Global ETD Search

181	MIXED-METHODS ANALYSIS OF SOCIAL-ENGINEERING INCIDENTS Grusha Ahluwalia (13029936) 29 April 2023 (has links) <p> </p> <p>The following study is a research thesis on the subject matter of Social Engineering (SE) or Social Engineering Information Security Incidents (SEISI). The research evaluates the common features that can be used to cover a social engineering scenario from the perspectives of all stakeholders, at the individual and organizational level in terms of social engineering Tactics, Techniques, and Procedures (TTP). The research utilizes extensive secondary literary sources for understanding the topic of Social Engineering, highlights the issue of inconsistencies in the existing frameworks on social engineering and, addresses the research gap of availability of reliable dataset on past social engineering incidents by information gathered on the common themes of data reported on these. The study annotates salient features which have been identified in several studies in the past to develop a comprehensive dataset of various social engineering attacks which could be used by both computational and social scientists. The resulting codebook or the features of a social engineering are coded and defined based on Pretext Design Maps as well as industry standards and frameworks like MITRE ATT&CK, MITRE CVE, NIST, etc. Lastly, Psychological Theories of Persuasion like Dr. Cialdini’s principles of persuasion, Elaboration Likelihood Model, and Scherer’s Typology of Affective Emotional States guides the psychological TTPs of social engineering evaluated in this study. </p> Digital forensics Information security management Social psychology Social Engineering attacks Threat Modelling Principles of Influence & Persuasion MITRE ATT&CK framework
182	ASSESSING COMMON CONTROL DEFICIENCIES IN CMMC NON-COMPLIANT DOD CONTRACTORS Vijayaraghavan Sundararajan (12980984) 05 July 2022 (has links) <p> As cyber threats become highly damaging and complex, a new cybersecurity compliance certification model has been developed by the Department of Defense (DoD) to secure its Defense Industrial Base (DIB), and communication with its private partners. These partners or contractors are obligated by the Defense Federal Acquisition Regulations (DFARS) to be compliant with the latest standards in computer and data security. The Cybersecurity Maturity Model Certification (CMMC), and it is built upon existing DFARS 252.204-7012 and the NIST SP 800-171 controls. As of 2020, the DoD has incorporated DFARS and the National Institute of Standards and Technology (NIST) recommended security practices into what is now the CMMC. This thesis examines the most commonly identified security control deficiencies faced, the attacks mitigated by addressing these deficiencies, and suggested remediations, to 127 DoD contractors in order to bring them into compliance with the CMMC guidelines. By working with a compliance service provider, an analysis is done on how companies are undergoing and implementing important changes in their processes, to protect crucial information from ever-growing and looming cyber threats. </p> Data security and protection Hardware security Software and application security System and network security Information security management Security Control Deficiency Mitigation CMMC NIST SP 800-171 Assessment Control Family Cybersecurity Remediation Cyber-attacks Vulnerabilities
183	A case study of factors contributing to discipline problems of security officers : Eskom distribution centres, KwaZulu-Natal North Coast region Govender, Remone 27 May 2014 (has links) Private security forms part of a key strategy component in South Africa in terms of the alignment of the safety and security sector. Both private and public sector businesses in South Africa depend on private security systems to safeguard their assets. Although the growth in the private security sector has not provided for outstanding qualities and high levels of qualification criteria for employment in the sector, this quiet transformation of South Africa’s every day security landscape has potentially wide-ranging concerns. It raises important questions about the accountability and responsibility of security companies in providing their clients with disciplined security officers. There are reasons for concerns at Eskom because of the disciplinary problems experienced by security officers. These disciplinary problems create an environment of instability and uncertainty, which impacts on the core purpose of Eskom which is to provide sustainable electricity solutions to grow the economy and improve the quality of life of people in South Africa. Accordingly, the main purpose for the deployment of security officers to Eskom centres is to create a safer environment for Eskom and to safeguard its assets. Currently, disciplinary problems in the workplace constitute one of the most basic problems facing employers in both the public and private sectors. Therefore, developing and maintaining a disciplined security workforce is a priority that should be on the agenda of all private security companies. The objectives of this research included the following:  Examine which factors contribute to disciplinary problems;  Determine what the causes of these factors are that contribute to disciplinary problems; and  Identify what solutions can be used to address the factors contributing to disciplinary problems. A qualitative research approach was used in this study, in that verbal non-numerical data was collected from people in their natural environments who experience xiv everyday situations in the workplace in order to gain a more complete understanding of the problem area. The main method of data collection was by means of face-to-face interviews between the researcher and the interviewees which took place according to a standardised interview schedule. Thirty (30) respondents drawn by means of probability and non-probability sampling processes and were individually interviewed by the interviewer. Accordingly, this study has examined issues as to why security officers do not reliably uphold the discipline that is required of them in the provision of security services at the Eskom centres. The problem of poor discipline at Eskom centres compromises security, which impacts negatively on profitability when a site experiences losses and theft because security officers do not adhere to Eskom’s security requirements while they are deployed at Eskom centres. It is important for any institution to first examine and identify the disciplinary problems experienced by its employees before those problems can be addressed successfully. Accordingly, the nature and extent of disciplinary problems by security officers were examined within this study to assess the effectiveness of security management practices within the private security companies supplying a security service to Eskom. This study, therefore, examined disciplinary problems at Eskom centres (on the north coast of KwaZulu-Natal) to identify the specific problems which the security officers have been experiencing and to indicate how effective their company management systems were in dealing with those problems. The study also assisted with formulating adequate recommendations with regard to managing the disciplinary problems at Eskom centres. / Criminology and Security Science / M. Tech. (Security Management) Disciplinary problems Job satisfaction Security management Low salary Security business Sercurity service Supervision Job burnout Seurity training 363.28909684 Eskom (Firm)
184	A risk based approach for managing information technology security risk within a dynamic environment Mahopo, Ntombizodwa Bessy 11 1900 (has links) Information technology (IT) security, which is concerned with protecting the confidentiality, integrity and availability of information technology assets, inherently possesses a significant amount of known and unknown risks. The need to manage IT security risk is regarded as an important aspect in the daily operations within organisations. IT security risk management has gained considerable attention over the past decade due to the collapse of some large organisations in the world. Previous investigative research in the field of IT security has indicated that despite the efforts that organisations use to reduce IT security risks, the trend of IT security attacks is still increasing. One of the contributing factors to poor management of IT security risk is attributed to the fact that IT security risk management is often left to the technical security technologists who do not necessarily employ formal risk management tools and reasoning. For this reason, organisations find themselves in a position where they do not have the correct approach to identify, assess and treat IT security risks. The IT security discipline is complex in nature and requires specialised skills. Organisations generally struggle to find a combination of IT security and risk management skills in corporate markets. The scarcity of skills leaves organisations with either IT security technologists who do not apply risk management principles to manage IT security risk or risk management specialists who do not understand IT security in order to manage IT security risk. Furthermore, IT is dynamic in nature and introduces new threats and vulnerabilities as it evolves. Taking a look at the development of personal computers over the past 20 years is indicative of how change has been constant in this field, from big desktop computers to small mobile computing devices found today. The requirement to protect IT against threats associated with desktops was far less than the requirement associated with protecting mobile devices. There is pressure for organisations to ensure that they stay abreast with the current technology and associated risks. Failure to understand and manage IT security risk is often cited as a major cause of concern within most organisations’ IT environments because comprehensive approaches to identify, assess and treat IT security risk are not consistently applied. This is due to the fact that the trend of IT security attacks across the globe is on the increase, resulting in gaps when managing IT security risk. Employing a formal risk based approach in managing IT security risk ensures that risks of importance to an organisation are accounted for and receive the correct level of attention. Defining an approach of how IT security risk is managed should be seen as a fundamental task and is the basis of this research. This study aims to contribute to the field of IT security by developing an approach that assists organisations in treating IT security risk more effectively. This is achieved through the use of a combination of existing best practice IT security frameworks and standards principles, basic risk management principles, as well as existing threat modelling processes. The approach developed in this study serves to encourage formal IT security risk management practices within organisations to ensure that IT security risk is accounted for by senior leadership. Furthermore, the approach is anticipated to be more proactive and iterative in nature to ensure that external factors that influence the increasing trend of IT security threats within the IT environment are acknowledged by organisations as technology evolves. / Computing / M. Sc. (Computing) IT IT security Risk Risk management IT security threat modelling IT security management OCTAVE COBIT ITIL ISO 27001/2 ISF Standard of Good Practice 005.82 Computer security -- Standards Cyberterrorism
185	A case study of factors contributing to discipline problems of security officers : Eskom distribution centres, KwaZulu-Natal North Coast region Govender, Remone 27 May 2014 (has links) Private security forms part of a key strategy component in South Africa in terms of the alignment of the safety and security sector. Both private and public sector businesses in South Africa depend on private security systems to safeguard their assets. Although the growth in the private security sector has not provided for outstanding qualities and high levels of qualification criteria for employment in the sector, this quiet transformation of South Africa’s every day security landscape has potentially wide-ranging concerns. It raises important questions about the accountability and responsibility of security companies in providing their clients with disciplined security officers. There are reasons for concerns at Eskom because of the disciplinary problems experienced by security officers. These disciplinary problems create an environment of instability and uncertainty, which impacts on the core purpose of Eskom which is to provide sustainable electricity solutions to grow the economy and improve the quality of life of people in South Africa. Accordingly, the main purpose for the deployment of security officers to Eskom centres is to create a safer environment for Eskom and to safeguard its assets. Currently, disciplinary problems in the workplace constitute one of the most basic problems facing employers in both the public and private sectors. Therefore, developing and maintaining a disciplined security workforce is a priority that should be on the agenda of all private security companies. The objectives of this research included the following:  Examine which factors contribute to disciplinary problems;  Determine what the causes of these factors are that contribute to disciplinary problems; and  Identify what solutions can be used to address the factors contributing to disciplinary problems. A qualitative research approach was used in this study, in that verbal non-numerical data was collected from people in their natural environments who experience xiv everyday situations in the workplace in order to gain a more complete understanding of the problem area. The main method of data collection was by means of face-to-face interviews between the researcher and the interviewees which took place according to a standardised interview schedule. Thirty (30) respondents drawn by means of probability and non-probability sampling processes and were individually interviewed by the interviewer. Accordingly, this study has examined issues as to why security officers do not reliably uphold the discipline that is required of them in the provision of security services at the Eskom centres. The problem of poor discipline at Eskom centres compromises security, which impacts negatively on profitability when a site experiences losses and theft because security officers do not adhere to Eskom’s security requirements while they are deployed at Eskom centres. It is important for any institution to first examine and identify the disciplinary problems experienced by its employees before those problems can be addressed successfully. Accordingly, the nature and extent of disciplinary problems by security officers were examined within this study to assess the effectiveness of security management practices within the private security companies supplying a security service to Eskom. This study, therefore, examined disciplinary problems at Eskom centres (on the north coast of KwaZulu-Natal) to identify the specific problems which the security officers have been experiencing and to indicate how effective their company management systems were in dealing with those problems. The study also assisted with formulating adequate recommendations with regard to managing the disciplinary problems at Eskom centres. / Criminology and Security Science / M. Tech. (Security Management) Disciplinary problems Job satisfaction Security management Low salary Security business Sercurity service Supervision Job burnout Seurity training 363.28909684 Eskom (Firm)
186	Large-scale high-performance video surveillance Sutor, S. R. (Stephan R.) 07 October 2014 (has links) Abstract The last decade was marked by a set of harmful events ranging from economical crises to organized crime, acts of terror and natural catastrophes. This has led to a paradigm transformation concerning security. Millions of surveillance cameras have been deployed, which led to new challenges, as the systems and operations behind those cameras could not cope with the rapid growth in number of video cameras and systems. Looking at today’s control rooms, often hundreds or even thousands of cameras are displayed, overloading security officers with irrelevant information. The purpose of this research was the creation of a novel video surveillance system with automated analysis mechanisms which enable security authorities and their operators to cope with this information flood. By automating the process, video surveillance was transformed into a proactive information system. The progress in technology as well as the ever increasing demand in security have proven to be an enormous driver for security technology research, such as this study. This work shall contribute to the protection of our personal freedom, our lives, our property and our society by aiding the prevention of crime and terrorist attacks that diminish our personal freedom. In this study, design science research methodology was utilized in order to ensure scientific rigor while constructing and evaluating artifacts. The requirements for this research were sought in close cooperation with high-level security authorities and prior research was studied in detail. The created construct, the “Intelligent Video Surveillance System”, is a distributed, highly-scalable software framework, that can function as a basis for any kind of high-performance video surveillance system, from installations focusing on high-availability to flexible cloud-based installation that scale across multiple locations and tens of thousands of cameras. First, in order to provide a strong foundation, a modular, distributed system architecture was created, which was then augmented by a multi-sensor analysis process. Thus, the analysis of data from multiple sources, combining video and other sensors in order to automatically detect critical events, was enabled. Further, an intelligent mobile client, the video surveillance local control, which addressed remote access applications, was created. Finally, a wireless self-contained surveillance system was introduced, a novel smart camera concept that enabled ad hoc and mobile surveillance. The value of the created artifacts was proven by evaluation at two real-world sites: An international airport, which has a large-scale installation with high-security requirements, and a security service provider, offering a multitude of video-based services by operating a video control center with thousands of cameras connected. / Tiivistelmä Viime vuosikymmen tunnetaan vahingollisista tapahtumista alkaen talouskriiseistä ja ulottuen järjestelmälliseen rikollisuuteen, terrori-iskuihin ja luonnonkatastrofeihin. Tämä tilanne on muuttanut suhtautumista turvallisuuteen. Miljoonia valvontakameroita on otettu käyttöön, mikä on johtanut uusiin haasteisiin, koska kameroihin liittyvät järjestelmät ja toiminnot eivät pysty toimimaan yhdessä lukuisien uusien videokameroiden ja järjestelmien kanssa. Nykyajan valvontahuoneissa voidaan nähdä satojen tai tuhansien kameroiden tuottavan kuvaa ja samalla runsaasti tarpeetonta informaatiota turvallisuusvirkailijoiden katsottavaksi. Tämän tutkimuksen tarkoitus oli luoda uusi videovalvontajärjestelmä, jossa on automaattiset analyysimekanismit, jotka mahdollistavat turva-alan toimijoiden ja niiden operaattoreiden suoriutuvan informaatiotulvasta. Automaattisen videovalvontaprosessin avulla videovalvonta muokattiin proaktiiviseksi tietojärjestelmäksi. Teknologian kehitys ja kasvanut turvallisuusvaatimus osoittautuivat olevan merkittävä ajuri turvallisuusteknologian tutkimukselle, kuten tämä tutkimus oli. Tämä tutkimus hyödyttää yksittäisen ihmisen henkilökohtaista vapautta, elämää ja omaisuutta sekä yhteisöä estämällä rikoksia ja terroristihyökkäyksiä. Tässä tutkimuksessa suunnittelutiedettä sovellettiin varmistamaan tieteellinen kurinalaisuus, kun artefakteja luotiin ja arvioitiin. Tutkimuksen vaatimukset perustuivat läheiseen yhteistyöhön korkeatasoisten turva-alan viranomaisten kanssa, ja lisäksi aiempi tutkimus analysoitiin yksityiskohtaisesti. Luotu artefakti - ’älykäs videovalvontajärjestelmä’ - on hajautettu, skaalautuva ohjelmistoviitekehys, joka voi toimia perustana monenlaiselle huipputehokkaalle videovalvontajärjestelmälle alkaen toteutuksista, jotka keskittyvät saatavuuteen, ja päättyen joustaviin pilviperustaisiin toteutuksiin, jotka skaalautuvat useisiin sijainteihin ja kymmeniin tuhansiin kameroihin. Järjestelmän tukevaksi perustaksi luotiin hajautettu järjestelmäarkkitehtuuri, jota laajennettiin monisensorianalyysiprosessilla. Siten mahdollistettiin monista lähteistä peräisin olevan datan analysointi, videokuvan ja muiden sensorien datan yhdistäminen ja automaattinen kriittisten tapahtumien tunnistaminen. Lisäksi tässä työssä luotiin älykäs kännykkäsovellus, videovalvonnan paikallinen kontrolloija, joka ohjaa sovelluksen etäkäyttöä. Viimeksi tuotettiin langaton itsenäinen valvontajärjestelmä – uudenlainen älykäs kamerakonsepti – joka mahdollistaa ad hoc -tyyppisen ja mobiilin valvonnan. Luotujen artefaktien arvo voitiin todentaa arvioimalla ne kahdessa reaalimaailman ympäristössä: kansainvälinen lentokenttä, jonka laajamittaisessa toteutuksessa on korkeat turvavaatimukset, ja turvallisuuspalveluntuottaja, joka tarjoaa moninaisia videopohjaisia palveluja videovalvontakeskuksen avulla käyttäen tuhansia kameroita. ad-hoc surveillance intelligent video surveillance mobile video surveillance multi-sensor analysis security security management process sensor fusion sensor processing smart cameras system architecture video analysis video surveillance video surveillance networks wireless video surveillance ad-hoc valvonta järjestelmäarkkitehtuuri langaton videovalvonta mobiili videovalvonta monianturianalyysi sensorien integrointi sensoriprosessointi turvallisuus turvanhallintaprosessi videoanalyysi videovalvonta videovalvontaverkostot älykkäät kamerat älykäs videovalvonta
187	Aplikace zákona a vyhlášky o kybernetické bezpečnosti na úřadech státní správy / Application of the act and subsequent regulation on cyber security at state administration´s offices Pech, Jan January 2016 (has links) The thesis is focused on the Czech act no. 181/2014 Sb., on cyber security and subsequent regulations, introduces origin and importance of act, defines the state administration´s office which identifies important information systems according to regulations, and subsequently thesis detailed analyses act and regulation on cyber security in relation to the defined state administration´s office. Keynote of this thesis is show the real application of identified obligations of the act and regulation to the defined state administration´s office, especially a design, implementation and management of organizational and technical security measures, including the evaluation of real impact on information security. To achieve the set goals author of this thesis uses the analysis of legislation, and draws own conclusions from author´s position of a security technologist who actively participated in the design security policy, and implementation and management of security tools. The benefit of this thesis is complex overview of the security employees work at defined state administration´s office, overview of the real fulfilment obligations of the act and regulation of cybernetic security, and ultimately this thesis brings ideas for further development of technical security tools. This thesis can brings benefit to other important information systems administrators as a set of processes, proposals and recommendation for their own information security management system. This thesis is structurally divided into four main parts. The first theoretical part introduces origin, importance and impact of the act on state and private organizations. The second analytical part analyses act and subsequent regulations in relation to the defined state administration´s office. The third practical part shows the real application of organizational and technical security measures. The fourth last part evaluates the real impact of measures on information security.
188	Management informační bezpečnosti ve zdravotnickém zařízení / Information Security Management in Healthcare Organization Hajný, Jiří January 2014 (has links) The diploma thesis focuses on implementation and deployment of information security management system (ISMS) into healthcare organizations. Specifies what is required to include in this process and what not to forget. It includes a risk analysis of a branch of the selected company, and for it is written a safety guide. Safety guide provides advice and recommendations regarding security in terms of human resources, physical security, ICT security and other aspects that should be included in the ISMS deployment in healthcare organizations. The work also reflects the newly emerging law on cyber security. It is expected that the law will also address cyber security in healthcare.
189	Zavedení Managementu Informační Bezpečnosti v IT podniku / The Introduction of Information Security Management System in IT Enterprise Riegl, Tomáš January 2014 (has links) This thesis deals with the introduction of information security management system in IT enterprise. It includes theoretical knowledge which are necessary for the understanding of this issue and their application for the analysis of the current state of information security, risk analysis and risk management. Last but not least for the actual implementation of information security management system in the company. The implementation of ISMS was divided into two phases. This thesis details the first phase.
190	Securing sensor network Zare Afifi, Saharnaz January 2014 (has links) Indiana University-Purdue University Indianapolis (IUPUI) / A wireless sensor network consists of lightweight nodes with a limited power source. They can be used in a variety of environments, especially in environments for which it is impossible to utilize a wired network. They are easy/fast to deploy. Nodes collect data and send it to a processing center (base station) to be analyzed, in order to detect an event and/or determine information/characteristics of the environment. The challenges for securing a sensor network are numerous. Nodes in this network have a limited amount of power, therefore they could be faulty because of a lack of battery power and broadcast faulty information to the network. Moreover, nodes in this network could be prone to different attacks from an adversary who tries to eavesdrop, modify or repeat the data which is collected by other nodes. Nodes may be mobile. There is no possibility of having a fixed infrastructure. Because of the importance of extracting information from the data collected by the sensors in the network there needs to be some level of security to provide trustworthy information. The goal of this thesis is to organize part of the network in an energy efficient manner in order to produce a suitable amount of integrity/security. By making nodes monitor each other in small organized clusters we increase security with a minimal energy cost. To increase the security of the network we use cryptographic techniques such as: public/ private key, manufacturer signature, cluster signature, etc. In addition, nodes monitor each other's activity in the network, we call it a "neighborhood watch" In this case, if a node does not forward data, or modifies it, and other nodes which are in their transmission range can send a claim against that node. Cluster-Base Network Threshold Signature Data Aggregation Wireless Network Ad-hoc Network Neighborhood Watch Threshold signatures -- Research Computer networks -- Security measures Wireless communication systems Wireless LANs Group signatures (Computer security) Data protection Computer security -- Management Sensor networks -- Research Pattern recognition systems Computers -- Access control Computer network protocols

Search results