Global ETD Search

11	Container Line Supply Chain security analysis under complex and uncertain environment Tang, Dawei January 2012 (has links) Container Line Supply Chain (CLSC), which transports cargo in containers and accounts for approximately 95 percent of world trade, is a dominant way for world cargo transportation due to its high efficiency. However, the operation of a typical CLSC, which may involve as many as 25 different organizations spreading all over the world, is very complex, and at the same time, it is estimated that only 2 percent of imported containers are physically inspected in most countries. The complexity together with insufficient prevention measures makes CLSC vulnerable to many threats, such as cargo theft, smuggling, stowaway, terrorist activity, piracy, etc. Furthermore, as disruptions caused by a security incident in a certain point along a CLSC may also cause disruptions to other organizations involved in the same CLSC, the consequences of security incidents to a CLSC may be severe. Therefore, security analysis becomes essential to ensure smooth operation of CLSC, and more generally, to ensure smooth development of world economy. The literature review shows that research on CLSC security only began recently, especially after the terrorist attack on September 11th, 2001, and most of the research either focuses on developing policies, standards, regulations, etc. to improve CLSC security from a general view or focuses on discussing specific security issues in CLSC in a descriptive and subjective way. There is a lack of research on analytical security analysis to provide specific, feasible and practical assistance for people in governments, organizations and industries to improve CLSC security. Facing the situation mentioned above, this thesis intends to develop a set of analytical models for security analysis in CLSC to provide practical assistance to people in maintaining and improving CLSC security. In addition, through the development of the models, the thesis also intends to provide some methodologies for general risk/security analysis problems under complex and uncertain environment, and for some general complex decision problems under uncertainty. Specifically, the research conducted in the thesis is mainly aimed to answer the following two questions: how to assess security level of a CLSC in an analytical and rational way, and according to the security assessment result, how to develop balanced countermeasures to improve security level of a CLSC under the constraints of limited resources. For security assessment, factors influencing CLSC security as a whole are identified first and then organized into a general hierarchical model according to the relations among the factors. The general model is then refined for security assessment of a port storage area along a CLSC against cargo theft. Further, according to the characteristics of CLSC security analysis, the belief Rule base Inference Methodology using the Evidential Reasoning approach (RIMER) is selected as the tool to assess CLSC security due to its capabilities in accommodating and handling different forms of information with different kinds of uncertainty involved in both the measurement of factors identified and the measurement of relations among the factors. To build a basis of the application of RIMER, a new process is introduced to generate belief degrees in Belief Rule Bases (BRBs), with the aim of reducing bias and inconsistency in the process of the generation. Based on the results of CLSC security assessment, a novel resource allocation model for security improvement is also proposed within the framework of RIMER to optimally improve CLSC security under the constraints of available resources. In addition, it is reflected from the security assessment process that RIMER has its limitations in dealing with different information aggregation patterns identified in the proposed security assessment model, and in dealing with different kinds of incompleteness in CLSC security assessment. Correspondently, under the framework of RIMER, novel methods are proposed to accommodate and handle different information aggregation patterns, as well as different kinds of incompleteness. To validate the models proposed in the thesis, several case studies are conducted using data collected from different ports in both the UK and China. From a methodological point of view, the ideas, process and models proposed in the thesis regarding BRB generation, optimal resource allocation based on security assessment results, information aggregation pattern identification and handling, incomplete information handling can be applied not only for CLSC security analysis, but also for dealing with other risk and security analysis problems and more generally, some complex decision problems. From a practical point of view, the models proposed in the thesis can help people in governments, organizations, and industries related to CLSC develop best practices to ensure secure operation, assess security levels of organizations involved in a CLSC and security level of the whole CLSC, and allocate limited resources to improve security of organizations in CLSC. The potential beneficiaries of the research may include: governmental organizations, international/regional organizations, industrial organizations, classification societies, consulting companies, companies involved in a CLSC, companies with cargo to be shipped, individual researchers in relevant areas etc.
12	Proposta de um modelo de segurança da informação: o caso de uma aplicação no Colégio Pedro II Oliveira, Cezar Bastos de 08 December 2016 (has links) Submitted by Joana Azevedo (joanad@id.uff.br) on 2017-06-29T19:38:42Z No. of bitstreams: 1 Dissert Cezar Bastos de Oliveira.pdf: 2047343 bytes, checksum: 76544dd64d3e9ae36ffb755cf285fdbd (MD5) / Approved for entry into archive by Biblioteca da Escola de Engenharia (bee@ndc.uff.br) on 2017-07-10T14:35:58Z (GMT) No. of bitstreams: 1 Dissert Cezar Bastos de Oliveira.pdf: 2047343 bytes, checksum: 76544dd64d3e9ae36ffb755cf285fdbd (MD5) / Made available in DSpace on 2017-07-10T14:35:58Z (GMT). No. of bitstreams: 1 Dissert Cezar Bastos de Oliveira.pdf: 2047343 bytes, checksum: 76544dd64d3e9ae36ffb755cf285fdbd (MD5) Previous issue date: 2016-12-08 / O estudo da Ciência da Informação é um campo interdisciplinar muito importante para a sociedade, em todos os ramos do conhecimento. Nas instituições, principalmente as públicas, é importante uma boa Gestão da Informação a fim de reduzir ao mínimo os riscos dela advindos. Após os eventos de 11 de setembro de 2001 nos Estados Unidos, a necessidade de sistemas que preservem com mais segurança as informações tem sido uma preocupação constante. Assim é que se estabelecem várias regras de boas práticas para a Segurança da Informação. O presente trabalho tem o objetivo de realizar uma revisão bibliográfica e um estudo documental sobre os conceitos relacionados à Informação, Segurança da Informação, Gestão de Riscos, normas, legislação e melhores práticas existentes, utilizando a Norma NBR ISO 17799 como referência assim como modelos encontrados na literatura e de outras Instituições similares. A partir deste estudo, propor um modelo de política de segurança da informação, baseado no caso de aplicação do Colégio Pedro II, mas bem abrangente, que contemple ao máximo as especificidades das Instituições de Ensino e que possa servir de modelo para que as Instituições similares possam desenvolver, a partir dele, sua Política de Segurança. Nele apresentam-se os princípios, diretrizes básicas e responsabilidades de uma Política de Segurança, utilizando os conceitos estudados na revisão bibliográfica. / The study of Information Science is a very important interdisciplinary field for society, in all branches of knowledge. In institutions, especially public institutions, good information management is important in order to minimize the risks that arise from it. Following the events of September 11, 2001 in the United States, the need for more secure information systems has been a constant concern. This is how a number of good practice rules for information security are established. The present work has the objective of carrying out a bibliographic review and a documentary study on the concepts related to Information, Information Security, Risk Management, norms, legislation and existing best practices, using the Standard NBR ISO 17799 as reference as well as models found In literature and other similar institutions. From this study, to propose a model of information security policy, based on the case of application of the Pedro II College, but very comprehensive, that contemplates to the maximum the specificities of the Teaching Institutions and that can serve as a model so that similar Institutions To develop, from it, its Security Policy. It presents the principles, basic guidelines and responsibilities of a Security Policy, using the concepts studied in the bibliographic review. Informação Segurança da informação Medidas de segurança Política de segurança Informação Segurança da informação Medida de segurança Information Security of the information Measures of security Security policies
13	Tackling the barriers to achieving Information Assurance Simmons, Andrea C. January 2017 (has links) This original, reflective practitioner study researched whether professionalising IA could be successfully achieved, in line with the UK Cyber Security Strategy expectations. The context was an observed changing dominant narrative from IA to cybersecurity. The research provides a dialectical relationship with the past to improve IA understanding. The Academic contribution: Using archival and survey data, the research traced the origins of the term IA and its practitioner usage, in the context of the increasing use of the neologism of cybersecurity, contributing to knowledge through historical research. Discourse analysis of predominantly UK government reports, policy direction, legislative and regulatory changes, reviewing texts to explore the functions served by specific constructions, mainly Information Security (Infosec) vs IA. The Researcher studied how accounts were linguistically constructed in terms of the descriptive, referential and rhetorical language used, and the function that serves. The results were captured in a chronological review of IA ontology. The Practitioner contribution: Through an initial Participatory Action Research (PAR) public sector case study, the researcher sought to make sense of how the IA profession operates and how it was maturing. Data collection from self-professed IA practitioners provided empirical evidence. The researcher undertook evolutionary work analysing survey responses and developed theories from the analysis to answer the research questions. The researcher observed a need to implement a unified approach to Information Governance (IG) on a large organisation-wide scale. Using a constructivist grounded theory the researcher developed a new theoretical framework - i3GRC™ (Integrated and Informed Information Governance, Risk, and Compliance) - based on what people actually say and do within the IA profession. i3GRC™ supports the required Information Protection (IP) through maturation from IA to holistic IG. Again, using PAR, the theoretical framework was tested through a private sector case study, the resultant experience strengthening the bridge between academia and practitioners.
14	Enhancing information security in organisations in Qatar Al-Hamar, Aisha January 2018 (has links) Due to the universal use of technology and its pervasive connection to the world, organisations have become more exposed to frequent and various threats. Therefore, organisations today are giving more attention to information security as it has become a vital and challenging issue. Many researchers have noted that the significance of information security, particularly information security policies and awareness, is growing due to increasing use of IT and computerization. In the last 15 years, the State of Qatar has witnessed remarkable growth and development of its civilization, having embraced information technology as a base for innovation and success. The country has undergone tremendous improvements in the health care, education and transport sectors. Information technology plays a strategic role in building the country's knowledge-based economy. Due to Qatar s increasing use of the internet and connection to the global environment, it needs to adequately address the global threats arising online. As a result, the scope of this research is to investigate information security in Qatar and in particular the National Information Assurance (NIA) policy. There are many solutions for information security some technical and some non-technical such as policies and making users aware of the dangers. This research focusses on enhancing information security through non-technical solutions. The aim of this research is to improve Qatari organisations information security processes by developing a comprehensive Information Security Management framework that is applicable for implementation of the NIA policy, taking into account Qatar's culture and environment. To achieve the aim of this research, different research methodologies, strategies and data collection methods will be used, such as a literature review, surveys, interviews and case studies. The main findings of this research are that there is insufficient information security awareness in organisations in Qatar and a lack of a security culture, and that the current NIA policy has many barriers that need to be addressed. The barriers include a lack of information security awareness, a lack of dedicated information security staff, and a lack of a security culture. These barriers are addressed by the proposed information security management framework, which is based on four strategic goals: empowering Qataris in the field of information security, enhancing information security awareness and culture, activating the Qatar National Information Assurance policy in real life, and enabling Qatar to become a regional leader in information security. The research also provides an information security awareness programme for employees and university students. At the time of writing this thesis, there are already indications that the research will have a positive impact on information security in Qatar. A significant example is that the information security awareness programme for employees has been approved for implementation at the Ministry of Administrative Development Labour and Social Affairs (ADLSA) in Qatar. In addition, the recommendations proposed have been communicated to the responsible organisations in Qatar, and the author has been informed that each organisation has decided to act upon the recommendations made.
15	Volba informační strategie nového elektronického obchodu / Choice of Information Strategy for a New E-Shop Slunečko, Miroslav January 2011 (has links) The diploma thesis analyzes the new e-shop, and chooses its information strategy. The chosen solution shall support the achievement of the company's goals through the effective use of information technology.
16	Peer to peer English/Chinese cross-language information retrieval Lu, Chengye January 2008 (has links) Peer to peer systems have been widely used in the internet. However, most of the peer to peer information systems are still missing some of the important features, for example cross-language IR (Information Retrieval) and collection selection / fusion features. Cross-language IR is the state-of-art research area in IR research community. It has not been used in any real world IR systems yet. Cross-language IR has the ability to issue a query in one language and receive documents in other languages. In typical peer to peer environment, users are from multiple countries. Their collections are definitely in multiple languages. Cross-language IR can help users to find documents more easily. E.g. many Chinese researchers will search research papers in both Chinese and English. With Cross-language IR, they can do one query in Chinese and get documents in two languages. The Out Of Vocabulary (OOV) problem is one of the key research areas in crosslanguage information retrieval. In recent years, web mining was shown to be one of the effective approaches to solving this problem. However, how to extract Multiword Lexical Units (MLUs) from the web content and how to select the correct translations from the extracted candidate MLUs are still two difficult problems in web mining based automated translation approaches. Discovering resource descriptions and merging results obtained from remote search engines are two key issues in distributed information retrieval studies. In uncooperative environments, query-based sampling and normalized-score based merging strategies are well-known approaches to solve such problems. However, such approaches only consider the content of the remote database but do not consider the retrieval performance of the remote search engine. This thesis presents research on building a peer to peer IR system with crosslanguage IR and advance collection profiling technique for fusion features. Particularly, this thesis first presents a new Chinese term measurement and new Chinese MLU extraction process that works well on small corpora. An approach to selection of MLUs in a more accurate manner is also presented. After that, this thesis proposes a collection profiling strategy which can discover not only collection content but also retrieval performance of the remote search engine. Based on collection profiling, a web-based query classification method and two collection fusion approaches are developed and presented in this thesis. Our experiments show that the proposed strategies are effective in merging results in uncooperative peer to peer environments. Here, an uncooperative environment is defined as each peer in the system is autonomous. Peer like to share documents but they do not share collection statistics. This environment is a typical peer to peer IR environment. Finally, all those approaches are grouped together to build up a secure peer to peer multilingual IR system that cooperates through X.509 and email system.
17	Zavedení ISMS do podniku podporujícího kritickou infrastrukturu / Proposal for the ISMS Implementation in Company with CI Support Šebrle, Petr January 2017 (has links) This diploma thesis deals with the methodology of Management of Information Security in a medium size company supporting critical infrastructure. The first part is focused on the theoretical aspects of the topic. Practical part consists of analysis of the current state, risk analysis and correction arrangements according to the attachment A of standard ČSN ISO/IEC 27001:2014. Implementation of ISMS is divided into four phases. This thesis however covers the first two phases only
18	Posouzení informačního systému firmy a návrh změn / Information System Assessment and Proposal for ICT Modification Kubala, Michal January 2013 (has links) This Master's thesis deals with appraising information system of a company and suggesting its changes. In theoretical part are described basic issues and terms related to information systems. In analytic part is the information system assessed by methods for detecting actual situation. Proposal part is based on the analytic part and its main objective is to design changes to improve current situation with subsequent economic evaluation.
19	Zavedení managementu informační bezpečnosti v malém podniku / The Implementation of Information Security Management System in Small Company Čampula, Roman January 2013 (has links) This master’s (diploma) thesis analyzes security situation of the software company. It contains theoretical information which is necessary for the installation of the information security system. It also demonstrates the method of its application. On the basis of the security risks analysis it suggests arrangements which are currently necessary for the required information security in the company. The whole thesis is covered on the basis of the ČSN ISO/IEC 27001:2006 norm.
20	Posouzení informačního systému firmy a návrh změn / Information System Assessment and Proposal for ICT Modification Lapuníková, Eva January 2015 (has links) Assessing the company’s information system, this thesis deals with an analysis and proposal to changes, that lead to improvement of a company‘s current situation. In the introductory part there is a theoretic explanation regarding the issue of information systems and also a description of some analytical tools. In the next part there is an acquaintance with a company and an analysis of a current state of IS/ICT using several methods. The results of this analytical part then serve as proposal to changes including benefits evaluation, which the company can use and therefore improve its current position on the market.

Search results