Global ETD Search

31	An integrated intelligent approach to enhance the security control of it systems : a proactive approach to security control using artificial fuzzy logic to strengthen the authentication process and reduce the risk of phishing Salem, Omran S. A. January 2012 (has links) Hacking information systems is continuously on the increase. Social engineering attacks is performed by manipulating the weakest link in the security chain; people. Consequently, this type of attack has gained a higher rate of success than a technical attack. Based in Expert Systems, this study proposes a proactive and integrated Intelligent Social Engineering Security Model to mitigate the human risk and reduce the impact of social engineering attacks. Many computer users do not have enough security knowledge to be able to select a strong password for their authentication. The author has attempted to implement a novel quantitative approach to achieve strong passwords. A new fuzzy logic tool is being developed to evaluate password strength and measures the password strength based on dictionary attack, time crack and shoulder surfing attack (social engineering). A comparative study of existing tools used by major companies such as Microsoft, Google, CertainKey, Yahoo and Facebook are used to validate the proposed model and tool. A comprehensive literature survey and analytical study performed on phishing emails representing social engineering attacks that are directly related to financial fraud are presented and compared with other security threats. This research proposes a novel approach that successfully addresses social engineering attacks. Another intelligent tool is developed to discover phishing messages and provide educational feedback to the user focusing on the visible part of the incoming emails, considering the email’s source code and providing an in-line awareness security feedback.
32	Sjuksköterskors uppfattningar ominformationssäkerhet : en kvalitativ intervjustudie Karlsson, Kerstin January 2007 (has links) Inom hälso- och sjukvården hanteras känslig patientinformation. I framtiden kommer alltmer information att lagras elektroniskt och därmed bli mer lättillgänglig. Användarna av informationssystemen kan vara en säkerhetsrisk. Metoderna som används vid intrångsförsök inriktas alltmer på att involvera människor istället för att enbart använda sig av teknik. Syftet med detta arbete är att undersöka användarnas upplevelse och medvetenhet om icke tekniska hot mot informationssäkerheten för digitalt lagrad patientinformation. Datainsamlingen genomfördes i form av kvalitativa intervjuer med sjuksköterskor anställda på ett sjukhus i västra Sverige. Resultatet visar att det allt överskuggande upplevda hotet var intrång och förlust av sekretess i den elektroniska patientjournalen. Hoten uppfattades som interna främst från personal och till viss del från patienter. Intrång av externa aktörer ansågs osannolikt och av mer teknisk natur. En social engineering attack skulle kunna vara lyckosam, skadan som skulle kunna åstadkommas förstärks av icke fungerande utloggningsrutiner, kombinerat med vissa brister i lösenordshanteringen och användarnas omedvetenhet om hoten. Informationssäkerhet Social engineering Elektroniska patientjournaler Sjuksköterskor Säkerhetsmedvetenhet. Information Systems
33	Projetos para as novas gerações: juventudes e relações de força na política brasileira (1926-1945) / Projects for the new generations: youth and relations of power in brazilian politics (1926-1945) Márcio Santos de Santana 10 November 2009 (has links) A primeira metade do século XX foi marcada por uma profunda alteração no tratamento dado à Questão Social. O Estado assumiu a gestão do problema alterando a maneira de lidar com o segmento pobre da sociedade. A gradual transição de um Estado Liberal para um Estado Corporativo, iniciada na década de 20, foi um marco na intervenção na área social. Forte engenharia social teve início no Brasil nessa época. À direita ou à esquerda do espectro político, grupos plenamente constituídos buscaram na juventude a força social renovadora. Esta tese analisa as disputas pelo controle do poder no Brasil, especificamente a disputa pela juventude, grupo social tido como essencial para reprodução dos projetos políticos em confronto. / The first half of the twentieth century was marked by a profound change in the treatment given to the Social Question. The state took over management of the problem by changing the way of dealing with the poor segment of society. The gradual transition from a Liberal State to a Corporate State, started in the decade of 20, was a mark in the intervention in social problems. Strong social engineering began in Brazil at that time. To the right or left of the political spectrum, fully formed groups sought to force the youth social novel. This thesis analyzes the dispute for control of power in Brazil, specifically the dispute for youth, social group considered essential for replication of the projects in political confrontation. Keywords: Youth Social Matter. Engenharia social Juventude Política Questão social Politics Social engineering Social matter Youth
34	Företagens skydd mot phishing / Company's Protection Against Phising Magnusson, Patrik January 2017 (has links) Denna studie kommer undersöka hur företag hanterar phishinghotet. Phishingmail är ettangreppssätt som faller in i begreppet social engineering och kan användas för att luramänniskor att uppge information som de inte ska dela med sig av. Ett phishingmail har sommål att efterlikna ett vanligt mail som tillexempel en fakturapåminnelse. Men istället för attpengarna går till den angivna avsändaren kan attackeraren istället kapa bankuppgifterna. Målet med attacken kan vara olika, det kan vara att ta del av information så sombankuppgifter och eller lösenord. Det kan också sprida skadlig kod som infekterarmottagarens dator med virus. Phishingmail kan se ut på olika sätt och det gör det svårt att geett exakt exempel på hur ett phishingmail ser ut. Målet med denna studie är att ge en uppfattning av hur företag som intervjuas hanterarphishingattacker. Studien har som syfte att identifiera problem, för att ge en bild avhanteringen av phishingattacker. Bilden kommer besvara frågor som, vilka policys finns föratt motverka hotet, hur och när utbildas de anställda samt hur ser de själva på phishing somhot? Sammanställningen bestå av intervjuer från anställda på olika företag som ansvarar förinformationssäkerheten. Efter att intervjuerna genomförts sammanfattas svaren för att kunna utförasammanställningen. Målet med sammanställningen är att redovisa ett resultat som besvararfrågan, vilka åtgärder som finns hos organisationerna för att motverka phishinghotet.Sammanställningen har delats upp i tre huvudgrupper: handlingsplan, utbildning och kultur.Genom att placera in svaren i rätt huvudgrupp blir det en helhetsbild och ett resultat kanpresenteras.Företagen visar förståelse för i vilka problem phishingmail kan ge ett företag. Det finns i regelåtgärder på varje företag för att motverka och förminska hotet. Viss utbildning ges tillanställda. Men phishing anses inte vara ett så stort hot. Den generella uppfattningen frånföretagen är att phishing inte anses vara ett stort hot. Samtidigt berättar dom om händelser däranställda öppnar skadliga mail trotts att det inte finns något hot enligt dom själva. Efter genomförda intervjuer och insamling av information kunde en eventuell annan bristpresenteras. Flera utav de företag som kontaktades ville inte ställa upp på studien på grund avolika anledningar. Så som att det inte fanns någon IT-avdelning eller ren okunskap inomämnet. Detta kan visa på att det finns brister hos flera företag där det inte finns enhelhetslösning på hur informations ska säkras upp och hur informationssäkerheten ska utvecklas. phishing social engineering phishinghot mot företag Other Computer and Information Science Annan data- och informationsvetenskap
35	Leveraging Scalable Data Analysis to Proactively Bolster the Anti-Phishing Ecosystem January 2020 (has links) abstract: Despite an abundance of defenses that work to protect Internet users from online threats, malicious actors continue deploying relentless large-scale phishing attacks that target these users. Effectively mitigating phishing attacks remains a challenge for the security community due to attackers' ability to evolve and adapt to defenses, the cross-organizational nature of the infrastructure abused for phishing, and discrepancies between theoretical and realistic anti-phishing systems. Although technical countermeasures cannot always compensate for the human weakness exploited by social engineers, maintaining a clear and up-to-date understanding of the motivation behind---and execution of---modern phishing attacks is essential to optimizing such countermeasures. In this dissertation, I analyze the state of the anti-phishing ecosystem and show that phishers use evasion techniques, including cloaking, to bypass anti-phishing mitigations in hopes of maximizing the return-on-investment of their attacks. I develop three novel, scalable data-collection and analysis frameworks to pinpoint the ecosystem vulnerabilities that sophisticated phishing websites exploit. The frameworks, which operate on real-world data and are designed for continuous deployment by anti-phishing organizations, empirically measure the robustness of industry-standard anti-phishing blacklists (PhishFarm and PhishTime) and proactively detect and map phishing attacks prior to launch (Golden Hour). Using these frameworks, I conduct a longitudinal study of blacklist performance and the first large-scale end-to-end analysis of phishing attacks (from spamming through monetization). As a result, I thoroughly characterize modern phishing websites and identify desirable characteristics for enhanced anti-phishing systems, such as more reliable methods for the ecosystem to collectively detect phishing websites and meaningfully share the corresponding intelligence. In addition, findings from these studies led to actionable security recommendations that were implemented by key organizations within the ecosystem to help improve the security of Internet users worldwide. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2020 Computer science browser blacklists cybercrime internet phishing social engineering web security
36	Spearphishing : En kvalitativ intervjustudie om hur medvetenhet och utbildning påverkar användare och organisationer / Spearphishing : A qualitative interview study on how awareness and education affect users and organizations Nehm, Christoffer, Wretman, Fredrik January 2020 (has links) The purpose of this work is to demonstrate different opportunities to counter spear phishing in an organization. Data has been collected through 15 interview situations through semi-structured interviews and then analyzed using a thematic analysis method linked to the study's theory regarding social psychological factors. The result shows that education and awareness regarding IT-security is generally low among respondents. The result also shows that it is of great importance for users and organizations to understand and be able to protect themselves against Social engineering and specifically spearphishing. Furthermore, it was found that everyone in an organization needs to know about threats and risks so that the organization will not suffer badly in the event of attack attempts. Spearphishing social engineering användare IT- miljö medvetenhet utbildning Computer and Information Sciences Data- och informationsvetenskap
37	Understanding Susceptibility to Social Engineering Attacks Through Online Privacy Behaviors Glaris Lancia Raja Arul (11794286) 19 December 2021 (has links) <p>Human-based social engineering attacks continue to grow in popularity, with increasing numbers of cases reported yearly. This can be accredited to the ease with which common social engineering attacks can be launched, and the abundance of information available online that attackers can use against their targets. Current mitigative strategies and awareness trainings against social engineering attacks incorporate an understanding of the major factors that influence individual susceptibility to social engineering attacks. These strategies emphasize an engagement in secure behaviors and practices, especially with respect to identifying the key indicators in any form of communication or situation that can classify it as a social engineering attack. There is also an emphasis on restricting the amount of information that individuals should share about themselves in workplace settings. However, these approaches do not comprehensively consider the different intrinsic motivations that individuals develop to engage in the protective behaviors necessary to assure their safety against social engineering attacks, regardless of environment. Individual attitudes and behaviors about online privacy could hold the key to defending oneself by way of restricting unwarranted access to associated information online. Psychological traits and attitudes developed in response to the perception of social engineering as a threat could act as motivators for engaging in privacy protective behaviors, which in turn could affect the extent to which an individual can protect themselves from social engineering attacks. This thesis investigates the role of privacy protective behaviors in impacting an individual’s susceptibility to social engineering attacks and the impacts of specific privacy factors as motivating antecedents to engagement in privacy protective behaviors.</p> Online Privacy Social Engineering Privacy Behaviors
38	Zvýšení bezpečnostního povědomí ve společnosti / Increasing security awareness in the company Novák, Petr January 2021 (has links) The master’s thesis is focused on increasing security awareness in the company. The first chapter contains the theoretical background, which is necessary for creating a security education system. The second chapter deals with the analysis of the current situation, which is needed for determinating the need to increase security awareness. The third and last chapter contains the design of the education system itself.
39	Informationssäkerhet : Informell säkerhet inom informationssäkerhetsrevisioner / Information security : Informal security within information security revisions Andersson, Adam, Gårdenheim, Simon, Josefsson, Anton January 2020 (has links) Informell säkerhet är en kategori inom informationssäkerhet som innefattar människors attityder, uppfattningar och värderingar. Trots att informationssäkerhetsrevisioner utförs regelbundet mot organisationer är det oklart hur mycket informell säkerhet appliceras i dessa revisioner. Syftet med denna studie är att undersöka informell säkerhet och hur denna appliceras i informationssäkerhetsrevisioner. Undersökningen görs genom en tematisk analys av semi-strukturerade intervjuer.Resultatet av studien påvisar att det finns en bristande medvetenhet gällande informell säkerhet hos organisationer. Prioriteringarna hos organisationerna är istället den tekniska säkerheten. Studien uppmärksammar vikten av informell säkerhet och att denna inte glöms bort jämfört med de tekniska säkerhetsaspekterna.Slutsatsen i studien är att det krävs mer forskning inom området som både fokuserar på informell säkerhet i sin helhet men även hur informell säkerhet förhåller sig till organisationskultur. Det finns ett antal förbättringsområden inom området, mestadels kopplade till medvetenhet och utbildningsinsatser. Det fundamentala förbättringsområdet identifierades dock i att organisationer får en grundlig och klar insyn i vikten av väl hanterad informell säkerhet. / Informal security is a subcategory of information security that includes people's attitudes, perceptions and values. Although information security audits are regularly performed towards organizations, it is unclear how much informal security is applied in these audits. The purpose of this study is to examine informal security and how it is applied in information security audits by organizations. This is done through thematic analysis of semi-structured interviews. The results of the study show that there is a lack of awareness regarding informal security in organizations. The priorities of these organizations are instead technical security. What the study highlights is the importance of informal security and that it should be given the same amount of attention as the technical safety aspects. The study concludes that more research is needed about the subject informal security but also how informal security relates to organizational culture. There are several areas of improvement within the study, mostly linked to awareness and educational efforts. However, the fundamental area of improvement was identified as organizations realizing the importance of informal security. Informatik Informationssäkerhetsrevisioner Informell Säkerhet ISO27000 Organisationskultur Social Engineering Säkerhetsrevisioner Information Systems
40	Exploring SME Vulnerabilities to Cyber-criminal Activities Through Employee Behavior and Internet Access Twisdale, Jerry Allen 01 January 2018 (has links) Cybercriminal activity may be a relatively new concern to small and medium enterprises (SMEs), but it has the potential to create financial and liability issues for SME organizations. The problem is that SMEs are a future growth target for cybercrime activity as larger corporations begin to address security issues to reduce cybercriminal risks and vulnerabilities. The purpose of this study was to explore a small business owner's knowledge about to the principal elements of decision making for SME investment into cybersecurity education for employees with respect to internet access and employee vulnerabilities. The theoretical framework consisted of the psychological studies by Bandura and Jaishankar that might affect individual decision making in terms of employee risks created through internet use. This qualitative case study involved a participant interview and workplace observations to solicit a small rural business owner's knowledge of cybercriminal exploitation of employees through internet activities such as social media and the potential exploitation of workers by social engineers. Word frequency analysis of the collected data concluded that SME owners are ill equipped to combat employee exploitation of their business through social engineering. Qualitative research is consistent with understanding the decision factors for cost, technical support, and security threat prevention SME organizational leadership use and is the focus of this study as emergent themes. The expectation is that this study will aid in the prevention of social engineering tactics against SME employees and provide a platform for future research for SMEs and cybercriminal activity prevention. cybercrime cyber security information security information security management Small and medium enterprises social engineering Databases and Information Systems

Search results