Legal aspects of aviation security measures taken at airports

Acharya, Gautam.

January 2005

Aviation and the internet are two conveniences without which the modern world would almost grind to a halt given our current dependence levels (on them). If both were to suddenly vanish, mankind would be thrown back to the late 19th century reminiscent of a world which was once a smaller place. / Aviation plays a critical role in our daily life transporting man and material over vast distances in a relatively short period of time. A vital cog in this wheel is the airport that 'facilitates' the safe loading, unloading, take-off and landing of aircraft. / For some time now, aircraft have been the target of various terrorist groups and militant factions seeking to make a point to the world in the most dramatic fashion possible. To maintain the security of civil aviation, laws have been promulgated (both nationally and internationally) to ensure that the perpetrators (of the crime) when caught, will be adequately punished and in a manner that will deter others from committing crimes against civil aviation. However this law-making process (in large part initiated by the International Civil Aviation Organization) has not sufficiently addressed airports and the security therein. / This paper seeks to examine---and in some cases suggest improvements to---aviation security laws at large, with a specific emphasis on airports. It is believed that a more comprehensive set of laws governing aviation security would result in greater efficacy of airport security procedures thus reducing the need for prospective judicial intervention and concomitant lengthy court proceedings.

Airports -- Security measures.

Aeronautics -- Safety measures.

Honeynet design and implementation

Artore, Diane.

January 2007

Thesis (M.S.)--Computing, Georgia Institute of Technology, 2008. / Committee Chair: Wenke Lee; Committee Member: Jonathon Giffin; Committee Member: Mustaque Ahamad.

Physical-layer security

Bloch, Matthieu

January 2008

Thesis (Ph.D.)--Electrical and Computer Engineering, Georgia Institute of Technology, 2008. / Committee Chair: McLaughlin, Steven; Committee Member: Barros, Joao; Committee Member: Bellissard, Jean; Committee Member: Fekri, Faramarz; Committee Member: Lanterman, Aaron

Data-centric security : towards a utopian model for protecting corporate data on mobile devices

Mayisela, Simphiwe Hector

January 2014

Data-centric security is significant in understanding, assessing and mitigating the various risks and impacts of sharing information outside corporate boundaries. Information generally leaves corporate boundaries through mobile devices. Mobile devices continue to evolve as multi-functional tools for everyday life, surpassing their initial intended use. This added capability and increasingly extensive use of mobile devices does not come without a degree of risk - hence the need to guard and protect information as it exists beyond the corporate boundaries and throughout its lifecycle. Literature on existing models crafted to protect data, rather than infrastructure in which the data resides, is reviewed. Technologies that organisations have implemented to adopt the data-centric model are studied. A utopian model that takes into account the shortcomings of existing technologies and deficiencies of common theories is proposed. Two sets of qualitative studies are reported; the first is a preliminary online survey to assess the ubiquity of mobile devices and extent of technology adoption towards implementation of data-centric model; and the second comprises of a focus survey and expert interviews pertaining on technologies that organisations have implemented to adopt the data-centric model. The latter study revealed insufficient data at the time of writing for the results to be statistically significant; however; indicative trends supported the assertions documented in the literature review. The question that this research answers is whether or not current technology implementations designed to mitigate risks from mobile devices, actually address business requirements. This research question, answered through these two sets qualitative studies, discovered inconsistencies between the technology implementations and business requirements. The thesis concludes by proposing a realistic model, based on the outcome of the qualitative study, which bridges the gap between the technology implementations and business requirements. Future work which could perhaps be conducted in light of the findings and the comments from this research is also considered.

Computer security

Computer networks -- Security measures

Mobile computing -- Security measures

Threats to information systems and effective countermeasures

Jones, Andrew

January 2004

This thesis supports the hypothesis that the measurement of the potency of threat agents to information systems is a crucial element in the accurate calculation of the risks to which systems are subject and the subsequent management of those risks. It describes a series of papers that were published as the result of research that has been carried out into a range of information security issues. The research evolved over the period from 1995 from the underlying drive to identify means of proving improved protection for government and military information systems. Once the initial research was completed, further work was undertaken to resolve issues identified in completed research and also to address newly identified security issues. This document describes the relationship between the papers that were produced from the individual areas of research and address a range of related topics. This document examines the sources of threats to information systems and methods that can be employed to improve the process of managing and treating the risk that they create. It also addresses issues relating to areas of information security that have not been clearly understood and a provides a number of countermeasures that can be implemented to protect information systems in government, the commercial sector and in private use and a framework for the forensic investigation of incidents. As a result of this research, a clearer understanding has been gained of methods that can be implemented to improve the security of information systems at all levels and a threat methodology has been developed that is now taught in a number of countries and which has now been adopted by the UK Government for further development to meet their specific needs. The contribution to knowledge has been the development of advice on the security of information systems, a taxonomy for the investigation of incidents and a method for the measurement of threat.

005.8

The implementation of integrated security systems: case study of the industrial sector of Harare-Zimbabwe

Musonza, Dimax

02 1900

Text in English / Industrial sites in Harare contribute significantly to the economy of Zimbabwe. Harare is the capital city of Zimbabwe and therefore has significant manufacturing and commercial activity. The protection of industrial sites is very important because of the presence of valuable assets and operations. Therefore the main purpose of deploying security measures at industry premises is to create a safe and secure environment for the business functions. Security management is consequently an important element of an industrial organisation’s continuity. The implementation of integrated security systems was examined to some extent within this study. The size and nature of industrial facilities influenced this study to view integrated security systems as more effective than stand-alone security measures. The study sought to investigate the various aspects associated with the implementation. The purposes of the research included the following: • Examine current practices, benefits, shortcomings in the implementation of integrated security systems; • Critically evaluate the security management aspects required for the implementation ofintegrated security systems; • Investigate successes and failures associated with integrated security systems and how implementation can be improved; • Examine and identify factors necessary for a best practice approach to integrated security systems; and • Determine a methodology for the effective implementation of integrated security systems. Additionally the study briefly examined how security systems integration can assist in reducing the problem of connivance to theft at receiving and dispatch points at industrial facilities. The report is divided into five chapters. Chapter 1 covers the research problem, Chapter 2 deals with the research methods while Chapter 3 has insightful information from literature review. Chapter 4 presents the data and how it was analysed. Lastly Chapter 5 has findings, recommendations and conclusions. The study used the mixed-method approach. This approach includes both qualitative and quantitative research in order to gain a more in-depth understanding of the research problem. The methods of data collection were site visits, interviews and questionnaires. The sample was drawn from a cross-section of sites within the industrial areas of Workington, Southerton, Willowvale, Graniteside, Msasa and few outside industries in the vicinity of Harare. A total of 11 sites were observed. The interviews consisted of 30 participants who were mainly security practitioners at management level as well as some non-security managers. In addition, a total of 102 respondents participated in this study by completing the questionnaire. The majority of the respondents were security practitioners who were the main focus of the study. The findings support the various aspects of the implementation of integrated security systems. The conclusions emanating from the statistical analysis of the collected data included the following: • The critical assets for protection at industrial facilities are infrastructure, products, revenue, people and other movable items or equipment; • The main threat sources are from outsiders, crime syndicates and employees; • Security systems suitable for integration are CCTV, electronic access control, alarms, personnel, policies and procedures backed by information communication technologies. • Security should be functionally integrated with other departments which include Information Technology, Human Resources, Finance, Operations and Marketing; • The preferred mode of linkage was established to be fibre optic on a local area or wide area network using intranet or internet; • The key players in the integration were found to be security practitioners, top management, IT specialist, system suppliers, installers and operators; • The implementation process consists of security policy, survey, system design, procurement, installation, training, operating, review and upgrade; • Factors necessary for best practice include system purpose, availability of resources, top management commitment, skills, and feasibility to implement; • The benefits are mainly improved effectiveness, easy of monitoring, improved outlook and record keeping; • The most significant challenges are system breakdown, sabotage and power outage; and • Connivance to theft can be mitigated by a combination of staff rotation, dedicated CCTV, spot checks, undercover surveillance and functional integration. area network using intranet or internet; • The key players in the integration were found to be security practitioners, top management, IT specialist, system suppliers, installers and operators; • The implementation process consists of security policy, survey, system design, procurement, installation, training, operating, review and upgrade; • Factors necessary for best practice include system purpose, availability of resources, top management commitment, skills, and feasibility to implement; • The benefits are mainly improved effectiveness, easy of monitoring, improved outlook and record keeping; • The most significant challenges are system breakdown, sabotage and power outage; and • Connivance to theft can be mitigated by a combination of staff rotation, dedicated CCTV, spot checks, undercover surveillance and functional integration. / Security Risk Management / M. Tech. (Security Management)

658.47096891

Information security with special reference to database interconnectivity.

Coetzee, Marijke

29 May 2008

Information can be considered a company’s most valued asset and should be protected as such. In the past, companies allowed very limited access to corporate information. Today, the rapid growth of the Internet increases the importance of connecting to existing databases. Access to such web-enabled databases, containing sensitive information such as credit card numbers must be made available only to those who need it. The security of web-enabled databases is challenged, as huge user populations access corporate information, past traditional perimeters. Providing a secure web-enabled database environment is not as simple as creating a few dynamic pages linked to a secured database. As a web-enabled database is very sophisticated, consisting of various applications in front of the database, it is vulnerable to attack. Furthermore, since most malicious intrusions occur from inside, defences such as firewalls, intrusion detection and virus scanning provide limited protection. The principle aim of this study was to consider security services and mechanisms that would provide protection to web-enabled databases. As database security has been a well-researched topic ever since the first databases were used, it was decided to investigate whether traditional database security could possibly provide a basic framework to be used when approaching the security of web-enabled databases. An investigation was made into nine current state database security services and their associated mechanisms. Additional services and mechanisms were identified, that could provide protection in the new environment. The integrated service provided by web-enabled databases was contrasted to the service provided by current state database security. A model was developed that illustrated how these services and mechanisms could be applied to create a secure web-enabled database. The study was brought to an end with a conclusion on the security that can be attained by web-enabled databases. Further problem areas, which could be researched in the future, were touched upon briefly. / Prof. J.H.P. Eloff

web database security measures

database security

A security model for a virtualized information environment

Tolnai, Annette

15 August 2012

D.Phil. / Virtualization is a new infrastructure platform whose trend is sweeping through IT like a blaze. Improving the IT industry by higher utilization from hardware, better responsiveness to changing business conditions and lower cost operations is a must have in the new generation of virtualization solutions. Virtualization is not just one more entry in the long line of “revolutionary” products that have hit the technology marketplace. Many parts of the technology ecosystem will be affected as the paradigm shifts from the old one-to-one correspondence between software and hardware to the new approach of software operating on any hardware that happens to be most suitable to use at the time. This brings along with it security concerns, which need to be addressed. Security evolving in and around the virtualized system will become more pertinent the more virtualization is employed into everyday IT technology and use. In this thesis, a security model for virtualization will be developed and presented. This model will cover the different facets needed to address virtualization security.

Computer security

Information security with specific reference to browser technology

Prinsloo, Jacobus Johannes

28 August 2012

M.Comm. / The present study was undertaken in the realm of the Internet working environment, with its focus on measures by which to secure executable code in the Web-browsing environment. The principal aim of this study was to highlight the potential security risks that could be incurred while a user is browsing the World Wide Web. As a secondary objective, the researcher hoped, by means of a prototype and the process of real-time risk analyses, to alert the general Internet user population to these risks. The main objective of the prototype was to provide a framework within which users could be warned of potentially dangerous actions effected by executing code in their browsing environments in real time. Following, an overview of the research methodology employed to realise the objectives of this study. The study commenced with an introduction to the Internet and, along with that, to the World Wide Web. In the course of the introduction, the researcher took a closer look at a number of risks associated with this environment. In sketching the Internet environment and its associated risks, the researcher also provided ample motivation for the study. After having established the clamant need to secure the Web-browsing environment, a conceptual model was expounded. This model would later form the basis for the Real-time Risk Analyser prototype to be presented. In order, however, to justify further research into and development of the said RtRA prototype, it was necessary first to evaluate existing browsing technologies. A formal approach was followed to draw a comparison between the existing browsers. The said comparison also served to uncover some of the shortcomings of these browsers in terms of the security features they support. Since the focal point of this study was to be the various ways in which to secure executable code on the Internet, it was decided to launch an investigation into Java, as it probably is the most familiar executable code used in the Web browsing environment. The Java Security Model was, therefore, thoroughly researched in a bid to determine possible ways in which to monitor executable Java code. After having investigated the browsing environment and after having determined possible ways of performing real-time risk analyses, a prototype was developed that could monitor executable Java code in a browsing environment. Following, the prototype was put through its paces in a hypothetical scenario. The study culminated in a summary of the results of and the conclusions about the research study. Further problem areas that could become the focal points of future research projects were also touched upon.

World Wide Web

Internet - Security measures

Guidelines for cybersecurity education campaigns

Reid, Rayne

January 2017

In our technology- and information-infused world, cyberspace is an integral part of modern-day society. As the number of active cyberspace users increases, so too does the chances of a cyber threat finding a vulnerable target increase. All cyber users who are exposed to cyber risks need to be educated about cyber security. Human beings play a key role in the implementation and governing of an entire cybersecurity and cybersafety solution. The effectiveness of any cybersecurity and cybersafety solutions in a societal or individual context is dependent on the human beings involved in the process. If these human beings are either unaware or not knowledgeable about their roles in the security solution they become the weak link in these cybersecurity solutions. It is essential that all users be educated to combat any threats. Children are a particularly vulnerable subgroup within society. They are digital natives and make use of ICT, and online services with increasing frequency, but this does not mean they are knowledgeable about or behaving securely in their cyber activities. Children will be exposed to cyberspace throughout their lifetimes. Therefore, cybersecurity and cybersafety should be taught to children as a life-skill. There is a lack of well-known, comprehensive cybersecurity and cybersafety educational campaigns which target school children. Most existing information security and cybersecurity education campaigns limit their scope. Literature reports mainly on education campaigns focused on primary businesses, government agencies and tertiary education institutions. Additionally, most guidance for the design and implementation of security and safety campaigns: are for an organisational context, only target organisational users, and mostly provide high-level design recommendations. This thesis addressed the lack of guidance for designing and implementing cybersecurity and cybersafety educational campaigns suited to school learners as a target audience. The thesis aimed to offer guidance for designing and implementing education campaigns that educate school learners about cybersecurity and cybersafety. This was done through the implementation of an action research process over a five-year period. The action research process involved cybersecurity and cybersafety educational interventions at multiple schools. A total of 18 actionable guidelines were derived from this research to guide the design and implementation of cybersecurity and cybersafety education campaigns which aim to educate school children.

Computer security

Computer networks -- Security measures