Global ETD Search

241	Multi-Cloud architecture attacks through Application Programming Interfaces Lander, Theodore Edward, Jr. 10 May 2024 (has links) (PDF) Multi-cloud applications are becoming a universal way for organizations to build and deploy systems. Multi-cloud systems are deployed across several different service providers, whether this is due to company mergers, budget concerns, or services provided with each provider. With the growing concerns of potential cyber attacks, security of multi-cloud is an important subject, especially within the communications between systems through Application Programming Interfaces (APIs). This thesis presents an in depth analysis of multi-cloud, looking at APIs and security, creates a mock architecture for a multi-cloud system, and executes a cyber attack on this architecture to demonstrate the catastrophic effects that could come of these systems if left unprotected. Finally, some solutions for security are discussed as well as the potential plan for more testing of cyber attacks in this realm
242	Designing value propositions by addressing cyber security in IoT devices : A case study of V2X / Konstruera värdeerbjudanden genom att adressera cybersäkerhet i IoT-enheter : En fallstudie av V2X Bellwood, Anton, Hjärtstam, Max January 2024 (has links) Purpose: This study aims to identify how OEM can design value propositions when addressing cybersecurity challenges. Currently there are no studies found that pinpoint the value that can be created regarding cybersecurity. Therefore, the purpose of this master thesis is to bridge cybersecurity and value proposition into a roadmap OEM can use to organize the activities required for mitigating cyberthreats, and thereby create value. Method: An abductive approach has been utilized in this thesis. The analysis was based on 15 interviews with industry experts and employees at the thesis company. Secondary data was gathered through a thorough literature review. To derive findings from the data collection, a thematic analysis was conducted. Findings: The findings resulted in 3 clusters, cybersecurity challenges, mitigation strategies and value proposition. From this, the value proposition for secure IoT devices framework was developed. The framework has three elements which is derived from the thematical clustering’s. Cybersecurity challenges, Value proposition design and core value dimensions. Theoretical contributions: We believe our thesis have three theoretical contributions. Firstly, it contributes to the literature on crafting value propositions for IoT products. Secondly, the report adds to the growing literature regarding V2X. Lastly, the thesis presents the fusion of the two first contributions, where value proposition and V2X works in continuum, thereby contributing to business and commercialisation aspect of V2X. Practical contributions: The practical contribution for the thesis is the framework which can be used as a managerial guide in designing value propositions for IoT devices. The framework brings together different strategies to address cybersecurity challenges, and the importance of collaborative value creation. The practical contributions also include the placement of cybersecurity within the kano model, which is important to keep in mind when creating value. Limitations and future research: The first limitation is that the data collection was mainly conducted with industry professionals specializing in cybersecurity, though not specifically within the automotive sector. This may have introduced some bias in the findings. Another limitation is that majority of end users don’t have general knowledge regarding cybersecurity, which led to the decision to not pursue interviews directly with end users. Consequently, there are no mitigation activities based on end user’s input. However, anticipating that awareness and perceptions on cybersecurity will intensify in the future, this presents an opportunity for future research. / Syfte: Denna studie syftar till att identifiera hur OEMs kan utforma värdeerbjudanden genom att adressera diverse cybersäkerhetsutmaningar. För närvarande finns det inga studier som undersöker det värde som kan skapas gällande cybersäkerhet. Syftet med denna uppsats är därför att integrera cybersäkerhet och värdeerbjudande i en färdplan som OEMs kan använda för att organisera de aktiviteter som krävs för att motverka cyberhot och därigenom skapa värde. Metod: I denna rapport har en abduktiv ansats använts. Analysen baserades på 15 intervjuer med branschexperter och anställda på exjobb-företaget. Sekundärdata samlades in genom en noggrann litteraturöversikt. För att analysera resultat från datainsamlingen genomfördes en tematisk analys som resulterade i tre huvudteman; Cybersäkerhetsutmaningar, förebyggande strategier och värdeerbjudande. Resultat: Studien resulterade i flera viktiga aspekter att ta i beaktning vid konstruerandet av värdeerbjudanden för säkra IoT-enheter. Utifrån våra resultat konstruerades ett ramverk som ämnas användas av OEMs vid utformning av värdeerbjudanden. Ramverket består av tre element som härstammar från de tematiska klustren. Cybersäkerhetsutmaningar, Värdeerbjudande design och kärnvärden. Teoretiska bidrag: Vi anser att vår studie har tre teoretiska bidrag. För det första bidrar den till litteraturen för att utforma värdeerbjudanden för IoT-enheter. För det andra bidrar rapporten till den växande litteraturen inom V2X. Slutligen presenterar studien fusionen av de två första bidragen, där värdeförslag och V2X fungerar i kontinuitet och därigenom bidrar till affärs- och kommersialiseringssidan av V2X. Praktiska bidrag: Det praktiska bidraget för studien är ramverket som kan användas som en ledningsguide vid utformningen av värdeerbjudanden för V2X och övriga IoT-enheter. Ramverket sammanför olika strategier för att hantera cybersäkerhetsutmaningar och betydelsen av samarbete vid värdeskapande. De praktiska bidragen inkluderar också placeringen av cybersäkerhet inom Kano-modellen, vilket är viktigt att ha i åtanke när värde ska skapas för IoT produkter. Begränsningar och vidare forskning: Det finns två huvudsakliga begränsningar i vår studie. För det första så utfördes datainsamlingen huvudsakligen med branschexperter som specialiserat sig på cybersäkerhet, även om inte specifikt inom V2X säkerhet. Detta kan ha introducerat viss partiskhet i resultaten. En annan begränsning är att majoriteten av slutanvändare saknar allmän kunskap om cybersäkerhet, vilket ledde till beslutet att inte genomföra intervjuer direkt med slutanvändare. Följaktligen finns det inga förebyggande aktiviteter baserade på slutanvändares input. Däremot, med tanke på att medvetenheten och uppfattningarna om cybersäkerhet förväntas öka i framtiden, utgör detta en möjlighet för framtida forskning. Nyckelord: Innovation; Värdeerbjudande; Cybersäkerhet, Internet of Things, V2X Innovation value proposition cybersecurity Internet of things v2x Information Systems Business Administration Företagsekonomi
243	The cybersecurity threat of deepfake Brandqvist, Johan January 2024 (has links) The rapid advancement of deepfake technology, utilizing Artificial Intelligence (AI) to create convincing, but manipulated audio and video content, presents significant challenges to cybersecurity, privacy, and information integrity. This study explores the complex cybersecurity threats posed by deepfakes and evaluates effective strategies, to prepare organizations and individuals for these risks. Employing a qualitative research approach, semi-structured interviews with cybersecurity- and AI experts were conducted to gain insights into the current threat landscape, the technological evolution of deepfakes, and strategies for their detection and prevention. The findings reveal that while deepfakes offer opportunities in various sectors, they predominantly also pose threats such as misinformation, identity theft, and fraud. This study highlights the dual-use nature of deepfake technology, where improvements in creation and detection are continually evolving in a technological arms race. Ethical and societal implications are examined, emphasizing the need for enhanced public awareness and comprehensive regulatory frameworks to manage these challenges. The conclusions drawn from this research underscore the urgency of developing robust, AI-driven detection tools, advocating for a balanced approach that considers both technological advancements and the ethical dimensions of these innovations. Recommendations for policymakers and cybersecurity professionals include investing in detection technologies, promoting digital literacy, and fostering international collaboration to establish standards for ethical AI use. This thesis contributes to the broader discourse on AI ethics and cybersecurity, providing a foundation for future research and policy development in the era of digital manipulation. Deepfake cybersecurity artificial intelligence experts Information Systems, Social aspects
244	Comparative Analysis and Development of Security Tools for Vulnerability Detection : Exploring the Complexity of Developing Robust Security Solutions Wiklund, Milton January 2024 (has links) Detta examensarbete ålägger en omfattande studie riktad mot att granska de komplexiteter och utmaningar som förekommer vid utveckling av robusta och effektiva verktyg som upptäcker säkerhetsrisker i kod. Genom att bestyra en jämförande analys av redan existerande säkerhetsverktyg, och engagera sig i ett försök av att utveckla ett säkerhetsverktyg från en grundläggande nivå, strävar detta arbete efter att uppenbara de underliggande anledningarna bakom varför det, inom cybersäkerhet, ännu är en stor utmaning att ligga steget före skadliga aktörer. Inledande bidrar forskningen med en överblick av aktuella säkerhetsverktyg, och samtidigt undersöks deras effektivitet, metoder, samt de typer av sårbarheter som verktygen är designade för att upptäcka. Genom systematiska mätningar betonar studien styrkor och svagheter av säkerhetsverktygen, och samtidigt dokumenteras utvecklingsprocessen av ett nytt säkerhetsverktyg med syfte att upptäcka liknande sårbarheter som de jämförda verktygen. De bemötta utmaningarna vid utvecklande—som att behandla moderna säkerhetshot, och integrera komplexa upptäckningsalgoritmer—diskuteras för att förevisa de övertygande hinder som utvecklare påträffar. Därutöver bedöms viktigheten av att effektivt kunna upptäcka sårbarheter, och hur det kan hjälpa att bevara integritet och pålitlighet av applikationer. Examensarbetet siktar mot att bidra med viktig insyn i området cybersäkerhet, samt stödja fortsatt utveckling i mån av att mildra säkerhetshot. Sammanfattningsvis visar resultatet från denna studie att det krävs både kunskap och ambition för att utveckla ett säkerhetsverktyg från grunden, eftersom nya hot uppstår nästan varenda dag. Studien avslöjar också att skadliga aktörer är kända för att regelbundet leta efter sårbarheter i system, och är en av de ledande anledningarna till varför det är så svårt att bekämpa cyberhot. / This thesis stipulates a comprehensive study aimed at examining the complexities and challenges in developing robust and effective tools for detecting security vulnerabilities in code. By performing a comparative analysis of already existing security tools, and engaging in an attempt of developing a security tool from a foundational level, this work strives to disclose the underlying reasons as to why staying one step ahead of malicious actors remains a difficult challenge in cybersecurity. Introductory, the study provides an overview of current security tools while examining their effectiveness, methodologies, and the types of vulnerabilities they are designed to detect. Through systematic measurements, the study highlights strengths and weaknesses of the security tools while, simultaneously, documenting the process of developing a new security tool designed to detect similar vulnerabilities to the compared tools. The challenges faced during development—such as treating modern security threats, and integrating complex detection algorithms—are discussed to portray the compelling hurdles that developers encounter. Moreover, this thesis assesses the importance of effectively detecting vulnerabilities, and how it can aid in maintaining integrity and trustworthiness of applications. The thesis aims to contribute with valuable insight into the field of cybersecurity and support continued development for mitigating cyber threats. In conclusion, the outcome from this study shows that developing a security tool from a foundational level requires both knowledge and ambition, since new threats occur almost every day. The study also reveals that malicious actors are known for frequently looking for vulnerabilities in systems, making it one of the leading reasons why it is difficult to fight cyber threats. Cybersecurity security tools security threats threat mitigation. Cybersäkerhet säkerhetsverktyg säkerhetshot reducering av hot. Software Engineering Programvaruteknik
245	Getting the general public to create phishing emails : A study on the persuasiveness of AI-generated phishing emails versus human methods Ekekihl, Elias January 2024 (has links) Artificial Intelligence (AI) is ever increasingly becoming more and more widespread, and is available, for the most part freely to anyone. While AI can be used for both good and bad, the potential for misuse exists. This study focuses on the intersection of AI and cybersecurity, with a focus on AI-generated phishing emails. In this study a mixed-method approach was applied and, an experiment, interviews, and a survey were conducted. Experiments and interviews were conducted with 9 participants with various backgrounds, but novices in phishing. In the experiment, phishing emails were created in three distinct ways: Human-Crafted, Internet-aided, and AI-generated. Emails were evaluated during semi-structured interviews, and each participant reviewed six emails in total, where two of these, were real phishing emails. The results from the interviews indicate that AI-generated phishing emails are as persuasive as those created in the Human-Crafted task. On the contrary, in the survey, participants ranked the AI-generated phishing email as the most persuasive, followed by Human-Crafted. The survey was answered by 100 participants. Familiarity plays a crucial part in both persuasiveness and also willingness to go along with the requests in the phishing emails, this was highlighted during interviews and the survey. Urgency was seen as very negative by both the respondents and interviewees. The results from the study highlight the potential for misuse, specifically with the creation of AI-generated phishing emails, research into protection measures should not be overlooked. Adversaries have the potential to use AI, as it is right now, to their advantage. AI ChatGPT cybersecurity GenAI persuasiveness phishing Information Systems, Social aspects
246	An Examination of the Audit Implications of Third-Party Risk Filosa, Jessica Rose 23 May 2024 (has links) Doctor of Philosophy / This study explores whether companies that engage in outsourcing suffer negative audit-related consequences. Outsourcing exposes companies to third-party risk, which is the risk associated with outsourcing IT systems and/or business operations to external companies. Publicly traded companies in the United States are required to file a financial report with the Securities and Exchange Commission each year that includes a discussion of significant risks the company faces. I use this disclosure to identify companies that reveal third-party risk as a major threat to their organization and use machine learning to develop a measure that distinguishes companies exposed to third-party risk from those that are not. Using this measure, I examine whether companies exposed to third-party risk arrangements are more likely to suffer from low quality internal controls, to experience a cybersecurity incident, or to pay higher fees to their external auditor. The results do not show an association between my measure of third-party risk and the likelihood that a company reports a problem with internal controls. However, I do find that companies exposed to third-party risk are more likely to experience a cybersecurity incident. Lastly, I find that companies exposed to third-party risk pay higher fees to their external auditors in the initial year that this risk appears in their annual report. Overall, these results provide initial empirical evidence on the existence and consequences of third-party risk. The findings may be of interest to accounting professionals and managers who are in the early stages of learning to identify and manage their third-party risk exposure. Regulators may also benefit from this study as they contemplate updating the auditing standards related to outsourcing. third-party risk outsourcing internal control cybersecurity audit fees operational efficiency
247	COMPLY OR DIE : A case study of conditions for NIS2-compliance Burström, Ludvig, Petersson, André January 2024 (has links) Cybersecurity is increasingly becoming more pervasive and prevalent due in part to ongoing conflicts in the world as well as increased reliance on digital technologies. To combat the emerging threats posed by this, the European Union introduced NIS2, a legislation aimed at increasing the lowest level of cybersecurity across its member states. Thus, the research question this study set out to answer was “How can conditions for organizational compliance with NIS2 be evaluated?” This case study has utilized a Delphi-panel with experts within the field, conducted interviews, analyzed internal documents, and established cybersecurity standards. The study has found several crucial conditions for reaching compliance with this new legislation, it has also developed a means of evaluation for organizations forced to comply. The findings further the field of cybersecurity by uncovering ownership as an important and generally overlooked condition for compliance. As well as providing a tool for practitioners and researchers to help evaluate conditions for NIS2 compliance. Cybersecurity Compliance Readiness Ownership NIS2 Information Systems, Social aspects
248	Investigation of Post-Quantum Cryptography (FIPS 203 & 204) Compared to Legacy Cryptosystems, and Implementation in Large Corporations. Marmebro, Alma, Stenbom, Kristin January 2024 (has links) As quantum computing advances, there is a critical need to develop quantum resistant cryptographic algorithms. The precise timeline for quantum computers to challenge current encryption methods is uncertain, yet the potential risk to global data security is clear. This study addresses the necessity to prepare for these future threats by evaluating and enhancing the security of proposed quantum safe systems. The National Institute of Standards and Technology (NIST) has been proactive in addressing these challenges, proposing a set of quantum safe cryptographic systems, including ML-KEM (Module Lattice-based Key Encapsulation Mechanism) and ML-DSA (Module Lattice-based Digital Signature Algorithm). These systems are believed to be resilient against the computational capabilities of quantum computers, offering a pathway to secure cryptographic practices in the forthcoming quantum era. We have conducted a detailed analysis of ML-KEM and ML-DSA, focusing on their mathematical foundations and the inherent hardness of these systems. This examination helps clarify why they are considered secure against quantum computing. Our study involves implementing an Module-Learning With Errors (MLWE)-based cryptosystem, the foundational hardness of which underpins the security of ML-KEM and ML-DSA. In this implementation, we test two distributions to evaluate the impact of their parameters, as the choice of distribution is crucial since poor distribution choices can lead to significant errors. We carefully track these errors to determine their onset and rate of increase. Furthermore, we assess the readiness of organizations for the quantum era, finding that some have already begun their transition. However, our analysis suggests that security personnel within a well known company may not be as prepared as NIST’s recommendations would suggest. It is imperative for organizations to start preparing now to ensure the future security of their data in the face of quantum computing advancements. Encryption Post-quantum cryptography Cybersecurity Decryption Other Mathematics Annan matematik Other Engineering and Technologies Annan teknik
249	Cyber Activity in Sweden : A study on the digital threat landscape in Sweden Brandt, Samuel January 2024 (has links) Due to erupting conflict within the European region, State officials and newspaper outlets have spoken about the ever-decreasing safety of the Swedish nation in several aspects with the digital threat being one of the forthcoming concerns. To be able to act in a proportional manner and safeguard our digitalized society we first need to gauge the digital threat landscape and uncover how much the situation has changed with the coming of this conflict. We created a wide set of questions based on the published works of academia and grey literature that are related to Cybersecurity and the digital threat landscape. We used this information to interview IT personnel that work in cybersecurity to get a perspective on how the situation looks like for the people at the forefront of this propagated threat. The interviews uncovered that the situation had indeed changed and for the worse. A more digitalized society and advancing technology combined with the existence of skillful hackers result in more frequent and sophisticated attacks. The IT personnel tasked with safeguarding their networks are very aware of this and provide some insight on how they perceive the digital threat landscape in this investigation. Cybersecurity Digital threat landscape Threat landscape Sweden Computer Sciences Datavetenskap (datalogi)
250	The Influence of Institutional Factors on AI adoption in EU banking cybersecurity: : A narrative literature review. Engvall, Nazgul January 2024 (has links) The adoption of artificial intelligence (AI) in the European Union (EU) banking sector for cybersecurity purposes presents a complex interplay of promise and challenge. This study employs a qualitative narrative review to investigate how institutional pressures, including regulatory requirements, industry norms, and the pursuit of legitimacy, shape banks' decisions to integrate AI. Analyzing both academic and grey literature, this study reveals how these institutional forces influence banks' decision-making, highlighting the tension between the potential for enhanced security through AI and the need to mitigate risks, address ethical concerns, and maintain public trust. Ultimately, this research contributes to a deeper understanding of the complex institutional dynamics that shape AI adoption in the highly regulated context of EU banking. / Tillämpningen av artificiell intelligens (AI) inom EU:s banksektor för cybersäkerhet innebär en komplex balansgång mellan möjligheter och risker. Denna kvalitativa narrativa litteraturstudie undersöker hur institutionella faktorer – regleringar, branschnormer och strävan efter legitimitet – påverkar bankernas beslut att implementera AI. Genom att analysera både akademisk forskning och branschrapporter belyser studien hur dessa faktorer formar bankernas strategier och beslutsprocesser kring AI. Studien lyfter fram spänningen mellan potentialen för ökad säkerhet genom AI och behovet av att hantera risker, etiska överväganden och upprätthålla förtroendet hos allmänheten. Genom att granska den komplexa institutionella dynamiken som präglar AI-adoption inom den hårt reglerade europeiska banksektorn bidrar denna forskning till en fördjupad förståelse för de utmaningar och möjligheter som AI innebär för cybersäkerheten i denna bransch. artificial intelligence cybersecurity AI in banking European banks institutional theory Social Sciences Samhällsvetenskap

Search results