Global ETD Search

101	Management bezpečnosti informačních systémů v obci / Security Management of Information Systems for the Kaliště Municipality Kutiš, Pavel January 2013 (has links) This Diploma Thesis is being focused on Information Security Management System implementation for a certain municipality. The work has been divided into two parts. The first part deals with theoretical basis which are based on the ISO/IEC 27000 standards. The second part contains the practical implementation following the theoretical background from the first part. The implementation itself has been divided into three stages and this thesis is mainly concentrated on the first stage.
102	UM MODELO PARA PROTEÇÃO DE TRILHAS DE AUDITORIA EM SISTEMAS DE IDENTIFICAÇÃO ELETRÔNICA / A MANAGEMENT MODEL FOR AUDIT TRAILS IN IDENTIFICATION ELECTRONIC SYSTEMS Liberali, Ernâni Teixeira 21 May 2012 (has links) Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / With the continuing demand for services and information in multiple places in real time, companies are dealing with increasingly sensitive information for their business and many of them are not prepared to undertake the management of these information. In information systems, audit trails, also called audit logs, are records of activities from users and administrators. Audit trails help companies to keep a historical control of changes in information, but they do not safeguard the vulnerability of improper handling of these tracks nor eliminate traces of malicious changes, such as what might happen with the use of smart cards for micro-payments in educational institutions, which is a trend. This dissertation presents a model for protection of trails (logs) that can be used as a solution to problems on treatment and protection of audit trails. The model is based on data encryption and the sharing of responsibility in the care of registry keys, giving condition to guarantee the validity of information in systems of identification and payments. It was validated in the replica database to the payment system from the restaurant at Federal University of Santa Maria. / Com a contínua demanda por disponibilidade de serviços e de informações em diversos locais e em tempo real, as empresas estão tendo que lidar com informações cada vez mais sensíveis aos negócios, onde muitas delas não estão preparadas para realizar a gestão destas informações. Nos sistemas de informação, trilhas de auditoria, também chamadas de logs de auditoria, são registros das atividades de usuários e administradores. As trilhas de auditoria auxiliam as empresas a manterem um controle histórico sobre alterações nas informações, mas não eliminam a vulnerabilidade de manipulação indevida destas trilhas para eliminar rastros de modificações maliciosas, tal como o que pode acontecer no uso de smart cards para realização de micro pagamentos em instituições do setor educacional, o que é uma tendência. Este trabalho apresenta um modelo de proteção de trilhas (logs) que pode ser utilizado como solução para o problema do tratamento e proteção das trilhas de auditoria. O modelo é baseado em criptografia dos dados e em divisão de responsabilidades na guarda das chaves do registro, possibilitando condições de se garantir a legitimidade das informações em sistemas de identificação e pagamento, e foi validado junto ao banco de dados réplica ao sistema de pagamentos do Restaurante Universitário da Universidade Federal de Santa Maria. Gestão de segurança da informação Proteção de trilhas de auditoria Distribuição de chaves Smart Cards Information security management Audit trails protection Key distribution Smart Cards
103	Security management process in distributed, large scale high performance systems Kraus, K. (Klemens) 25 November 2014 (has links) Abstract In recent years the number of attacks on critical infrastructure has not only increased substantially but such attacks have also shown higher sophistication. With the increasing interconnection of information systems it is common that critical systems communicate and share information outside an organization’s networks for many different scenarios. In the academic world as well as in existing security implementations, focus is placed on individual aspects of the security process - for example, network security, legal and regulatory compliance and privacy - without considering the process on the whole. This work focuses on solving this security gap of critical infrastructure by providing solutions for emerging attack vectors. Using design science research methods, a model was developed that seeks to combine these individual security aspects to form a complete security management process (SMP). This SMP introduces, among others theories of security topics, recommended best practices and a security organization structure. An instantiation of the SMP model was implemented for a large-scale critical infrastructure. This work introduces the system developed, its architecture, personnel hierarchy and security relevant workflows. Due to employed surveillance networks, specialized requirements for bandwidth utilization while preserving data security were present. Thus algorithms for solving these requirements are introduced as sub-constructs. Other focus points are the managerial aspects of sensors deployed in surveillance networks and the automatic processing of the sensor data to perform data fusion. Algorithms for both tasks were developed for the specific system but could be generalized for other instantiations. Verification was performed by empirical studies of the instantiation in two separate steps. First the instantiation of the SMP was analyzed as a whole. One of the main quality factors of the instantiation is incident response time, especially in complex scenarios. Consequently measurements of response times when handling incidents compared to the traditional system were performed in different scenarios. System usability was then verified by user acceptance tests of operators and administrators. Both studies indicate significant improvements compared to traditional security systems. Secondly, the sub-constructs communication optimizations and the data fusion algorithm were verified showing substantial improvements in their corresponding areas. / Tiivistelmä Viime vuosina kriittisiin infrastruktuureihin on kohdistunut merkittävästi aiempaa enemmän erilaisia hyökkäyksiä. Tietojärjestelmien välisten yhteyksien lisääntymisen myötä myös kriittiset järjestelmät kommunikoivat nykyään keskenään ja jakavat tietoa organisaation sisäisten verkkojen ulkopuolellekin. Akateemisessa tutkimuksessa ja turvajärjestelmien toteutuksissa on huomio kohdistettu turvallisuutta koskevien prosessien yksittäisiin piirteisiin, kuten esimerkiksi verkkojen turvallisuuteen, lakien ja sääntöjen noudattamiseen ja yksityisyyteen, miettimättä prosesseja kokonaisuutena. Väitöstutkimuksen tavoitteena on ollut ratkaista tämä kriittisten infrastruktuurien turvallisuusongelma tarjoamalla ratkaisuja, jotka paljastavat mahdollisia hyökkäysreittejä. Väitöstutkimuksessa kehitettiin suunnittelutieteellisen tutkimuksen avulla lähestymistapa, joka yhdistää yksittäiset turvallisuusnäkökohdat ja muodostaa näin turvallisuuden kokonaishallinnan prosessin mallin. Malli hyödyntää erilaisia turvallisuusteorioita, suositeltuja hyviä käytäntöjä ja turvallisen organisaation rakennemalleja. Mallista kehitettiin esimerkkitoteutus laajamittaista kriittistä infrastruktuuria varten. Tämä väitöskirja esittelee kehitetyn järjestelmän, sen arkkitehtuurin, henkilökuntahierarkian ja turvallisuuden kannalta relevantit työnkulkukaaviot. Työssä huomioitiin laajan valvontaverkoston edellyttämät erityisvaatimukset tilanteessa, jossa tietoturvallisuuden säilyttäminen oli tärkeää. Myös näiden erityisvaatimuksiin liittyvien mallin osien ratkaisualgoritmit esitetään. Muita työn tuotoksia ovat hallinnolliset näkökulmat, jotka on huomioitava, kun valvonnalle tärkeitä sensoreita hallinnoidaan ja sensorien tuottamaa dataa yhdistellään. Algoritmit luotiin esimerkkiympäristöön, mutta niitä on mahdollista soveltaa muihinkin toteutuksiin. Toteutuksen oikeellisuuden todentamisessa käytettiin empiirisiä ympäristöjä kahdessa eri vaiheessa. Ensiksi turvallisuusprosessin kokonaishallinnan malli analysoitiin kokonaisuutena. Merkittävä laatutekijä oli havaintotapahtuman vasteaika erityisesti monimutkaisissa skenaarioissa. Siksi työssä esitellään eri skenaarioiden avulla tapahtumanhallinnan vasteaikojen mittauksia suhteessa perinteisiin järjestelmiin. Tämän jälkeen järjestelmän käytettävyys todennettiin operaattorien ja hallintohenkilöstön kanssa tehtyjen hyväksymistestien avulla. Testit osoittivat huomattavaa parannusta verrattuna perinteisiin turvajärjestelmiin. Toiseksi verifiointiin mallin osien kommunikaation optimointi ja algoritmien toimivuus erikseen ja niissäkin ilmeni huomattavia parannuksia perinteisiin järjestelmiin verrattuna. design science research approach securing large-scale infrastructure security management process sensor networks sensoriverkostot turvallisuuden hallinnan prosessi
104	Integrated Network Management Using Extended Blackboard Architecture Prem Kumar, G 07 1900 (has links) (PDF) No description available. Computer Networks - Management Computer Network Architectures Integrated Network Management (INM) Extended Blackboard Architecture Network Fault Management Security Management Network Management (NM) Computer Science
105	Informačná bezpečnosť a riadenie rizík v konkrétnej spoločnosti / Information security and risk management in a particular company. Slávková, Daniela January 2012 (has links) The aim of the thesis is to apply the methodology of qualitative risk analysis according to ISO/EC/27005:2011 and to increase awareness of existing threats and impacts on information assets and to create possible security precautions to minimize identified threats in a particular company. The thesis is divided into five chapters. Introductory chapter explains the basic concepts of information security and risk management in the organization that are necessary for understanding of the principles and the importance of information security. The second chapter deals with the international standards aimed at information security and briefly describes ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27005. The following two chapters form a smooth transition from the theoretical to the practical part. The third chapter characterizes selected company and describes the current state of information security in the company. The fourth chapter forms the methodological apparatus of qualitative risk analysis, compiled in accordance with ISO/IEC 27005:2011. It also contains a list of relevant threats, to which an asset of the company is exposed. The last chapter is conducted to qualitative risk analysis, together with the draft of the precautions to minimize the risks. The practical section shows that by the implementing the proposed action the company will reduce existing risks to acceptable levels and will significantly improve the protection of information assets.
106	Sobre a estruturação de informação em sistemas de segurança computacional: o uso de ontologias / On the structuring of information in computing security systems: the use of ontologies Luciana Andréia Fondazzi Martimiano 18 September 2006 (has links) Como a quantidade e a complexidade de informações disponíveis sobre incidentes de segurança é crescente, as tarefas de manipular e gerenciar essas informações tornaram-se bastante custosas. Diversas ferramentas de gerenciamento de segurança estão disponíveis para auxiliar os administradores. Essas ferramentas podem monitorar tudo que entra e saí de uma intranet, como os firewalls; podem monitorar o tráfego interno da rede para saber o que está acontecendo e detectar possíveis ataques, como os sistemas de detecção de intrusão (SDIs); podem varrer arquivos em busca de códigos maliciosos, como os antivírus; podem criar filtros de emails para evitar spams, vírus ou worms; ou podem varrer uma rede em busca de vulnerabilidades nos sistemas, como os scanners e os agentes móveis inteligentes. Essas ferramentas geram uma grande quantidade de logs com informações que são coletadas e armazenadas em formatos próprios e diferentes. Essa falta de um formato único para armazenar as informações de incidentes de segurança, faz com que o trabalho dos administradores fique ainda mais difí?cil, pois eles/elas devem ser capazes de entender todos esses formatos para identificar e correlacionar informações quando, por exemplo, há um ataque ou uma invasãoo em andamento. Esta tese descreve o projeto e o desenvolvimento de ontologias para representar em uma estrutura padronizada informações sobre incidentes de segurança. A ontologia desenvolvida é denominada OntoSec - Security Incident Ontology. Este trabalho cobre: (i) como utilizar ontologias para compartilhar e reusar informações sobre incidentes; (ii) como correlacionar incidentes por meio de ontologias; (iii) como facilitar a interoperabilidade entre diferentes ferramentas de segurança; (iv) a modelagem de um sistema de gerenciamento de incidentes com base na ontologia; e (v) o processo de avaliação da ontologia desenvolvida. Além disso, a OntoSec pretende apoiar as decisões gerenciais realizadas pelos administradores quando problemas de segurança acontecem, possibilitando que essas decisões sejam tomadas de maneira mais eficiente e eficaz / As the amount and the complexity of security incidents information have grown exponentially, managing and manipulating these information have become more expensive. Several security tools can be used to assist the administrators in performing these tasks. These tools can monitor what comes from Internet and goes to it, as the firewalls do; they can monitor the intranet traffic, as usually is done by an Intrusion Detection System (IDS); they can search for malicious codes in files or emails, as made by the antivirus; they can create filters to process spams, viruses or worms; or they can scan the intranet for vulnerabilities, as the scanners and the intelligent agents. These tools collect and store a great amount of information, using different formats. This lack of unique commonly agreed formats to store information about security incidents, make the administrators? job even harder, because they have to be able to understand all these formats to identify and to correlate information when, for instance, there is an attack or an invasion in progress. In this thesis I describe the design and development of ontologies to represent in a standard structure information about security incidents. The ontology developed is named OntoSec - Security Incident Ontology. This work covers: (i) how to use ontologies to share and reuse information about incidents; (ii) how to make it easier to correlate incidents; (iii) how to make it possible the interoperability amongs security tools; (iv) modeling of a security incident management system based on OntoSec; and (v) evaluation process of the ontology that has been developed. Besides that, the OntoSec aims to support the decisions made by the administrators when security problems happen, making the process more efficient and effective Conhecimento Gerenciamento de segurança Incidentes de segurança Interoperabilidade Ontologias Interoperability Ontologies Security incidentes Security knowledges Security management Standardized security information
107	Zavádění řízení informační bezpečnosti ve zdravotnickém zařízení / The Implementation of Information Security in Healthcare Organization Procingerová, Lucie January 2017 (has links) This Master‘s thesis is based on knowledge of information security and its management. The thesis is divided into two parts. The first part provides the theoretical background, definitions and terminology according to the information security management and it is based on concepts from standard ISO 27000 series. The second part aims to analysis of a selected company. Following to this analysis proposal of implementation of information security management system and security guide is drawn up. This guide contains recommendations for ICT security management and advices in field of personal and physical security in company.
108	Zavedení ISMS do podniku podporujícího kritickou infrastrukturu / Proposal for the ISMS Implementation in Company with CI Support Šebrle, Petr January 2017 (has links) This diploma thesis deals with the methodology of Management of Information Security in a medium size company supporting critical infrastructure. The first part is focused on the theoretical aspects of the topic. Practical part consists of analysis of the current state, risk analysis and correction arrangements according to the attachment A of standard ČSN ISO/IEC 27001:2014. Implementation of ISMS is divided into four phases. This thesis however covers the first two phases only
109	Návrh řízení informační bezpečnosti v průmyslovém prostředí / Design of information security management in the industrial environment Kadlec, Miroslav January 2018 (has links) The diploma thesis deals with the design of information security management in the industrial environment. In the first part of thesis is mentioned the theoretical background from the area of information security. The analysis of the default status is followed, and the risk analysis is also performed. Further, the thesis deals with the design of the industrial network infrastructure and its management.
110	Návrh zavedení bezpečnostních opatření v souladu s ISMS pro obchodní společnost / Design of security countermeasures implementation in accordance with ISMS for business company Dočekal, Petr January 2018 (has links) The master’s thesis focuses on area of security countermeasures in accordance with information security management system. Presents basic theoretical background of information and cyber security and describes a current state in the company. The thesis’s output is the design of security countermeasures implementation which contribute to information security in the company.

Search results