An investigation into the critical success factors for e-banking frauds prevention in Nigeria

Usman, Ahmad Kabir

January 2018

E-Banking frauds is an issue experienced globally and continues to prove costly to both banks and customers. Frauds in e-banking services occur due to various compromises in security, ranging from weak authentication systems to insufficient internal controls. Although some security frameworks to address this issue of fraud have been proposed, the problem of e-banking fraud remains due to the inability of these framework to deal with organisational issues. With limited research in this area, the study sets out to identify the organisational Critical Success Factors (CSF) for E-Banking Frauds Prevention in Nigeria by applying CSF theory. A framework is proposed to help improve security from an organisational perspective. The study adopted a mixture of philosophical paradigms which led to the triangulation of research methods; Literature Review, Survey and Case Studies. The Literature Review involved the synthesis of existing literature and identified potential CSF for frauds prevention in e-banking. A total of 28 factors were identified and a conceptual framework was proposed. A 5-point Likert scale survey questionnaire was sent to retail bank staff in Nigeria to rate the criticality of the factors. A total of 110 useable responses were received at a response rate of 23.9%. Similar interrelated factors were grouped using a Principal Component Analysis. Finally, case studies with 4 banks in Nigeria were carried out to deepen our understanding. The study identified a total of 10 CSF which spanned across strategic, operational and technological factor categories. These included 'Management Commitment', 'Engagement of Subject Matter Experts' and 'Multi-Layer Authentication' amongst others. In addition, new CSF such as 'Risk-Based Transactional Controls', 'People Awareness & Training' and 'Bank Agility via Data Driven Decision Making' were identified. Finally, these CSF were grouped into an e-banking frauds prevention framework. This study is a pioneer study that extends theory to propose a CSF-based frauds prevention framework for banks in Nigeria.

Security policy

Implementation, management and dissemination of information security : an organisational perspective of financial institution

Alhayani, Abdullah

January 2013

The objective of this thesis is to investigate the significant perceived security threats against information security systems (ISS) for information systems (IS) in Saudi organisations. An empirical survey using a self-administered questionnaire has been carried out to achieve this objective. The survey results revealed that almost half of the responded Saudi organisations have suffered financial losses due to internal and external IS security breaches. The statistical results further revealed that accidental and intentional entry of bad data; accidental destruction of data by employees; employees' sharing of passwords; introduction of computer viruses to IS; suppression and destruction of output; unauthorised document visibility; and directing prints and distributed information to people who are not entitled to receive are the most significant perceived threats to IS in Saudi organisations. Accordingly, it is recommended to strengthen the security controls over the above weakened security areas and to enhance the awareness of IS security issues among Saudi companies to achieve better protection to their IS.

005.8

Stakeholder ; Security policy

THREE ESSAYS ON SOCIAL SECURITY WITH MYOPIC AGENTS

WEN, XUE

03 May 2012

Questa tesi si compone di tre capitoli. Nel primo capitolo, si presenta una rassegna della letteratura sui principali contributi teorici di modellazione per la progettazione della sicurezza sociale, assumendo gli individui come non-standard preferences. Ci concentriamo su tre approcci particolari: time inconsistent preferences, temptation preferences e myopia. Il secondo capitolo studia gli incentivi politici per la progettazione della politica di sicurezza sociale nelle democrazie competitive con le famiglie lungimiranti e miopi in un ambiente di probabilistic voting. In particolare, l'analisi si concentra sul trade-off tra le dimensioni e il grado di redistribuzione del sistema pensionistico. Il terzo capitolo introduce il comportamento miope di risparmio in un modello pensionistico a due paesi, in cui vengono confrontate le politiche pensionistiche non-cooperative e cooperative. Inoltre, questo capitolo analizza gli effetti di cooperazione per l'accumulo di capitale mondiale con la presenza di agenti miopi. / This dissertation consists of three chapters. In Chapter 1, I present a literature review on the main theoretical contributions modeling social security design assuming non-standard household preferences. We focus on three particular approaches: time inconsistent preferences, temptation preferences and myopia. Chapter 2 investigates the political incentives for the design of social security policy in competitive democracies with both far-sighted and myopic households in a probabilistic voting setting. In particular, the analysis focuses on the trade-off between the size and the redistribution degree of the equilibrium social security policy. Chapter 3 introduces myopic saving behavior in a two-country normative model of social security, in which non-cooperative and cooperative pension policies are compared. Moreover, this chapter analyzes the effects of cooperation to world capital accumulation with the presence of myopic agents.

equilibrium social; security policy;

The Soviet-Finnish War of 1939-1940

Dyke, Carl Van

January 1994

No description available.

320

Security policy; Red Army

The executive role of the European Commission in the external relations of the European Union

Melis, Demetrios George

January 1999

No description available.

320

Common Foreign and Security Policy

PACTIGHT: Tightly Seal Sensitive Pointers with Pointer Authentication

Ismail, Mohannad A

02 December 2021

ARM is becoming more popular in desktops and data centers. This opens a new realm in terms of security attacks against ARM, increasing the importance of having an effective and efficient defense mechanism for ARM. ARM has released Pointer Authentication, a new hardware security feature that is intended to ensure pointer integrity with cryptographic primitives. Recently, it has been found to be vulnerable. In this thesis, we utilize Pointer Authentication to build a novel scheme to completely prevent any misuse of security-sensitive pointers. We propose PACTight to tightly seal these pointers from attacks targeting Pointer Authentication itself as well as from control-flow hijacks. PACTight utilizes a strong and unique modifier that addresses the current issues with PAC and its implementations. We implement four defenses by fully integrating with the LLVM compiler toolchain. Through a robust and systemic security and performance evaluation, we show that PACTight defenses are more efficient and secure than their counterparts. We evaluated PACTight on 30 different applications, including NGINX web server and using real PAC instructions, with an average performance and memory overhead of 4.28% and 23.2% respectively even when enforcing its strongest defense. As far as we know, PACTight is the first defense mechanism to demonstrate effectiveness and efficiency with real PAC instructions. / M.S. / ARM is slowly but surely establishing itself in the market for desktops and data centers. Intel has been the dominant force for some time but ARM’s entrance into that realm opens up new avenues and possibilities for security attacks against ARM machines. Thus, it is becoming increasingly important to develop an effective and efficient defense mechanism for ARM against possible security threats, particularly against memory corruption vulnerabilities. Memory corruption vulnerabilities are still very prevalent in today’s security realm and have been for the past thirty years. Different hardware vendors have developed a variety of hardware features to combat them and ARM is no different. ARM has released Pointer Authentication, a new hardware security feature that is intended to ensure pointer integrity with cryptographic primitives. Pointer Authentication allows developers to utilize the unused bits of a pointer and add a cryptographic hash that can ensure the pointer hasn’t been tampered with. Pointer Authentication has been utilized in other solutions by security researchers. However, these solutions are either incomplete in their coverage or lack enough randomness for the cryptographic hash. In this thesis we utilize Pointer Authentication to build a novel scheme to completely prevent any misuse of security-sensitive pointers in memory corruption attacks. This thesis presents PACTight to tightly seal these pointers from attacks abusing the limited randomness of the hash as well as control-flow hijack attacks. PACTight implements four defenses by fully integrating with the LLVM compiler toolchain. Through a robust and systemic security and performance evaluation, this thesis show that PACTight defenses are more efficient and secure than their counterparts.

System Security

ARM

Security Policy

What is the situation in Finland’s and Sweden’s security policy and what are their choices with it? : Analyses of the security policy from the past years in Finland and Sweden and about their current challenges.

Uino, Siiri

January 2016

The current situation in the world has forced many states to have a look at their security policy in a more demanding way. The instability around the world has become harder to prevent and for the states to protect their citizens, which requires efficient work from the states. Therefore, this paper is going to have a look at the security policy that Finland and Sweden are performing currently, to give us understanding of their current situation. To do that, it is necessary to have a look at their backgrounds as well. The aim of this paper is to understand security policies of these countries, and how that have effected to their choices that are done today. After that, new future possible choices will be analysed based on the given information. Since the instability has also reached these two countries, we shall have look what could be their choices in improving their current policies.   Theories that will be used in this paper, are playing important role in achieving the selected aim of this paper. Throughout this paper, theories are tools for us, guiding us to focus on the arguments that are supported by these theories. These different points of views will be collected from arguments that are presented about the security policy of these countries and are supporting theories Liberalism and/or Realism. Theories are also allowing us to use our method, argument analyse, by working as a great instrument in finding arguments that are relevant for the paper. Since this paper will not aim to give any specific idea of good security policy, the focus is to look the things where Finland and Sweden could improve their policies, and/or to have a look into new possibilities. Since the world is changing rapidly, also the security policies of countries have to keep up with the new challenges.

Finland

Sweden

Security Policy

NATO

Security

The local prevention of terrorism in strategy and practice : 'CONTEST', a new era in the fight against terrorism

Skoczylis, Joshua Joseph

January 2013

The thesis evaluates the impact the inclusion of Prevent had on CONTEST, the UK’s counter-terrorism strategy, both in terms of innovative and tension which arose throughout the three stages of the policy process: its formation, implementation and social impacts. Many of the tensions identified are not unique to Prevent and appear to be inherent in prevention and policing policies more generally. The thesis relies on qualitative interviews with national policy makers, and local professionals in a case study area in the North of England, as well as focus groups with members of Muslim communities in the same case study area. Three broad areas of tensions were identified. The first policy tensions centred on the debate about how to prevent violent extremism, communication of the strategy and the merits of excluding community cohesion as a means of tackling extremism per se. The majority of the national policy makers, including senior police officers and local professionals, agreed that contrary to the Prevent Review 2011, community cohesion should remain an integral part of Prevent. Secondly, there are organizational tensions. These tensions mainly relate to inter- and intra-organizational issues such as funding, information-sharing and evaluation. One of the main areas of conflict identified was the relationship between the national and local authorities. Thirdly, the thesis identified tensions relating to Prevent’s impact on the local community. This thesis suggests that Prevent had little influence, and that most perceptions about counter-terrorism and Prevent were shaped by negative political and media discourse about Islam and British Muslim communities. This has led to disengagement amongst the Muslim communities in the case study area with Prevent and local authorities in general, the limiting of freedom of expression through external social control, and the inability/unwillingness of these communities to tackle such extremism as might exist in their midst.

340

HyperSpace: Data-Value Integrity for Securing Software

Yom, Jinwoo

19 May 2020

Most modern software attacks are rooted in memory corruption vulnerabilities. They redirect security-sensitive data values (e.g., return address, function pointer, and heap metadata) to an unintended value. Current state-of-the-art policies, such as Data-Flow Integrity (DFI) and Control-Flow Integrity (CFI), are effective but often struggle to balance precision, generality, and runtime overhead. In this thesis, we propose Data-Value Integrity (DVI), a new defense policy that enforces the integrity of "data value" for security-sensitive control and non-control data. DVI breaks an essential step of memory corruption based attacks by asserting the compromised security-sensitive data value. To show the efficacy of DVI, we present HyperSpace, a prototype that enforces DVI to provide four representative security mechanisms. These include Code Pointer Separation (DVI-CPS) and Code Pointer Integrity (DVI-CPI) based on HyperSpace. We evaluate HyperSpace with SPEC CPU2006 and real-world servers. We also test HyperSpace against memory corruption based attacks, including three real-world exploits and six attacks that bypass existing defenses. Our evaluation shows that HyperSpace successfully detects all attacks and introduces low runtime performance and memory overhead: 1.02% and 6.35% performance overhead for DVI-CPS and DVI-CPI, respectively, and overall approximately 15% memory overhead. / Master of Science / Many modern attacks originate from memory corruption vulnerabilities. These attacks, such as buffer overflow, allow an adversary to compromise a system by executing arbitrary code or escalating their access privilege for malicious actions. Unfortunately, this is due to today's common programming languages such as C/C++ being especially prone to memory corruption. These languages build the foundation of our software stack thus, many applications such as web browsers and database servers that are written using these vulnerable programming languages inherit these shortcomings. There have been numerous security mechanisms that are widely adopted to address this issue but they all fall short in providing complete memory security. Since then, security researchers have proposed various solutions to mitigate these ever-growing shortcomings of memory safety techniques. Nonetheless, these defense techniques are either too narrow-scoped, incur high runtime overhead, or require significant additional hardware resources. This results in them being unscalable for bigger applications or requiring it to be used in combination with other techniques to provide a stronger security guarantee. This thesis presents Data Value Integrity (DVI), a new defense policy that enforces the integrity of "data value" for sensitive C/C++ data which includes, function pointers, virtual function table pointers, and inline heap metadata. DVI can offer wide-scoped security while being able to scale, making it a versatile and elegant solution to address various memory corruption vulnerabilities. This thesis also introduces HyperSpace, a prototype that enforces DVI. The evaluation shows that HyperSpace performs better than state-of-the-art defense mechanisms while having less performance and memory overhead and also providing stronger and more general security guarantees.

Data Value Integrity

Value Invariant

Security Policy

Partner oder Zweckgemeinschaft? : sicherheitspolitische Kooperation zwischen EU und NATO / Partners or partnership of convenience? : security-political cooperation between EU and NATO

Opitz, Anja, Troy, Jodok

January 2009

21 Mitgliedstaaten der EU sind heute gleichzeitig auch Mitglieder der NATO. Das geografische und politische Europa ist, bis auf wenige Ausnahmen, von Staaten besetzt, die zumindest einer dieser Organisationen angehören. Die verteidigungspolitische Organisation NATO trifft auf das politische System EU mit wachsendem sicherheitspolitischem Anspruch. Vor diesem Hintergrund werden verschiedene Aspekte der Kooperation zwischen diesen beiden Organisationen näher beleuchtet.

NATO

EU

GASP

Sicherheitspolitik

NATO

EU

Common Foreign and Security Policy

Security Policy

Political science