Spelling suggestions: "subject:"2security measures"" "subject:"bsecurity measures""
31 |
Near real-time threat assessment using intrusion detection system's dataFragkos, Grigorios January 2011 (has links)
The concept of Intrusion Detection (ID) and the development of such systems have been a major concern for scientists since the late sixties. In recent computer networks, the use of different types of Intrusion Detection Systems (IDS) is considered essential and in most cases mandatory. Major improvements have been achieved over the years and a large number of different approaches have been developed and applied in the way these systems perform Intrusion Detection. The purpose of the research is to introduce a novel approach that will enable us to take advantage of the vast amounts of information generated by the large number of different IDSs, in order to identify suspicious traffic, malicious intentions and network attacks in an automated manner. In order to achieve this, the research focuses upon a system capable of identifying malicious activity in near real-time, that is capable of identifying attacks while they are progressing. The thesis addresses the near real-time threat assessment by researching into current state of the art solutions. Based on the literature review, current Intrusion Detection technologies lean towards event correlation systems using different types of detections techniques. Instead of using linear event signatures or rule sets, the thesis suggests a structured description of network attacks based on the abstracted form of the attacker’s activity. For that reason, the design focuses upon the description of network attacks using the development of footprints. Despite the level of knowledge, capabilities and resources of the attacker, the system compares occurring network events against predefined footprints in order to identify potential malicious activity. Furthermore, based on the implementation of the footprints, the research also focuses upon the design of the Threat Assessment Engine (TAE) which is capable of performing detection in near real-time by the use of the above described footprints. The outcome of the research proves that it is possible to have an automated process performing threat assessment despite the number of different ongoing attacks taking place simultaneously. The threat assessment process, taking into consideration the system’s architecture, is capable of acting as the human analyst would do when investigating such network activity. This automation speeds up the time-consuming process of manually analysing and comparing data logs deriving from heterogeneous sources, as it performs the task in near real-time. Effectively, by performing the this task in near real-time, the proposed system is capable of detecting complicated malicious activity which in other cases, as currently performed, it would be difficult, maybe impossible or results would be generated too late.
|
32 |
Information protection in the digital banking environmentRedlinghuis, André Jacques 01 August 2012 (has links)
M.A. / The evolution of the Internet has led to the establishment of various value-adding products and services such as Internet banking (IB). Internet banking has changed the formal banking landscape forever. Some may argue that Internet banking has positively affected the lives of many, through providing services in a more convenient, efficient and effective manner, 365 days a year. However, the growth of the Internet has lead to the increase of various Information Technology (IT) problems and challenges. Today, individuals and organisations are faced with an increasing number of attacks via computer and Internet viruses, phishing scams and Internet hackers. Individuals and organisations must place greater emphasis on ensuring that their financial well-being is protected. The investment in adequate software and hardware has become critical to conduct financial transactions securely via the Internet. The level of security awareness should also be increased and established at various levels through comprehensive educational programmes. Extensive Internet banking awareness campaigns have been launched, but the level to which these campaigns are successful is uncertain. The main focus of this dissertation is to understand Internet banking customers’ perceptions on information protection when using Internet banking services and products, as various factors influence the perceptions of trust with regards to Internet banking. Trust is formed through a variety of factors from the influence of others on our own beliefs and values, to the experiences gained by using specific technology or processes over a particular period of time. An in-depth literature review forms the basic framework for the dissertation and is followed by an empirical component. The main goal of the literature review is to provide a solid theoretical framework and basis from which to conduct the empirical research. Chapters 2 to 4 delve into the evolution and development of the Internet and provide a perspective on the South African banking landscape. The various challenges the Internet banking domain is faced with, is explored, and the various opportunities that exist are extensively discussed. Trust, the major factor influencing the adoption of Internet banking services and products, is explored, and the factors that shape and diminish trust are discussed. The empirical study consisted of a close-ended questionnaire that was completed by a sample of University of Johannesburg (UJ) alumni. The study included 138 individuals who completed the close-ended questionnaire and the results were analysed by Statistical Consultation Services (StatCon), a statistical research unit within UJ. The results indicate that more should be done to ensure that individuals and businesses are well-versed on issues pertaining to Internet banking security and safety. The results further highlight that the quality of most of the individuals’ relationships with their formal bank branch diminished due to Internet banking. An interesting finding was that 80.7% of the respondents indicated that they would make use of Internet banking services and products, even though they are aware of fraudulent activities that take place via this Internet medium. The research findings provide financial institutions with valuable guidelines on how to plan and implement effective and efficient Internet banking education and awareness strategies.
|
33 |
ISAP - an information security awareness portalTolnai, Annette 27 May 2010 (has links)
M.Sc. / The exponential growth of the Internet contributes to risks and threats which materialize without our knowledge. The more computer and Internet use becomes a part of our daily lives, the more we expose ourselves and our personal information on the World Wide Web and hence, the more opportunities arise for fraudsters to get hold of this information. Internet use can be associated with Internet banking, online shopping, online transactions, Internet Relay Chat, newsgroups, search engines, online blogs and e-mail. The source behind online activities carried on over the Internet may be different from what we are led to believe. Communication lines may be intercepted, compromising sensitive information of the user. It is a risk to make digital payments and reveal sensitive information about ourselves to an unknown source. If the risk materializes, it may result in undesired circumstances. Using the Internet securely should be a prerequisite to every user before conducting online transactions and activities over the World Wide Web. Owing to the versatility and ease of the electronic medium, electronic databases and vast amounts of sensitive information are readily accumulated. This is cause for concern regarding the main issues, namely privacy, identity theft and monetary fraud. Major countermeasures to mitigate the main forms of security and Internet-related issues are awareness of these risks and how they may materialize as well as relevant protection mechanisms. A discussion about why the Internet is a popular medium for criminal behaviour, what risks are involved, what can be done about them and some technical as well as non-technical preventative measures are covered in this dissertation. The purpose of this dissertation is to create an overall awareness of Internet banking and the process of Internet transactions. The end result is the development of an information security awareness portal (ISAP) aimed at the general public and potential Internet users who may be subject to identity and credit fraud. The aim of the ISAP is to sensitize users and minimize the growing numbers of individuals who are victimized through online crimes. Individuals using the Internet need to be aware of privacy concerns governing the Internet and how searchers are able to find out almost anything about them. The false sense of security and anonymity we as users think we have when innocently connecting to the World Wide Web outlines threats lurking in the background where we would never imagine. By the time you are finished reading this dissertation, it may put you off transacting and revealing sensitive information about yourself online ever again.
|
34 |
Introducing hippocratic log files for personal privacy controlRutherford, Andrew January 2005 (has links)
The rapid growth of the Internet has served to intensify existing privacy concerns of the individual, to the point that privacy is the number one concern amongst Internet users today. Tools exist that can provide users with a choice of anonymity or pseudonymity. However, many Web transactions require the release of personally identifying information, thus rendering such tools infeasible in many instances. Since it is then a given that users are often required to release personal information, which could be recorded, it follows that they require a greater degree of control over the information they release. Hippocratic databases, designed by Agrawal, Kiernan, Srikant, and Xu (2002), aim to give users greater control over information stored in a data- base. Their design was inspired by the medical Hippocratic oath, and makes data privacy protection a fundamental responsibility of the database itself. To achieve the privacy of data, Hippocratic databases are governed by 10 key privacy principles. This dissertation argues, that asides from a few challenges, the 10 prin- ciples of Hippocratic databases can be applied to log ¯les. This argument is supported by presenting a high-level functional view of a Hippocratic log file architecture. This architecture focuses on issues that highlight the con- trol users gain over their personal information that is collected in log files. By presenting a layered view of the aforementioned architecture, it was, fur- thermore, possible to provide greater insight into the major processes that would be at work in a Hippocratic log file implementation. An exploratory prototype served to understand and demonstrate certain of the architectural components of Hippocratic log files. This dissertation, thus, makes a contribution to the ideal of providing users with greater control over their personal information, by proposing the use of Hippocratic logfiles.
|
35 |
Providing security services for mobile ad hoc networksDong, Ying, 董穎 January 2007 (has links)
published_or_final_version / abstract / Electrical and Electronic Engineering / Doctoral / Doctor of Philosophy
|
36 |
WISP: a wireless information security portalDiakite, Soumaila Dit Moule 10 March 2010 (has links)
M.Sc. / Wireless networking is a fairly new technology that is important in information technology (IT). Hotels, Airports, Coffee shops, and homes are all installing wireless networks at a record pace, making wireless networks the best choice for consumers. This popularity of wireless networks is because of the affordability of wireless networks devices, and the easy installation [11]. In spite of the popularity of the wireless networks, one factor that has prevented them from being even more widespread can be summed up in a single word: security. It comes as no surprise that these two – wireless and security – converge to create one of the most important topics in the IT industry today [11]. Wireless networks by nature bring about new challenges unique to its environment. One example of these new challenges is: “Signal overflow beyond physical walls”, and with these kinds of new challenges unique to wireless networks, we have new security risks. Hence wireless networks lend themselves to a host of attack possibilities and risks. That is because wireless networks provide a convenient network access point for an attacker, potentially beyond the physical security controls of the organization [7]. Therefore it is challenging for managers to introduce wireless networks and properly manage the security of wireless networks, Security problems of wireless networks are the main reason for wireless networks not being rolled out optimally [1]. In this dissertation, we aim to present to both specialist and non–specialists in the IT industry the information needed to protect a wireless network. We will first identify and discuss the different security requirements of wireless networks. After that we shall examine the technology that helps make wireless networks secure, and describe the type of attacks against wireless networks and defense techniques to secure wireless networks. The research will concentrate on wireless LANs (Local Area Networks), and leading wireless LAN protocols and standards. The result of the research will be used to create WISP (A Wireless Information Security Portal). WISP will be a tool to support the management of a secure wireless network, and help assure the confidentiality, integrity, and availability of the information systems in a wireless network environment.
|
37 |
A framework for information security governance in SMMEsCoertze, Jacques Jacobus January 2012 (has links)
It has been found that many small, medium and micro-sized enterprises (SMMEs) do not comply with sound information security governance principles, specifically the principles involved in drafting information security policies and monitoring compliance, mainly as a result of restricted resources and expertise. Research suggests that this problem occurs worldwide and that the impact it has on SMMEs is great. The problem is further compounded by the fact that, in our modern-day information technology environment, many larger organisations are providing SMMEs with access to their networks. This results not only in SMMEs being exposed to security risks, but the larger organisations as well. In previous research an information security management framework and toolbox was developed to assist SMMEs in drafting information security policies. Although this research was of some help to SMMEs, further research has shown that an even greater problem exists with the governance of information security as a result of the advancements that have been identified in information security literature. The aim of this dissertation is therefore to establish an information security governance framework that requires minimal effort and little expertise to alleviate governance problems. It is believed that such a framework would be useful for SMMEs and would result in the improved implementation of information security governance.
|
38 |
A framework to mitigate phishing threatsFrauenstein, Edwin Donald January 2013 (has links)
We live today in the information age with users being able to access and share information freely by using both personal computers and their handheld devices. This, in turn, has been made possible by the Internet. However, this poses security risks as attempts are made to use this same environment in order to compromise the confidentiality, integrity and availability of information. Accordingly, there is an urgent need for users and organisations to protect their information resources from agents posing a security threat. Organisations typically spend large amounts of money as well as dedicating resources to improve their technological defences against general security threats. However, the agents posing these threats are adopting social engineering techniques in order to bypass the technical measures which organisations are putting in place. These social engineering techniques are often effective because they target human behaviour, something which the majority of researchers believe is a far easier alternative than hacking information systems. As such, phishing effectively makes use of a combination of social engineering techniques which involve crafty technical emails and website designs which gain the trust of their victims. Within an organisational context, there are a number of areas which phishers exploit. These areas include human factors, organisational aspects and technological controls. Ironically, these same areas serve simultaneously as security measures against phishing attacks. However, each of these three areas mentioned above are characterised by gaps which arise as a result of human involvement. As a result, the current approach to mitigating phishing threats comprises a single-layer defence model only. However, this study proposes a holistic model which integrates each of these three areas by strengthening the human element in each of these areas by means of a security awareness, training and education programme.
|
39 |
User compliance with the organisation's information security policy: a deterrence theory studyFachin, Dario January 2016 (has links)
MCom Information Systems
Research report
2015 / In today’s age of increasing cyber-attacks, with even national governments
interests forming cyber warfare departments to defend their countries, there is no
company globally which cannot be prepared for their critical infrastructure or
information to be stolen, destroyed, manipulated or be made unavailable from
various cyber-attacks. In most organisations, the user of the Information Systems
is vital to ensuring that systems are protected by adhering to the Information
Security Policy. Failure to comply with the Information Security Policy by end
users exposes the company to the risk of the loss of sensitive information which
could have major reputational, legal and financial impacts.
The study followed a positivist research philosophy using a hypothetical model to
test various hypotheses. Through the lens of deterrence theory, using a survey
method to gather the information, the hypotheses are tested and analysed to
further understand user compliance with an organisation’s Information Security
Policy.
The findings reveal that some elements of the deterrence theory are strong
predictors to ensuring user compliance within a large global mining firm. The
certainty of being caught for end users and the celerity of not adhering to the
Information Security policy are strong predictors to ensure user compliance. The
awareness of severity for not complying with the Information Security Policy or the
awareness of being monitored is reflected to not be strong predictors to ensure
user compliance. The research is intended to further assist both academics and
practitioners to further their understanding of user compliance to the Information
Security Policy. / MT2017
|
40 |
Whether using encryption in SCADA systems, the services performance requirements are still met in OT IT environment over an MPLS core network?Chego, Lloyd January 2016 (has links)
A Research Project Abstract
submitted in fulfillment of the requirements
for
Master of Science in Engineering [Electrical]: Telecommunications
at the
University Of The Witwatersrand, Johannesburg
07 June 2016 / Utilities use Supervisory Control and Data Acquisition systems as their industrial control
system. The architecture of these systems in the past was based on them being isolated from
other networks. Now with recent ever changing requirements of capabilities from these
systems there is a need to converge with information technology systems and with the need to
have these industrial networks communicating on packet switched networks there are cyber
security concerns that come up.
This research project looks at the whether using encryption in an IP/MPLS core network for
SCADA in an OT IT environment has an effect on the performance requirements. This was
done through an experimental simulation with the results recorded. The research project also
looks at the key literature study considerations.
The key research question for the research project of this MSc 50/50 mini-thesis is “whether
using encryption in SCADA systems, the services performance requirements are still met in
OT/ IT environment over an MPLS core network”? The research project seeks to determine if
SCADA performance requirements are met over an encrypted MPLS/IP core network in an
OT/IT environment. The key focus area of the research project is only encryption in the
whole cyber security value chain versus SCADA services performances. This means that the
research project only focused on the encryption portion of the whole cyber security value
chain and the scope did not focus on other aspects of the value chain. This suffices for an
MSc 50/50 mini-thesis research project as a focus on the whole value chain would require a
full MSc thesis.
Thus the primary objective for the research project is to research and demonstrate that
encryption is essential for secure SCADA communication over a MPLS/IP core network. As
aforementioned encryption forms an essential part of the Cyber Security value chain which
has to achieve the following objectives.
Confidentiality: ensuring that the information source is really from that source.
Integrity: ensuring that the information has not been altered in any way.
Availability: ensuring that system is not comprised but that it is available.
These objectives of encryption should be met with SCADA service performance
requirements not violated which is the objective of the research project. / M T 2016
|
Page generated in 0.0576 seconds