Spelling suggestions: "subject:"asecurity management"" "subject:"2security management""
61 |
On Information Security Processes in Cloud ComputingMahmoud, Suzan January 2013 (has links)
Cloud computing allows user access to virtual services (applications, servers and devices, digital storage and service packages sources) through a network using a web browser. Cloud computing is rapidly growing and has become an attractive and affordable service model among organizations. It has many benefits but is also associated with many risks and security challenges. In cloud computing users can connect with any device and use virtual computing services at any time and from anywhere, which has brought new challenges for enterprise security. The problem of securing data in the cloud and building trust in the cloud computing environment has become a widely discussed and important issue.This research aims to investigate how enterprises deal with security problems and protect their data in the cloud through security measures and processes. It also investigates what processes could be adapted to the security environment. To achieve this, an empirical study was performed. The empirical study consisted of interviews with a number of enterprises that use cloud computing in their business, with the purpose to give a deep picture of how they handle security issues related to their cloud services.During the empirical study it could be found differences and similarities in the security measures used by the different organizations, depending on the size of the organization and the type of services used or provided by the organizations. Information security should be managed in a series of processes or procedures, linked together in an environment such as the Information security management system (ISMS). On the basis of the evaluation of the interviews and literature, a cloud environment with different security processes is defined.
|
62 |
Analysis of security issues in cloud based e-learningKumar, Gunasekar, Chelikani, Anirudh January 2011 (has links)
Cloud based E-Learning is one of the booming technologies in IT field which brings powerful e-learning products with the help of cloud power. Cloud technology has numerous advantages over the existing traditional E-Learning systems but at the same time, security is a major concern in cloud based e-learning. So security measures are unavoidable to prevent the loss of users’ valuable data from the security vulnerabilities. Cloud based e-learning products also need to satisfy the security needs of customers and overcome various security threats which attack valuable data stored in cloud servers.So the study investigates various security issues involved in cloud based e-learning technology with an aim to suggest solutions in the form of security measures and security management standards. These will help to overcome the security threats in cloud based e-learning technology. To achieve our thesis aim, we used theoretical and empirical studies. Empirical study is made through the information gathered through various cloud based e-learning solution vendors websites. And the theoretical study is made through the text analysis on various research articles related to our subject areas. And finally the constant comparative method is used to compare the empirical findings with the facts discovered from our theoretical findings. These analysis and research studies are leads to find various security issues in cloud based e-learning technology. / Program: Magisterutbildning i informatik
|
63 |
A Security Solution on Availability for Next Generation Telecommunication Networks Management Information SystemsWu, Ming-Yi 04 September 2009 (has links)
With the development of the internet protocol (IP) and digitization for the global telecommunication industry, the convergence rate of communications and broadcasting has been improved. According to these motives, the domestic telecommunication industry modify present commercial operation managements and combine with the communication networks, the fixed-mobile communication (FMC) networks, and the mobile communication networks into the all-internet protocol (all-IP) communication network structure based on the extended upgrade communication network system. The domestic telecommunication industry expect that the integrated heterogeneous network, including the speech data, the video data, and the communication services, which can provide the omnipresent customizable mobile communication network services and obtain the advance business opportunities in terms of the future development of digital convergence.
Hence, the domestic telecommunication industry not only build the next generation network structure to satisfy their demands, but also develop the management information system (MIS) to monitor the operation of telecommunication networks for ensure the quality of communication services and achieve the development of next generation networks. A primary consideration is to assure the usability of MIS for the telecommunication industry and the customers based on the profit rates and the omnipresent mobile network services, respectively¡C
However, the current status of the telecommunication industry that meet the many difficult challenges and problems to construct the next generation MIS. For examples, the all-IP-based open network structure will be used instead of the close network structure, the different generation telecommunication systems combine with the operation and maintenance information system, the information security incident, and so on. It is must to consider highly of these situations between the major links above. Otherwise, the service usability of MIS will be destroyed.
In this thesis, we adopt the case study approach to analyze the MIS construction process of the domestic telecommunication operator. During the build process, the MIS construction of next generation telecommunication networks must to suffice for the flexibility, the safety, and the stabilization and need to make sure the critical mission on stable operation condition, the lower service interruption, the higher usability. The implementation of the next generation MIS, which will help support the crucial operation procedure of the conglomerate and cope with the fast variation of the market demands.
|
64 |
Programinės įrangos ir duomenų saugumas: grėsmės ir jų valdymas, šifravimo algoritmai / Security in Computing: Threats and their Management, Encryption SystemsValinčius, Tomas 11 August 2008 (has links)
Darbo tikslas – išnagrinėti būdus darbo kompiuteriu keliamoms grėsmėms valdyti: (1) Aptarti, pažinti grėsmes kompiuterinių sistemų saugumui; (2) Suprasti, kas sukelia šias grėsmes, nagrinėjant programinės įrangos kūrimo procesą; (3) Nustatyti būdus, kurie gali sumažinti ar eliminuoti grėsmes.
Darbe pirmiausiai aptariamos techninės priežastys, lemiančios saugumo spragų programinėje įrangoje pasirodymą; piktavališkų programų tipai bei jų daroma žala. Toliau aptarti šiuo metu naudojami metodai programinės įrangos saugumui ir kokybei užtikrinti, suformuluoti pagrindiniai saugios programinės įrangos kūrimo principai.
Kadangi duomenys yra viena iš trijų kompiuterinės sistemos sudedamųjų dalių (programinė įranga, techninė įranga, duomenys), svarbią dalį darbe užima informacijos slaptumo, konfidencialumo užtikrinimo problema. Aptarti pagrindiniai dalykai, užtikrinantys asmens privatumą darbo kompiuteriu metu; pasiūlyti būdai, kaip tinkamai saugoti privačius/slaptus duomenis; paminėtos teisinės priemonės šioje srityje. Taip pat aptarti saugaus darbo internete principai.
Saugumui užtikrinti labai svarbūs organizaciniai veiksniai. Šiame darbe aptartos organizacinės priemonės duomenų bei programinės įrangos saugumui užtikrinti, saugumo politika, grėsmių analizės priemonės.
Darbe taip pat išnagrinėti šifravimo ir dešifravimo algoritmai – pagrindinės techninės priemonės daugeliui su saugumu susijusių problemų spręsti. Aptarti ne tik šiuo metu naudojami, bet ir patys pirmieji šifravimo... [toliau žr. visą tekstą] / Is security in computing a problem? There are many methods and ways developed to help in software quality management. However, the need to quickly release a new software or its version is often more important than software security requirements or threats analysis. The main goal of this work is to analyse the threats in computing and methods to manage software security. The main objectives are: (1) To recognize and discuss the threats in computing; (2) To find the reasons that are causing security problems while studying the software development process; (3) To find ways to eliminate the threats or minimize their impact. First of all, there is a study of technical reasons that are causing vulnerabilities and threats in software to appear. Then there is a review of existing methods to manage software security and quality. An important part of this work is dedicated to privacy, private data management problem. There are methods discussed that ensures privacy in computing. After the review of technical aspects of security, there are methods discussed that insures security from organization’s point of view. Finally, there is a review of encryption systems, there types, differences and measures.
|
65 |
Information Security Management: The Study of Lithuanian State Institutions / Informacijos saugumo valdymas: Lietuvos Respublikos valstybės institucijų atvejisJastiuginas, Saulius 27 December 2012 (has links)
Growing information security cases and scope illustrate that the relevance of information security issues becomes critical and present information security means are not sufficient enough to manage information security. Narrow comprehension of information security merely as technological problem is broadened by the research results of economic, managerial, psychological, legal and other related aspects’ influence to information security. Information is named as the object of information security management in this thesis, and new information security management solutions are searched in the information management sciences. Critical analysis of information management and information security management links, was established a theoretical basis to form an integral information security management model. Integral information security management model, constructed at a theoretical level, shows a complex approach towards information security, integrates information management and information security management. Integral information security management model allows indentifying information security management weaknesses in the Lithuanian State institutions, rectifying deficiencies, provide an integrated and efficient information security management. A practical research and obtained results grounded the constructed model’s applicability both for further theoretical academic research and for practical application in the Lithuanian State institutions. / Nuolat augantys informacijos saugumo incidentų atvejai ir mastai iliustruoja, kad informacijos saugumo problemų aktualumas tampa kritinis, o esamos informacijos saugumo valdymo priemonės nėra pakankamos informacijos saugumui valdyti. Siaurą informacijos saugumo, kaip technologinės problemos, supratimą plečia ekonominių, vadybinių, psichologinių, teisinių ir kitų susijusių aspektų įtaka informacijos saugumui. Disertacijoje teigiama, kad informacijos saugumo valdymo objektas yra informacija, todėl informacijos saugumui valdyti pasitelktini informacijos vadybos metodai ir būdai. Identifikavus ir kritiškai įvertinus informacijos vadybos bei informacijos saugumo valdymo diskursų sąsajas sukurtas teorinis pagrindas suformuoti integralų informacijos saugumo valdymo modelį. Teoriniame lygmenyje sukonstruotas integralus informacijos saugumo valdymo modelis atskleidžia kompleksinį požiūrį į informacijos saugumą, integruoja informacijos vadybą ir informacijos saugumo valdymą bei leidžia identifikuoti informacijos saugumo valdymo Lietuvos valstybės institucijose trūkumus, o šiuos trūkumus pašalinus, užtikrinti kompleksišką ir efektyvų informacijos saugumo valdymą. Empirinis tyrimas ir gauti rezultatai pagrindė teoriniame lygmenyje sukonstruoto modelio pritaikomumą tiek tolesniems teoriniams moksliniams tyrimams, tiek praktinėje Lietuvos valstybės institucijų veikloje.
|
66 |
Enhancing information security in organisations in QatarAl-Hamar, Aisha January 2018 (has links)
Due to the universal use of technology and its pervasive connection to the world, organisations have become more exposed to frequent and various threats. Therefore, organisations today are giving more attention to information security as it has become a vital and challenging issue. Many researchers have noted that the significance of information security, particularly information security policies and awareness, is growing due to increasing use of IT and computerization. In the last 15 years, the State of Qatar has witnessed remarkable growth and development of its civilization, having embraced information technology as a base for innovation and success. The country has undergone tremendous improvements in the health care, education and transport sectors. Information technology plays a strategic role in building the country's knowledge-based economy. Due to Qatar s increasing use of the internet and connection to the global environment, it needs to adequately address the global threats arising online. As a result, the scope of this research is to investigate information security in Qatar and in particular the National Information Assurance (NIA) policy. There are many solutions for information security some technical and some non-technical such as policies and making users aware of the dangers. This research focusses on enhancing information security through non-technical solutions. The aim of this research is to improve Qatari organisations information security processes by developing a comprehensive Information Security Management framework that is applicable for implementation of the NIA policy, taking into account Qatar's culture and environment. To achieve the aim of this research, different research methodologies, strategies and data collection methods will be used, such as a literature review, surveys, interviews and case studies. The main findings of this research are that there is insufficient information security awareness in organisations in Qatar and a lack of a security culture, and that the current NIA policy has many barriers that need to be addressed. The barriers include a lack of information security awareness, a lack of dedicated information security staff, and a lack of a security culture. These barriers are addressed by the proposed information security management framework, which is based on four strategic goals: empowering Qataris in the field of information security, enhancing information security awareness and culture, activating the Qatar National Information Assurance policy in real life, and enabling Qatar to become a regional leader in information security. The research also provides an information security awareness programme for employees and university students. At the time of writing this thesis, there are already indications that the research will have a positive impact on information security in Qatar. A significant example is that the information security awareness programme for employees has been approved for implementation at the Ministry of Administrative Development Labour and Social Affairs (ADLSA) in Qatar. In addition, the recommendations proposed have been communicated to the responsible organisations in Qatar, and the author has been informed that each organisation has decided to act upon the recommendations made.
|
67 |
Implementando segurança e controle em redes de computadores / Implementing security and control in computer networksBertholdo, Leandro Márcio January 1997 (has links)
O crescimento e proliferação da Internet nos últimos anos tem trazido à tona vários problemas relativos à segurança e operacionabilidade das máquinas de universidades e empresas. Inúmeras invasões são realizadas anualmente. Entretanto, a grande maioria delas não possui registro algum, sendo muitas vezes de total desconhecimento do administrador local. Para prover soluções para estes problemas foi realizado um estudo, aqui apresentado, que tem como principal objetivo propor uma filosofia de gerência de segurança. São utilizados para isso conceitos de gerenciamento de redes como SNMPv2, aliado à implementação de um conjunto de ferramentas que garantam a integridade dos vários sistemas envolvidos. O resultado foi um sistema denominado CUCO1, que alerta sobre tentativas de ataque e situações de risco. CUCO foi projetado para permitir a um administrador, protegido ou não por uma firewall, dispor de um controle maior e melhor sobre acessos e tentativas de acessos indevidos à sua rede. O sistema usa uma estratégia de monitoração de eventos em diferentes níveis e aplicações, tentando com isto detectar e alertar a ocorrência de ataques tradicionais. Também está incorporado um bloco de funções que visam identificar um agressor situado em algum lugar da Internet, e obter maiores informações sobre ele e o domínio onde esta localizado. / The Internet increase and proliferation in the last years has brought a lot of problems related to the security and handling of hosts in universities and corporations. Many break-ins are done each year, without any record or knowledge by the site’s administrator. To give solutions to this problems was made up a study, here presented, has as the main goal the proposal of a security management philosophy. Are used network management concepts, joined with a toolkit to ensure the integrity of many systems envolved. The result was a system named CUCO2, that alerts about attacks and risks situations. CUCO was designed to allow an administrator, protected or not by firewall, to have a bigger and better access control in his network. The system uses an event monitor strategy in different levels and applications, trying to detect and alert the occurrence of common attacks. Moreover, it is also incorporated by a set of functions that attempt to identify aggressor’s location in any place in the Internet, and get information about him and the domain where he is located.
|
68 |
Policy-driven Security Management for Gateway-Oriented Reconfigurable EcosystemsJanuary 2015 (has links)
abstract: With the increasing user demand for low latency, elastic provisioning of computing resources coupled with ubiquitous and on-demand access to real-time data, cloud computing has emerged as a popular computing paradigm to meet growing user demands. However, with the introduction and rising use of wear- able technology and evolving uses of smart-phones, the concept of Internet of Things (IoT) has become a prevailing notion in the currently growing technology industry. Cisco Inc. has projected a data creation of approximately 403 Zetabytes (ZB) by 2018. The combination of bringing benign devices and connecting them to the web has resulted in exploding service and data aggregation requirements, thus requiring a new and innovative computing platform. This platform should have the capability to provide robust real-time data analytics and resource provisioning to clients, such as IoT users, on-demand. Such a computation model would need to function at the edge-of-the-network, forming a bridge between the large cloud data centers and the distributed connected devices.
This research expands on the notion of bringing computational power to the edge- of-the-network, and then integrating it with the cloud computing paradigm whilst providing services to diverse IoT-based applications. This expansion is achieved through the establishment of a new computing model that serves as a platform for IoT-based devices to communicate with services in real-time. We name this paradigm as Gateway-Oriented Reconfigurable Ecosystem (GORE) computing. Finally, this thesis proposes and discusses the development of a policy management framework for accommodating our proposed computational paradigm. The policy framework is designed to serve both the hosted applications and the GORE paradigm by enabling them to function more efficiently. The goal of the framework is to ensure uninterrupted communication and service delivery between users and their applications. / Dissertation/Thesis / Masters Thesis Computer Science 2015
|
69 |
Portais de governo eletrônico em Municípios do Estado da Paraíba: análise sob a óptica da segurança da informaçãoSena, Alnio Suamy de 02 August 2017 (has links)
Submitted by Fernando Souza (fernando@biblioteca.ufpb.br) on 2017-10-04T11:56:00Z
No. of bitstreams: 1
arquivototal.pdf: 3127385 bytes, checksum: 642b4f5b14587b1f9a6e45fb220f1cec (MD5) / Made available in DSpace on 2017-10-04T11:56:00Z (GMT). No. of bitstreams: 1
arquivototal.pdf: 3127385 bytes, checksum: 642b4f5b14587b1f9a6e45fb220f1cec (MD5)
Previous issue date: 2017-08-02 / Electronic government can be characterized as the use of Information and
Communication Technologies by public administration as support for internal
government processes and the delivery of government products and services to
citizens and industry in a fast and efficient way. It is essential that e-government
prevents unauthorized access to ensure that Integrity, Availability and Confidentiality,
basic principles of information security, are protected from electronic threats on the
Internet. These threats place information assets at constant risk by taking advantage
of the various vulnerabilities in the virtual environment where e-government is
inserted. Thus, this research aimed to analyze the possible vulnerabilities in egovernment
portals of the municipalities of Paraíba State. The 50 municipalities that
represent the largest share of the Gross Domestic Product (GDP) of the state of
Paraíba were considered as the research population. From these, it was possible to
analyze the portals of 40. This research was characterized as a descriptive research,
with a Quantitative approach. In order to collect data, we used Nestparker software, a
vulnerability scanner whose function is to track and identify vulnerabilities in Web
applications. As a result, 822 vulnerabilities were found, of which 15% are Critical
and 15% High Criticality. In addition, 10% of the vulnerabilities were classified as
Medium Criticality, which, in addition to other vulnerabilities with higher impacts,
represents a scenario with more than 40% vulnerabilities found in the portals of the
municipalities analyzed. Such vulnerabilities have the potential to allow malicious
elements to negatively impact the continuity of the service. In addition to identifying
the vulnerabilities of electronic security in e-government portals in the State of
Paraíba, this research indicated how to correct the identified problems, which allows
public managers to take actions that aim to minimize security breaches and the
adoption of security strategies as well as the implementation of an information
security policy. / O governo eletrônico pode ser caracterizado como a utilização das Tecnologias de
Informação e Comunicação, pela administração pública, como apoio aos processos
internos do governo e a entrega de produtos e serviços governamentais aos
cidadãos e à indústria de forma célere e eficiente. É fundamental que o governo
eletrônico se previna de acessos indevidos a fim de garantir que a Integridade, a
Disponibilidade e a Confidencialidade, princípios basilares da segurança da
informação, sejam protegidas de ameaças eletrônicas presentes na Internet. Essas
ameaças colocam os ativos de informação em constante risco ao se aproveitarem
das diversas vulnerabilidades existentes no ambiente virtual onde está inserido o
governo eletrônico. Dessa forma, essa pesquisa analisa as possíveis
vulnerabilidades existentes em portais de governo eletrônico em municípios do
Estado da Paraíba. A população da pesquisa foram os 50 municípios que
representam maior participação para a composição do Produto Interno Bruto (PIB)
do Estado da Paraíba, sendo possível analisar os portais de 40 municípios. Esta
pesquisa caracterizou-se como uma pesquisa descritiva, com abordagem
quantitativa. Para a coleta dos dados utilizou-se o software Nestparker, um scanner
de vulnerabilidades que tem como função rastrear e identificar vulnerabilidades em
aplicações Web. Como resultado, foram encontradas 822 vulnerabilidades, das
quais 15% são Críticas e 15% de Alta Criticidade. Além disso, 10% das
vulnerabilidades foram classificadas como de Média Criticidade, o que, somada às
outras vulnerabilidades de maiores impactos, representa um cenário com mais de
40% de vulnerabilidades encontradas nos portais dos municípios analisados. Tais
vulnerabilidades tem o potencial de permitir que elementos mal-intencionados
causem impactos negativos relevantes à continuidade do serviço. Essa pesquisa
indicou, também, como corrigir os problemas identificados, o que pode permitir aos
gestores públicos efetuarem ações que visem minimizar falhas de segurança e a
adoção de estratégias de segurança, bem como a implantação de uma política de
segurança da informação.
|
70 |
Implementando segurança e controle em redes de computadores / Implementing security and control in computer networksBertholdo, Leandro Márcio January 1997 (has links)
O crescimento e proliferação da Internet nos últimos anos tem trazido à tona vários problemas relativos à segurança e operacionabilidade das máquinas de universidades e empresas. Inúmeras invasões são realizadas anualmente. Entretanto, a grande maioria delas não possui registro algum, sendo muitas vezes de total desconhecimento do administrador local. Para prover soluções para estes problemas foi realizado um estudo, aqui apresentado, que tem como principal objetivo propor uma filosofia de gerência de segurança. São utilizados para isso conceitos de gerenciamento de redes como SNMPv2, aliado à implementação de um conjunto de ferramentas que garantam a integridade dos vários sistemas envolvidos. O resultado foi um sistema denominado CUCO1, que alerta sobre tentativas de ataque e situações de risco. CUCO foi projetado para permitir a um administrador, protegido ou não por uma firewall, dispor de um controle maior e melhor sobre acessos e tentativas de acessos indevidos à sua rede. O sistema usa uma estratégia de monitoração de eventos em diferentes níveis e aplicações, tentando com isto detectar e alertar a ocorrência de ataques tradicionais. Também está incorporado um bloco de funções que visam identificar um agressor situado em algum lugar da Internet, e obter maiores informações sobre ele e o domínio onde esta localizado. / The Internet increase and proliferation in the last years has brought a lot of problems related to the security and handling of hosts in universities and corporations. Many break-ins are done each year, without any record or knowledge by the site’s administrator. To give solutions to this problems was made up a study, here presented, has as the main goal the proposal of a security management philosophy. Are used network management concepts, joined with a toolkit to ensure the integrity of many systems envolved. The result was a system named CUCO2, that alerts about attacks and risks situations. CUCO was designed to allow an administrator, protected or not by firewall, to have a bigger and better access control in his network. The system uses an event monitor strategy in different levels and applications, trying to detect and alert the occurrence of common attacks. Moreover, it is also incorporated by a set of functions that attempt to identify aggressor’s location in any place in the Internet, and get information about him and the domain where he is located.
|
Page generated in 0.0878 seconds