Korporatyvinės įmonės informacinės saugos sistemos modeliavimas / Enterprise information security system modeling

Mikučionis, Mindaugas

24 May 2005

The purpose of this work is to create and analyze the information security models of large corporations. It’s difficult and hard to deploy efficiently safe systems due to complex network environment and enterprise computer systems. It’s important to analyze security system parameters before design process. The enterprise information security system modeling helps us to solve these problems. In this work I designed information security models with complex information security elements and safe data transferring between remote locations. These models will help designers to compare different systems and to find the most secure and effective. This thesis generalizes the information security modeling process and describes the factors influencing it.

Informatics

Tinklų saugumas

Informacijos saugos priemonės

Enterprise network

Information security

Informacinė sauga

A quantitative security assessment of modern cyber attacks : a framework for quantifying enterprise security risk level through system's vulnerability analysis by detecting known and unknown threats

Munir, Rashid

January 2014

Cisco 2014 Annual Security Report clearly outlines the evolution of the threat landscape and the increase of the number of attacks. The UK government in 2012 recognised the cyber threat as Tier-1 threat since about 50 government departments have been either subjected to an attack or a direct threat from an attack. The cyberspace has become the platform of choice for businesses, schools, universities, colleges, hospitals and other sectors for business activities. One of the major problems identified by the Department of Homeland Security is the lack of clear security metrics. The recent cyber security breach of the US retail giant TARGET is a typical example that demonstrates the weaknesses of qualitative security, also considered by some security experts as fuzzy security. High, medium or low as measures of security levels do not give a quantitative representation of the network security level of a company. In this thesis, a method is developed to quantify the security risk level of known and unknown attacks in an enterprise network in an effort to solve this problem. The identified vulnerabilities in a case study of a UK based company are classified according to their severity risk levels using common vulnerability scoring system (CVSS) and open web application security project (OWASP). Probability theory is applied against known attacks to create the security metrics and, detection and prevention method is suggested for company network against unknown attacks. Our security metrics are clear and repeatable that can be verified scientifically.

Identificação de competências essenciais para formação e gerência de redes de empresas da construção civil / Identification of core competences to formation and management of enterprise networks in civil construction

Anibal Martins Rossetti

22 July 2005

No setor da construção civil as perspectivas gerenciais das organizações são de adaptar-se aos novos cenários e uma das formas é a de formar redes de empresas. Para formar e gerenciar redes de empresas é necessária a adequação de competências essenciais, pois organizações bem sucedidas são aquelas que demonstram desenvolver suas competências essenciais para oferecer padrão de excelência em bens e serviços. Neste trabalho são analisadas as propostas e os possíveis desdobramentos sobre o escopo compreendendo o processo de formação de redes de empresas e posteriormente é sugerida uma sistematização para identificar as competências essenciais para a formação e gerenciamento de redes de empresas da construção civil, empresas estas que possuam objetivos comuns e que mantenham a independência e individualidade para, assim, formar uma rede que permita a realização de ações conjuntas, facilitando a solução de problemas comuns e viabilizar novas oportunidades. As empresas por fim identificadas unem-se em uma rede e conseguem reduzir custos, dividir riscos, conquistar novos mercados, qualificar produtos e serviços e ter acesso à novas tecnologias. A aplicação prática do trabalho é feita através de um estudo de caso exploratório em uma obra de construção civil buscando as competências contidas nas empresas participantes para, assim, poder afirmar quais são as competências essenciais para formação da rede e quais poderão trazer benefícios à mesma ou a outras que virão a se formar. Espera-se com o resultado desta pesquisa determinar quais empresas são capazes de operar em um negócio em forma de rede de empresas, envolvendo profunda avaliação de competências essenciais, verificando se as mesmas irão garantir uma adequada sustentação competitiva nos mercados almejados. / In the civil construction, the management perspectives of organizations are to adapt to new sceneries and one of the ways is to create enterprise networks. To create and management enterprise networks it is necessary the adequation the core competence, because well succeeded organizations are those which demonstrate to develop its core competences to offer excellent standards in goods and services. In this work proposals and possible results of the issues concerning to the process of networks formation area analyzed. It is also suggest a systematization to identify core competence to the formation and management of enterprise networks in civil construction sector that have common goals and maintain the independence and individuality, to create a network that allows the accomplishment of joined actions, making the solution of common problems easier and making new opportunities feasible. These enterprises, finally identified, join themselves in a network and can reduce costs, divide risks, reach new markets, qualify products and services, and have access to new technologies. The practical application of this work is done throughout a case study which explores a civil construction task arming to identify the competence inserted in the participate enterprise, that it will be possible to affirm which the core competence to the formation of the network and which are able to bring benefits to itself and to others enterprise networks. It is intended, as a result of this research, to determine which enterprises are capable to operate in a new business, in a network configuration, involving deep evaluation of core competences and verifying if they will guarantee a competitive sustentation in desired markets.

Competências essenciais

Construção civil

Redes de empresas

Civil construction

Core competences

Enterprise network

Formação e gerência de redes de empresas: avaliação da aplicabilidade da estrutura do produto em obras de construção civil / not available

Gustavo Brandão Soares do Nascimento

08 June 2005

A construção civil, especialmente nos últimos anos, tem se assemelhado à configuração organizacional denominada rede de empresas, devido a mudanças estruturais em sua forma de produção e relacionamento firma-empregado. A adoção de novas técnicas e ferramentas para o aumento da competitividade é necessária, para o desenvolvimento das empresas do setor. A estrutura do produto, ferramenta intensamente utilizada na indústria de manufatura, se apresenta como um instrumento no auxílio à competitividade das empresas de construção civil, especialmente nas áreas relativas a suprimento e a fluxo de materiais. / The civil construction sector, specially in last years, has been similar to the organizational configuration called network enterprise, because the structural changes in the production form and employee relationship. The use of new techniques and tools to improve the competitiveness is necessary to develop the sector companies. The product structure, used oftenly in manufacturing industry, is a tool that helps the competitiveness of the firms in construction sector, specially in supply and materials flow management.

Construção civil

Estrutura de produto

Fluxo de materiais

Rede de empresas

Civil construction

Enterprise network

Materials flow

Product structure

A Quantitative Security Assessment of Modern Cyber Attacks. A Framework for Quantifying Enterprise Security Risk Level Through System's Vulnerability Analysis by Detecting Known and Unknown Threats

Munir, Rashid

January 2014

Cisco 2014 Annual Security Report clearly outlines the evolution of the threat landscape and the increase of the number of attacks. The UK government in 2012 recognised the cyber threat as Tier-1 threat since about 50 government departments have been either subjected to an attack or a direct threat from an attack. The cyberspace has become the platform of choice for businesses, schools, universities, colleges, hospitals and other sectors for business activities. One of the major problems identified by the Department of Homeland Security is the lack of clear security metrics. The recent cyber security breach of the US retail giant TARGET is a typical example that demonstrates the weaknesses of qualitative security, also considered by some security experts as fuzzy security. High, medium or low as measures of security levels do not give a quantitative representation of the network security level of a company. In this thesis, a method is developed to quantify the security risk level of known and unknown attacks in an enterprise network in an effort to solve this problem. The identified vulnerabilities in a case study of a UK based company are classified according to their severity risk levels using common vulnerability scoring system (CVSS) and open web application security project (OWASP). Probability theory is applied against known attacks to create the security metrics and, detection and prevention method is suggested for company network against unknown attacks. Our security metrics are clear and repeatable that can be verified scientifically

Handling uncertainty in intrusion analysis

Zomlot, Loai M. M.

January 1900

Doctor of Philosophy / Department of Computing and Information Sciences / Xinming Ou / Intrusion analysis, i.e., the process of combing through Intrusion Detection System (IDS) alerts and audit logs to identify true successful and attempted attacks, remains a difficult problem in practical network security defense. The primary cause of this problem is the high false positive rate in IDS system sensors used to detect malicious activity. This high false positive rate is attributed to an inability to differentiate nearly certain attacks from those that are merely possible. This inefficacy has created high uncertainty in intrusion analysis and consequently causing an overwhelming amount of work for security analysts. As a solution, practitioners typically resort to a specific IDS-rules set that precisely captures specific attacks. However, this results in failure to discern other forms of the targeted attack because an attack’s polymorphism reflects human intelligence. Alternatively, the addition of generic rules so that an activity with remote indication of an attack will trigger an alert, requires the security analyst to discern true alerts from a multitude of false alerts, thus perpetuating the original problem. The perpetuity of this trade-off issue is a dilemma that has puzzled the cyber-security community for years. A solution to this dilemma includes reducing uncertainty in intrusion analysis by making IDS-nearly-certain alerts prominently discernible. Therefore, I propose alerts prioritization, which can be attained by integrating multiple methods. I use IDS alerts correlation by building attack scenarios in a ground-up manner. In addition, I use Dempster-Shafer Theory (DST), a non-traditional theory to quantify uncertainty, and I propose a new method for fusing non-independent alerts in an attack scenario. Finally, I propose usage of semi-supervised learning to capture an organization’s contextual knowledge, consequently improving prioritization. Evaluation of these approaches was conducted using multiple datasets. Evaluation results strongly indicate that the ranking provided by the approaches gives good prioritization of IDS alerts based on their likelihood of indicating true attacks.

Enterprise network security

Intrusion detection and analysis

Machine learning

Reason about uncertainty

Dempster-Shafer Theory

Computer Science (0984)

A instalação e desenvolvimento de um Cluster comercial gerando diferencial competitivo: estudo de caso no setor da cadeia produtiva do algodão

Fracaroli, Fernando

18 March 2014

Made available in DSpace on 2016-04-25T16:44:38Z (GMT). No. of bitstreams: 1 Fernando Fracaroli.pdf: 677209 bytes, checksum: d30dea0438b67d64e6b23c1a944e0ed3 (MD5) Previous issue date: 2014-03-18 / This study aimed to examine whether on the administrative, technological and business reality installing a commercial cluster can generate a competitive advantage for organizations, which through the literature search and multicases was possible to conclude that when it comes to performance, market entry development and production, the creation and development of a commercial cluster becomes like a market strategy every day more in the Brazilian scenario. That was conclusive and exhaustive, random noticing gaps difficulties for greater profitability within a cluster, this excels when the participating organizations are smaller, devoid of preparation for the market, in that the cluster is a commercial real leverage. Compete and cooperate simultaneously making practical the concept of competition strategy that was many national companies have joined for working in the market today are concluding that this is a valid competitive strategy and still very much in vogue and grow in the country / Este estudo teve como objetivo analisar se diante da realidade administrativa, tecnológica e comercial a instalação um cluster comercial pode gerar um diferencial competitivo para as organizações, onde através da pesquisa bibliográfica e de multicasos foi possível concluir que em se tratando de atuação, entrada no mercado, desenvolvimento e produção, a criação e desenvolvimento de um cluster comercial se torna como uma estratégia de mercado a cada dia mais dentro do cenário brasileiro. Isso foi conclusivo, mesmo percebendo lacunas de dificuldades para a lucratividade maior dentro de um cluster, esse se sobressai quando as organizações participantes são menores, desprovidas de preparo para o mercado, no que o cluster comercial é uma verdadeira alavanca. Competir e cooperar simultaneamente tornando prático o conceito de coopetição foi a estratégia que muitas empresas nacionais aderiram para estarem hoje atuantes no mercado concluindo que essa é uma estratégia competitiva valida e ainda muito em voga e a crescer no país

Coopetição

Cooperação

Competição

Rede de empresas

Cluster empresariais

Coopetition

Cooperation

Competition

Enterprise network cluster

IPv6@HH   Campus Network Design / IPv6 @ HH

Munir, Sarmad, Habib, Yasir, Javed, Sheraz

January 2011

The aim of this thesis project to design and implement a campus network based on IPv6, as IPv6 is the protocol of the future communication.There are many papers available which discuss upgrade from IPv4 to IPv6 and their side by side implementations and functionalities. Contrary to this we are working on running a network entirely based on IPv6. So we built this network infrastructure, monitored it and tested it.A network working on IPv6 is not just about a different addressing plan. Rather there are some serious questions. Network administrators are quite happy and comfortable with the current setup of IPv4. Would this IPv6 be able to provide them same facilities on one-to-one basis? If not, would it be upgrade or degrade on some functionality? Is there solution to every problem available or they would have to discover it themselves? All these and many more questions were faced and tackled in the course of this thesis.

IPv6

IPv4

Network Design

Internet Protocol

Högskolan i Halmstad

Halmstad University

Network Architecture

PDIOO

Cisco

LAN

WLAN

Campus Network

Enterprise Network

Campus Network Design

Methodology Development For Small And Medium Sized Enterpise Sme) Based Virtual Enterprises

Sari, Burak

01 June 2006

This dissertation presents the results of a Ph.D. research entitled as methodology development for SME based virtual enterprises. The research addresses the preparation and set up of virtual enterprises and enterprise networks. A virtual enterprise (VE) can be perceived as a customer solution delivery system created by a temporary and re-configurable information and communications technology (ICT) enabled aggregation of competencies. The main achievements of the research include: &amp / #8226 / Clarification and definition of the concept for virtual enterprises and enterprise networks including preparation of these. o A fast and efficient setup of virtual enterprises can be enabled through the establishment of an enterprise network in which an appropriate type and degree of work preparation can be established prior to the set up of virtual enterprises. &amp / #8226 / Development of a framework and a reference architecture for virtual enterprises named as Structured Methodology and ICT Reference Architecture respectively. o Structured Methodology structures the body of knowledge related to preparation, set up and operation of virtual enterprises and enterprise networks. o ICT reference architecture consists of three levels with seven layers to portray in a diagrammatic fashion how different enterprises may exchange and use information between their respective organizations&amp / #8217 / specific proprietary systems and a central server. &amp / #8226 / Development of a methodology for virtual enterprise named as Virtual Enterprise Methodology (VEM) o VEM consists of a set of guidelines, which systematically describes activities that enterprises should consider in relation to set up and preparation of own enterprise networks with the aim to set up virtual enterprises. &amp / #8226 / Testing and validation of the developed VEM with the realization of a virtual case study and establishment of a validation platform respectively. o Virtual case study demonstrates the application of the developed VE methodology with the illustration of the key activities related to setting up breeding environment, setting up &amp / operating VE and dissolution of VE. o The findings in the research can be validated through the various activities as meetings, conferences, presentations and publication of journals.

TJ Mechanical Engineering. 1-1570

Los grupos de empresa y la relación individual de trabajo en el marco de una economía productiva descentralizada

Jiménez Rojas, Francisco

30 March 2012

La organización productiva descentralizada y flexible que, bajo el impulso de las nuevas tecnologías y la globalización, viene sustituyendo a partir del último cuarto del siglo XX al fordismo de inspiración keynesiana, está deteriorando los mercados laborales, lo que supone una precarización de las condiciones de empleo, un notable repliegue de los «Estados del bienestar» y la desactivación del factor trabajo. Superado el tradicional principio de «unicidad» empresarial, un empresario «complejo» y múltiple –el grupo de empresas-, caracterizado por su dificultad identificatoria, absorbe un protagonismo creciente, en un contexto normativo-laboral casi desregulado, en el que al margen del fraude, la dirección unitaria de las empresas agrupadas no implica deducir de su funcionamiento una responsabilidad (solidaria). En esa «cierta unidad económica» que constituye el grupo, se detecta un punto de conflicto o desconexión, entre las facultades empresariales decisorias -unidad de decisión- y las organizativas –dependencia y ajenidad de frutos-. / The decentralized and flexible productive organization, boosted by globalization, new information and knowledge technologies, has been replacing the Fordist Keynesian inspiration since the last quarter of the 20th century; besides it has been worsening the labour markets, which involves a precariousness of employment conditions and an outstanding backing down of “welfare states” and job factor neutralization. Once the traditional principle of business uniqueness has been overwhelmed, a complex and multiple –the corporate group- employer arises; this employer is characterized by the difficulty of being identified and acquires an increasingly featuring role, inside a regulatory working context almost deregulated, where, on the fringe fraud, the unitarian corporate group management doesn’t imply deducing a solidarity liability from its activity. Inside that “particular economical unity” made up by the group, a deal-breaker or a gap is detected between the decision-making management faculties –decision unity- and the organizational ones –dependence and another person’s benefits-.

empresa-red

Globalización

mercado de trabajo

fexibilidad

mercado de trabajo

segmentación

nuevas tecnologías

grupos de empresa

descentralización

empresa única

fraude de ley

levantamiento del velo

empresario aparente

enterprise network

Globalization

labour market

flexibility

partition

new technologies

corporate groups

decentralization

unique enterprise

legal fraud

lifting of the veil

apparent employer

33

331

34