NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 682
  • 38
  • 37
  • 14
  • 11
  • 7
  • 6
  • 6
  • 4
  • 4
  • 2
  • 2
  • 2
  • 1
  • 1
  • Tagged with
  • 1060
  • 1060
  • 304
  • 269
  • 219
  • 216
  • 203
  • 195
  • 156
  • 112
  • 110
  • 104
  • 100
  • 94
  • 93
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 81 to 90 of 1060 (0.072 seconds)
81

Security test and evaluation of cross domain systems

Loughry, Joe January 2014 (has links)
In practicable multi-level secure systems it is necessary occasionally to transfer information in violation of security policy. Machines for doing this reliably and securely are called cross domain solutions; systems incorporating them are cross domain systems. Data owners, especially in classified environments, tend to distrust other data owners, other systems and networks, their own users, and developers of cross domain solutions. Hence, data owners demand rigorous testing before they will allow their information into a cross domain system. The interests of data owners are represented by certifiers and accreditors, who test newly developed cross domain solutions and newly installed cross domain systems, respectively. Accreditors have the authority to grant approval to operate and the responsibility for accepting residual risk. Certification and accreditation have always been expensive and time consuming, but there are hidden inefficiencies and unexploited opportunities to predict the actions of accreditors and to control the cost of certification. Some case studies of successful and unsuccessful security certifications and accreditations were analysed using grounded theory methodology. It was discovered that inefficiency arises from conflation of the principle of defence in depth with the practice of independent verification and validation, resulting in an irresistible appearance of cost savings to managers with a possible explanation in the relative maturity of different levels of software engineering organisations with respect to policy, process, and procedures. It was discovered that there is a simple rule relating certifier findings to developer responses that predicts the duration of penetration testing and can be used to bound the schedule. An abstract model of cross domain system accreditation was developed that is sufficiently powerful to reason about collateral, compartmented, and international installations. It was discovered that the behaviour of accreditors satisfies the criteria for reliable signalling in the presence of asymmetric information due to Akerlof, Spence, and Stiglitz.
005.8
Computer security ; cybersecurity
82

A model for integrating information security into the software development life cycle

Futcher, Lynn Ann January 2007 (has links)
It is within highly integrated technology environments that information security is becoming a focal point for designing, developing and deploying software applications. Ensuring a high level of trust in the security and quality of these applications is crucial to their ultimate success. Therefore, information security has become a core requirement for software applications, driven by the need to protect critical assets and the need to build and preserve widespread trust in computing. However, a common weakness that is inherent in the traditional software development methodologies is the lack of attention given to the security aspects of software development. Most of these methodologies do not explicitly include a standardised method for incorporating information security into their life cycles. Meaningful security can be achieved when information security issues are considered as part of a routine development process, and security safeguards are integrated into the software application throughout its life cycle. This, in turn, will lead to users being more confident to use software applications, and to entrust today's computer systems with their personal information. To build better or more secure software, an improved software development process is required. Security of a software application must be based on the risk associated with the application. In order to understand this risk, the relevant information assets need to be identified together with their threats and vulnerabilities. Therefore, security considerations provide input into every phase of the Software Development Life Cycle (SDLC), from requirements gathering to design, implementation, testing and deployment. This research project presents a Secure Software Development Model (SecSDM) for incorporating information security into all phases of the SDLC, from requirements gathering to systems maintenance. The SecSDM is based on many of the recommendations provided by relevant international standards and best practices, for example, the ISO 7498-2 (1989) standard which addresses the underlying security services and mechanisms that form an integral part of the model.
Computer security
Software maintenance
83

The Infopriv model for information privacy

Dreyer, Lucas Cornelius Johannes 20 August 2012 (has links)
D.Phil. (Computer Science) / The privacy of personal information is crucial in today's information systems. Traditional security models are mainly concerned with the protection of information inside a computer system. These models assume that the users of a computer system are trustworthy and will not disclose information to unauthorised parties. However, this assumption does not always apply to information privacy since people are the major cause of privacy violations. Alternative models are, therefore, needed for the protection of personal information in an environment.
Computer security
Privacy, Right of
84

Die afdwinging van sekerheid en integriteit in 'n relasionele databasisomgewing

Kennedy, Renita 30 September 2014 (has links)
M.Com. (Informatics) / Please refer to full text to view abstract
Database security
Computer security
85

Rolprofiele vir die bestuur van inligtingsekerheid

Van der Merwe, Isak Pieter 15 September 2014 (has links)
M.Com. (Informatics) / The aim of this study is to introduce a model that can be used to manage the security profiles by using a role oriented approach. In chapter 1 the addressed problem and the aim of the study, are introduced. In chapter 2 the different approaches used in the management of security profiles and the security profiles in Computer Associates's TOP SECRET and IBM's RACF, are discussed, In chapter 3 the Model for Role Profiles (MoRP) is introduced and discussed. Chapter 4 consists of a consideration of the possible problems of MoRP and an extension of MoRP is discussed.' The extended model is called ExMoRP. Chapter 5 consists of an analysis of the Path Context Model (pCM) for security and the principles of the PCM are added to ExMoRP to enhance security. In chapter 6 ExMoRP, with the principles of the PCM, are applied on a case study: In chapter 7 a methodology for the implementation of ExMoRP in an environment, is introduced. In chapter 8 it is shown how the principles of ExMoRP can be applied in UNIX, In chapter 9 it is shown how the principles of ExMoRP can be applied in Windows NT. In chapter 10 it is shown how the principles of ExMoRP can be applied in ORACLE. Chapter 11 consists of a review of the management of security and the present trends.
Database security
Computer security
86

A model for vulnerability forecasting.

Venter, Hein S. 04 June 2008 (has links)
Internet and network security forms an interesting and topical, yet challenging and developing research domain. In this domain, a taxonomy of information security technologies is identified. This taxonomy is divided into two mainline entities, namely proactive and reactive information security technologies. This thesis is specifically concerned with proactive information security technologies, the focus being on a specific proactive information security technology – vulnerability scanning. Vulnerability scanning is implemented by vulnerability scanner (VS) products. VS products are used proactively to conduct vulnerability scans to identify vulnerabilities so that they can be rectified before they can be exploited by hackers. However, there are currently many problems with state-of-the-art VS products. For example, a vulnerability scan is time-consuming and a vast number of system resources are occupied, leading to the degradation of network and system performance. Furthermore, VS products lack the intelligence that is required to deal with new vulnerabilities that appear like clockwork. Current VS products also differ extensively in the way that they can detect vulnerabilities, as well as in the number of vulnerabilities that they can detect. These problems motivated the researcher to create a model for vulnerability forecasting (VF). The uniqueness of the VF model lies in its holistic approach to addressing these problems while maintaining its end goal – that of being able to do a vulnerability forecast of how vulnerabilities will occur in the near future. Such a vulnerability forecast would, therefore, enable an organisation to use it proactively as part of a risk management scheme. Furthermore, in order to demonstrate the feasibility of implementing the proposed model, a report on the development of a prototype for vulnerability forecasting is included. Rather than reinventing the wheel, the prototype incorporates the use of current state-of-the-art VS products in its VF process. This is advantageous in the sense that the prototype is independent of a specific VS product. It is because of the latter that a standardisation technique had to be used to refer to vulnerabilities in the same way since different VS products do not refer to and detect similar vulnerabilities in the same way. This standardisation technique introduced in this thesis is known as harmonising vulnerability categories. This thesis contributes to the understanding of vulnerability scanning techniques and how vulnerability scanning can be utilised more effectively by doing vulnerability forecasting. The thesis also paves the way for numerous potential future research projects in the domain of Internet and network security. / Prof. J.H.P. Eloff
forecasting
computer security
87

Information security culture.

Martins, Adele 24 April 2008 (has links)
The current study originated from the realisation that information security is no longer solely dependent on technology. Information security breaches are often caused by users, most of the time internal to the organisation, who compromise the technology-driven solutions. This interaction between people and the information systems is seemingly the weakest link in information security. A people-oriented approach is needed to address this problem. Incorporating the human element into information security could be done by creating an information security culture. This culture can then focus on the behaviour of users in the information technology environment. The study is therefore principally aimed at making a contribution to information security by addressing information security culture and, for this reason, culminates in the development of an information security culture model and assessment approach. While developing the model, special care was taken to incorporate the behaviour of people in the working environment and hence organisational behaviour coupled with issues concerning information security culture that need to be addressed. An information security culture assessment approach is developed consisting of a questionnaire to assess whether an organisation has an adequate level of information security culture. The assessment approach is illustrated through a case study. Below is an overview of the framework within which the research was conducted: The dissertation consists of four parts. Chapters 1 and 2 constitute Part 1: Introduction and background. Chapter 1 serves as an introduction to the research study by providing the primary motivation for the study and defining the problems and issues to be addressed. In addition, the chapter is devoted to defining a set of standard terms and concepts used throughout the study. The chapter concludes with an overview of the remaining chapters. Chapter 2 gives some background to information security culture and discusses its evolution to date. There is a new trend in information security to incorporate the human element through an information security culture. Information security is divided into two different levels. Level 1 focuses on the human aspects of information security, such as the information security culture, and level 2 incorporates the technical aspects of information security. Part 2: Information security culture model is covered in chapters 3, 4 and 5. In chapter 3, the concept of information security culture is researched. Different perspectives are examined to identify issues that need to be considered when addressing information security culture. A definition of information security culture is constructed based on organisational culture. Chapter 4 is devoted to developing a model that can be used to promote an information security culture. This model incorporates the concept of organisational behaviour as well as the issues identified in chapter 3. Chapter 5 builds upon the information security culture model and aims to identify practical tasks to address in order to implement the model. In Part 3: Assessing information security culture, chapters 6 to 10, attention is given to the assessment of an information security culture, giving management an indication of how adequately the culture is promoted through the model. Chapter 6 considers the use of available approaches such as ISO17799 to aid in promoting and assessing an information security culture. This approach is evaluated against the definition of information security culture and the information security culture model in order to determine whether it could assess information security culture in an acceptable manner. The next four chapters, namely chapters 7 to 10, are devoted to the development of an information security culture assessment approach consisting of four phases. Chapter 7 discusses phase 1. In this phase a questionnaire is developed based on the information security culture model. Chapter 8 uses the information security culture questionnaire as part of a survey in a case study. This case study illustrates phase 2 as well as what information can be obtained through the questionnaire. In chapter 9 the data obtained through the survey is analysed statistically and presented (phase 3). The level of information security culture is then discussed in chapter 10, with interpretations and recommendations to improve the culture (phase 4). Chapter 11 in Part 4: Conclusion serves as a concluding chapter in which the usefulness and limitations of the proposed model and assessment approach are highlighted. The research study culminates in a discussion of those aspects of information security culture that could bear further research. / Prof. J.H.P. Eloff
computer security
data protection
88

Die ontwikkeling van 'n kategoriseringsmeganisme vir beheermaatreëls in die veld van rekenaarsekerheid en die koppeling daarvan met standaarde vir beheermaatreëls

Bosch, Christiaan Johannes 20 November 2014 (has links)
M.Sc. (Informatics) / Please refer to full text to view abstract
Computer security
Information technology
89

An appraisal of secure, wireless grid-enabled data warehousing

Seelo, Gaolathe January 2007 (has links)
In most research, appropriate collections of data play a significant role in aiding decision-making processes. This is more critical if the data is being accessed across organisational barriers. Further, for the data to be mined and analysed efficiently, to aid decision-making processes, it must be harnessed in a suitably-structured fashion. There is, for example, a need to perform diverse data analyses and interpretation of structured (non-personal) HIV/AIDS patient-data from various quarters in South Africa. Although this data does exist, to some extent, it is autonomously owned and stored in disparate data storages, and not readily available to all interested parties. In order to put this data to meaningful use, it is imperative to integrate and store this data in a manner in which it can be better utilized by all those involved in the ontological field. This implies integration of (and hence, interoperability), and appropriate accessibility to, the information systems of the autonomous organizations providing data and data-processing. This is a typical problem-scenario for a Virtual Inter-Organisational Information System (VIOIS), proposed in this study. The VIOIS envisaged is a hypothetical, secure, Wireless Grid-enabled Data Warehouse (WGDW) that enables IOIS interaction, such as the storage and processing of HIV/AIDS patient-data to be utilized for HIV/AIDS-specific research. The proposed WDGW offers a methodical approach for arriving at such a collaborative (HIV/AIDS research) integrated system. The proposed WDGW is virtual community that consists mainly of data-providers, service-providers and information-consumers. The WGDW-basis resulted from systematic literaturesurvey that covered a variety of technologies and standards that support datastorage, data-management, computation and connectivity between virtual community members in Grid computing contexts. A Grid computing paradigm is proposed for data-storage, data management and computation in the WGDW. Informational or analytical processing will be enabled through data warehousing while connectivity will be attained wirelessly (for addressing the paucity of connectivity infrastructure in rural parts of developing countries, like South Africa).
Data warehousing
Computer security
90

A policy framework for management of distributed systems

Damianou, Nicodemos Constantinou January 2002 (has links)
No description available.
005
Computer security

Page generated in 0.0802 seconds