Global ETD Search

11	Ascertaining the Relationship between Security Awareness and the Security Behavior of Individuals Grant, Gordon J. 01 January 2010 (has links) Security threats caused by the inappropriate actions of the user continue to be a significant security problem within any organization. The purpose of this study was to continue the efforts of Katz by assessing the security behavior and practices of working professionals. Katz conducted a study that assessed whether the faculty and staff at Armstrong Atlantic State University had been performing the simple everyday practices and behavior necessary to avert insider threats to information security. Critical in understanding human behavior is in knowing how behavior varies across different groups or demographics. Because a user's behavior can be influenced by demographic groups, this study adapted Katz's study by examining the influence on the security behavior of four demographic groups identified by gender, age, education, and occupation. Like Katz, this study used a 5-point Likert scale quantitative self-administered, closed-ended questionnaire to assess the participants' security practices and behaviors. The questionnaire was developed in two sections: Section 1 used a binary scale to gather the participants' demographics data while Section 2 used a 5-point Likert scale to measure the participants' security behaviors. The sample population was derived from working professionals at the General Dynamic and Program Manager Advanced Amphibious Assault (GD & PM AAA) Facility in Woodbridge, Virginia. The total population at PM AAA Office was 288, of which 87 or 30% completed the survey. Results of the demographic survey indicate that (a) women were more security aware than their male counterparts, (b) younger participants were more security aware than their older counterparts, (c) participants who did not attend college were more security aware than their college-educated counterparts, and (d) participants in nontechnical positions were more security aware than their counterparts in technical positions. The results indicate that a relation exists between the participants' security behaviors and their levels of security awareness. Computer Security Individual Security Information Assurance Information Security Security Behavior Security Practices Computer Sciences
12	Kyberterorismus a digitální pirátství / Cyberterrorism and digital piracy Knopová, Martina January 2011 (has links) The thesis "Cyberterrorism and digital piracy" deals with the description of aims, motivation, tools, and consequences of current cyberwars. First of all, it concentrates on features of cyberconflicts while trying to indentify and define the essence of cyberterrorism, its principles, causes, and threats. Besides a description of common cyberwar methods, it provides a reader with a detailed analysis of the "Information Assurance" concept, which represents a form of strategy used to define risks of information security in the cyberspace. The analytic part of the thesis concerns concrete cases of the international cyberterorism and its forms in the 2007 to 2010 cyberwars. It also analyses some particular cyberattacks from the geopolitical point of view in a chronoligical way, especially those that happened in the European-Russian, Asian-American and Middle-Eastern regions. The comparation of the theoretical "Information Assurance" model and partial analyses of individual cyberwar examples has showed that not to keep the model reasons in the real disruption of the information security for a particular system. This fact notably contributed to the inception of aforementioned cyberconflicts, therefore the validity and applicability of the Information Assurance" concept the has been proved.
13	Factors Influencing the Adoption of Biometric Security Technologies by Decision Making Information Technology and Security Managers Lease, David R. 10 1900 (has links) The research conducted under this study offers an understanding of the reasons why information technology (IT) and/or information assurance (IA) managers choose to recommend or not to recommend particular technologies, specifically biometric security, to their organizations. A review of the relevant literature provided the foundation to develop a set of research questions and factors for this research effort. The research questions became the basis of the study’s stated hypotheses for examining managers’ perceptions of the security effectiveness, need, reliability, and cost-effectiveness of biometrics. The research indicates that positive perceptions of security effectiveness, need, reliability, and cost-effectiveness correlate with IT/IA managers’ willingness to recommend biometric security technologies. The implications of this study are that executives and managers can make informed decisions about the recommendation and adoption process relevant to biometric security technologies through an understanding of how perceptions of biometric technology affect the decision to recommend this type of technology. The study’s results may also help biometric product developers, vendors, and marketers understand the important perceptions of biometric security technologies within their customer base of IT/IA managers. biometric security technology adoption information security information assurance information technology biometrics decision making QA75 T1
14	Network vulnerability assessments: a proactive approach to protecting Naval medicine information assets Reinkemeyer, Steven 06 1900 (has links) Approved for public release, distribution is unlimited / The purpose of this study was to determine whether Naval Medicine's current Information Assurance Policy and resultant efforts properly address federal requirements or current threats confronting Naval Medicine information technology professionals. The primary research was conducted with a survey instrument detailing thirty questions with various response categories. The findings of the survey questionnaire revealed the existing numbers of previously compromised systems were directly related to the frequency of vulnerability scanning and remediation practices in the current threat environment. This study will provide insight to anyone interested in the future assessment of Naval Medicine's information security posture. These findings have important implications for command personnel charged with the responsibility and accountability of Naval Medicine's networks and data systems, as well as other communities throughout the Navy. / Lieutenant, United States Navy Medicine, Naval Computer networks Security measures United States Vulnerability assessment Patch management Information assurance Naval medicine Vulnerability statistics
15	Toward managing & automating CyberCIEGE scenario definition file creation / Toward managing and automating CyberCIEGE scenario definition file creation Johns, Kenneth W., Jr. 03 1900 (has links) Approved for public release, distribution is unlimited / The CyberCIEGE project seeks to create an alternative to traditional Information Assurance (IA) training and education approaches by developing an interactive, entertaining commercial-grade PC-based computer game/virtual laboratory. CyberCIEGE will provide a robust, flexible and extensible gaming environment where each instance of the game is based on a fully customizable scenario. These scenarios are written in the CyberCIEGE Scenario Definition Language. Unfortunately, the trade-off for flexibility, extensibility and fully customizable scenarios is syntax complexity in the scenario definition language. This thesis will solve this real world problem by showing that the complexity of scenario definition language syntax can be managed through a software tool. This thesis will develop such a tool and further demonstrate that progress can be made toward automating scenario generation. / Civilian, Federal Cyber Service Corps, Naval Postgraduate School Computer networks Security measures Study and teaching Game theory Grammar, Comparative and general Syntax Computer software Information assurance CyberCIEGE Syntax complexity management
16	Scripting quality of security service (QoSS) safeguard measures for the suggested INFOCON system Guild, Jennifer A. 03 1900 (has links) Approved for public release, distribution is unlimited / The existing INFOCON system is an information warning system that the DOD maintains. It is not formally correlated to other warning systems, such as DEFCON, FPCON/THREATCON, WATCHCONs, SANS INFOCON, or the Homeland Security Advisory System Threat condition. The criteria for each INFOCON level are subjective. The INFOCON recommended actions are a mix of policy and general technical measures. The INFOCON system vaguely follows the Defense in Depth network defense methodology. This thesis examines the foundations for the existing INFOCON system and presents an evolved INFOCON system. The focus will be on the security of the DOD information infrastructure and the accomplishment of the mission, as well as the usability and the standardization of the INFOCON warning system. The end result is a prototype that is a set of predefined escalation scripts for the evolved INFOCON system's safeguard measures. / Civilian, Federal Cyber Service Corps, Naval Postgraduate School Methodology Computer science DEFCON FPCON/THREATCON WATCHCONS SANS INFOCON DOD Defense in depth INFOCON Information Information assurance Actions
17	Enhancing information security in organisations in Qatar Al-Hamar, Aisha January 2018 (has links) Due to the universal use of technology and its pervasive connection to the world, organisations have become more exposed to frequent and various threats. Therefore, organisations today are giving more attention to information security as it has become a vital and challenging issue. Many researchers have noted that the significance of information security, particularly information security policies and awareness, is growing due to increasing use of IT and computerization. In the last 15 years, the State of Qatar has witnessed remarkable growth and development of its civilization, having embraced information technology as a base for innovation and success. The country has undergone tremendous improvements in the health care, education and transport sectors. Information technology plays a strategic role in building the country's knowledge-based economy. Due to Qatar s increasing use of the internet and connection to the global environment, it needs to adequately address the global threats arising online. As a result, the scope of this research is to investigate information security in Qatar and in particular the National Information Assurance (NIA) policy. There are many solutions for information security some technical and some non-technical such as policies and making users aware of the dangers. This research focusses on enhancing information security through non-technical solutions. The aim of this research is to improve Qatari organisations information security processes by developing a comprehensive Information Security Management framework that is applicable for implementation of the NIA policy, taking into account Qatar's culture and environment. To achieve the aim of this research, different research methodologies, strategies and data collection methods will be used, such as a literature review, surveys, interviews and case studies. The main findings of this research are that there is insufficient information security awareness in organisations in Qatar and a lack of a security culture, and that the current NIA policy has many barriers that need to be addressed. The barriers include a lack of information security awareness, a lack of dedicated information security staff, and a lack of a security culture. These barriers are addressed by the proposed information security management framework, which is based on four strategic goals: empowering Qataris in the field of information security, enhancing information security awareness and culture, activating the Qatar National Information Assurance policy in real life, and enabling Qatar to become a regional leader in information security. The research also provides an information security awareness programme for employees and university students. At the time of writing this thesis, there are already indications that the research will have a positive impact on information security in Qatar. A significant example is that the information security awareness programme for employees has been approved for implementation at the Ministry of Administrative Development Labour and Social Affairs (ADLSA) in Qatar. In addition, the recommendations proposed have been communicated to the responsible organisations in Qatar, and the author has been informed that each organisation has decided to act upon the recommendations made.
18	Public Servants' Perceptions of the Cybersecurity Posture of the Local Government in Puerto Rico Rodriguez, Julio C 01 January 2019 (has links) The absence of legislation, the lack of a standard cybersecurity framework, and the failure to adopt a resilient cybersecurity posture can be detrimental to the availability, confidentiality, and integrity of municipal information systems. The purpose of this phenomenological study was to understand the cybersecurity posture of municipalities from the perception of public servants serving in information technology (IT) leadership roles in highly populated municipalities in the San Juan-Carolina-Caguas Metropolitan Statistical Area of Puerto Rico. The study was also used to address key factors influencing the cybersecurity posture of these municipalities. The theoretical framework was open system theory used in combination with a conceptual framework encompassing key dimensions influencing digital government. Data were collected using semistructured interviews with 10 public servants working in IT leadership positions in a municipal setting in Puerto Rico. Data analysis involved horizontalization, reduction, elimination, clustering, thematizing, validation, and development of individual and composite textural descriptions. Participants reported that the cybersecurity posture of their municipalities was resilient. Participants also reported that technological changes, politics, the economy, management support, and processes were key elements to achieve a resilient posture. Findings may be used to empower elected officials, policymakers, public servants, and practitioners to manage and improve elements affecting cybersecurity with the goal of achieving a resilient posture to deliver cybersecurity as a public good. cybersecurity information assurance information security local government municipality security posture Databases and Information Systems Public Administration Public Policy
19	A CyberCIEGE scenario illustrating multilevel secrecy issues in an air operations center environment Meyer, Marc K. 06 1900 (has links) Approved for public release; distribution is unlimited / CyberCIEGE provides an addition to traditional Information Assurance (IA) education in the form of an interactive, entertaining, commercial-grade PC-based computer game. Educational objectives are contained in scenarios that serve to teach particular IA concepts. The details of a scenario are contained in a Scenario Definition File (SDF), which is written in the CyberCIEGE Scenario Definition Language. This language is rich enough to express a range of information security policies and operational data access requirements, resulting in a nearly limitless pool of possible scenarios. This thesis developed a playable scenario illustrating confidentiality protection concepts in an open storage environment modeled after an Air Operations Center. Educational goals include physical protection of high value assets and use of strong authentication policies to protect moderate value assets. The major work of this thesis was designing an SDF to reflect a military information security policy and work flow environment contained in the educational goals. The confirmation of the proper operation of selected aspects of the CyberCIEGE game engine, and the assurance that the SDF confronts the player with the security trade-offs occurred through the application of a testing methodology. The creation of detailed solutions and incorrect gameplay examples constitute this testing process. / Captain, United States Air Force Computer games Programming Computer users United States Computer networks Security measures Computer security CyberCIEGE Information assurance IA Scenario definition file SDF Network security training
20	CyberCIEGE scenario illustrating secrecy issues through mandatory and discretionary access control policies in a multi-level security network LaMore, Robert L. 06 1900 (has links) Approved for public release, distribution is unlimited / User training in computer and network security is crucial to the survival of modern networks, yet the methods employed to train users often seem ineffective. One possible reason is that users are not fully engaged during these training sessions and thus they tend to forget the lessons being taught. The CyberCIEGE game introduces a new method of training in computer and network security. The player engages in a simulation-based network security game, that reflects real-world security principles. Each time the CyberCIEGE game runs, it loads a Scenario Definition File (SDF) written to teach specific security concepts. This thesis developed such a scenario definition file for the CyberCIEGE game. The educational purpose of the scenario is to illustrate secrecy issues in the context of mandatory and discretionary access control in a multilevel networked environment. The primary work of this thesis was to construct the scenario definition file such that playing the resulting game would achieve this educational purpose. This thesis also resulted in the construction of scenario definition files to test the CyberCIEGE game engine for expected results. These tests resulted in several recommendations for improvement in the game engine. / First Lieutenant, United States Air Force Computer networks Security measures Computer security Computer users United States Computer games Programming Information assurance CyberCIEGE Scenario definition file Network security training

Search results