61 |
Automated secure systems development methodologyBooysen, Hester Aletta Susanna 20 November 2014 (has links)
D.Com. (Informatics) / The complexity of modern computer-based information systems is such that, for all but the simplest of examples, they cannot be produced without a considerable amount of prior planning and preparation. The actual difficulties of trying to design, develop and implement complex computer-based systems have been recognised as early as the seventies. In a bid to deal with what was then referred to as the "software crisis", a number of so- called "methodologies" were advocated. Those methodologies were, in turn, based on a collection of guidelines or methods thanks to which their designers could eventually make the claim that computer systems, and in particular information systems, could be designed and developed with a greater degree of success. By using a clear set of rules, or at least reasonably detailed principles, they could ensure that the various design and development tasks be performed in a methodical, organ ised fashion. Irrespective of the methodologies or guidelines that were adopted or laid down, the developers principal aim was to ensure that all relevant detail about the proposed information systems would be taken into account during the long and often drawn-out design and development process. Unfortunately, many of those methodologies and guidelines date from the early 1970s and, as a result, no longer meet the security requirements and guidelines of today's information systems. It was never attempted under any of those methodolog ies, however, to unriddle the difficulties they had come up against in information security in the domain of system development . Security concerns should however, form an integral part of the planning, development and maintenance of a computer application. Each application system should for example, take the necessary security measures in any given situation.
|
62 |
A critical review of the IFIP TC11 Security Conference SeriesGaadingwe, Tshepo Gaadingwe January 2007 (has links)
Over the past few decades the field of computing has grown and evolved. In this time, information security research has experienced the same type of growth. The increase in importance and interest in information security research is reflected by the sheer number of research efforts being produced by different type of organizations around the world. One such organization is the International Federation for Information Processing (IFIP), more specifically the IFIP Technical Committee 11 (IFIP TC11). The IFIP TC11 community has had a rich history in producing high quality information security specific articles for over 20 years now. Therefore, IFIP TC11 found it necessary to reflect on this history, mainly to try and discover where it came from and where it may be going. Its 20th anniversary of its main conference presented an opportunity to begin such a study of its history. The core belief driving the study being that the future can only be realized and appreciated if the past is well understood. The main area of interest was to find out topics which may have had prevalence in the past or could be considered as "hot" topics. To achieve this, the author developed a systematic process for the study. The underpinning element being the creation of a classification scheme which was used to aid the analysis of the IFIP TC11 20 year's worth of articles. Major themes were identified and trends in the series highlighted. Further discussion and reflection on these trends were given. It was found that, not surprisingly, the series covered a wide variety of topics in the 20 years. However, it was discovered that there has been a notable move towards technically focused papers. Furthermore, topics such as business continuity had just about disappeared in the series while topics which are related to networking and cryptography continue to gain more prevalence.
|
63 |
A brain-compatible approach to the presentation of cyber security educational materialReid, Rayne January 2012 (has links)
Information is an extremely important asset in modern society. It is used in most daily activities and transactions, and, thus, the importance of information is acknowledged by both organisational and private home information users. Unfortunately, as with any asset, there are often threats to this asset and, therefore, an information security solution is required to protect information against potential threats. Human beings play a major role in the implementation and governing of an entire information security process and, therefore, they have responsibilities in this regard. Thus, the effectiveness of any information security solutions in either an organisational or a private context is dependent on the human beings involved in the process. Accordingly, if these human beings are either unaware or not knowledgeable about their roles in the security solution they become the weak link in the information security solutions and, thus, it is essential that all these information users be educated in order to combat any threats to the information security. Many of the current information security education programmes and materials are not effective, possibly because the majority of these current approaches have been designed without using a sound pedagogical theory. In addition, many of these programmes also only target organisational users. This, in turn, is problematic as information security education is required by everybody, organisational and private information users alike. This dissertation addressed the lack of a pedagogical basis in the designing of information security educational courses suited to an extremely broad target audience. Accordingly, the dissertation set out to demonstrate how a pedagogy, which is broadly used and accepted for a diverse target audience of learners, could be applied to the design of the presentation of a web based, cyber security educational courses.
|
64 |
WSP3: a web service model for personal privacy protectionOphoff, Jacobus Albertus January 2003 (has links)
The prevalent use of the Internet not only brings with it numerous advantages, but also some drawbacks. The biggest of these problems is the threat to the individual’s personal privacy. This privacy issue is playing a growing role with respect to technological advancements. While new service-based technologies are considerably increasing the scope of information flow, the cost is a loss of control over personal information and therefore privacy. Existing privacy protection measures might fail to provide effective privacy protection in these new environments. This dissertation focuses on the use of new technologies to improve the levels of personal privacy. In this regard the WSP3 (Web Service Model for Personal Privacy Protection) model is formulated. This model proposes a privacy protection scheme using Web Services. Having received tremendous industry backing, Web Services is a very topical technology, promising much in the evolution of the Internet. In our society privacy is highly valued and a very important issue. Protecting personal privacy in environments using new technologies is crucial for their future success. These facts, combined with the detail that the WSP3 model focusses on Web Service environments, lead to the following realizations for the model: The WSP3 model provides users with control over their personal information and allows them to express their desired level of privacy. Parties requiring access to a user’s information are explicitly defined by the user, as well as the information available to them. The WSP3 model utilizes a Web Services architecture to provide privacy protection. In addition, it integrates security techniques, such as cryptography, into the architecture as required. The WSP3 model integrates with current standards to maintain their benefits. This allows the implementation of the model in any environment supporting these base technologies. In addition, the research involves the development of a prototype according to the model. This prototype serves to present a proof-of-concept by illustrating the WSP3 model and all the technologies involved. The WSP3 model gives users control over their privacy and allows everyone to decide their own level of protection. By incorporating Web Services, the model also shows how new technologies can be used to offer solutions to existing problem areas.
|
65 |
Application of the access path model with specific reference to the SAP R/3 environmentPretorius, Maria Rebecca 07 October 2014 (has links)
M.Com. (Computer Auditing) / The management and control of modern day computer systems are becoming more and more trying due to the complexity of systems. This renders the traditional approach to evaluating controls in complex computer systems, inadequate and heightens the need for an alternative audit approach. The complex SAP R/3 environment will be evaluated in terms of security and validity of users and processes. This will be achieved through the use of an alternative audit approach namely, the application of the Access Path and Path Context Models (Boshoff 1985, 1990). The research methodology used during this research may indicate universal application implications for similar complex environments, although this has not yet been proved. The research showed that there are many control features available in the different software c.omponents of the SAP R/3 environment, that can be applied to control access and validity of users and processes. The duplication of control features provided by the software components, requires a global approach to security inthe defined environment. Only when evaluating the environment as a whole, will it be able to make the most effective security decisions. The use of the control matrices developed during this research will ease the global evaluation of the SAP R/3 environment. Although further research is required, the above has proven the usefulness of both the research methodology and the resultant model and matrices.
|
66 |
The automatic generation of information security profilesPottas, Dalenca 07 October 2014 (has links)
D.Phil. (Computer Science) / Security needs have changed considerably in the past decade as the economics of computer usage necessitates increased business reliance on computers. As more individuals need computers to perform their jobs, more detailed security controls are needed to offset the risk inherent in granting more people access to computer systems. Traditionally, computer security administrators have been tasked with configuring' , security systems by setting controls on the actions of users. This basically entails the compilation of access rules (contained in security profiles), which state who can access what resources in what way. The task of building these rules is of considerable magnitude and is in general not well understood. Adhoc approaches, characterized by exhaustive interviewing and endless printouts of organizational data repositories, are usually followed. In the end, too much is left to the discretion of the security administrators...
|
67 |
Design and implementation of a prototype to include security activities as part of application systems designKasselman, André 20 November 2014 (has links)
M.Com. (Information systems) / This study has its origin in the growing need for information systems to be classified as 'secure'. With the increasing use of Computer Aided Software Engineering (CASE) tools in the design of application systems for commercial use, the risks that exist in terms of information security have become more prominent. The importance of considering security during the analysis and design of an information system, in other words, on a logical level, is increasing daily. Usually security features are added to existing application systems on an ad hoc basis. Security design activities should become such an integrated part of systems analysis and design activities on a logical level, that a complete integration of the two fields, security and computer aided software engineering, can be achieved. The aim of this dissertation is to study the literature to discover existing approaches to this integration, and to extract the strengths from them and expand on those strengths in order to compile an approach that is completely implementable in the form of a prototype data flow design tool (DFD tool). The proposed approach to the secure analysis and design of an application system of a logical level, which is presented in Chapter 4, is designed in conjunction with H.A.S. Booysen [Booysen, Kasselman, Eloff - 1994]. Existing CASE-tools have also been studied by the author to determine their current capabilities, especially in terms of security definition activities, but also in terms of their support to the systems analyst during the analysis and design phases of the project life cycle when developing a target application system.
|
68 |
'n Model vir inligtingsekerheidsdokumentasieDu Toit, Louisa Maria 20 November 2014 (has links)
M.Sc. (Informatics) / A need has been identified for guidelines to Top Management on the implementation of an Information Security Policy and its associated documentation. In this dissertation, the Model for Information Security Documentation (lSD-model) for the organisation and content of documentation on information security is proposed. The proposed model is divided into three distinct levels respectively containing the Information Security Policy Document, the Goal Documents and the Application Guideline Documents. A document is placed on the different levels of the ISO-model according to the amount of detailed information it contains and the management level mainly concerned with that document. Guidelines are given regarding the content and format of each of the levels. Particular emphasis is laid on the Information Security Policy Document, which is the highest level, and a number of existing Information Security Policy Documents are evaluated according to the guidelines given for the lSD-model. Finally, a comparison is made between C. C. Wood's guidelines on Information Security Policies and those given for the ISO-model.
|
69 |
Information hiding for media authentication and covert communicationWu, Haotian 01 January 2007 (has links)
No description available.
|
70 |
A model for cultivating resistance to social engineering attacksJansson, Kenny January 2011 (has links)
The human being is commonly considered as being the weakest link in information security. Subsequently, as information is one of the most critical assets in an organization today, it is essential that the human element is considered in deployments of information security countermeasures. However, the human element is often neglected in this regard. Consequently, many criminals are now targeting the user directly to obtain sensitive information instead of spending days or even months trying to hack through systems. Some criminals are targeting users by utilizing various social engineering techniques to deceive the user into disclosing information. For this reason, the users of the Internet and ICT-related technologies are nowadays very vulnerable to various social engineering attacks. As a contribution to increase users’ social engineering awareness, a model – called SERUM – was devised. SERUM aims to cultivate social engineering resistance within a community through exposing the users of the community to ‘fake’ social engineering attacks. The users that react incorrectly to these attacks are instantly notified and requested to participate in an online social engineering awareness program. Thus, users are educated on-demand. The model was implemented as a software system and was utilized to conduct a phishing exercise on all the students of the Nelson Mandela Metropolitan University. The aim of the phishing exercise was to determine whether SERUM is effective in cultivating social engineering resistant behaviour within a community. This phishing exercise proved to be successful and positive results emanated. This indicated that a model like SERUM can indeed be used to educate users regarding phishing attacks.
|
Page generated in 0.0929 seconds