Therefore, traditional electric power grids are evolving to smart grids with the help of information and communication advancements. As a result, there is greater integration of Information Technology (IT) and Operational Technology (OT) actors, inclusion of clean energy sources, improved connectivity, sustainable supply and demand balance management of power etc. However, this sustainable transition gives rise to new attack points for malicious actors, who intend to disrupt the functioning of these smart grids. Therefore, this study aims to identify and analyse the most significant risks to smart grids in the next 10 years. The methodology for this research is two-fold: reviewing state-of-the-art research publications on smart grid security and conducting a semi-qualitative power grid security assessment through interviews with experts across countries. False Data Injection (FDI), Denial of Service (DoS) and supply chain attacks are some of the most important threats according to these methods. Finally, findings from the two research methods are compared to provide a comprehensive overview of the most significant risks to smart grids. / Elsektorn har en enorm roll att spela när det gäller att minska koldioxidutsläppen från energisystemet för att uppfylla klimatmålen och uppnå nettonollutsläpp i länder runt om i världen. Dagens elsystem är alltmer beroende av mindre koldioxidintensiva förnybara energikällor för elproduktion. Den snabba utbyggnaden av förnybara energikällor leder till en ökning av distribuerad produktion och aktivt konsumentdeltagande, vilket leder till komplexa interaktioner inom elsystemet. Traditionella elnät håller därför på att utvecklas till smarta nät med hjälp av informations- och kommunikationsframsteg. Som ett resultat av detta sker en större integration av aktörer inom informationsteknik (IT) och driftsteknik (OT), införande av förnyelsebara energikällor, förbättrad konnektivitet, hållbar hantering av balans mellan konsumtion och produktion av el. Denna hållbara övergång ger dock upphov till nya ingångar för illasinnade aktörer som vill störa de smarta nätmens funktion. Syftet med denna studie är därför att identifiera och analysera de viktigaste riskerna för smarta nät under de kommande tio åren. Metoden för denna forskning är tvåfaldig: genomgång av de senaste forskningspublikationerna om säkerhet i smarta nät och en semikvalitativ bedömning av säkerheten i smarta nät genom intervjuer med experter från olika länder. FDI (False Data Injection), DoS (Denial of Service) och attacker mot leveranskedjan är några av de största hoten enligt dessa metoder. Slutligen jämförs resultaten från de två forskningsmetoderna för att ge en heltäckande översikt över de viktigaste riskerna för smarta nät. smart grids security risk assessment risk identification risk analysis. smarta nät säkerhetsriskbedömning riskidentifiering riskanalys. Elektroteknik och elektronik
8	Addressing the incremental risks associated with adopting a Bring Your Own Device program by using the COBIT 5 framework to identify keycontrols Weber, Lyle 04 1900 (has links) Thesis (MComm)--Stellenbosch University, 2014. / ENGLISH ABSTRACT: Bring Your Own Device (BYOD) is a technological trend which individuals of all ages are embracing. BYOD involves an employee of an organisation using their own mobile devices to access their organisations network. Several incremental risks will arise as a result of adoption of a BYOD program by an organisation. The research aims to assist organisations to identify what incremental risks they could potentially encounter if they adopt a BYOD program and how they can use a framework like COBIT 5 in order to reduce the incremental risks to an acceptable level. By means of an extensive literature review the study revealed 50 incremental risks which arise as a result of the adoption of a BYOD program. COBIT 5 was identified as the most appropriate framework which could be used to map the incremental risks against. Possible safeguards were identified from the mapping process which would reduce the incremental risks to an acceptable level. It was identified that 13 of the 37 COBIT 5 processes were applicable for the study. Theses -- Accountancy Dissertations -- Accountancy Computer networks -- Security measures Computer security -- Risk assessment Dissertations -- Computer auditing Theses -- Computer auditing UCTD
9	Factors Influencing the Implementation of Information Security Risk Management : A case study of Nigerian Commercial Banks Aghaunor, Gabriel, Okojie, Bukky E January 2022 (has links) The banking industry is one of the critical infrastructures in any economy. The services rendered by banks are systematically based on innovation, products, and technology to leverage their services. Several associated risks come along with the rendering of these banking services. The protection of critical information assets of any banking organization should be a top priority of the management. They must ensure that adequate provision is made to develop a strong strategy to control, reduce, and mitigate tasks, such as fraud, cyber-attacks, and other forms of cybersecurity exploitations. Risk management is a series of actions to identify, assess and control threats and vulnerabilities in an organization's capital investment and revenue. These potential risks arise from diverse sources like credit risk, liquidity risk, financial uncertainties, legal actions, technology failures, business strategic management errors, accidental occurrences, and natural disasters. This research study aimed to investigate the factors influencing the implementation of information security risk management in Nigerian Commercial Banks, using a social-technical system framework to address a fundamental human risk factor, which contributes predominately to the failure in information security risk management. These research was motivated by the fact that Nigerian banking sector is facing serious threats' threat emanate from cyber-attacks. Evidenced by the ever-increasing cyber-attacks, as demonstrated by a total of 1,612 complaints from consumers of financial services over banking fraud and aggressive charges received between July and December 2018 of which 99.38% of these incidences were against the commercial banks. The banks are faced with a lot of vulnerabilities and cybersecurity threats, and most of the attacks that happened within the banking sector are focused on the customers, and employees through phishing and social engineering. These showed weaknesses in information security management within the Nigerian banking industry. However, the study was guided by the social-technical theory that advocates for overall training to the stakeholders that helps in changing their beliefs and norms about organization of IS security. In order to find out the factors influencing the implementation of information security risks management in respect of Nigerian Commercial Banks, this study evaluated the influence of management support, technical experts support, funding and users’ security awareness to curb the cyber-attacks in Nigerian financial sector. The contribution of this research is expected to lead to the improvement in the financial system, and organizations, where cybersecurity and information security risk management processes are taken seriously, to reduce the high level of information security risk, threats, and vulnerabilities. Nigeria is a developing country, and at the same time fighting to develop a more conducive business investment environment to attract both national and international investors. A mixed approach research (qualitative and quantitative) method was used to validate this research study. Data collection tools used included interviews and questionnaires. Data analysis was done using the SPSS and logistic regression model. Information Security Risk Assessment Qualitative Quantitative Management Support Funding Technical Experts’ Support Cyber Security Banking ATM Information Systems
10	Actions to enhance and support the informationsecurity risk assessment process in corporations / Åtgärder för att förbättra och stödja informationssäkerhetsriskbedömningsprocessen på företag Karlsson, Karolin January 2019 (has links) Information security is growing in importance as the world becomes more digital, at the same time the importance of usability implementation in software development is also growing. In this study, an evaluation was done on what affects usability and how important usability is in a reporting tool handling information security risk assessment (ISRA). The research question from which the study is based on: What actions can enhance and support the information security risk assessment process in corporations? In order to investigate the research question a study was organized consisting of a survey (N=30) and a think-aloud usability test (N=7). As a part of the analysis process a usability heuristic analysis was performed. According to this study, the ISRA process is complicated and creating a well-functioning supporting tool for it is complex. In order for the tool to facilitate for the users work, usability is an important aspect and should be taken in consideration early in the development process of a tool. Based on the findings in this study actions that can contribute to enhanced usability were discussed. The recommended actions are: 1) Include all types of roles in the ISRA process to determine the purpose of the tool and what it should support. 2) Implement clear guiding information in all parts of the tool, all people involved in the ISRA process should be able to understand the tool. 3) Keep an intuitive flow throughout the tool, the user should intuitively always know what the next step is and what to expect. 4) Have a search function that supports all aspects in the tool. / Informationssäkerheten växer i betydelse i takt med att världen blir mer digital, samtidigt så ökar även betydelsen av implementering av användbarhet i mjukvaruutveckling. I denna studie gjordes en utvärdering av vad som påverkar användbarheten och hur viktigt användbarheten är i ett rapporteringsverktyg som hanterar informationssäkerhetsriskbedömning (ISRB). Den forskningsfråga som studien bygger på: Vilka åtgärder kan förbättra och stödja informationssäkerhetsriskbedömningsprocessen i företag? För att undersöka forskningsfrågan organiserades en studie bestående av en enkätundersökning (N = 30) och ett användbarhetstest med ”Think-Aloud” (N = 7). Som en del av analysprocessen utfördes en användbarhets heuristisks analys. Enligt denna studie är ISRB-processen komplicerad och att skapa ett välfungerande stödjande verktyg för att det är komplext. För att verktyget ska underlätta för användarnas arbete är användbarheten en viktig aspekt och bör tas i beaktning tidigt i utvecklingsprocessen för ett verktyg. Baserat på resultaten i dessa studie så diskuterades åtgärder som kan bidra till ökad användbarhet. De rekommenderade åtgärderna är: 1) Inkludera alla typer av roller i ISRB-processen för att bestämma syftet med verktyget och vad det ska stödja. 2) Implementera tydlig guidande information i alla delar av verktyget, alla personer som är involverade i ISRB-processen ska kunna förstå och använda verktyget. 3) Ha ett intuitivt flöde genom alla delar i verktyget, användaren bör intuitivt alltid veta vad nästa steg är och vad de kan förvänta sig. 4) Har en sökfunktion som stöder alla aspekter i verktyget Computer and Information Sciences Data- och informationsvetenskap

Search results