Global ETD Search

51	Vårdanställdas efterlevnad av informationssäkerhetspolicys : faktorer som påverkar efterlevnaden / Health care professionals' compliance with information security policies : variables influencing the compliance Franc, Karolina January 2014 (has links) Informationssäkerhet är ett område som kommit att sättas alltmer i fokus hos organisationer. Tidigare har främst tekniska lösningar för att skydda viktig information fått uppmärksamhet, det är först på senare tid som informationssäkerhet har börjat uppfattas som ett komplext område som innefattar såväl tekniska, som organisatoriska och mänskliga faktorer. För att eftersträva en god informationssäkerhet inom organisationen bör ett grundligt arbete läggas på att utveckla informationssäkerhetspolicys och säkerhetsansvariga måste kontinuerligt utbilda och skapa medvetenhet hos anställda kring vilka hot som finns mot organisationen ifall informationssäkerhetsbestämmelser inte efterlevs. Huvudsyftet i föreliggande studie har varit att undersöka vilka faktorer som styr anställdas efterlevnad av informationssäkerhetspolicys. Ytterligare delsyfte har varit att undersöka hur den faktiska efterlevnaden av informationssäkerhetsbestämmelser avspeglar sig inom två vårdverksamheter i Landstinget i Östergötland. För att uppfylla studiens syfte har fallstudier genomförts där såväl observationer som intervjuer med personal legat till grund för datainsamlingen. Resultatet visar att säkerhetsmedvetandet och efterlevnaden av säkerhetsbestämmelser inom de undersökta organisationerna är tämligen god, men det finns skillnader i graden av efterlevnad. Resultaten visar att anställda i viss mån hoppar över säkerhetsbestämmelser för att effektivisera sitt arbete. Den vanligaste säkerhetsbestämmelsen som visade på bristande efterlevnad var att en del anställda slarvade med att logga ut eller låsa datorn då denna lämnades oövervakad. Faktorer som visat sig vara avgörande för ifall säkerhetsbestämmelser efterlevs eller inte är bland annat ifall den anställde anser att beteendet övervakas, hur väl medveten man är kring konsekvensen av att säkerhetsbestämmelser inte efterlevs, samt hur stor sannolikhet man anser det vara att hotet realiseras. Ytterligare faktorer som visat sig spela roll är ifall den anställde anser att säkerhetsbestämmelsen ligger i konflikt med andra intressen, såsom effektivitet eller bekvämlighet. För att kunna införa effektiva policyåtgärder krävs det därmed att policyutvecklare förstår vad som motiverar anställda till att följa säkerhetsbestämmelser och vilka värderingar som ligger bakom deras beteende. / Information security has grown into a field of study that has gained increasingly attention within organizations. In the early days focus of the field has primerly been on technical solutions in order to protect information. Only recently information security has come to be seen as a complex area including both technical, organizational and human factors. In order to strive for a high degree of information security within the organization, emphasis has to be placed on developing a functional information security policy. Just as important is that security managers continually educate and create awareness amongst employees with regards to existing threats if information security rules are not respected. The main purpose in regards to this study has been to investigate the determinants of employees' compliance with information security policies. A further aim of the study has been to examine how the actual compliance of information security regulations is reflected in two healthcare clinics in the county council of Östergötland. In order to fulfill the purpose of the study, case studies were carried out in the clinics, where both filed studies and interviews with staff members formed the basis for data collection. The results show that security awareness and compliance with safety regulations within the surveyed organizations are fairly good, but there are differences in the level of compliance. The results show that employees to some degree overlook safety rules in order to make their work more efficient. The most common security rule that showed non-compliance was where employees occasionally did not logg off or lock the computer as it was left unattended. Determinants that showed to have an influence on whether or not employees comply with information security policys are among other factors to what extent the employee belives that the behavior is being monitored, awareness about conseqences from not complying with the security rules, as well as to what extent one belives that the actual threat occurs. Additional determinants that were found to have an influence on the actual behavior with regards to compliance is to what extent the employee considers the regulations to be in conflict with other interests, such as efficiency or convenience. In order to introduce effective policy measures knowledge is needed where policy makers understand what motivates employees to comply with safety rules, as well as the values that underlie their behavior.
52	"Matar muito, prender mal” : a produção da desigualdade racial como efeito do policiamento ostensivo militarizado em SP Schlittler, Maria Carolina de Camargo 06 September 2016 (has links) Submitted by Aelson Maciera (aelsoncm@terra.com.br) on 2017-08-01T17:24:55Z No. of bitstreams: 1 TeseMCS.pdf: 2997068 bytes, checksum: 7f84184a2f58192e394eaee3ae05cdec (MD5) / Approved for entry into archive by Ronildo Prado (ronisp@ufscar.br) on 2017-08-01T19:08:53Z (GMT) No. of bitstreams: 1 TeseMCS.pdf: 2997068 bytes, checksum: 7f84184a2f58192e394eaee3ae05cdec (MD5) / Approved for entry into archive by Ronildo Prado (ronisp@ufscar.br) on 2017-08-01T19:09:03Z (GMT) No. of bitstreams: 1 TeseMCS.pdf: 2997068 bytes, checksum: 7f84184a2f58192e394eaee3ae05cdec (MD5) / Made available in DSpace on 2017-08-01T19:15:57Z (GMT). No. of bitstreams: 1 TeseMCS.pdf: 2997068 bytes, checksum: 7f84184a2f58192e394eaee3ae05cdec (MD5) Previous issue date: 2016-09-06 / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES) / Cette thèse analyse la relation entre les pratiques policières quotidiennes et la conformation avec la police militaire de l'Etat de São Paulo, responsable pour mantenir l’ordre. Issu d’entretiens et d’analyses de données officielles, le présent travail cherche à comprendre comment les policiers, lors de leurs opérations, sélectionnent les personnes qui subiront les actions de la police et, par conséquent, celles du système de justice criminelle. Partant de là, il a été possible de comprendre, de manière plus particulier, quels sont les publics et les crimes les plus surveillés par les policiers militarisés et, d'une manière globale, les caractéristiques du modèle de police ostensible de São Paulo. L'objectif des opérations policières ostensibles est de prendre en flagrant délit des suspects criminels, ce qui confère à la Police Militaire la responsabilité de sélectionner et « d’expulser » des rues tous ceux que les policiers identifient comme des criminels. Cela autorise la Police Militaire à avoir recours notamment à trois actions : a) l’arrestation ou b) l’élimination des personnes identifiées comme des criminelles et c) le « bon sens » du policier en tant qu’outil pour distinguer les criminels et les « bons citoyens ». Une des conclusions de cette recherche repose sur le constat d’un ample usage du « bon sens » policier lors des opérations de vigilance ostensible, ainsi que de son aspect racial. De ce fait, le « bon sens » policier, au même titre que la létalité et les arrestations, est devenu le responsable de l’accumulation de désavantages pour la population jeune et noire, en ce qui concerne le droit à la vie en sécurité ; en effet on observe que ce groupe risque beaucoup plus d’aller en prison que le reste de la population. De plus, nous avons constaté que pendant les vingt dernières années la politique sécuritaire menée dans São Paulo s’est focalisé sur le type de vigilance ostensible décrit ci-dessus, et ce en dépit de l’échec de l’opération pour ce qui concerne la diminution du nombre de crimes contre les biens à São Paulo. / This thesis analyzes the relation between daily police practices and the conformation with ostensible policing run by the Military Police of São Paulo State. This work started from interviews and analysis of official data to understand how the Military Police, during the ostensible policing, selects the people who will suffer the police approach and therefore the prosecution of the criminal justice system. Thenceforth it was possible to understand specifically which public and which crimes were most closely watched by the military police and, in an embracing way, the characteristics of the São Paulo ostensible policing model. The purpose of ostensible policing is to catch criminal suspects, implying to the Military Police the responsibility to select and remove from the streets those who the police itself identifies as “bandits”. It is also observed that this framework does not configure a public security policy, but a crime and violence management, marked by the "war" against certain types of crimes that are available to the Military Police, especially with three features: a) imprisonment; b) elimination of those identified as “bandits”, and c) the “police scent” as a differentiation tool to identify "bandits" and "good citizens". One of the study highlights is that the wide use of the “police scent” by the military police which has racial aspects in its composition added to the lethality and imprisonment, became responsible for the accumulation of disadvantages for the young black population, referring to the right to secure life and a higher risk of being arrested for property offenses in relation to the rest of the population. In all, it became clear that in the last twenty years there is an insistence from the state public security in an ostensible policing with such characteristics, even in the face of failure in the decrease of numbers of property offenses in the state of São Paulo. / A tese analisa a articulação entre práticas policiais cotidianas e a conformação do policiamento ostensivo militarizado protagonizado pela Polícia Militar. O presente trabalho partiu de entrevistas e análise de dados oficiais da segurança pública paulista para compreender como os policiais, durante o policiamento ostensivo, selecionam as pessoas que sofrerão as investidas da polícia e, por conseguinte, do sistema de justiça criminal. A partir daí foi possível entender, de forma específica, quais são os públicos e os crimes mais vigiados pelos policiais militares e, de forma abrangente, as características do modelo de policiamento ostensivo paulista. Constatou-se que o objetivo do policiamento ostensivo é flagrar suspeitos criminais, o que incute à PM a responsabilidade de selecionar e “retirar” das ruas aqueles que os policiais identificam como “bandidos”. Para tal estão disponíveis à PM, sobretudo, três recursos: a) o aprisionamento ou b) a eliminação daqueles identificados como bandidos e c) o tirocínio policial enquanto ferramenta para diferenciar “bandidos” e “cidadãos de bem”. Uma das conclusões da pesquisa é a constatação da ampla utilização do tirocínio pelos policiais que atuam no policiamento ostensivo e de seu aspecto racializado; isto significa que, para a fundamentação da suspeita policial, são utilizados marcadores raciais. Desta forma, o tirocínio, ao lado da letalidade policial e do aprisionamento se tornaram responsáveis pelo acúmulo de desvantagens para a população jovem e negra, no que tange ao direito à vida segura e a um maior risco de serem presos por crimes patrimoniais em relação ao restante da população. No mais, constatou-se que nos últimos vinte anos há uma insistência por parte da segurança pública paulista num policiamento ostensivo com tais características, mesmo diante do insucesso na diminuição no número de crimes patrimoniais no estado de São Paulo. Policiamento ostensivo Polícia Militar Tirocínio Letalidade policial Prisões em flagrante Racialização Police Militaire Bon sens policie Létalité Prisons en flagrant délit Military Police Public security policies Racialization Police lethality Arrests CIENCIAS HUMANAS::SOCIOLOGIA
53	A formulação da política de segurança alimentar no Peru 2001-2006: um estudo de caso no departamento de Puno. Montaño, Edgard Manuel Hito January 2009 (has links) p. 1-191 / Submitted by Santiago Fabio (fabio.ssantiago@hotmail.com) on 2013-04-25T19:23:41Z No. of bitstreams: 1 22222.pdf: 1803793 bytes, checksum: 908f049302ffed4b26a9995cc14b52a8 (MD5) / Approved for entry into archive by Maria Creuza Silva(mariakreuza@yahoo.com.br) on 2013-05-04T17:36:37Z (GMT) No. of bitstreams: 1 22222.pdf: 1803793 bytes, checksum: 908f049302ffed4b26a9995cc14b52a8 (MD5) / Made available in DSpace on 2013-05-04T17:36:37Z (GMT). No. of bitstreams: 1 22222.pdf: 1803793 bytes, checksum: 908f049302ffed4b26a9995cc14b52a8 (MD5) Previous issue date: 2009 / En el Perú una cuarta parte de niños menores de 5 años se encuentran en desnutrición crónica y la evolución de este indicador desde 1996 prácticamente se ha mantenido igual. En el departamento de Puno el problema aún es mayor por sus condicionantes socio-económicas y políticas. Después del ajuste estructural provocado por los cambios del sistema económico, la mitad de la población peruana, pasó al estado de pobreza y una cuarta parte a la extrema pobreza; siendo afectado el acceso a los alimentos por parte de las familias peruanas, es aquí donde la política alimentaria formó parte del programa. En el periodo del gobierno de Alberto Fujimori y Alejandro Toledo se incrementó el financiamiento en programas alimentarios, trabajándose aún innovaciones en la gestión de estos programas. Producto de esta realidad social, el Perú se encuentra en la inseguridad alimentaria. Pese a las iniciativas y esfuerzos realizados por el estado peruano por disminuir la inseguridad alimentaria se observa aún instituciones públicas y privadas en la yuxtaposición de implementación de políticas alimentarias. El objetivo de la investigación fue describir y analizar el proceso de formulación de las políticas de seguridad alimentaría en el departamento de Puno – Perú durante el periodo 2001 al 2006. Utilizamos el enfoque teórico - metodológico del ciclo de la política enfatizando sobre el modelo de las ―múltiples corrientes‖. Este estudio de caso utilizó la revisión documental y las entrevistas en profundidad aplicadas a los ―informantes clave‖. Estas informaciones fueron procesadas, descritas y analizados para caracterizar el contexto nacional y regional; obtener las racionalidades de los actores en el proceso de formulación de la política de seguridad alimentaria; así como identificar a los emprendedores políticos que facilitó la reconstrucción del momento de predecisión, decisión y la apertura de la ―ventana política o de oportunidad‖ que condujo a la formulación de la Estrategia Nacional de Seguridad Alimentaria 2004-2015 y la Estrategia Regional de Seguridad Alimentaria – Puno 2006-2015. Constatamos que estas políticas aún tienen dificultad para implementarse, existiendo vacío de responsabilidades y articulación con los planes sectoriales, a pesar de haber obtenido apoyo general de la comunidad política para su formulación. Observándose que el gobierno de Alejandro Toledo (2001-2006) promovió el dialogo y la negociación con la sociedad civil, todavía insuficiente para el enfrentamiento de la inseguridad alimentaria. / Salvador Políticas públicas Políticas alimentarias Políticas de seguridad alimentaria Ciclo De la política Corrientes múltiples Estrategia de seguridad alimentaria Public policies Food policies Food security policies Political cycle Multiple currents Food security strategy Saude publica
54	Avaliação de impacto de políticas de segurança: o caso das Unidades de Polícia Pacificadora (UPPs) no Rio de Janeiro Butelli, Pedro Henrique 21 May 2015 (has links) Submitted by Pedro Henrique Butelli (pedrobutelli@gmail.com) on 2015-09-10T20:00:11Z No. of bitstreams: 1 TESE - Butelli.pdf: 3341625 bytes, checksum: 3257ec075d97f78fecd175e94ab63f1c (MD5) / Approved for entry into archive by BRUNA BARROS (bruna.barros@fgv.br) on 2015-09-14T19:27:28Z (GMT) No. of bitstreams: 1 TESE - Butelli.pdf: 3341625 bytes, checksum: 3257ec075d97f78fecd175e94ab63f1c (MD5) / Approved for entry into archive by Marcia Bacha (marcia.bacha@fgv.br) on 2015-10-19T18:15:19Z (GMT) No. of bitstreams: 1 TESE - Butelli.pdf: 3341625 bytes, checksum: 3257ec075d97f78fecd175e94ab63f1c (MD5) / Made available in DSpace on 2015-10-19T18:15:31Z (GMT). No. of bitstreams: 1 TESE - Butelli.pdf: 3341625 bytes, checksum: 3257ec075d97f78fecd175e94ab63f1c (MD5) Previous issue date: 2015-05-21 / This thesis aims on the impact evaluation of the Pacifying Police Units policy, incorporating the causality relations through differences-in-differences regressions with multiple specifications in order to measure the impacts on crime, schooling, income, inequality, possession of assets and immigration. / Esta tese tem como objetivo a avaliação dos primeiros impactos da política de UPPs, buscando incorporar as relações de causalidade envolvidas através de análises de diferenças-em-diferenças com diversas especificações a fim de medir os impactos sobre criminalidade, desempenho escolar,renda, desigualdade, posse de ativos e imigração. Políticas de segurança Avaliação de impacto Microeconometria empírica Security policies Impact evaluation Empirical microeconometrics Economia Macroeconomia Políticas públicas Criminalidade urbana Avaliação educacional
55	Approches pour la gestion de configurations de sécurité dans les systèmes d'information distribués / Techniques for security configuration management in distributed information systems Casalino, Matteo Maria 02 July 2014 (has links) La sécurité des services informatiques d'aujourd'hui dépend significativement de la bonne configuration des systèmes qui sont de plus en plus distribués. Au même temps, la gestion des configurations de sécurité est encore fortement basée sur des activités humaines, qui sont coûteuses et sujettes à erreurs. Au cours de la dernière décennie, il a été reporté à plusieurs reprises qu'une partie significative des incidents de sécurité et des pertes de données a été causée par des configurations incorrectes des systèmes. Pour résoudre ce problème, plusieurs techniques ont été proposées pour automatiser les tâches de gestion des configurations. Beaucoup d'entre elles mettent l'accent sur les phases de planification et de mise en œuvre, où les exigences et les politiques de sécurité abstraites sont conçues, harmonisées et transformées dans des configurations concrètes. Ces techniques nécessitent souvent d'opérer sur des politiques formelles ou très structurées qui se prêtent à un raisonnement automatisé, mais qui sont rarement disponibles dans la pratique. Cependant, moins d'attention a été consacrée aux phases de gestion de suivi et de changement des configurations, qui complètent les étapes précédentes en détectant et en corrigeant les erreurs afin d'assurer que les changements de configuration n'exposent pas le système à des menaces de sécurité. Les objectifs et les contributions de cette thèse se concentrent sur ce deuxième point de vue, de façon pragmatique sur la base des configurations de sécurité concrètes. En particulier, nous proposons trois contributions visant à analyser et à vérifier des configurations de sécurité / The security of nowadays IT services significantly depends on the correct configuration of increasingly distributed information systems. At the same time, the management of security configurations is still heavily centered on human activities, which are costly and prone to error. Over the last decade it has been repeatedly reported that a significant share of security incidents and data breaches are caused by inaccurate systems configuration. To tackle this problem, several techniques have been proposed to increase the automation in configuration management tasks. Many of them focus on planning and implementation, i.e., the phases where abstract security requirements and policies are elicited, harmonized, de-conflicted and transformed into concrete configurations. As such, these techniques often require formal or highly structured input policies amenable to automated reasoning, which are rarely available in practice. In contrast, less attention has been dedicated to the monitoring and change management phases, which complement the above steps by detecting and remediating configuration errors and by ensuring that configuration changes do not expose the system to security threats. The objectives and contributions of this thesis take the latter perspective and, as such, they pragmatically work on the basis of concrete security configurations. In particular, we propose three contributions that move from more concrete syntax-based configuration analysis towards increasingly abstract semantic reasoning Politiques de sécurité Configurations de sécurité Analyse de configurations de sécurité Configuration de pare-feux Contrôle d'accès Composition de politiques Réécriture de politiques PoSecCo Security policies Security configurations Analysis of security configurations Configuring firewalls Access control Composition policy Rewriting policies PoSecCo 005.8
56	Assessing information security compliant behaviour using the self-determination theory Gangire, Yotamu 02 1900 (has links) Information security research shows that employees are a source of some of the security incidents in the organisation. This often results from failure to comply with the Information Security Policies (ISPs). The question is, therefore, how to improve information security behaviour of employees so that it complies with the ISPs. This study aims to contribute to the understanding of information security behaviour, especially how it can be improved, from an intrinsic motivation perspective. A review of the literature suggested that research in information security behaviour is still predominantly based on the extrinsic perspective, while the intrinsic perspective has not received as much attention. This resulted in the study being carried out from the perspective of the self-determination theory (SDT) since this theory has also not received as much attention in the study of information security behaviour. The study then proposed an information security compliant behaviour conceptual model based on the self-determination theory, (ISCBMSDT). Based on this model, a questionnaire, the ISCBMSDT questionnaire, was developed using the Human Aspects of Information Security Questionnaire and SDT. Using this questionnaire, a survey (n = 263) was carried out at a South African university and responses were received from the academic, administrative and operational staff. The following statistical analysis of the data was carried out: exploratory factor analysis, reliability analysis, analysis of variance (ANOVA), independent samples test (t-tests) and Pearson correlation analysis. The responses to the survey questions suggest that autonomy questions received positive perception followed by competence questions and relatedness questions. The correlation analysis results show the existence of a statistically significant relationship between competence and autonomy factors. Also, a partial significant relationship between autonomy and relatedness factors as well as between competence and relatedness factors was observed. The exploratory factor analysis that was performed on the questionnaire produced 11 factors. Cronbach alpha was then computed for the eleven factors and all were found to be above 0.7, thus suggesting that the questionnaire is valid and reliable. The results of the research study also suggest that competence and autonomy could be more important than relatedness in directing information security behaviour among employees. / School of Computing / M. Tech. (Information Technology) Information security policies (ISP) Information security policy compliance Self-determination theory Intrinsic motivation 005.80711 Information policy -- South Africa
57	AspectKE: Security aspects with program analysis for distributed systems Fan, Yang, Masuhara, Hidehiko, Aotani, Tomoyuki, Nielson, Flemming, Nielson, Hanne Riis* January 2010 (has links) Enforcing security policies to distributed systems is difficult, in particular, when a system contains untrusted components. We designed AspectKE, a distributed AOP language based on a tuple space, to tackle this issue. In AspectKE, aspects can enforce access control policies that depend on future behavior of running processes. One of the key language features is the predicates and functions that extract results of static program analysis, which are useful for defining security aspects that have to know about future behavior of a program. AspectKE* also provides a novel variable binding mechanism for pointcuts, so that pointcuts can uniformly specify join points based on both static and dynamic information about the program. Our implementation strategy performs fundamental static analysis at load-time, so as to retain runtime overheads minimal. We implemented a compiler for AspectKE, and demonstrate usefulness of AspectKE through a security aspect for a distributed chat system. aspect oriented programming program analysis security policies distributed systems tuple spaces Data processing Computer science Language Constructs and Features (E.2) Abstract data types Classes and objects (NEW) Concurrent programming structures Constraints (NEW) Control structures Coroutines Data types and structures Dynamic storage management Frameworks (NEW) Inheritance (NEW) Input/output Modules, packages Patterns (NEW) Polymorphism (NEW) Procedures, functions, and subroutines Recursion Security and Protection (K.6.5) Access controls Authentication Cryptographic controls Information flow controls Security kernels Verification Algebraic approaches to semantics Denotational semantics Operational semantics Partial evaluation (NEW) Process models (NEW) Program analysis (NEW)

Page generated in 0.4565 seconds