NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 341
  • 103
  • 95
  • 83
  • 15
  • 13
  • 11
  • 9
  • 9
  • 8
  • 7
  • 6
  • 3
  • 2
  • 2
  • Tagged with
  • 895
  • 895
  • 238
  • 219
  • 193
  • 156
  • 137
  • 134
  • 108
  • 106
  • 99
  • 97
  • 92
  • 87
  • 85
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 221 to 230 of 895 (0.093 seconds)
221

Security By Design

Tanner, M. James 10 August 2009 (has links)
Securing a computer from unwanted intrusion requires astute planning and effort to effectively minimize the security invasions computers are plagued with today. While all of the efforts to secure a computer are needed, it seems that the underlying issue of what is being secured has been overlooked. The operating system is at the core of the security issue. Many applications and devices have been put into place to add layers of protection to an already weak operating system. Security did not used to be such a prominent issue because computers were not connected 24/7, they used dialup and did not experience the effects from connecting to multiple computers. Today computers connect to high speed Internet and seem useless without access to email, chat, Internet, and videos. This interconnectedness of computers has allowed the security of many computers to be compromised because they have not been programmatically secured. The core component of computer security might best be done through security layers protecting the operating system. For this research, those who work in the computer field were asked to complete a survey. The survey was used to gather information such as the security layers and enhancements implemented on Linux computers and networks their surrounding network. This research is a stepping stone for further research as to what can be done to further improve upon security and its current implementations. / Securing a computer from unwanted intrusion requires astute planning and effort to effectively minimize the security invasions computers are plagued with today.
Linux security layers
Information Security
Linux System administrators
T1
222

Hacking Systems, Hacking Values: Interactive Theories For An Interactive World

Kelly, Liam Patrick 12 January 2004 (has links)
Langdon Winner's article "Do Artifacts Have Politics?" (1986) has become a classic piece within Science and Technology Studies. While Winner was certainly not the first to consider the inherently political qualities of technology, his article has assumed the role of a touchstone for both supporters and critics of the idea that artifacts embody political and social relationships. In the chapters that follow, I shall try to answer Winner and his critics, by studying a particular technology that I believe to be capable of shedding some much-needed light on the issue. My aim is provide a restatement of Winner's question in the pages that follow, with the hope of getting past such problematic terms as "embodiment" and "encapsulation." My hope is to make the issue itself clearer, so that we can get to the heart of how technology, values, and human beings systematically interact. I shall utilize in my discussion computer network scanning software. I shall first discuss the background to the question "Do Artifacts Have Politics?" and then describe some of the ethical and political forces alive in the computer security world. Next I shall closely examine two particular pieces of network scanning software and describe their interactions in terms of political and ethical motivations. Finally, I shall use this case study as a basis for a broader discussion of how values may be better conceived in terms of complex interactive systems of human beings and technologies. / Master of Science
philosophy of technology
technological momentum
information security
technology and values
223

Factors impacting information security noncompliance when completing job tasks

Harrell, Martha Nanette 26 November 2014 (has links)
Work systems are comprised of the technical and social systems that should harmoniously work together to ensure a successful attainment of organizational goals and objectives. Information security controls are often designed to protect the information system and seldom consider the work system design. Using a positivist case study, this research examines the user's perception of having to choose between completing job tasks or remaining compliant with information security controls. An understanding of this phenomenon can help mitigate the risk associated with an information system security user's choice. Most previous research fails to consider the work system perspective on this issue. This study is based on the socio-technical system theory, the Leavitt Diamond Model (1965). Using this model as a lens to examine user information security behavior and perspectives, the Synergistic Security Model was developed. The research data indicated that the relationships between the structure, technology, task and people constructs can have an impact on user information security behavior. The research found that a change in the organization's information security policies, technology, or a change in employee processes for task completion can impact a user's information security choice. Some of the information security situations found in the research could be easily changed to lower the risk of a user's choice to circumvent information security. This change could be a technical configuration change, a purchase of a new technology or a change in a process to help impact a user's choice to circumvent information security controls. The Synergistic Security Model can help researchers understand the relationships between the general constructs found in a work system and how those relationships can influence user behaviors. The research presented in the paper examines a triad relationship between each work system construct, consisting of: Structure-Technology-People; Structure-Task-People; Task-Technology-People; and Task-Technology-Structure. The findings indicate that the relationship between the constructs can have a significant impact on user information security behavior and therefore should be a consideration when designing an efficient and effective information security program.
Information technology
System science
Information Security
Information Security Behavior
Work System Design
Computer Sciences
Computer Security
Databases and Information Systems
224

Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users

Edwards, Keith 01 January 2015 (has links)
Attacks on computer systems continue to be a problem. The majority of the attacks target home computer users. To help mitigate the attacks some companies provide security awareness training to their employees. However, not all people work for a company that provides security awareness training and typically, home computer users do not have the incentive to take security awareness training on their own. Research in security awareness and security behavior has produced conflicting results. Therefore, it is not clear, how security aware home computer users are or to what extent security awareness affects the security behavior of home computer users. The goal of this study was to determine if there is a relationship between security awareness and users practicing good security behavior. This study adapted its research model from the health belief model (HBM), which accesses a patient’s decision to perform health related activities. The research model included the HBM constructs of perceived severity, perceived susceptibility, perceived threat, perceived benefits, perceived barriers, cues to action, and self-efficacy. The research model also contained the security awareness (SA) and concern for information privacy (CFIP) constructs. The model used SA to ascertain the effect of security awareness on a person’s self-efficacy in information security (SEIS), perceived threat, CFIP, and security behavior. The research model included CFIP to ascertain its effect on security behavior. The developed survey measured the participants' security awareness, concern for information privacy, self-efficacy, expectations of security actions, perceived security threats, cues to action, and security behavior. SurveyMonkey administered the survey. SurveyMonkey randomly selected 267 participants from its 30 million-member base. The findings of this study indicate home computer users are security aware. SA does not have a direct effect on a user’s security behavior, perceived threat, or CFIP. However, it does have influence on SEIS. SEIS has a weak effect on expectations. CFIP has an effect on a user’s security behavior after removing perceived threat from the research model. Perceived susceptibility has a direct effect on a user’s security behavior, but perceived severity or perceived threat does not.
Information privacy concerns
Information security awareness
Information Security Behavior
Information technology
Computer science
Computer Sciences
Computer Security
225

Towards evaluating security implementations using the Information Security Maturity Model (ISMM)

Alaboodi, Saad Saleh January 2007 (has links)
Information security is a common and ever-present concern for both private and public sector organizations. Information security protects information from a wide range of threats, risks, and vulnerabilities in order to ensure information availability, integrity and confidentiality, and hence business continuity. This research seeks to use a heuristic-based investigation of the Information Security Maturity Model (ISMM), developed by the author, combined with a thorough review of existing models, to suggest considerable extensions. This shall merit various applications leading to establish a connective body of knowledge and bridge a gap in existing literature and industry regarding the information security implementation in light of use of international standards and models. The ISMM model is neither based on a specific technology/protocol (e.g. PKI, IPSec, SSL) nor a certain system/product (e.g. Firewall, Antivirus, IDS), but rather an engineering approach towards a structured and efficient implementation of those technologies. The ISMM is a security-centric model that consists of five distinctive and ordered security layers, each of which has its own definition, scope, and characteristics. The model reflects the three key security processes (prevention, detection and recovery) and captures effects of people (visibility and sophistication) on every layer. It aims essentially to assess the maturity of any security implementation of any size and type (i.e. device, system, or environment). New extensions of the ISMM work are put forward. Literature review is augmented by introducing a new classification of information security models. Additionally, new abstractions are introduced, first: the abstraction of security conceptual boundaries, which signifies rational priorities and captures the unavoidable interferences between information and physical security in any security context, second: the abstraction of ratios of resources utilization (i.e. computational power, energy, memory, and other costs). Further extensions include a new attack model that classifies attacks in terms of their impact. This leads to a new approach for analyzing attacks and study adversary’s capabilities at different layers of both the ISMM and network models in the whole system, as one integrated entity against both single and hybrid attacks. As an example of one possible mapping and compatibility of the ISMM with other security-related models, the ISMM layers are mapped to their pertinent peers in network models (i.e. ISO/OSI and TCP/IP), which offers more information about security controls at each layer and its contribution to the actual overall security posture. The ISMM offers a prompt and structured approach to identify the current security state of small communication devices, computing platforms, and large computing environments in a consistent manner. A cost-effective realization is achieved through the optimization of IT and security expenditure. Therefore, the model assists to minimize deficiencies in security implementation. Also, the identification of needs and goals of the following level in the ISMM hierarchy allows a strategic approach proportional to allowable resources to take place, as a result, both goals are reached and cost is reduced much faster. This work is believed to facilitate grounds for future research endeavors such as applying these propositions on simulated examples, real life case studies, and developing a formula for the optimized distribution of security resources in a consistent manner with the best possible security level.
maturity model
information security
IT security
security processes
attack model
optimal security
cost of information security
Electrical and Computer Engineering
226

Towards evaluating security implementations using the Information Security Maturity Model (ISMM)

Alaboodi, Saad Saleh January 2007 (has links)
Information security is a common and ever-present concern for both private and public sector organizations. Information security protects information from a wide range of threats, risks, and vulnerabilities in order to ensure information availability, integrity and confidentiality, and hence business continuity. This research seeks to use a heuristic-based investigation of the Information Security Maturity Model (ISMM), developed by the author, combined with a thorough review of existing models, to suggest considerable extensions. This shall merit various applications leading to establish a connective body of knowledge and bridge a gap in existing literature and industry regarding the information security implementation in light of use of international standards and models. The ISMM model is neither based on a specific technology/protocol (e.g. PKI, IPSec, SSL) nor a certain system/product (e.g. Firewall, Antivirus, IDS), but rather an engineering approach towards a structured and efficient implementation of those technologies. The ISMM is a security-centric model that consists of five distinctive and ordered security layers, each of which has its own definition, scope, and characteristics. The model reflects the three key security processes (prevention, detection and recovery) and captures effects of people (visibility and sophistication) on every layer. It aims essentially to assess the maturity of any security implementation of any size and type (i.e. device, system, or environment). New extensions of the ISMM work are put forward. Literature review is augmented by introducing a new classification of information security models. Additionally, new abstractions are introduced, first: the abstraction of security conceptual boundaries, which signifies rational priorities and captures the unavoidable interferences between information and physical security in any security context, second: the abstraction of ratios of resources utilization (i.e. computational power, energy, memory, and other costs). Further extensions include a new attack model that classifies attacks in terms of their impact. This leads to a new approach for analyzing attacks and study adversary’s capabilities at different layers of both the ISMM and network models in the whole system, as one integrated entity against both single and hybrid attacks. As an example of one possible mapping and compatibility of the ISMM with other security-related models, the ISMM layers are mapped to their pertinent peers in network models (i.e. ISO/OSI and TCP/IP), which offers more information about security controls at each layer and its contribution to the actual overall security posture. The ISMM offers a prompt and structured approach to identify the current security state of small communication devices, computing platforms, and large computing environments in a consistent manner. A cost-effective realization is achieved through the optimization of IT and security expenditure. Therefore, the model assists to minimize deficiencies in security implementation. Also, the identification of needs and goals of the following level in the ISMM hierarchy allows a strategic approach proportional to allowable resources to take place, as a result, both goals are reached and cost is reduced much faster. This work is believed to facilitate grounds for future research endeavors such as applying these propositions on simulated examples, real life case studies, and developing a formula for the optimized distribution of security resources in a consistent manner with the best possible security level.
maturity model
information security
IT security
security processes
attack model
optimal security
cost of information security
Electrical and Computer Engineering
227

Information Security Management: The Study of Lithuanian State Institutions / Informacijos saugumo valdymas: Lietuvos Respublikos valstybės institucijų atvejis

Jastiuginas, Saulius 27 December 2012 (has links)
Growing information security cases and scope illustrate that the relevance of information security issues becomes critical and present information security means are not sufficient enough to manage information security. Narrow comprehension of information security merely as technological problem is broadened by the research results of economic, managerial, psychological, legal and other related aspects’ influence to information security. Information is named as the object of information security management in this thesis, and new information security management solutions are searched in the information management sciences. Critical analysis of information management and information security management links, was established a theoretical basis to form an integral information security management model. Integral information security management model, constructed at a theoretical level, shows a complex approach towards information security, integrates information management and information security management. Integral information security management model allows indentifying information security management weaknesses in the Lithuanian State institutions, rectifying deficiencies, provide an integrated and efficient information security management. A practical research and obtained results grounded the constructed model’s applicability both for further theoretical academic research and for practical application in the Lithuanian State institutions. / Nuolat augantys informacijos saugumo incidentų atvejai ir mastai iliustruoja, kad informacijos saugumo problemų aktualumas tampa kritinis, o esamos informacijos saugumo valdymo priemonės nėra pakankamos informacijos saugumui valdyti. Siaurą informacijos saugumo, kaip technologinės problemos, supratimą plečia ekonominių, vadybinių, psichologinių, teisinių ir kitų susijusių aspektų įtaka informacijos saugumui. Disertacijoje teigiama, kad informacijos saugumo valdymo objektas yra informacija, todėl informacijos saugumui valdyti pasitelktini informacijos vadybos metodai ir būdai. Identifikavus ir kritiškai įvertinus informacijos vadybos bei informacijos saugumo valdymo diskursų sąsajas sukurtas teorinis pagrindas suformuoti integralų informacijos saugumo valdymo modelį. Teoriniame lygmenyje sukonstruotas integralus informacijos saugumo valdymo modelis atskleidžia kompleksinį požiūrį į informacijos saugumą, integruoja informacijos vadybą ir informacijos saugumo valdymą bei leidžia identifikuoti informacijos saugumo valdymo Lietuvos valstybės institucijose trūkumus, o šiuos trūkumus pašalinus, užtikrinti kompleksišką ir efektyvų informacijos saugumo valdymą. Empirinis tyrimas ir gauti rezultatai pagrindė teoriniame lygmenyje sukonstruoto modelio pritaikomumą tiek tolesniems teoriniams moksliniams tyrimams, tiek praktinėje Lietuvos valstybės institucijų veikloje.
Communication and Information
Information security
Information security management
Information management
State institutions
Informacijos saugumas
Informacijos saugumo valdymas
Informacijos vadyba
Valstybės institucijos
228

Information security awareness and behaviour: of trained and untrained home users in Sweden.

Hammarstrand, Johanna, Fu, Tommy January 2015 (has links)
Today we live in an information society that is constantly growing in terms of the amount of information that are processed, stored, and communicated. Information security is a field that is of concern for both the individual and the society as a whole, as both groups are exposed to information every day. A society like this will demand more emphasis on information security. Previous researchers that has addressed this problem argues that security awareness is the most significant factor in order to raise the general security level. They also mention education as a solution to increase the security awareness and thereby achieve a secure environment. The aim of this thesis is to examine the differences between trained and untrained home users in security awareness and behaviour. The research was conducted, using a quantitative method in form of a survey research with the distribution of self-completion questionnaires. The study has a total of 162 respondents that participated. The result was presented and analysed through the use of the software program, IBM SPSS. The results of the findings suggest that the awareness of the trained home users is higher than of those who are untrained home users. Additionally, the discussion suggests that the home users who have participated in awareness raising initiatives, such as education and training, does not necessarily apply more security measures in their home environment, than those who are regarded as untrained home users. Hence, this study suggests that the increase in awareness may not necessarily be the only factor that affects the user’s behaviour, since those who have not participated in awareness raising initiatives applies security measures, almost to the same extent to those who have. This thesis might be able to act as a foundation for future research within the field, considering that the research is a comparative study between trained and untrained home users of the variables security awareness and behaviour where the found results, does not fully agree with previous research. However, an increase in awareness is a good start, but may need to be paired with appropriate training from other parties, such as internet service providers (ISPs) and banks. Maybe the solution could be to develop and strive for a continuous information security culture of the Swedish society, which may result in a deeper learning and understanding of security issues and inspire home users to be engaged and proactive about their information security behaviour.
information security awareness
information security behaviour
trained home user
untrained home user
Computer and Information Sciences
Data- och informationsvetenskap
229

INTRUSION EXECUTION SYSTEMS : Prototype: IMPETUS

Kayahan, Hüseyin January 2013 (has links)
In nature, it is inspiring to observe such an extensive variety of defensive skills distributed among species. The speed of an antelope, and the sting of a scorpion, wasp or a bee are some examples of such defensive tools or mechanisms important to survive against predators. However sophisticated the skills or tools are, the correct accurate use and on-time triggering of those tools is a matter of life and death for animals. With those defensive measures, animals come with a complementary ability called "vigilance". Vigilance is costly and the human tries to minimize vigilant behaviour in every aspect of life. The absence of vigilance, or negligence in other words, allows humans to spend more time and cognition on matters that he or she wants rather than on problems that need time. The human has an inherent and intricate mechanism that determine the vigilance level required for a particular problem. The consequences of the lack of vigilance in a work environment, more especially in the Information Technologies Security field are catastrophic and even lethal as humanity becomes an increasingly associated habitant of cyberspace ecosystem. Intrusion Execution Systems (IES) which is one of my conceptual propositions in this research, is my approach to reduce negligent behaviour in IT Security personnel. Impetus is the name of the first prototype for IES concept with limitations, which is included in this research. Impetus can successfully achieve desired behaviour in test environment, however the conceptual propositions in this research among with Impetus, should further be experimented in real-world in order to be convinced of its effectiveness.
information security
network security
negligence
vigilance
information security
security policy
security wheel
windmill model
impetus
ies
Computer Sciences
Datavetenskap (datalogi)
230

Why do employees violate is security policies?:insights from multiple theoretical perspectives

Vance, A. (Anthony) 12 October 2010 (has links)
Abstract Employee violations of IS security policies is recognized as a key concern for organizations. Although interest in IS security has risen in recent years, little empirical research has examined this problem. To address this research gap, this dissertation identifies deliberate IS security policy violations as a phenomenon unique from other forms of computer abuse. To better understand this phenomenon, three guidelines for researching deliberate IS security violations are proposed. An analysis of previous behavioral IS security literature shows that no existing study meets more than one of these guidelines. Using these guidelines as a basis, this dissertation examines IS security policy violations using three theoretical models drawn from the following perspectives: neutralization theory, rational choice theory, and protection motivation theory. Three field studies involving surveys of 1,423 professional respondents belonging to 7 organizations across 47 countries were performed for empirical testing of the models. The findings of these studies identify several factors that strongly predict intentions to violate IS security policies. These results significantly increase our understanding of why employees choose to violate IS security policies and provide empirically-grounded implications for how practitioners can improve employee IS security policy compliance.
computer abuse
deterrence theory
information security
information security policy
neutralization theory
protection motivation theory
rational choice theory

Page generated in 0.1089 seconds