Global ETD Search

81	Who Watches The Privileged Users Persson, Sebastian January 2020 (has links) Today, companies are spending millions of dollars on cybersecurity, but compromised systems and stealing sensitive information are still huge problems. Protecting sensitive information has always been of vital importance. However, the struggle today is that digital information can be distributed to an endless amount of users, everywhere in the world. Security solutions today focus on role-based access control and "the principle of the least privilege". They can affect the productivity of employees, which is also a key aspect to be considered when it comes to security. Privilege users are the ones that possess the most permissions within a system and are, therefore, a significant risk. This thesis project is focusing on developing a solution that protects against security risks connected to the users with the most privilege. The developed solution resulted in a modular role-based access methodology, also adding the "four-eye principle" (4EP). By introducing an extra shield outside the standard API, sensitive commands sent unwittingly or wittingly by a privileged user can be discovered before compromising a system or leaking sensitive information. Introducing the "four-eye principle" in a secure proxy solution, a "third-party" user approves sensitive commands before reaching the intended system. The solution is developed in JAVA and is adaptable to different organisations by letting the system administrators choose an intended system, which policies of sensitive commands to apply and whom that needs to approve them. The concepts implemented in this prototype can be used in future industrial developments. Information security cybersecurity cyber security access control four-eye principle 4EP Computer and Information Sciences Data- och informationsvetenskap
82	Experience of immersion in serious games : A quantitative study of educational games in the field of cyber security Gustafsson, Erik January 2022 (has links) It is not always easy to immersive oneself in a new field, maybe even harder so if it is obligatory. This study focused on how serious games can immerse players and potential students in educational games for a learning purpose. More specifically, the study compared two similar educational games in cyber security. One of them was pretty lengthy and explained the topics in-depth, while the other was short and simpler. By allowing participants to play at least one of the two games and then answer a questionnaire about their experience with immersion, this study attempted to conclude which approach was the most immersive of the two. With the replies collected, the data on the whole suggest longer games that are more in-depth are generally more immersive, with the possible exception of participants that had no prior knowledge of the topic tend to prefer the simpler ones. / <p>Det finns övrigt digitalt material (t.ex. film-, bild- eller ljudfiler) eller modeller/artefakter tillhörande examensarbetet som ska skickas till arkivet.</p> Educational serious games cyber security immersion Information Systems
83	Kategorisera föreställningar om digitala hot / Categorize conceptions about digital threats Pettersson, Fredrik January 2022 (has links) Användandet av internet ökar ständigt och allt fler företag digitaliserar sin verksamhet. Dock har detta lett till att kriminaliteten ökar på de digitala plattformarna. Detta sätter hög press på företag att satsa på sin datasäkerhet för att hänga med i utvecklingen. Målsättningen med denna rapport är att kategorisera allmänhetens uppfattning om digitala hot och ställa dessa i jämförelse med den forskning som finns. Detta för att se vilka hot som allmänheten behöver eller inte behöver oroa sig för. Rapporten lägger även ett stort fokus på de ekonomiska konsekvenser som cyberattackerna har på samhället. Resultatet visar att allmänheten rent generellt har dålig uppfattning om de digitala hoten även fast de överlag uppskattar hoten som allvarliga. Detta visar på en kunskapslucka hos befolkningen vilket kan vara naturlig då utvecklingen har gått mycket fort inom området. De hot som denna rapport lyfter upp är några av de mest relevanta digitala hot som finns på marknaden idag. Detta kompletteras med en genomgång av de ekonomiska konsekvenser och prognoser för framtida konsekvenser av cyberattacker. / The use of the internet is constantly increasing and more and more companies are digitizing their work. However, this has led to an increase in crime on the digital platforms. This puts a lot of pressure on companies to invest in their data security to keep up with the progress of cyber crime. The aim of this report is to categorize the public's perception of digital threats and compare them with existing research. This is to see what threats the public needs or does not need to worry about. The report also places great emphasis on the economic consequences that cyber attacks have on society. The result shows that the general public has a poor perception of the digital threats, even though they generally regard the threats as serious. This shows a knowledge gap among the population, which may be natural as the development has been very fast in the scientific area. The threats that this report highlights are some of the most relevant digital threats on the market today. This is supplemented by a review of the economic consequences and forecasts for future consequences of cyber attacks. security data security cyber security public opinion säkerhet datasäkerhet cybersäkerhet allmänhetens uppfattning Computer Sciences Datavetenskap (datalogi)
84	En analys kring det civila försvaret på lokal nivå. : En jämförande studie mellan Värmland och Örebros resurser och samarbetsförmågor / An analysis of civil local defense. : A comparative study between Värmland and Örebros, resources and their ability to work together. Kullander, Nathalia January 2021 (has links) The purpose of this essay is to study the civil defense work in Värmland and Örebro, connected to their resources whithin the respective county. To get a clear picture of how the counties are equipped when it comes to a crisis I have been focusing on the necessary principle connected to civil defense. The study also includes their work with the confederation of enterprise, warehousing and cyber security. To be able to see if they have the potential to collaborating with their resources. I use Emerson's theory of collaborative governance to see if Värmland and Örebro have the potential to work together during a conceivable crisis. Which is about cross-border governance where public and non-public actors prepare overall decisions. When I read about previous research regarding civil defense, I saw Lunde Saxis report Nordic Defense cooperation after the Cold war. And then I got the idea of studying the cooperation between Värmland and Örebro County. Like his theory, it is most optimal if two smaller actors merge during a crisis instead of managing it individually. The counties cannot challenge each other, but they can complement each other during a crisis. The thesis has a larger issue that is linked to the purpose of looking at the potential for collaboration within the theory Collaborative governance:- Can Emerson's theory of Collaborative Governance be established in today's civil defense at the local level?In order to be able to answer that question, the essay will have three sub-questions based on answering whether Örebro and Värmland have opportunities to find possible collaboration with each other.- Are there co-operation capabilities between the two counties according to Collaborative governance?- What assets do the two counties have at their disposal in civil defense?- Do the counties have physical proximity to the various assets required for a stable civil defense?The thesis concludes that the two counties have good conditions for coping with a crisis with their resources available, and that there is great potential for developing new methods and establishing more working methods linked to business, warehousing and cyber security. Collaboration can take place within Emerson's theory, the counties have good chances of collaborating within collaborative governance.Keywords- Civil Defense, The Confederation Of Enterprise, Warehousing, Cyber Security, Cooperation, Collaborative Governance. Civil Defense The Confederation Of Enterprise Warehousing Cyber Security Cooperation Collaborative Governance Political Science Statsvetenskap
85	Cyberöverföring : En studie om problemrepresentation och policyöverföring inom informations- och cybersäkerhetsområdet / Cyber Transfer : A study on problem representation and policy transfer in the information and cyber-security area Eriksson, Niclas January 2021 (has links) During recent years, cyber-threats has become an increasing problem in society. Incidents during the previous decade has shown that cyber-attacks can cause severe consequences for states, businesses, and organisations all over the world. There has also been an increase in cyber-crimes like phishing and other types of scams and extortion, which threatens the general public. As a result, information and cyber-security has become a hot topic among technology developers as well as in policy discussions. This paper studies an EU-common policy and a Swedish national policy on cyber-security to find out how cyber-threats are represented as a problem within the EU and in Sweden. The study then applies a theoretical framework of policy transfer to explain how the represented problem has changed in the transfer from European to Swedish context. The study finds that in the transference the scope of the represented problem has widened, both in terms of what is considered a threat as well as in who the policy aims to protect. This study aims to increase the understanding on how governance based on discursive visions, affects the solution a problem receives. Cyber-security Information-security WPR Policy transfer Cybersäkerhet Informationssäkerhet WPR Policyöverföring Political Science Statsvetenskap
86	Implementation of GNSS/GPS Navigation and its Attacks in UAVSim Testbed Jahan, Farha January 2015 (has links) No description available. Computer Engineering UAVs UAVSim GPS-GNSS Implementation cyber-security OMNET CNIOS3 GPS Spoofing
87	Exploring SME Vulnerabilities to Cyber-criminal Activities Through Employee Behavior and Internet Access Twisdale, Jerry Allen 01 January 2018 (has links) Cybercriminal activity may be a relatively new concern to small and medium enterprises (SMEs), but it has the potential to create financial and liability issues for SME organizations. The problem is that SMEs are a future growth target for cybercrime activity as larger corporations begin to address security issues to reduce cybercriminal risks and vulnerabilities. The purpose of this study was to explore a small business owner's knowledge about to the principal elements of decision making for SME investment into cybersecurity education for employees with respect to internet access and employee vulnerabilities. The theoretical framework consisted of the psychological studies by Bandura and Jaishankar that might affect individual decision making in terms of employee risks created through internet use. This qualitative case study involved a participant interview and workplace observations to solicit a small rural business owner's knowledge of cybercriminal exploitation of employees through internet activities such as social media and the potential exploitation of workers by social engineers. Word frequency analysis of the collected data concluded that SME owners are ill equipped to combat employee exploitation of their business through social engineering. Qualitative research is consistent with understanding the decision factors for cost, technical support, and security threat prevention SME organizational leadership use and is the focus of this study as emergent themes. The expectation is that this study will aid in the prevention of social engineering tactics against SME employees and provide a platform for future research for SMEs and cybercriminal activity prevention. cybercrime cyber security information security information security management Small and medium enterprises social engineering Databases and Information Systems
88	Secure Control and Operation of Energy Cyber-Physical Systems Through Intelligent Agents El Hariri, Mohamad 05 November 2018 (has links) The operation of the smart grid is expected to be heavily reliant on microprocessor-based control. Thus, there is a strong need for interoperability standards to address the heterogeneous nature of the data in the smart grid. In this research, we analyzed in detail the security threats of the Generic Object Oriented Substation Events (GOOSE) and Sampled Measured Values (SMV) protocol mappings of the IEC 61850 data modeling standard, which is the most widely industry-accepted standard for power system automation and control. We found that there is a strong need for security solutions that are capable of defending the grid against cyber-attacks, minimizing the damage in case a cyber-incident occurs, and restoring services within minimal time. To address these risks, we focused on correlating cyber security algorithms with physical characteristics of the power system by developing intelligent agents that use this knowledge as an important second line of defense in detecting malicious activity. This will complement the cyber security methods, including encryption and authentication. Firstly, we developed a physical-model-checking algorithm, which uses artificial neural networks to identify switching-related attacks on power systems based on load flow characteristics. Secondly, the feasibility of using neural network forecasters to detect spoofed sampled values was investigated. We showed that although such forecasters have high spoofed-data-detection accuracy, they are prone to the accumulation of forecasting error. In this research, we proposed an algorithm to detect the accumulation of the forecasting error based on lightweight statistical indicators. The effectiveness of the proposed algorithms was experimentally verified on the Smart Grid testbed at FIU. The test results showed that the proposed techniques have a minimal detection latency, in the range of microseconds. Also, in this research we developed a network-in-the-loop co-simulation platform that seamlessly integrates the components of the smart grid together, especially since they are governed by different regulations and owned by different entities. Power system simulation software, microcontrollers, and a real communication infrastructure were combined together to provide a cohesive smart grid platform. A data-centric communication scheme was selected to provide an interoperability layer between multi-vendor devices, software packages, and to bridge different protocols together. smart grid cyber security cyber-physical systems IEC 61850 GOOSE SMV artificial intelligence dds Power and Energy
89	Riskmedvetenhet kring molntjänster hos studenter / Risk awareness regarding cloud services among students Johansson, Eric, Süld, Niclas January 2021 (has links) Användning av molntjänster har ökat senaste tiden, deras flexibilitet och tillgänglighet har gjort dem till ett lika bra, om inte bättre alternativ till lokal lagring och lokalt installerade programvaror. Denna typ av molnbaserade tjänster är beroende av Internet för att kunna fungera, detta gör datan känslig för eventuella attacker från illvilliga aktörer med en Internetuppkoppling. Alla är dock inte helt medvetna om vilka risker som kan finnas med dessa molntjänster. Covid-19-pandemin har accelererat övergången till molnet ytterligare och bidragit till att användare har blivit tvungna att arbeta och studera hemifrån. I denna uppsats har vi valt att fokusera på högskole- och universitetsstudenters riskmedvetenhet kring molntjänster. Deras kännedom om några av de vanligaste riskerna med molntjänster har undersökts genom en enkätundersökning. Resultatet visar att medvetenheten kring molntjänsters risker har ökat sedan det undersöktes senast. / This is a bachelor thesis written in Swedish about university student's risk awareness regarding cloud computing. The use of cloud computing has increased lately, their flexibility and availability has made them an equally good - if not better option to traditional locally run applications and local storage. Cloud computing is dependent on the Internet to function properly, the connection to the Internet makes them vulnerable to attacks from bad actors with an Internet connection. Despite the widespread use of these services everybody isn't aware of the risks they present. The Covid-19 pandemic has accelerated the increased use of these technologies further by making people work and study from home to a greater extent than before. In this bachelor thesis we have chosen to focus on university students' risk awareness regarding cloud computing. Their knowledge about some of cloud computing's most common risks have been studied using a survey. Results show that awareness has increased since it was last studied. Cloud computing cyber security students risk awareness Molntjänster molntjänstsäkerhet studenter riskmedvetenhet Computer and Information Sciences Data- och informationsvetenskap
90	Säkerhetisering av cyber? : En studie om inramningen av cyberhot i svensk politik Pohjanen, Sofia January 2021 (has links) The following thesis intends to study how cyber security and cyber threats are portrayed in Swedish political discourses on cyber between the years 2015-2021. How the question about cyber security is framed can have a major impact on Sweden’s security- and digitization policy and further, on the population's view of which problems are important and how resources should be allocated. Through qualitative text analysis, more specific discourse analysis, political debate articles and government reports will be analyzed to evaluate how the question about cyber security has been framed as an existential threat and if so, for whom? The purpose is to investigate whether features of securitization occurs and if the question about cyber security can be defined as securitized. And further, what kind of measures has been proposed as protection against these threats? The study also aims to identify which actors' arguments and problem representations have had an impact. The results show that there has been a securitization move within political cyber discourses and a number of safety features have been proposed or have already taken place. The question about cyber security can therefore be defined as securitized. The results also show that a few numbers of government actors have the privilege to represent the problems and furthermore, decide what actions to take. cyber security cyber defense cyber threat security policy securitization Political Science Statsvetenskap

Search results