La convergence de la sécurité informatique et de la protection des renseignements personnels : vers une nouvelle approche juridique

Vincente, Ana Isabel

07 1900

Le développement exponentiel des réseaux informatiques a largement contribué à augmenter le volume des renseignements personnels disponibles et à remplacer les méthodes désuètes de collecte des renseignements par des méthodes plus rapides et plus efficaces. La vie privée et le contrôle sur les informations personnelles, telles que nous les connaissions il y a quelques décennies, sont des notions difficilement compatibles avec la société ouverte et commerciale comme la nôtre. Face à cette nouvelle réalité menaçante pour les droits et libertés de l'homme, il est essentiel de donner un cadre technique et légal stable qui garantisse un niveau de protection adéquat de ces données personnelles. Pour rester dans le marché ou bénéficier de la confiance des individus, les entreprises et les gouvernements doivent posséder une infrastructure de sécurité informatique efficace. Cette nouvelle donne a tendance à devenir plus qu'une simple règle de compétitivité, elle se transforme en une authentique obligation légale de protéger les données à caractère personnel par des mesures de sécurité adéquates et suffisantes. Ce mémoire aborde justement ces deux points: premièrement, l'étude du développement d'une obligation légale de sécurité et ensuite, l'encadrement juridique de la mise en place d'un programme de sécurisation des données personnelles par des mesures de sécurités qui respectent les standards minimaux imposés par les textes législatifs nationaux et internationaux. / The latest development in information networks largelly contributed to the increasing amount of personal data being collected by the public and private sector and the replacement of old fashioned collection methods by faster and cheaper techniques. Notions of privacy and control of personnal data are not as we used to know them a decade ago and they became somehow incompatible with an open and commercial society in which we live. Facing this new and dangerous reality to fondamental human rights and liberties, it is pressing to give a legal and technical stable framework insuring an adequate level of protection to personnal data. To keep a competitive position in the market and maintain individuals trust in the system, companies and governments must guarantee an efficent security infrastructure. If this feature was until now a strategie advantage, it has become an authentic legal obligation to protect personnal data by suffisant safeguards. The purpose of this work is essentially consider those two statements: the study of the development of a legal obligation to guarantee the security of personnal data and the legal backing for the implementation of a security policy respecting minimal standards imposed by national and international laws. / "Mémoire présenté à la Faculté des études supérieures en vue de l'obtention du grade de maîtrise en droit (LL.M.) option Nouvelles technologies de l'information"

Sécurité informatique

Renseignements personnels

Niveau de protection adéquat

Politique de sécurité

Obligation légale de sécurité

Information security

Personnal data

Adequate safeguards

Security policy

Legal obligation for security

RISK GOVERNANCE AND BORDER SECURITY POLICY POST 9/11: BEYOND BORDERS IN THE SECURITY ERA

SEBBEN, CHRISTINE

14 October 2011

This paper utilizes a critical (political) discourse analysis to examine security dialogue as revealed through policy; in order to facilitate this task, the following publically available political documents will be analyzed: Smart Border Declaration; Security and Prosperity Partnership (SPP), and the pending Beyond Borders deal. The objective is to highlight the complexities and realities of the security era as it pertains to North American border security. In other words, I am interested in the administration of border security policy in its practical context. Reviewing the Beyond Borders deal and situating it within the overall national security policies that govern the Canadian border facilitates the identification of limitations posed by the security mentality dominant in border governance. This thesis advocates that those studying border security policies in order to formulate alternative options do so in a manner that appreciates the unique polity milieu of the border. The analysis presented here has policy implications and concludes with recommendations and projections for the Beyond Borders deal. / Thesis (Master, Sociology) -- Queen's University, 2011-10-14 13:59:44.787

Border Governance

Post 9/11 Crime Control Policy

Political-Socio-Legal Studies

Risk Governance

Border Studies

Security Studies

Border Security Policy

Surveillance Studies

A trust framework for multi-organization environments

Toumi, Khalifa

01 April 2014

The widespread of inexpensive communication technologies, distributed data storage and web services mechanisms currently urge the collaboration among organizations. Partners are participating in this environment motivated by several advantages such as: (1) the ability to use external and professional resources, services and knowledge, (2) the reduction of time-consuming requirements and (3) the benefaction of experts experience. However, this collaboration is not perfect since several problems can arise such as the misuse of resources, disclosure of data or inadequate services. Therefore, security is an important concern of the participants. In particular trust management and access control are one of the major security issues for an organization. This thesis addresses these two areas in particular. It proposes a novel and comprehensive trust framework for Multi-Organization Environments. Our approach is organized in four parts. First, we propose a vector based model approach for defining trust vectors. These vectors evaluate a set of requirements, under conditions, and provide a degree of confidence. In our approach, we consider two different types of vectors. On the one hand, a vector that links a user to an organization and, on the other hand, a vector that links two organizations. We also show how these vectors are evaluated and shared among the different organizations, and how we combine the provided trust information in order to enhance the security. Second, the TRUST-OrBAC model was designed to add the previous trust approach to the ORBAC model. Moreover, this solution was applied with a real collaboration network between companies. Third, we present a trust ontology methodology based on access control concepts. This ontology will be used to share the trust beliefs between participants and to make equivalence between their trust objectives. How to define this trust relationship, how to understand the trust objective of a requester, and how to evaluate the recommendation value is addressed in this thesis. Fourth, we improve our work by designing a passive testing approach in order to evaluate the behavior of a user. This contribution is based on the monitoring tool MMT. Finally the entire architecture of our system is proposed

[INFO:INFO_OH] Computer Science/Other

[INFO:INFO_OH] Informatique/Autre

[SPI:OTHER] Engineering Sciences/Other

Trust management

Security policy

Security rules

OrBAC

Passive testing

Trace analysis

Trace collection

Lieutva Europos ir euroatlantinėje saugumo sistemose: raida, dabartis, ateities perspektyvos / Lithuania in the European and euroatlantic security systems: development, present, perspectives in the future

Tauginas, Tomas

27 December 2006

This Final Paper consists of analysis of NATO and EU role to Lithuanian security by identifying our days and future threats to Lithuanian security and identification of the future of the Lithuanian security policy. In the first part of this final paper was glanced through NATO and EU CFSP and DP history, highlighting problems of EU integration to Euroatlantic security. It can be assumed that more then half of continuing Cold War century NATO has assured the creation and the welfare of Eastern Europe. The collective defense remains further of one’s NATO functions, by that time EU is not responsible of European collective defense. EU stands just in crisis management. The NATO��s and EU’ intercourse problem maintains historical and national color. The second part was dedicated to analyze the evolution of Lithuanian membership in NATO, EU CFSP and DP. It was noticeable that Lithuanian NATO membership gives security to country against straight military invasion by discouraging potential threats. The EU membership gives economical sanctions to threat object just de facto i. m. after, for example, the invasion to Lithuania. But according to NATO and EU agreements, nations which belong to these organizations are allowed to choose the way of reaction so it’s might depend on relationship of each of them and Lithuania. The type and the spectrum of threats were identified in the last part and there was made an analysis which of them and in what time dimension might occur against... [to full text]

Marketing and Administration

Euroatlantinis saugumas

NATO

Threats

Common foreign and security policy

Bendroji užsienio ir saugumo politika

Grėsmės; security

Euroatlantic security

Europos Sąjungos gynybos politika

守勢現實主義與冷戰後中共的安全政策 / Defensive Realism and Post-Cold War PRC Security Policy

張廖年仲, Chang Liao, Nien-Chung

Unknown Date

本論文的中心命題是：冷戰後的中國是尋求向外擴張、還是自我防禦的國家？為了檢視此一命題，本論文從守勢現實主義（defensive realism）的理論中推論出維持現狀、嚇阻戰略與昂貴信號，以作為檢視冷戰後中共安全行為的指標。本論文分別檢視中共領導人的政策宣示、1995-96年台海危機以及冷戰後中共與南海爭議的個案，證明：第一、中共對國際環境的認知會符合守勢現實主義關於良性的國際結構與安全充足的觀點；第二、中共的外交政策旨在維持既有的國際秩序，所以其對外的行為以維持現狀為主，避免改變現狀的情形發生；第三、中共的國防政策屬於防禦性的，因此其戰略以嚇阻為主，避免使用武力直接與敵人衝突；第四、為了表示防禦性、維持現狀或者是合作的意圖，中共採取昂貴信號的作法，以避免被其他國家所誤解。所以，本論文論證出冷戰後的中國是一個追求自我防禦的國家，其安全政策是屬於防禦性的。 / The central question of this thesis is: Is China an expansionist or a self-preserving state in the Post-Cold War era? From defensive realism theory, I infer status quo policy, deterrence strategy, and costly signal to estimate Post-Cold War PRC security behavior. Empirically, I examine Chinese leaders’ statements, the Taiwan Strait crisis in 1995-96, and South China Sea disputes in the Post-Cold War era. I reach the conclusion that: First, PRC’s perception of international environment is consistent with defensive realism’s argument that international structure is benign and security is plentiful. Second, China engages status quo foreign policy to maintain the international order. Third, China’s defense policy emphasizes on deterrence strategy to avoid direct conflict with the enemy. Fourth, China adopted costly signals to unfold its defensive, status quo, or cooperative intention to prevent other countries’ misunderstanding. I argue that, therefore, Post-Cold War China is a self-protecting state with the defensive security policy.

中共

守勢現實主義

安全政策

冷戰後

defensive realism

Post-Cold War

PRC

security policy

POLÍTICA DE SEGURANÇA DA INFORMAÇÃO: UMA ESTRATÉGIA PARA GARANTIR A PROTEÇÃO E A INTEGRIDADE DAS INFORMAÇÕES ARQUIVÍSTICAS NO DEPARTAMENTO DE ARQUIVO GERAL DA UFSM / INFORMATION SECURITY POLICY: A STRATEGY TO ENSURE THE SECURITY AND INTEGRITY OF THE DEPARTMENT OF ARCHIVAL INFORMATION IN THE GENERAL ARCHIVING DEPARTMENT OF THE UFSM

Sfreddo, Josiane Ayres

06 December 2012

Presents a study on information security in order to propose an Information Security Policy for the Department of General Archives (DAG), Federal University of Santa Maria (UFSM) as a way of enabling the protection, availability and secure access to archival information (not digital), in the university context. It is characterized as an exploratory qualitative approach, assuming a case study form, because it involves the study of a certain subject allowing its wide and detailed knowledge. It was first conducted a more detailed study of the Standard ISO/IEC 27002 which is a code of practice for information security, providing guidelines for the implementation of an Information Security Policy, based on regulations according to the institutional purposes. The study aimed, at first, to adapt the requirements and controls present in this standard archival context, focusing on the protection of not digital information, a research in the Heritage Documentary line. Thus, the adaptation of the standard for archival followed the structure of the original standard, seeking to provide for the archival institutions a tool to subsidize the development of an Information Security Policy, providing a more secure and reliable protection. In order to compose this policy a data collection was carried out through interviews, structured within questions about security information, based on the standard ISO/IEC 27002, on the previous study and the Adaptation of the Standard for the archival context. With the data collected and analyzed, along with the DAG, it can be verified that the problems causer of threats to the security of not digital archives in the department are directly related to the lack of security to the perimeter and to the absence of a physical control, including entries and exits. These security actions made it possible, together with the adaption of the standard, to propose control in order to prevent further incidents. This way it was possible to structure the Document of the Security Policy representing the materialization of the Security Policy according to the needs presented by DAG. This document will serve as an instrument to support and guide employees, users and third parties in the conduct of institutional activities. However, it is up to the department to approve it and implement it for the purpose of preventing incidents, thereby providing safe reliable and continuous access to not digital information by him guarded. / Apresenta um estudo sobre a segurança da informação a fim de propor uma Política de Segurança da Informação para o Departamento de Arquivo Geral (DAG) da Universidade Federal de Santa Maria (UFSM), possibilitando a proteção, a disponibilidade e o acesso seguro às informações arquivísticas (não digitais), no contexto universitário. Caracteriza-se como uma pesquisa exploratória com abordagem qualitativa, assumindo a forma de estudo de caso, pois envolve o estudo sobre um determinado assunto permitindo o seu amplo e detalhado conhecimento. Primeiramente foi realizado um estudo mais aprofundado da Norma ABNT NBR ISO/IEC 27002 que é um código de prática para a segurança da informação, apresentando diretrizes para a aplicação de uma Política de Segurança da Informação, baseada em regulamentos de acordo com os propósitos institucionais. O estudo objetivou, em um primeiro momento, adaptar os requisitos e controles presentes nessa norma ao contexto arquivístico, tendo como foco a proteção de informação não digital, caracterizando, deste modo, uma pesquisa na linha do Patrimônio Documental. Assim, a Adaptação da Norma para a arquivologia seguiu a estrutura da Norma original, buscando proporcionar às instituições arquivísticas um instrumento que subsidiasse a elaboração de uma Política de Segurança da Informação, possibilitando a proteção de informações não digitais de uma forma mais segura e confiável. Para a composição dessa Política, foi realizada a coleta de dados por meio de entrevista estruturada com questões sobre a segurança da informação, fundamentada na Norma ABNT NBR ISO/IEC 27002, tendo como base o estudo anterior e a Adaptação da Norma para o contexto arquivístico. Com a análise dos dados coletados junto ao DAG, podese verificar que os problemas que causam ameaças à segurança da informação não digital no departamento estão relacionados diretamente à deficiência dos perímetros de segurança e à inexistência de um controle de acesso físico incluindo entradas e saídas. A partir dessas ações de segurança, foi possível, juntamente com a Adaptação da Norma, propor controles a serem aplicados a fim de evitar a ocorrência de novos incidentes. Dessa forma, foi possível estruturar o Documento da Política de Segurança da Informação representando a materialização da Política de Segurança de acordo com as necessidades apresentadas pelo DAG. Esse documento servirá com um instrumento de apoio fundamental para instruir funcionários, usuários e terceiros na realização das atividades institucionais. No entanto, cabe ao departamento aprová-lo e implementá-lo, a fim de prevenir incidentes proporcionando, assim, acesso seguro, confiável e contínuo às informações não digitais por ele custodiadas.

Política de segurança da informação

Segurança da informação

Informação arquivística não digital

Patrimônio documental

Information security policy

Information security

Archival information not digital

Documentary heritage

CNPQ::CIENCIAS HUMANAS::HISTORIA

From consensus on neutrality to a divided opinion on NATO : A study of the Swedish foreign- and security policy debate: 1989-2018

Mathiesen, Olof

January 2018

Since the end of the Cold War, Sweden’s security strategy has undergone radical changes. Due to recent years deteriorated security situation in Europe, the debate on Swedish NATO-membership has become more prominent. Previous research has mostly focused on the practical/military implications of the choice of security strategy whereas the knowledge about the political ideas and goals that are behind the choice of security strategy is largely unknow. Based on a qualitative approach, this thesis has studied how the Swedish foreign and security policy debate has changed between 1989–2018. Targeting the Social Democratic party, the Moderate Party, the Centre party and the Liberals, this thesis has described and analyzed these parties’ fundamental goals/values and world views from the perspectives of realism and liberalism. This study finds that there has been several changes both in world views and fundamental goals/values, where the earlier period in this study was more influenced by realism, to where liberalism started to become more prominent in the debate from the late 1990s until 2018, although realism has in some degree come back during recent years.

foreign and security policy

neutrality

military non-aligned

security strategy

NATO

realism

liberalism

international relations

world view

fundamental goals/values.

Political Science

Statsvetenskap

Information Security Culture and Threat Perception : Comprehension and awareness of latent threats in organisational settings concerned with information security

Lambe, Erik

January 2018

A new challenge for organisations in the 21st century is how they should ensure information security in a time and environment where the widespread use of Information Communication Technologies (ICTs), such as smartphones, means that information has been made vulnerable in numerous new ways. Recent research on information security has focused on information security culture and how to successfully communicate security standards within an organisation. This study aims to examine how latent threats to information security are conceptualised and examined within an organisation in which information security is important. Since threats posed by ICTs are said to be latent, this study wishes to explore in what ways an inclusion of threat conceptualisation can have in understanding what constitutes an efficacious information security culture when the intention is to ensure information security. The study focuses on the Swedish armed forces, and compare how threats to information security posed by interaction with private ICTs are communicated in information security policies and how they are conceptualised by the members of the organisation. Through interviews conducted with service members, the findings of this study indicate that it is possible to successfully communicate the contents of information security policies without mandating the members of the organisation to read the sources themselves. Furthermore, the study identified a feature of information security culture, in this paper called supererogatory vigilance to threats to information security, which might be of interest for future studies in this area, since it offers adaptive protection to new threats to information security that goes beyond what the established sources protects against.

Information security

information security culture

information security policy

administration

policy implementation

latent threats

ICT

dynamic frame analysis

Political Science

Statsvetenskap

Striving for security : state responses to violence under the FMLN government in El Salvador, 2009-2014

Hoppert-Flämig, Susan

January 2016

This research focuses on the provision of intrastate security and on the question how states in the global South do or do not provide security for their citizens and do or do not protect them from physical violence. This thesis argues that while institutional conditions are an important aspect of security provision in the global South, more attention needs to be paid to policy processes. Institution building as set out in the literature about Security Sector Reform and statebuilding assumes that it is possible to provide security to all citizens of a state by building democratic state security institutions. However, this is only possible if the state is the predominant force of controlling violence. Research showed that this is rarely the case in countries of the global South. This thesis contends that statehood in the global South is contested due to power struggles between multiple state and non-state elites. It argues that the analysis of security policy processes allows for an analysis of security provision in societies where no centralised control over violence exists. It contributes to a better understanding of the shortcomings of security provision in the global South because it shows the impact of societal and state actors on security policy making. Using the case of security policy making under the first FMLN (Frente Farabundo Martí para la Liberación Nacional, Farabundo Martí Front for National Liberation) government in El Salvador (2009-2014), the thesis shows that, in a contested state policy making does not result from a pact between the state and society or from a social consensus as envisaged by parts of the FMLN and other forces of the New Left in Latin America. Instead, policy making results from elite pacts and elite struggles. This is illustrated in the domination of an ad hoc decision-making mode which describes short-term decisions which are insufficiently implemented and easily reversed or replaced. Thus, security provision as a policy field remains focused on elite interests and does not include the interests of the broader population.

Guia de Preservação e Segurança da Biblioteca Nacional

Spinelli Junior, Jayme

31 March 2009

Submitted by Suemi Higuchi (suemi.higuchi@fgv.br) on 2009-07-30T19:39:08Z No. of bitstreams: 1 CPDOC2009JaymeSpinelliJunior.pdf: 3661975 bytes, checksum: 3e90fc0c8ac41c11288e6da556dd54aa (MD5) / Made available in DSpace on 2009-07-30T19:47:52Z (GMT). No. of bitstreams: 1 CPDOC2009JaymeSpinelliJunior.pdf: 3661975 bytes, checksum: 3e90fc0c8ac41c11288e6da556dd54aa (MD5) / This Guide of Preservation & Security of the National Library of Brazil to safeguard the holdings and the building aims to present guidelines, pathways and routes to procedures and attitudes towards questions of such nature, which are important and vital in an era full of uncertainties. As a base, we consider the knowledge acquired in the field of cultural property preservation and in the field of security policy adopted for bibliographical and documental holdings, researches and the buildings that stores them. The interdisciplinary character related to these fields of knowledge signals the educational improvement of the population as a whole and to our cultural memory. It aims at a changing in the role of man as a critic of nature, as a transforming agent of reality and of himself. / Este Guia de Preservação & Segurança da Biblioteca Nacional para salvaguarda do seu acervo e do seu edifício tem por objetivo apresentar orientações, caminhos e rotas para procedimentos e atitudes relativas as questões desta natureza, importantes e vitais nesta era de tantas incertezas. Como base toma-se o saber adquirido no campo da preservação de bens culturais e no campo da política de segurança adotada para acervos bibliográficos e documentais, para usuários e para os edifícios que os abriga. O caráter interdisciplinar que concerne a estes campos do conhecimento sinaliza para o aprimoramento educacional da população como um todo e para nossa memória cultural. Visa a mudança do papel do homem como crítico da natureza, como agente transformador da realidade e de si próprio.

Preservation of holdings

Preventive conservation

Security policy

Preservação de acervos

Conservação preventiva

Política de segurança

Ciências sociais

Livros - Conservação e restauração

Papel - Conservação e restauração

Biblioteca Nacional (Brasil)

Bibliotecas - Medidas de segurança