11 |
Le contrôle d'accès des réseaux et grandes infrastructures critiques distribuées / Access control in distributed networks and critical infrastructuresAmeziane El Hassani, Abdeljebar 23 April 2016 (has links)
La stabilité et le développement des nations dépendent grandement de leurs Infrastructures Critiques (IC). Vu leur importance, de nombreuses menaces guettent leurs systèmes d’information - aussi appelés Infrastructures d’Information Critiques (IIC) -, parmi elles: les atteintes à l’intégrité de leurs données et processus informatisés ainsi que les abus pouvant survenir au cours des collaborations avec d’autres parties. L’intégrité d’une information, qui est sa propriété de ne pas être altérée, est primordiale pour les IIC puisqu’elles manipulent et génèrent des informations devant nécessairement être correctes et fiables. Dans un contexte de mondialisation et d’ouverture, les IC ne peuvent évoluer sans collaborer avec leur environnement. Toutefois, cela n’est pas sans risques puisque les ressources qu’elles engagent peuvent faire l’objet de corruptions et de sabotages. Tentant de réduire les risques de corruptions pouvant émaner de l’intérieur comme de l’extérieur, nous avons œuvré à l’amélioration du mécanisme de contrôle d’accès. Incontournable, il vise à limiter les actions auxquelles peuvent prétendre les utilisateurs légitimes du système, conformément à la politique de sécurité de l’organisation. La pertinence et la finesse de cette dernière impacte grandement l’efficacité du mécanisme. Ainsi, les modèles de contrôle d’accès sont utilisés pour faciliter l’expression et l’administration desdites politiques. OrBAC est un modèle riche et dynamique, satisfaisant plusieurs besoins des IIC, en revanche il reste limité quant à la prise en charge de l’intégrité, aussi bien en contexte localisé que distribué. Ainsi, nous avons proposé une extension d’OrBAC pour les environnements localisés, Integrity-OrBAC (I-OrBAC), qui tient compte de contraintes réelles liées à l’intégrité pour statuer sur les requêtes d’accès. I-OrBAC intègre des paramètres issus de l’application de méthodes d’analyse de risques pour refléter les besoins des ressources passives et apprécier, à leur juste valeur, les habilitations des sujets. Cela nous a orientés vers une modélisation en multi-niveaux d’intégrité qui favorisera la priorisation des biens sensibles, comme la stipule les programmes de protection des IC. Dans I-OrBAC, les niveaux d’intégrité servent aussi bien à contraindre l’attribution des privilèges qu’à la rendre plus flexible : ces niveaux restreignent les accès pour garantir que seuls les utilisateurs chevronnés accèdent aux ressources sensibles, mais permettent aussi aux sujets de différents rôles de réaliser une même tâche, étant bien sûr assujettis à des niveaux seuils différents. Pour rendre I-OrBAC proactif - non limité à statuer uniquement sur les requêtes d’accès - nous avons proposé un algorithme qui vise à déterminer le sujet le plus adéquat, parmi les rôles prioritaires, pour la réalisation d’une tâche sans attendre que les sujets n’en fassent la requête. L’algorithme est décrit par un système d’inférence pour faciliter sa compréhension tout en favorisant la conduite de raisonnements logiques et la dérivation de conclusions. Nous avons proposé une implémentation de notre modèle dans le cadre d’une étude de cas tirée du projet européen FP7 CRUTIAL relatif aux réseaux de transport et de distribution d’électricité. Finalement, pour pallier les problèmes issus des collaborations, nous avons fait appel aux contrats électroniques pour étendre I-OrBAC aux environnements distribués - l’extension Distributed IOrBAC (DI-OrBAC). Ces pactes servent non seulement à définir le contexte, les clauses ainsi que les activités à réaliser mais aussi à prévenir l’occurrence de litiges et à les résoudre. Toutefois, nous avons dû concevoir des mécanismes adaptés à notre modèle I-OrBAC pour leur négociation et leur application. / Nations stability and development depend deeply on their Critical Infrastructures (CI). Given their importance, many threats target their information systems - also called Critical Information Infrastructures (CII) -, among them: the attacks against integrity of their data and computerized processes and the abuses that may occur during the collaborations with other parties. Information integrity, that is its property of not being corrupted, is paramount to the CII as they manipulate and generate information that must necessarily be correct and reliable. In the context of globalization and openness, CI cannot evolve without collaborating with their environment. However, this is not without risks, since their resources can be targets of corruptions and sabotages. Trying to reduce corruption risks that may occur both from inside and outside, we focused on improving the access control mechanism. Being necessary, it aims to limit the actions of the system legitimate users in accordance with the organization security policy. The relevance and the fine-grained property of the policy impact the effectiveness of the mechanism. Therefore, access control models are used to facilitate the expression and the administration of such policies. OrBAC is a rich and dynamic model, satisfying several CII needs; however it remains limited as to the support of integrity, both in local and distributed environments. Thus, we proposed an OrBAC extension for local environments, Integrity-OrBAC (IOrBAC), which takes into account real integrity constraints to rule on access requests. I-OrBAC includes some parameters extracted from the application of risk analysis methods to reflect passive resources needs and appreciate pertinently subjects’ clearances. This led us to a multi integrity levels modeling, that promotes the prioritization of sensitive resources just like the CI protection programs do. In I-OrBAC the integrity levels are used both to constraint the assignment of privileges and to make it more flexible: these levels restrict access to ensure that only experienced users access sensitive resources but also allow subjects of different roles to perform the same task, of course being subject to different threshold levels. To make IOrBAC proactive - not only being limited to ruling on access requests - we proposed an algorithm that aims to determine the most appropriate subject, among the priority roles, for achieving a task without waiting for subjects to request it. The algorithm is described by an inference system to ease its understanding while promoting the conduct of logical reasoning and deriving conclusions. We proposed an implementation of our model through a case study drawn from the FP7 European project (CRUTIAL) on electrical energy transmission and distribution. Finally, to address problems that arise from collaborations, we used electronic contracts to enrich and extend IOrBAC to serve in distributed environments - the extension is called Distributed I-OrBAC (DI-OrBAC). These agreements aim, on the one hand, to define the context, terms and activities to be achieved and serve, on the other hand, to prevent and resolve the disputes. However, we had to design appropriate mechanisms for our I-OrBAC model in order to lead correct negotiations and rigorous enforcement of these contracts.
|
12 |
A ágora digital, a competência crítica em informação e a cidadania ampliada: uma construção possívelBrisola, Anna Cristina Caldeira de Andrada Sobral 31 March 2016 (has links)
Submitted by Priscilla Araujo (priscilla@ibict.br) on 2016-10-10T17:57:29Z
No. of bitstreams: 2
license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5)
DISSERTAÇÃO_VERS FINAL_A ágora midiática digital a competência crítica informacional e a cidadani.pdf: 795100 bytes, checksum: ba176b65e9e96b9ec09298d9d869cd64 (MD5) / Made available in DSpace on 2016-10-10T17:57:29Z (GMT). No. of bitstreams: 2
license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5)
DISSERTAÇÃO_VERS FINAL_A ágora midiática digital a competência crítica informacional e a cidadani.pdf: 795100 bytes, checksum: ba176b65e9e96b9ec09298d9d869cd64 (MD5)
Previous issue date: 2016-03-31 / Esta pesquisa procura traçar um caminho para a discussão da competência crítica em informação
voltada ao projeto de uma cidadania ampliada na ágora digital, percorrendo os conceitos envolvidos
neste assunto. Para atingir os aspectos relevantes para a C.I. a respeito desta competência é
necessário compreender a ágora, a cidadania, os atributos de um cidadão engajado, o meio digital e
as redes sociais digitais, bem como as influências atuantes sobre o cidadão e as redes. É preciso
compreender a democracia e os movimentos sociais, além de entender o que é inclusão e letramento
digital, competência em informação, competência crítica e competência para a cidadania ampliada.
O objetivo maior é pensar em como despertar o gosto pela informação e pela construção do
conhecimento a fim de estimular o exercício de uma cidadania participativa. Muitos autores foram
necessários para singrar este caminho. É um longo caminho a trilhar, mas necessário à C.I. e de sua
responsabilidade, já que se trata de colaborar com a formação do conhecimento no cidadão que
convive neste cibermundo contemporâneo. / This research tries to draw a path to the discussion of the critical literacy This research tries to draw
a path to the discussion of the critical in digital agora, wandering through the concepts involved in
this subject. TTo reach the relevant aspects to the Science of Information regarding this literacy is
necessary to understand the agora, the citizenship, the qualities of an engaged citizen, the digital
media and the digital social networks, as well as the influences that act on both the citizen and the
networks. It is needed to understand democracy and the social movements, in addition to
understanding what is the digital inclusion and literacy, proficiency in information, critical literacy
and literacy for expanded citizenship. The greater goal is to think about how to awaken a taste for
information and for the construction of knowledge to the point of stimulating the practice of a
participating citizenship. Many authors were needed to walk along this path. It is a long path, but it
is essential to the Science of Information and its responsibility, as it's about collaborating in the
shaping of the knowledge of the citizen that live in this contemporary cyber world.
|
13 |
Competência crítica em informação nas escolas ocupadas do Rio de JaneiroDoyle, Andréa 17 February 2017 (has links)
Submitted by Priscilla Araujo (priscilla@ibict.br) on 2018-04-03T19:09:17Z
No. of bitstreams: 2
license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5)
Dissertacao_AndreaDoyle_Capa_Dura.pdf: 2918363 bytes, checksum: fda9277912a55b685b8168a7d0a945d9 (MD5) / Made available in DSpace on 2018-04-03T19:09:17Z (GMT). No. of bitstreams: 2
license_rdf: 0 bytes, checksum: d41d8cd98f00b204e9800998ecf8427e (MD5)
Dissertacao_AndreaDoyle_Capa_Dura.pdf: 2918363 bytes, checksum: fda9277912a55b685b8168a7d0a945d9 (MD5)
Previous issue date: 2017-02-17 / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / A presente pesquisa investiga, à luz da Ciência da Informação, novas práticas
informacionais e educativas desenvolvidas nas ocupações das escolas estaduais do
Rio de Janeiro. O trabalho tem por objetivo compreender a contribuição das
ocupações para a educação a partir do conceito de competência crítica em
informação. Seus objetivos específicos são: mapear o acesso dos estudantes a
espaços de informação escolares consagrados (biblioteca, sala de informática e
laboratórios de ciências) antes, durante e depois da ocupação; identificar fontes de
informação geradas a partir das atividades desenvolvidas nas ocupações; e discutir
a percepção dos estudantes sobre as informações veiculadas na mídia a respeito
das ocupações. Para sua realização, foi adotada uma abordagem qualitativa que
inclui o método etnográfico, que inspirou as visitas da fase exploratória, a pesquisa
bibliográfica para definir o referencial teórico e a entrevista semi-estruturada em
grupo para fazer o balanço dos ganhos e perdas do movimento de ocupação. O
referencial teórico inclui autores reagrupados sob a categoria pedagogia crítica,
assim como outros incluídos na categoria competência em informação (CoInfo),
além dos que contribuem com visões sobre as teorias críticas e o conceito de regime
de informação. Os resultados obtidos pela análise das entrevistas mostram que o
acesso aos espaços informacionais ainda é restrito, que a multiplicação das fontes
de informação durante as ocupações contribuiu para tornar o aprendizado mais rico
e que a percepção geral das mídias foi modificada a partir da experiência de
ocupação. Conclui que, para além das conquistas do movimento como acesso a
alguns espaços informacionais, maior participação nas decisões escolares por meio
das eleições diretas para direção e grêmio, verba emergencial, entre outras, as
práticas das ocupações tornaram seus organizadores indivíduos mais críticos e mais
preparados para o aprendizado ao longo da vida. / This research investigates, enlightened by Information Science, new information and
education practices developed during the occupation of Rio de Janeiro state schools.
The objective of this work is to understand the contribution of occupations to
education through the concept of critical information literacy. Its specific objectives
are: to map students' access to traditional school information spaces (library,
computer room and science labs) before, during and after the occupation; to identify
sources of information generated from the activities developed in the occupations;
and to discuss the students' perceptions of the information conveyed by the media
about the occupations. The theoretical framework includes authors who are grouped
under the category of critical pedagogy, as well as others included in the category of
information literacy, in addition to those that contribute with insights on critical
theories and the concept of information regime. A qualitative approach was adopted
that includes the ethnographic method, which inspired the exploratory phase of visits,
the bibliographical research in order to define the theoretical reference and the semistructured
group interview to evaluate gains and losses of the occupation movement.
The results obtained by the analysis of the interviews show that access to
informational spaces is still restricted, that the multiplication of information sources
during the occupations contributed to enrich the learning process and that the
general perception of the media was modified from the experience of occupation. It
concludes that, in addition to the achievements of the movement such as access to
some informational spaces, greater participation in school decisions through direct
elections for headmaster and students’ guild, emergency funding, among others,
practices developed during the occupations have made its organizers individuals
more critical and better prepared for life-long learning.
|
14 |
Zákon o kybernetické bezpečnosti a jeho dopady na povinné subjekty / The Cyber Security Act and its impacts on obliged entitiesDraganov, Vojtěch January 2016 (has links)
The thesis looks into the act No. 181/2014 Coll. Cyber Security Act (hereinafter referred to as "CSA") and its impact on obliged entities with focus on the regional authorities of the Czech Republic. The thesis starts with introduction into the issue of the CSA and cybersecurity from the point of view of the state, subsequently it refocuses on the level of regulated organizations. The main pillar and contribution of the thesis is the CSA analysis with the aim to identify impact of the CSA in the obliged entities. Based on this analysis author designed the questionnaire survey of the CSA impact on the regional authorities. The survey relates to information security management system, kinds of burden stemmed from the CSA implementation, willingness to use funding from the European Regional Development Fund (ERDF) to implement the CSA, a possibility to outsource the cybersecurity and also opinions of the county council staff about the CSA. The survey shows that in spite of a pressure on standardization stemming from legal framework, county councils differs significantly in regard to information security management systems. On the other hand, respondents agreed on positive impact of the CSA on improvement of information and the cyber security although the CSA brings significant financial and organizational load to the organization. The survey also shows that some regional authorities only start to implement cybersecurity currently. The cybersecurity evolves in the researched organization quite dynamically and it would be beneficial to repeat the impact analyses again, after first wave of the CSA implementation will be finished.
|
15 |
Správa uživatelů jako zdroje rizik / Managing Users as a Source of RiskPospíšil, Petr January 2017 (has links)
This diploma thesis focuses on human resources mainly in Critical information infrastructure and Important information systems. Thesis focuses on the most frequent threats for users and design possible model of threat reduction. Integral part of results is designing of effective security awareness education program according to the Law on Cyber Security.
|
16 |
Metodika asistovaného zhodnocení / Methodology of a security auditKroupová, Hana January 2019 (has links)
The master‘s thesis is focused on security audit. The aim of this thesis is to create methodology, which might help with creating security audits and research current condition of cybernetic and information security in a business establishment. Theoretical part explains basic terms and concepts about cyber and information security. Own interpretation consist description of methodological areas of security audit.
|
17 |
Bezpečnostní rizika podle standardu ISO 27001 / Security risks according to ISO 27001Doubková, Veronika January 2020 (has links)
This diploma thesis deals with the management of security information, according to ISO/IEC 27005 and it is implementation in the Verinice software environment. The risk information management process is applied to a critical infrastructure, that is connected to a optical fiber network. The work focuses on incidents aimed at threatening data from optical threats and active network elements in transmission systems. The result of the work is defined as a risk file in the .VNA format containing identified risks, for which appropriate measures are implemented in connection with the requirements of ISO/IEC 27001, for the protection of critical infrastructures and transmitted data in the transmission system.
|
18 |
Implementace nástroje pro řízení kybernetické bezpečnosti / Implementation of a tool for cyber security managementStrachová, Zuzana January 2021 (has links)
The thesis is focused on the implementation of a software tool to increase the effectiveness of cyber security management. The tool is implemented in a company preparing to be classified as a part of critical information infrastructure. Based on the customer's requirements, a suitable cyber security management tool is selected. Subsequently, I propose a methodology for implementing the tool, which I immediately apply. The output of the work is an implemented tool, risk analysis and security documentation required by law.
|
19 |
文字背後的意含-資訊的量化測量公司基本面與股價(以中鋼為例) / Behind the words - quantifying information to measure firms' fundamentals and stock return (taking the China steel corporation as example)傅奇珅, Fu, Chi Shen Unknown Date (has links)
本研究蒐集經濟日報、聯合報、與聯合晚報的新聞文章,以中研院的中文斷詞性統進
行結構性的處理,參考並延伸Tetlock、Saar-Tsechansky和Macskassy(2008)的研究方法,檢驗
使用一個簡單的語言量化方式是否能夠用來解釋與預測個別公司的會計營收與股票報酬。有
以下發現:
1. 正面詞彙(褒義詞)在新聞報導中的比例能夠預測高的公司營收。
2. 公司的股價對負面詞彙(貶義詞)有過度反應的現象,對正面詞彙(褒義詞)則有效率地充分
反應。
綜合以上發現,本論文得到,新聞媒體的文字內容能夠捕捉到一些關於公司基本面難
以量化的部份,而投資者迅速地將這些資訊併入股價。 / This research collects all of the news stories about China Steel Corporation from
Economic Daily News, United Daily News, and United Evening News. These articles I collect
are segmented by a Chinese Word Segmentation System of Academia Sinica and used by the
methodology of Tetlock, Saar-Tsechansky, and Macskassy(2008). I examine whether a simple
quantitative measure fo language can be used to predict individual firms’ accounting sales and
stock returns. My two main findings are:
1. the fraction of positive words (commendatory term) in firm-specific news stories forecasts
high firm sales;
2. firm’s stock prices briefly overreaction to the information embedded in negative words
(Derogatory term); on the other hand, firm’s stock prices efficiently incorporate the
information embedded in positive words (commendatory term).
All of the above, we conclude this linguistic media content captures otherwise hard-toquantify
aspects of firms’ fundamentals, which investors quickly incorporate into stock prices.
|
Page generated in 0.3292 seconds