Global ETD Search

71	Working from Home : The New Norm in a Post-COVID-19 World : Information and Cyber Security in the Digital Work from Home Environment Ringström, Sebastian January 2023 (has links) Work from Home (WFH) gained momentum as a result of the pandemic. When large portions of the world were under government mandated lockdowns, and forced to institute WFH, companies began to slowly realize that the WFH model come with significant benefits such as the possibility to reduce office space or obtaining access to talent globally. Employees too are incentivized to WFH as it allows them more freedom in where to live, reduce commuting costs, and allow employees to space out work during the day and better manage energy levels. The thesis investigated cybersecurity and information security risks connected to the WFH model through collecting qualitative data by conducting a systematic literature review to gain background knowledge on the topic which was then used to create the interview guide that was used to carry out semi-structured interviews with four heterogeneous Swedish companies of various sizes, working in different fields. The SLR identified social engineering attacks in general, and phishing attacks in particular, to be the greatest threat to employees working in a WFH model suggesting employee security awareness training to be the key security measure in protecting the WFH model. The semi-structured interviews revealed that companies working in a WFH model have also drawn the same conclusion and have made significant efforts to raise security awareness through employee training programs. Telework Work from Home WFH Remote Work Cybersecurity Information Security Incentives Cyberattacks Security Awareness Security Culture Information Systems
72	Faktorer som påverkar säkerhetsbeteende: En litteraturstudie utifrån UMISPC-modellen Segergren, Olof, Båtelsson, Herman January 2022 (has links) En av de säkerhetsrisker som företag i dagsläget måste ta hänsyn till är bristande säkerhetsbeteende hos anställda vid användande av informationssystem. Denna brist kan leda till incidenter där produktivitet går förlorad eller känslig data läcks. Detta gör att användarnas beteende och efterlevnad av säkerhetsriktlinjer blir ett viktigt ämne för företag och organisationer. Tidigare studier identifierar flera faktorer som bidrar till bättre eller sämre säkerhetsbeteende hos individer. UMISPC-modellen (“Unified Model of Information Security Policy Compliance”) skapad av Moody m.fl. (2018) är en ansats till att unifiera faktorer från flera teorier. De inkluderar enbart faktorer som de kunde stödja i ett specifikt kontext men misstänker att effekten av faktorer som de exkluderar kan stödjas i andra kontext. För denna uppsats utfördes en litteraturstudie där faktorer i existerande modeller identifieras och klassificeras in i de faktorer som UMISPC-modellen definierar. Litteraturstudien gjordes via söktjänsten Uppsalas universitetsbibliotek. Resultaten visade att flera av studiernas resultat stöder flera av de faktorer som Moody m.fl. (2018) inte fann stöd för. Dessa faktorer kan därför vara aktuella för framtida utökningar av UMISPC-modellen trots att de inte kunde stödjas av Moody m.fl. (2018). / One of the security risks companies of today have to consider is poor security behavior of employees while using information systems. These behaviors can lead to incidents where productivity is lost or sensitive data is leaked. This causes the users’ behavior and compliance with security guidelines to become an important subject for companies and other organizations. Earlier studies identified several factors contributing to better or worse security behavior of individuals. The UMISPC model (Unified Model of Information Security Policy Compliance) created by Moody et al. (2018) is an effort to unify factors from multiple theories. They only include factors for which they were able to find support in a specific context but suspect that the effect of factors they exclude can be supported in other contexts. For this essay, a literature study was performed where factors from existing models were classified into factors defined by the UMISPC model. The literature study was performed using the search engine provided by Uppsala’s university library. The result showed that several studies support the factors that Moody et al. (2018) did not find support for. These factors can therefore be valid for future extensions of the UMISPC model even though they could not be supported by Moody et al. (2018). Security behavior Security awareness IT-security Guidelines Policy UMISPC Säkerhetsbeteende Säkerhetsmedvetenhet IT-säkerhet Riktlinjer Policy UMISPC Information Systems
73	Åtgärder mot rådande nätfiskeattacker på sociala medier : En kvalitativ studie / Measures against prevailing phishing attacks on social media : A qualitative study Pan, Enming, Ahmad, Al-Asadi January 2022 (has links) Nätfiske på sociala medier kan få allvarliga konsekvenser för användare och organisationer. Det är dessutom en teknisk attack med en psykologisk aspekt som får mottagaren från ett nätfiskemeddelande att bete sig på ett specifikt sätt. Innehållet och leveransmetoden för nätfiskemeddelande kan förändras drastiskt. Forskarna avser att avgöra om nätfiske som en attack har förändrats över tid, hur och varför användare påverkas, användarnas säkerhetsmedvetenhet och tredje parts rekommendationer för skydd mot nätfiske. Kvalitativa strategier användes i denna studie främst för att fånga upp många variabler som kvantitativa strategier inte skulle göra, som att fånga upp respondenternas erfarenhet av nätfiske och ge ett nyanserat svar som bidrar till att besvara studiens forskningsfråga. Tema- och innehållsanalys användes i denna studie främst för att ge forskarna en systematisk arbetsprocess för att sålla och sortera data från primära och sekundära data. Dessa analysmetoder förenklade för forskarna vid bearbetning av data på grund av kodning, kategorisering och organisering av relevant data. Att jämföra primära och sekundära data kom med konsistens som fortfarande är utbredd idag. Alla respondenter och litteratur visar att alla budskap innehåller specifika faktorer som får offren att agera känslomässigt snarare än att tänka logiskt. Användare av sociala medier klickar ofta på okända länkar utan ytterligare övervägande eller ordentlig läsning. Studier har visat att nätfisketrenden har ökat på grund av hur billigt det är att skaffa de nödvändiga verktygen för att skicka nätfiskemeddelanden. Författarna har analyserat primärt och sekundärt datainnehåll i motåtgärder mot nätfiske för att sammanställa och uppdatera data för att presentera en lista över åtgärder mot aktuellt nätfiske. Författarens lista med vägledningar mot nätfiske kommer från resultaten av ackumuleringen av varje specifik studie, fragmenterad data och respondenternas syn på nätfiskesäkerhet. De viktigaste råden som författarna har identifierat innehåller tre vanliga teman som ett nätfiskemeddelande nästan alltid innehåller. Vissa, om inte alla, nätfiskemeddelanden kan innehålla följande brådska, girighet och rädsla. Genom att förstå dessa tre vanliga teman kan användarna bättre identifiera nätfiskemeddelanden. / Phishing on social media can cause severe consequences for users and organizations. It is also a technological attack with a psychological aspect that causes the receiver of a phishing message to behave in a specific manner. The content and delivery method of phishing messages can change drastically. The researcher intends to determine if phishing as an attack has changed over time, how and why users are affected, users' security awareness, and third party's recommendations for protection against phishing. Qualitative strategies were used in this study primarily to catch many variables that quantitative strategies wouldn't, such as finding respondents' experience of phishing and providing a nuanced response that contributes to answering the study's research question. Thematic and content analysis was used in this study primarily to give the researchers a systematic work process to sift and sort through data from primary and secondary data. These analysis methods simplified for the researchers when processing data due to coding, categorizing and organizing relevant data. Comparing primary and secondary data came with consistency that is still prevalent today. All respondents and literature show that all message contains specific factors that make victims act emotionally rather than thinking logically. Social media users often click unknown links without any further consideration or proper reading. Studies have shown that the phishing trend has increased due to how cheap it is to attain the necessary tools to send phishing messages. The authors have analyzed primary and secondary data content in countermeasures against phishing to compile and update data to present a list of measures against current phishing. The author's list of anti-phishing guidance comes from the results of the accumulation of each specific study, fragmented data, and respondents' views of phishing security. The essential advice the authors have identified contains three common themes a phishing message almost always contains. Some, if not all, phishing messages can contain the following urgency, greed, and fear. By understanding these three common themes, the users can better identify phishing messages. phishing security data compromise cyber criminals security awareness datamine I nätfiske säkerhet data kompromisser cyberkriminella säkerhetsmedvetenhet data skrapa Computer and Information Sciences Data- och informationsvetenskap
74	Har vi verkligen ett säkert beteende på internet? : En kvalitativ studie om hur användare hanterar lösenord på internet och varför de gör som de gör. / Is our behavior on Internet secure? : A qualitative study on how users manage their online password and why they do as they do Ahlqvist, Klas, Norell, Per-Ivar January 2022 (has links) Introduktion: För att kunna använda möjligheterna som internet erbjuder krävs i många fall ett användarkonto som identifierar och autentiserar användaren. En förutsättning för att det ska vara säkert är att ingen annan har tillgång till användarens kontouppgifter, vilket ställer krav på att användaren har komplexa och unika lösenord. Syfte: I denna studie har vi undersökt vilken kunskap användare har kring säkra lösenord, hur de agerar samt undersökt varför de agerar som de gör. Metod: Studien är genomförd som en kvalitativ intervjustudie med 12 respondenter i varierande ålder och bakgrund. Resultat: Våra resultat visar att användarens kunskaper ofta bygger på äldre, ej längre aktuella, rekommendationer. De har även bristande kunskaper om vad en lösenordsgenerator eller lösenordshanterare är och hur de fungerar. Kunskapsbristerna, kombinerat med önskan om att det ska gå snabbt, medför att användarna ej genomför korrekta hot- och konsekvensbedömningar av riskerna på internet. Diskussion/Slutsats: Kunskaperna hos användarna behöver höjas för att minska riskerna de utsätter sig för. Teknikutvecklingen går fort och ökad kunskap och medvetenhet krävs för ett säkert agerande på internet. / Introduction: An account, that identify and authorize the user, is nowadays almost a condition for the user’s ability to use the many services Internet provides. If the account shall remain safe, only the user should have access to the user account. The user needs to create unique and complex passwords. Aim: In this study we have examined the end-user’s knowledge regarding safe passwords, how they act. We have also examined why they act as they do. Method: This qualitative study was made through interviews with 12 respondents of varying age. Results: Our findings show that the user’s knowledge often is based on older recommendations. They also lack knowledge about what a password generator, or a password manger, is and how they work. The lack of knowledge combined with a high wish of swift Internet usage leads to inadequate threat and impact assessments of Internet risks. Conclusion: The end-user’s knowledge, regarding security online needs to be improved, to reduce their risk exposure. The development of technology is moving fast so a raised awareness is mandatory for a safe Internet behavior. Internet security Passwords Security awareness. Security behavior User accounts Användarkonton Internetsäkerhet Lösenord Säkerhetsbeteende Säkerhetsmedvetande Computer Sciences Datavetenskap (datalogi) Computer and Information Sciences Data- och informationsvetenskap
75	Informationssäkerhetsrisker och organisatoriska sanktioner vid användandet av privata smarta enheter i Försvarsmakten : En studie om användning av privata smarta enheter Persson, Tobias, Andersson, Emil January 2020 (has links) Denna uppsats undersöker intentionen att använda smarta enheter i tjänst hos personal i Försvarsmakten, som är en organisation med högt behov av verksamhetssäkerhet. Verksamhetens säkerhet är direkt beroende av hur personal inom verksamheten agerar utifrån ett säkerhetsperspektiv. Syftet är att belysa hur Försvarsmakten förmedlar informationssäkerheten kring smarta enheter och hur personalen påverkas utifrån det. Det empiriska materialet har samlats in genom en kvalitativ fallstudie i form av semistrukturerade intervjuer med två olika grupper. Resultatet analyseras med hjälp av ett teoretiskt ramverk bestående av Protection Motivation Theory (PMT) och General Deterrence Theory (GDT) i syfte att belysa vad det är som avgör personalens beteende. Teorierna utgår från att beteendet påverkas av rädsla för sanktioner eller för hot mot verksamhet och individ. Resultatet visar att aspekter från de båda teorierna är närvarande hos personalen och att det som påverkar den enskildes agerande beror på vilken information organisationen delgett och individernas personliga uppfattningar. Personalen är medveten om de risker som följer av användningen av smarta enheter, men enheterna används ändå i stor utsträckning. Faktorer som spelar in i intentionen är kunskapsnivån, befattningen individen besitteroch arbetsområdet individen verkar inom. / This paper examines the intention to use smart devices by staff in the Swedish Armed Forces,which is an organization with a high need for operational security. The security of the business isdependent on how staff within the business behave, in a security perspective. The purpose is toelucidate how the Swedish Armed Forces conveys information security regarding smart devicesand how their staff are affected. The empirical material has been collected through a qualitativecase study in the form of semi-structured interviews with two different groups. The results areanalyzed using a theoretical framework consisting of Protection Motivation Theory (PMT) andGeneral Deterrence Theory (GDT) in order to elucidate what determines the behavior of the staff.The theories are based on the fact that behavior is affected by fear of sanctions or threats to thebusiness and individuals. The result shows that aspects in both theories are present in the staffbehavior. What influences the individual's actions depends on what information the organizationhas shared and the personal perceptions of the individuals. Factors that play into the intention arethe level of knowledge, the position the individual possesses and the area of work the individualoperates within. Smart devices Operations security Information security Information security awareness General Deterrence Theory Protection Motivation Theory Swedish Armed Forces. Smarta enheter Verksamhetssäkerhet Informationssäkerhet Information security awareness General Deterrence Theory Protection Motivation Theory Försvarsmakten Information Systems, Social aspects
76	Towards an information security awareness process for engineering SMEs in emerging economies Gundu, Tapiwa January 2013 (has links) With most employees in Engineering Small and Medium Enterprises (SME) now having access to their own personal workstations, the need for information security management to safeguard against loss/alteration or theft of the firms’ important information has increased. These Engineering SMEs tend to be more concerned with vulnerabilities from external threats, although industry research suggests that a substantial proportion of security incidents originate from insiders within the firm. Hence, technical preventative measures such as antivirus software and firewalls are proving to solve only part of the problem as the employees controlling them lack adequate information security knowledge. This tends to expose a firm to risk and costly mistakes made by naïve/uninformed employees. This dissertation presents an information security awareness process that seeks to cultivate positive security behaviours using a behavioural intention model based on the Theory of Reasoned Action, Protection Motivation Theory and the Behaviourism Theory. The process and model have been refined and verified using expert review and tested through action research at an Engineering SME in South Africa. The main finding was information security levels of employees within the firm were low, but the proposed information security awareness process increased their knowledge thereby positively altering their behaviour. Computer security -- South Africa Information technology -- South Africa Small business -- South Africa Engineering firms -- South Africa Information Security Awareness Information Security Behaviour Information Security Training
77	Správa uživatelů jako zdroje rizik / Managing Users as a Source of Risk Pospíšil, Petr January 2017 (has links) This diploma thesis focuses on human resources mainly in Critical information infrastructure and Important information systems. Thesis focuses on the most frequent threats for users and design possible model of threat reduction. Integral part of results is designing of effective security awareness education program according to the Law on Cyber Security.
78	Návrh metodiky budování bezpečnostního povědomí na střední škole / Design Methodology of Security Awareness at the Secondary School Sobotková, Hana January 2017 (has links) The diploma thesis addresses the topic of security awareness education at secondary schools. The goal is to develop a standardized methodology for building security awareness, which can be used by secondary schools to ensure the protection of their perimeter, their users and others from the user’s actions. The introductory part deals with the basic terminology, existing and forthcoming Czech and international legal acts, norms, regulations and certification in the area of information and cyber security. The practical part includes the methodology chapters describing the building of security awareness at secondary schools.
79	Simulace správy informační bezpečnosti ve fakultním prostředí / Simulating information security management within a university environment Hložanka, Filip January 2020 (has links) This diploma thesis is concerned with simulating information security management within a university environment. It is divided into three parts. The theoretical part focuses on describing the assets which could be part of a faculty network, attacks that could target it, security processes which could protect it and users that are active within it. The analytical part then applies these segments on a real faculty network. Based on this analysis, a set of specific assets, attacks, security processes and other tasks is created in order to simulate a simplified version of the analyzed network using a sophisticated cybernetic polygon. The security of the network is then assessed after several iterations of the simulations. Its parameters are adjusted in the effort to increase its security and the module is tested on an academic employee in order to assess its effectiveness. The conclusion evaluates the possibilities of increasing the security of the simulated network as well as the usability of the cybernetic polygon in practice.
80	Factors Influencing the Implementation of Information Security Risk Management : A case study of Nigerian Commercial Banks Aghaunor, Gabriel, Okojie, Bukky E January 2022 (has links) The banking industry is one of the critical infrastructures in any economy. The services rendered by banks are systematically based on innovation, products, and technology to leverage their services. Several associated risks come along with the rendering of these banking services. The protection of critical information assets of any banking organization should be a top priority of the management. They must ensure that adequate provision is made to develop a strong strategy to control, reduce, and mitigate tasks, such as fraud, cyber-attacks, and other forms of cybersecurity exploitations. Risk management is a series of actions to identify, assess and control threats and vulnerabilities in an organization's capital investment and revenue. These potential risks arise from diverse sources like credit risk, liquidity risk, financial uncertainties, legal actions, technology failures, business strategic management errors, accidental occurrences, and natural disasters. This research study aimed to investigate the factors influencing the implementation of information security risk management in Nigerian Commercial Banks, using a social-technical system framework to address a fundamental human risk factor, which contributes predominately to the failure in information security risk management. These research was motivated by the fact that Nigerian banking sector is facing serious threats' threat emanate from cyber-attacks. Evidenced by the ever-increasing cyber-attacks, as demonstrated by a total of 1,612 complaints from consumers of financial services over banking fraud and aggressive charges received between July and December 2018 of which 99.38% of these incidences were against the commercial banks. The banks are faced with a lot of vulnerabilities and cybersecurity threats, and most of the attacks that happened within the banking sector are focused on the customers, and employees through phishing and social engineering. These showed weaknesses in information security management within the Nigerian banking industry. However, the study was guided by the social-technical theory that advocates for overall training to the stakeholders that helps in changing their beliefs and norms about organization of IS security. In order to find out the factors influencing the implementation of information security risks management in respect of Nigerian Commercial Banks, this study evaluated the influence of management support, technical experts support, funding and users’ security awareness to curb the cyber-attacks in Nigerian financial sector. The contribution of this research is expected to lead to the improvement in the financial system, and organizations, where cybersecurity and information security risk management processes are taken seriously, to reduce the high level of information security risk, threats, and vulnerabilities. Nigeria is a developing country, and at the same time fighting to develop a more conducive business investment environment to attract both national and international investors. A mixed approach research (qualitative and quantitative) method was used to validate this research study. Data collection tools used included interviews and questionnaires. Data analysis was done using the SPSS and logistic regression model. Information Security Risk Assessment Qualitative Quantitative Management Support Funding Technical Experts’ Support Cyber Security Banking ATM Information Systems

Search results