NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 60
  • 47
  • 25
  • 9
  • 6
  • 3
  • 3
  • 3
  • 3
  • 1
  • 1
  • 1
  • 1
  • 1
  • 1
  • Tagged with
  • 191
  • 191
  • 130
  • 61
  • 51
  • 47
  • 46
  • 41
  • 39
  • 38
  • 36
  • 35
  • 33
  • 33
  • 32
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 11 to 20 of 191 (0.096 seconds)

Spelling suggestions: "subject:"asecurity management"" "subject:"2security management""

11

Managing an information security policy architecture : a technical documentation perspective

Maninjwa, Prosecutor Mvikeli January 2012 (has links)
Information and the related assets form critical business assets for most organizations. Organizations depend on their information assets to survive and to remain competitive. However, the organization’s information assets are faced with a number of internal and external threats, aimed at compromising the confidentiality, integrity and/or availability (CIA) of information assets. These threats can be of physical, technical, or operational nature. For an organization to successfully conduct its business operations, information assets should always be protected from these threats. The process of protecting information and its related assets, ensuring the CIA thereof, is referred to as information security. To be effective, information security should be viewed as critical to the overall success of the organization, and therefore be included as one of the organization’s Corporate Governance sub-functions, referred to as Information Security Governance. Information Security Governance is the strategic system for directing and controlling the organization’s information security initiatives. Directing is the process whereby management issues directives, giving a strategic direction for information security within an organization. Controlling is the process of ensuring that management directives are being adhered to within an organization. To be effective, Information Security Governance directing and controlling depend on the organization’s Information Security Policy Architecture. An Information Security Policy Architecture is a hierarchical representation of the various information security policies and related documentation that an organization has used. When directing, management directives should be issued in the form of an Information Security Policy Architecture, and controlling should ensure adherence to the Information Security Policy Architecture. However, this study noted that in both literature and organizational practices, Information Security Policy Architectures are not comprehensively addressed and adequately managed. Therefore, this study argues towards a more comprehensive Information Security Policy Architecture, and the proper management thereof.
Computer security -- Management
Computer architecture
Data protection
12

Using agreements as an abstraction for access control administration

Reyneke, André January 2007 (has links)
The last couple of decades saw lots of changes in the business world. Not only did technology change at a rapid pace, but businesses' views with respect to the role that information plays also changed drastically. Information is now seen as a strategic resource. This change paved the way for the so-called knowledge worker that not only consumes information, but actively participates in creating new knowledge from information. Employees must therefore be empowered to fulfill their new role as knowledge workers. Empowerment happens through job redefinition and by ensuring that the appropriate information is at hand. Although information is more readily available to employees, appropriate access controls must still be implemented. However, there is conflict between the need to share information and the need to keep information confidential. These conflicting needs must be reflected in the administration of access control. In order to resolve these conflicts, a finer granularity of access controls must be implemented. However, to implement a finer granularity of access control, an increase in the number of access controls and, therefore, the administrative burden is inevitable. Access control administrators must cater for a potentially large number of systems. These systems can not only be heterogenous as far as architecture and technology are concerned, but also with respect to access control paradigms. Vendors have realized that human involvement must be minimized, giving birth to so-called "provisioning systems". Provisioning systems, in principle, automate certain parts of access control administration. However, currently implementations are done in an ad hoc manner, that is, without a systematic process of identifying the real access control needs. This study aims to address this problem by proposing the "agreement abstraction" as a possible vehicle for systematically analyzing the access control requirements in a business. In essence, the agreement abstraction allows us to identify opportunities where access control can be automated. A specific methodological approach is suggested whereby the business is analysed in terms of business processes, as opposed to the more traditional resource perspective. Various business processes are used as examples to explain and motivate the proposed agreement abstraction further. This dissertation therefore contributes to the field of discourse by presenting a new abstraction that can be used systematically to analyse access control administration requirements.
Information -- control and access
Computer security -- Management
13

Zavedení managementu bezpečnosti ICT na základní škole / ICT Security Management Implementation in the Basic School

Matusík, Jan January 2015 (has links)
The aim of this study is aproposal of ICT Security Management implementation in a specific Basic school. Introduction describes the school building, its equipment and existing Security Management. The practical part consists of a discussion about current shortcomings and proposed set of measures for solving the most important problems in terms of management of ICT security.
14

Study on Architecture-Oriented Coast Guard Information Security Management Model

Chen, Chih-Ming 20 December 2011 (has links)
With the popularity of computer networks, e-systems have enhanced the information flow within the Coast Guard Institute. Due to constant information security incidents, formulating policies and managing mechanisms become an important task of the internal security authorities. In this study, we construct an Architecture-Oriented Coast Guard Information Security Management Model (AOCGISMM) which is based on the six fundamental diagrams of Structure-Behavior Coalescence (SBC) Architecture. AOCGISMM, not only provides an integrated description of structure and behavior on the Coast Guard Institute Information Security operations, but also makes the employees within the organization easily to promote compliance.. AOCGISMM covers all structure and behavior of the whole Coast Guard Institute Information Security operations. Therefore, AOCGISMM describes the complete picture of Coast Guard Institute Information Security so that every employee shall understand and communicate well to meet the organization needs.
Architecture
Information Security Management
15

Security management for mobile ad hoc network of networks (MANoN)

Al-Bayatti, Ali Hilal January 2009 (has links)
Mobile Ad hoc Network of Networks (MANoN) are a group of large autonomous wireless nodes communicating on a peer-to-peer basis in a heterogeneous environment with no pre-defined infrastructure. In fact, each node by itself is an ad hoc network with its own management. MANoNs are evolvable systems, which mean each ad hoc network has the ability to perform separately under its own policies and management without affecting the main system; therefore, new ad hoc networks can emerge and disconnect from the MANoN without conflicting with the policies of other networks. The unique characteristics of MANoN makes such networks highly vulnerable to security attacks compared with wired networks or even normal mobile ad hoc networks. This thesis presents a novel security-management system based upon the Recommendation ITU-T M.3400, which is used to evaluate, report on the behaviour of our MANoN and then support complex services our system might need to accomplish. Our security management will concentrate on three essential components: Security Administration, Prevention and Detection and Containment and Recovery. In any system, providing one of those components is a problem; consequently, dealing with an infrastructure-less MANoN will be a dilemma, yet we approached each set group of these essentials independently, providing unusual solutions for each one of them but concentrating mainly on the prevention and detection category. The contributions of this research are threefold. First, we defined MANoN Security Architecture based upon the ITU-T Recommendations: X.800 and X.805. This security architecture provides a comprehensive, end-to-end security solution for MANoN that could be applied to every wireless network that satisfies a similar scenario, using such networks in order to predict, detect and correct security vulnerabilities. The security architecture identifies the security requirements needed, their objectives and the means by which they could be applied to every part of the MANoN, taking into consideration the different security attacks it could face. Second, realising the prevention component by implementing some of the security requirements identified in the Security Architecture, such as authentication, authorisation, availability, data confidentiality, data integrity and non-repudiation has been proposed by means of defining a novel Security Access Control Mechanism based on Threshold Cryptography Digital Certificates in MANoN. Network Simulator (NS-2) is a real network environment simulator, which is used to test the performance of the proposed security mechanism and demonstrate its effectiveness. Our ACM-MANoN results provide a fully distributed security protocol that provides a high level of secure, available, scalable, flexible and efficient management services for MANoN. The third contribution is realising the detection component, which is represented by providing a Behavioural Detection Mechanism based on nodes behavioural observation engaged with policies. This behaviour mechanism will be used to detect malicious nodes acting to bring the system down. This approach has been validated using an attacks case study in an unknown military environment to cope with misbehaving nodes.
004.6
16

Assessment of Web-Based Authentication Methods in the U.S.: Comparing E-Learning Systems to Internet Healthcare Information Systems

Mattord, Herbert J. 01 January 2012 (has links)
Organizations continue to rely on password-based authentication methods to control access to many Web-based systems. This research study developed a benchmarking instrument intended to assess authentication methods used in Web-based information systems (IS). It developed an Authentication Method System Index (AMSI) to analyze collected data from representative samples of e-learning systems in the U.S. and from healthcare ISs, also in the U.S. This data were used to compare authentication methods used by those systems. The AMSI measured 1) password strength requirements, 2) password usage methods, and 3) password reset requirements. Those measures were combined into the single index that represents the current authentication methods. This study revealed that there is no significant difference in the ways that authentication methods are employed between the two groups of ISs. This research validated the criteria proposed for the AMSI using a panel of experts drawn from industry and academia. Simultaneously, the same panel provided preferences for the relative weight of specific criteria within some measures. The panel of experts also assessed the relative weight of each measure within the AMSI. Once the criteria were verified and the elicited weights were computed, an opportunity sample of Web-based ISs in the two groups identified earlier were assessed to ascertain the values for the criteria that comprise the AMSI. After completion of pre-analysis data screening, the collected data were assessed using the results of the AMSI benchmarking tool. Results of the comparison within and between the two sample groups are presented. This research found that the AMSI can be used as a mechanism to measure some aspects of the authentication methods used by Web-based systems. There was no measurable significance in the differences between the samples groups. However, IS designers, quality assurance teams, and information security practitioners charged with validating ISs methods may choose to use it to measure the effectiveness of such authentication methods. This can enable continuous improvement of authentication methods employed in such Web-based systems.
Authentication
E-learning
Healthcare
Information Security
Security Management
Computer Sciences
17

Toward Usable Access Control for End-users: A Case Study of Facebook Privacy Settings

Johnson, Maritza Lupe January 2012 (has links)
Many protection mechanisms in computer security are designed to enforce a configurable policy. The security policy captures high-level goals and intentions, and is managed by a policy author tasked with translating these goals into an implementable policy. In our work, we focus on access control policies where errors in the specified policy can result in the mechanism incorrectly denying a request to access a resource, or incorrectly allowing access to a resource that they should not have access to. Due to the need for correct policies, it is critical that organizations and individuals have usable tools to manage security policies. Policy management encompasses several subtasks including specifying the initial security policy, modifying an existing policy, and comprehending the effective policy. The policy author must understand the configurable options well enough to accurately translate the desired policy into the implemented policy. Specifying correct security policies is known to be a difficult task, and prior work has contributed policy authoring tools that are more usable than the prior art and other work has also shown the importance of the policy author being able to quickly understand the effective policy. Specifying a correct policy is difficult enough for technical users, and now, increasingly, end-users are being asked to make access control decisions in regard to who can access their personal data. We focus on the need for an access control mechanism that is usable for end-users. We investigated end-users who are already managing an access control policy, namely social network site (SNS) users. We first looked at how they manage the access control policy that defines who can access their shared content. We accomplish this by empirically evaluating how Facebook users utilize the available privacy controls to implement an access control policy for their shared content and found that many users have policies are inconsistent with their sharing intentions. Upon discovering that many participants claim they will not take corrective action in response to inconsistencies in their existing settings, we collected quantitative and qualitative data to measure whether SNS users are concerned with the accessibility of their shared content. After confirming that users do in fact care about who accesses their content, we hypothesize that we can increase the correctness of users' SNS privacy settings by introducing contextual information and specific guidance based on their preferences. We found that the combination of viewership feedback, a sequence of direct questions to audit the user's sharing preferences, and specific guidance motivates some users to modify their privacy settings to more closely approximate their desired settings. Our results demonstrate the weaknesses of ACL-based access control mechanisms, and also provide support that it is possible to improve the usability of such mechanisms. We conclude by outlining the implications of our results for the design of a usable access control mechanism for end-users.
Computer science
Computer security
Computer security--Management
Facebook (Electronic resource)
18

User-Centered Security Applied on Management

Bäckström, Johannes January 2007 (has links)
<p>The purpose of this study has been to research how to implement a graphical interface for presenting information security information to management. The major conclusion of the study is that management use this kind of information mainly for financial and strategic matters. Hence the information must be presented in a way that enhances this use of the information.</p><p>The study also concludes that people act insecure mainly due to:</p><p>a) Insufficient knowledge of how/why to act secure.</p><p>b) The users do not want to act secure due to social and organisational factors.</p><p>To fight the first factor, the management need a tool that helps them to see where to spend their resources. To fight the second factor, the organisation needs to be well educated and the company culture should allow the users to act secure.</p><p>Three heuristics for the design of information security solutions for management and a design solution for the interface are also presented in the study. The three heuristics are:</p><p>1. Provide overview information very early in the program. The ordinary manager does not have the time or the knowledge to make this overview by himself/herself.</p><p>2. Do not overwhelm the user. The ordinary management man/woman is not interested in the details of the information security and/or do not have time to read this sort of information. If he or she wants to access the details, he or she is likely to find them (if they are placed in a logical place).</p><p>3. Provide information in a way that is common to the manager. Use wordings that the user understands. Provide contextual help for expressions that must be presented in a technical way.</p>
Cognitive science
Kognitionsforskning
19

User-Centered Security Applied on Management

Bäckström, Johannes January 2007 (has links)
The purpose of this study has been to research how to implement a graphical interface for presenting information security information to management. The major conclusion of the study is that management use this kind of information mainly for financial and strategic matters. Hence the information must be presented in a way that enhances this use of the information. The study also concludes that people act insecure mainly due to: a) Insufficient knowledge of how/why to act secure. b) The users do not want to act secure due to social and organisational factors. To fight the first factor, the management need a tool that helps them to see where to spend their resources. To fight the second factor, the organisation needs to be well educated and the company culture should allow the users to act secure. Three heuristics for the design of information security solutions for management and a design solution for the interface are also presented in the study. The three heuristics are: 1. Provide overview information very early in the program. The ordinary manager does not have the time or the knowledge to make this overview by himself/herself. 2. Do not overwhelm the user. The ordinary management man/woman is not interested in the details of the information security and/or do not have time to read this sort of information. If he or she wants to access the details, he or she is likely to find them (if they are placed in a logical place). 3. Provide information in a way that is common to the manager. Use wordings that the user understands. Provide contextual help for expressions that must be presented in a technical way.
Cognitive science
Kognitionsforskning
20

A Probabilistic-Based Framework for INFOSEC Alert Correlation

Qin, Xinzhou 15 July 2005 (has links)
Deploying a large number of information security (INFOSEC) systems can provide in-depth protection for systems and networks. However, the sheer number of security alerts output by security sensors can overwhelm security analysts from performing effective analysis and taking timely response. Therefore, alert correlation is the core component in a security management system. Most of existing alert correlation techniques depend on a priori and hard-coded domain knowledge that lead to their limited capabilities of detecting new attack strategies. These approaches also focus more on the aggregation and analysis of raw security alerts, and build basic or low-level attack scenarios. This thesis focuses on discovering novel attack strategies with analysis of security alerts. Our framework helps security administrator aggregate redundant alerts, intelligently correlate security alerts, analyze attack strategies, and take appropriate actions against forthcoming attacks. In alert correlation, we have developed an integrated correlation system with three complementary correlation mechanisms. We have developed a probabilistic-based correlation engine that incorporates domain knowledge to correlate alerts that have direct causal relationship. We have developed a statistical analysis-based and a temporal analysis-based correlation engines to discover attack transition patterns in which attack steps do not have direct causal relationship in terms of security and performance measure but exhibit statistical and temporal patterns. We construct attack scenarios and conduct attack path analysis based on the correlation results. Security analysts are presented with aggregated information on attack strategies from the integrated correlation system. In attack plan recognition, we address the challenges of identifying attacker's high-level strategies and intentions as well as predicting upcoming attacks. We apply graph-based techniques to correlating isolated attack scenarios derived from low-level alert correlation based on their relationship in attack plans. We conduct probabilistic inference to evaluate the likelihood of attack goal(s) and predict potential upcoming attacks based on observed attack activities. We evaluate our algorithms using DARPA's Grand Challenge Problem (GCP) data sets and live traffic data collected from our backbone network. The results show that our approach can effectively discover novel attack strategies, provide a quantitative analysis of attack scenarios and identify attack plans.
Security management
Attack scenario analysis
Alert correlation
Intrusion detection

Page generated in 0.1013 seconds