Generic Quality Assurance in Software Projects

Jansson, Daniel

January 2021

Keeping the code quality high and ensuring high security in a softwareproject is a common challenge. To address this challenge a system calledQuality Assurance System (QAS) has been implemented. QAS usesfour third-party testing tools to evaluate software projects in regards tocode quality and security, without adding more work for each separatesoftware project. QAS was tested on real world software projects andmultiple potential misconfigurations and errors was found. QAS can notreplace testing, but it is a starting point by adding some basic tests thatlooks for security vulnerabilities, misconfigurations, etc.

testing tool

information security

code quality

Computer Sciences

Datavetenskap (datalogi)

Zavedení ISMS pro základní školu / Implementation of ISMS at Elementary School

Hensl, Marek

January 2017

This diploma’s thesis deals with information security management system on elementary school. This work is based on long time experience with chosen school and on communication with representatives of elementary school. In this thesis are teoretical basics, specific state, shortcomings and proposed or recommended solutions.

Návrh zavedení bezpečnostních opatření na základě ISMS pro malý podnik / Design of security countermeasures implementation based on ISMS for small company

Tomko, Michal

January 2019

The master`s thesis deals with implementation of security countermeasures in accordance with information security management system for small company. Main concern of the master`s thesis will be design of security countermeasures in company. Solution of the design comes from the analysis of current state of the company including all important parts and assist evaluation which has been processed along with responsible persons.

Návrh, tvorba a implementace softwarové aplikace ve firemním prostředí / Design, Creation and Implementation of Software Application in the Corporate Environment

Zavadilová, Patrícia

January 2021

The master’s thesis is focused on the design and creation of a solution for converting company’s software application into the mobile and web form. The main goal is make business processes more efficient and maintain information and cyber security. The result should be a system that brings an innovative and convenient solution, time and financial savings.

Návrh zavedení bezpečnostních opatření pro danou společnost / Proposal for the introduction of security measures for the company

Krídla, Matúš

January 2021

This diploma thesis deals with the design and implementation of security measures within a selected company. The aim of the work is to create a proposal for measures against possible security threats. The first chapter deals with a general introduction to the issue, describes and defines the concepts from a theoretical point of view. The second part deals with the description of the current state and analysis of selected areas of the company. At the end of this work, we focus on raising awareness of security threats and proposing measures that contribute to increasing the security of information.

Towards Security and Privacy in Networked Medical Devices and Electronic Healthcare Systems

Jellen, Isabel

01 June 2020

E-health is a growing eld which utilizes wireless sensor networks to enable access to effective and efficient healthcare services and provide patient monitoring to enable early detection and treatment of health conditions. Due to the proliferation of e-health systems, security and privacy have become critical issues in preventing data falsification, unauthorized access to the system, or eavesdropping on sensitive health data. Furthermore, due to the intrinsic limitations of many wireless medical devices, including low power and limited computational resources, security and device performance can be difficult to balance. Therefore, many current networked medical devices operate without basic security services such as authentication, authorization, and encryption. In this work, we survey recent work on e-health security, including biometric approaches, proximity-based approaches, key management techniques, audit mechanisms, anomaly detection, external device methods, and lightweight encryption and key management protocols. We also survey the state-of-the art in e-health privacy, including techniques such as obfuscation, secret sharing, distributed data mining, authentication, access control, blockchain, anonymization, and cryptography. We then propose a comprehensive system model for e-health applications with consideration of battery capacity and computational ability of medical devices. A case study is presented to show that the proposed system model can support heterogeneous medical devices with varying power and resource constraints. The case study demonstrates that it is possible to signicantly reduce the overhead for security on power-constrained devices based on the proposed system model.

Security

Privacy

E-health

Medical Devices

Medical Data

Information Security

The securitisation of information with reference to South Africa's Protection of State Information Bill 2010

Ellinas, Mikela

January 2016

The aim of this study is to analyse whether or not information has been securitised in South Africa. The degree of possible securitisation is assessed to determine the consequences of this securitised situation for the information-security nexus in South Africa. This premise is based primarily on the introduction of the Protection of State Information Bill, 2010 (hereinafter the Bill) which forms the case study. The Bill is posited by the state as a contribution to the country's information society and an enhancement of security-law to allow the State to combat threats in the Information Age. However, the Bill has received fierce criticism as a detractor to the democratic project of South Africa. The analysis of the paper is grounded in the framework of Securitisation Theory, derived from Critical Security Studies within the field of Security Studies. This theory explores the consideration of an issue or entity, as a security subject, ultimately removing the issue or entity from the public-political discourse. Accordingly, the study concludes that a partial securitisation of information has occurred in South Africa, but with justifiable defence and necessary cause. In spite of the often pejorative perspective of a securitised environment, this outcome is not necessarily detrimental to the democratic project. Not only does the proposed security law enhance the security of the country to facilitate the pursuit of national interests, it allows the state to compete more effectively and aggressively with its counterparts in the international milieu in the Information Age. / Mini Dissertation (M Security Studies)--University of Pretoria, 2016. / Political Sciences / M Security Studies / Unrestricted

Information access

Information security

Securitisation Theory

State Information

UCTD

Exploring Strategies for Implementing Information Security Training and Employee Compliance Practices

Dawson, Alan Robert

01 January 2019

Humans are the weakest link in any information security (IS) environment. Research has shown that humans account for more than half of all security incidents in organizations. The purpose of this qualitative case study was to explore the strategies IS managers use to provide training and awareness programs that improve compliance with organizational security policies and reduce the number of security incidents. The population for this study was IS security managers from 2 organizations in Western New York. Information theory and institutional isomorphism were the conceptual frameworks for this study. Data collection was performed using face-to-face interviews with IS managers (n = 3) as well as secondary data analysis of documented IS policies and procedures (n = 28). Analysis and coding of the interview data was performed using a qualitative analysis tool called NVivo, that helped identify the primary themes. Developing IS policy, building a strong security culture, and establishing and maintaining a consistent, relevant, and role-based security awareness and training program were a few of the main themes that emerged from analysis. The findings from this study may drive social change by providing IS managers additional information on developing IS policy, building an IS culture and developing role-specific training and awareness programs. Improved IS practices may contribute to social change by reducing IS risk within organizations as well as reducing personal IS risk with improved IS habits.

awareness

culture

information security

policy

training

Databases and Information Systems

Designing Cybersecurity Competitions in the Cloud: A Framework and Feasibility Study

Newby, Chandler Ryan

10 December 2018

Cybersecurity is an ever-expanding field. In order to stay current, training, development, and constant learning are necessary. One of these training methods has historically been competitions. Cybersecurity competitions provide a method for competitors to experience firsthand cybersecurity concepts and situations. These experiences can help build interest in, and improve skills in, cybersecurity. While there are diverse types of cybersecurity competitions, most are run with on-premise hardware, often centralized at a specific location, and are usually limited in scope by available hardware. This research focuses on the possibility of running cybersecurity competitions, specifically CCDC style competitions, in a public cloud environment. A framework for running cybersecurity competitions in general was developed and is presented in this research. The framework exists to assist those who are considering moving their competition to the cloud. After the framework was completed, a CCDC style competition was developed and run entirely in a public cloud environment. This allowed for a test of the framework, as well as a comparison against traditional, on-premise hosting of a CCDC. The cloud-based CCDC created was significantly less expensive than running a comparable size competition in on-premise hardware. Performance problems—typically endemic in traditionally-hosted CCDCs—were virtually non-existent. Other benefits, as well as potential contraindications, are also discussed. Another CCDC style competition, this one originally built for on-premise hardware, was then ported to the same public cloud provider. This porting process helped to further evaluate and enrich the framework. The porting process was successful, and data was added to the framework.

cybersecurity

IT

cloud

virtualization

competition

CCDC

Information Security

Evaluating an Educational Cybersecurity Playable Case Study

Johnson, Tanner West

11 December 2018

The realities of cyberattacks have become more and more prevalent in the world today. Due to the growing number of these attacks, the need for highly trained individuals has also increased. Because of a shortage of qualified candidates for these positions, there is an increasing need for cybersecurity education within high schools and universities. In this thesis, I discuss the development and evaluation of Cybermatics, an educational simulation, or playable case study, designed to help students learn and develop skills within the cybersecurity discipline. This playable case study was designed to allow students to gain an understanding of the field of cybersecurity and give them a taste of what a day in the life of a cybersecurity professional might be. It focuses on being an authentic experience so that students feel immersed within the simulation while completing their tasks, instead of regarding it as merely another assignment. We ran a pilot test of this playable case study in a university-level, introductory Information Technology class of 51 students. We found that Cybermatics increased the selfreported likelihood of over 70% of participants to pursue a career in a cybersecurity field. It also helped students understand the importance of leadership and ethics to a cybersecurity professional. We also found that the simulation helped students feel more confident about their ability to complete cybersecurity-related tasks.

playable case study

cybersecurity

simulation

educational

Information Security