Global ETD Search

121	Návrh na zavedení průmyslového řešení ISMS ve výrobní společnosti / A Proposal for Industrial ISMS Implementation in Manufacturing Company Kulhánek, Radek January 2016 (has links) This diploma thesis deals with industrial ISMS implementation in manufacturing company. The theoretical part of thesis summarizes the theoretical knowledge in the field of information security and industrial security. In the following section company AB Komponenty s.r.o. is analysed. Then is performed analysis of risks based on selected assets and potential threats. Followed by design of the countermeasure to minimalize potential threats.
122	Management zabezpečovacího systému firmy / Security System Management of the Company Moravec, Lukáš January 2016 (has links) This master thesis deals with the design of complex security system for company area with using PZTS and CCTV system. The thesis is divided into three separate parts, first part is focused on analysis the company and the current physical security state. Second part of thesis deals with theoretical bases. And the final part covers the concept of the PZTS and CCTV system solution. Here are all the chosen elements which will be used for realization
123	Management informační bezpečnosti v podniku / The Information Security Management in Company Kalabis, Petr January 2016 (has links) This master thesis is focused on the design of implementation the information security management system in the company according to standards ISO/IEC 27000. First of all, it was described the theory of information security management system and it was explained the relevant terms and other requirements in the context of this issue. This assignment involves analysis of the current situation of the company and suggestions that lead to reducing discovered risks and bring improvement of the general information security.
124	Die Rolle der Social Media im Information Security Management Humpert-Vrielink, Frederik January 2011 (has links) No description available. info:eu-repo/classification/ddc/330 ddc:330
125	A simplified ISMS : Investigating how an ISMS for a smaller organization can be implemented Asp Sandin, Agnes January 2021 (has links) Over the past year, cyber threats have been growing tremendously, which has led to an essential need to strengthen the organization's security. One way of strengthening security is to implement an information security management system (ISMS). Although an ISMS will help improve the information security work within the business, organizations struggle with its implementation, and significantly smaller organizations. That results in smaller organization's information being potentially less protected.This thesis investigates how an ISMS based on MSB can be simplified to make it suitable for a small organization to implement. This thesis aims to open for further research about how it can be simplified and if it has a value of doing it.The study is based on a qualitative approach where semi-structured interviews with experts were conducted. This thesis concludes that it is possible to simplify an ISMS based on MSB for a small organization by removing external analysis, information classification, information classification model, continuity management for information assets, and incident management. In addition, the study provides tips on what a small organization should think about before and during implementation. Information security management system ISMS Information security ISO/IEC 27001 Simplify ISO/IEC 27000 MSB Computer Sciences Datavetenskap (datalogi)
126	Russia’s war against Ukraine : The effect on IT security in Sweden’s municipalities / Rysslands krig mot Ukraina : Effekten på IT-säkerheten i Sveriges kommuner Götlind, Hampus, Olsson, Rickard January 2023 (has links) This report aims to look at how Russia’s war in Ukraine has affected the work with IT security at Swedish municipalities, what actions have been taken, if any, and see if there has been an increase in attacks towards the municipalities’ networks. This was done by sending out a questionnaire to all of Sweden’s 290 municipalities via email with four questions regarding their IT security. 103 of Sweden’s municipalities responded to the email. Ten municipalities declined to participate in the report, which means that 32% (93) of Sweden’s municipalities participated in this survey. We chose to evaluate the Swedish municipalities and their preparedness in case of war for several reasons. They are a uniform group which we believed adhere to the same guidelines and regulations regarding cybersecurity, and the fact that they store and engage with critical and sensitive data about Sweden and its population, making them prime targets for attacks by foreign powers. The results were presented anonymously and based on the voluntary responses of the municipalities. Answers were then compiled and sorted into the five main categories from the NIST framework for cybersecurity. The report concludes that Swedish municipalities have taken significant actions to protect their networks in response to Russia’s war and aggressions towards Ukraine. For example, 18 municipalities reported that they had trained their staff in some way, which was the most common measure, and 11 municipalities had implemented two-factor authentication. However, more can be done in terms of responding to threats and enhancing recovery plans and systems. In summary, there seemed to be a lack of consensus on how municipalities should handle their own IT-security, as there was a high variation in the responses. The follow-up questions revealed a significant increase in attacks towards the municipalities’ networks, with many considering their networks potential targets for future attacks from foreign powers. cybersecurity security controls survey performance evaluation Russia Ukraine war municipalities information security management risk assessment cybersäkerhet säkerhetskontroller undersökning prestationsutvärdering Ryssland Ukraina krig kommuner informationssäkerhetshantering riskbedömning. Computer Systems Datorsystem
127	A framework for correlation and aggregation of security alerts in communication networks. A reasoning correlation and aggregation approach to detect multi-stage attack scenarios using elementary alerts generated by Network Intrusion Detection Systems (NIDS) for a global security perspective. Alserhani, Faeiz January 2011 (has links) The tremendous increase in usage and complexity of modern communication and network systems connected to the Internet, places demands upon security management to protect organisations¿ sensitive data and resources from malicious intrusion. Malicious attacks by intruders and hackers exploit flaws and weakness points in deployed systems through several sophisticated techniques that cannot be prevented by traditional measures, such as user authentication, access controls and firewalls. Consequently, automated detection and timely response systems are urgently needed to detect abnormal activities by monitoring network traffic and system events. Network Intrusion Detection Systems (NIDS) and Network Intrusion Prevention Systems (NIPS) are technologies that inspect traffic and diagnose system behaviour to provide improved attack protection. The current implementation of intrusion detection systems (commercial and open-source) lacks the scalability to support the massive increase in network speed, the emergence of new protocols and services. Multi-giga networks have become a standard installation posing the NIDS to be susceptible to resource exhaustion attacks. The research focuses on two distinct problems for the NIDS: missing alerts due to packet loss as a result of NIDS performance limitations; and the huge volumes of generated alerts by the NIDS overwhelming the security analyst which makes event observation tedious. A methodology for analysing alerts using a proposed framework for alert correlation has been presented to provide the security operator with a global view of the security perspective. Missed alerts are recovered implicitly using a contextual technique to detect multi-stage attack scenarios. This is based on the assumption that the most serious intrusions consist of relevant steps that temporally ordered. The pre- and post- condition approach is used to identify the logical relations among low level alerts. The alerts are aggregated, verified using vulnerability modelling, and correlated to construct multi-stage attacks. A number of algorithms have been proposed in this research to support the functionality of our framework including: alert correlation, alert aggregation and graph reduction. These algorithms have been implemented in a tool called Multi-stage Attack Recognition System (MARS) consisting of a collection of integrated components. The system has been evaluated using a series of experiments and using different data sets i.e. publicly available datasets and data sets collected using real-life experiments. The results show that our approach can effectively detect multi-stage attacks. The false positive rates are reduced due to implementation of the vulnerability and target host information. Communication networks Security alerts Multi-stage attack scenarios Internet Security management
128	<strong>Investigating Factors that Increase Vulnerability to Cyber-Attacks During the First Year College Transition</strong> Stacia Rae Smith (15992141) 31 May 2023 (has links) <p> </p> <p>Moving from high school to college is a major life transition leading to significant changes across many aspects of daily life. This time frame is often seen as the transition from a youth to a young adult, yet its impact on technology use and cybersecurity vulnerabilities remains relatively unstudied. This study investigated which factors associated with the first-year college transition are likely to increase vulnerability to cyberattacks in a sample of first-year college students attending a public university in the northeast United States, all of whom graduated from high school within the last 12 months. This study used a concurrent triangulation mixed methods design. A quantitative survey and qualitative semi-structured interviews were conducted concurrently, the methods were prioritized equally, and the results were interpreted together. Thematic analysis was used to analyze survey short answer responses and semi-structured interviews. A more descriptive analysis was completed to analyze survey responses from 38 respondents. The research found that an increase in the amount of time spent online, changing main internet activities, and lack of cybersecurity awareness training are factors which are likely to increase vulnerability to cyber threats during the transition from high school to college. </p> Higher education Educational technology and computing Cybercrime Information security management cybersecurity first-year college transition vulnerability cyberattacks
129	Mobile Device Strategy : A management framework for securing company information assets on mobile devices Brodin, Martin January 2016 (has links) The problem addressed by this research is a demand for increased flexibility in access to organisational information, driven by the increasing popularity of mobile devices. Employees increasingly bring private devices to work (Bring Your Own Device, BYOD) or use work devices for private purposes (Choose Your Own Device, CYOD). This puts managers in a difficult position, since they want the benefits of mobility, without exposing organisational data to further risk. The research focuses on management (particularly information security management) issues in the design and implementation of strategies for mobile devices. There are two objectives. The first is to identify existing information security management strategies for mobile and dual-use devices. The second is to develop a framework for analysing, evaluating and implementing a mobile device strategy. The overall research strategy is inspired by Design Science; where the mission is to develop an artefact, in this case a framework, which will help to solve a practical problem. Methods include literature review, theoretical development, and the collection and analysis of qualitative data through interviews with executives. The main result of this work is the framework, which deals with the complete process, including analysis, design and implementation of a mobile device management strategy. It helps researchers to understand necessary steps in analysing phenomenon like BYOD and gives practitioners guidance in which analyses to conduct when working on strategies for mobile devices. The framework was developed primarily through theoretical work (with inspiration from the mobile security and strategic management literature, and the ISO/IEC 27000 standard), and evaluated and refined through the empirical studies. The results include twelve management issues, a research agenda, argumentation for CYOD and, guidance for researchers and practitioners. Strategic Management Mobile device Information security information security management information management BYOD CYOD mobile strategy mobile device strategy management framework Information Systems
130	Demonstrate and document : the development of a best practice model for biometric access control management Norris-Jones, Lynne January 2011 (has links) This thesis investigates the social, legal and ethical perceptions of participants towards the implementation of biometric access control systems within a sample of United Kingdom work-based environments. It focuses on the application of fingerprint scanning and facial recognition systems, whilst alluding to the development of more advanced (bleeding edge) technologies in the future. The conceptual framework is based on a tripartite model in which Maslow's Hierarchy of Needs is applied to the workforce whilst the principles of Utilitarianism and the Psychological Contract are applied to both management strategies and workforce perceptions. A qualitative paradigm is used in which semi-structured interviews are conducted with management and workforce participants within a sample of United Kingdom-based organisations (represented by Case Studies A-D). Discourse from these interviews are analysed, leading to the development of a series of first-cut findings for suggested "Best Practice " in the social, legal and ethical management of biometric access control systems. This process is subsequently developed with a refined sample of respondents (Case Studies A and C) culminating in the presentation of a suggested "Best Practice Model" for application to all four case studies. The model is based upon elements of a pre-determined Code of Practice (ISO/IEC 27002lnformation Technology - Security techniques - Code of Practice for Information Security Management) towards fostering acceptance of biometric technology within the workplace, in answering the question: How should organisations using biometric access control systems address social, legal and ethical concerns in the management of specific working environments in the United Kingdom? 006.4

Search results