A simulation-based methodology for the assessment of server-based security architectures for mobile ad hoc networks (MANETs)

Darwish, Salaheddin

January 2015

A Mobile Ad hoc Network (MANET) is typically a set of wireless mobile nodes enabled to communicate dynamically in a multi-hop manner without any pre-existing network infrastructure. MANETs have several unique characteristics in contrast to other typical networks, such as dynamic topology, intermittent connectivity, limited resources, and lack of physical security. Securing MANETs is a critical issue as these are vulnerable to many different attacks and failures and have no clear line of defence. To develop effective security services in MANETs, it is important to consider an appropriate trust infrastructure which is tailored to a given MANET and associated application. However, most of the proposed trust infrastructures do not to take the MANET application context into account. This may result in overly secure MANETs that incur an increase in performance and communication overheads due to possible unnecessary security measures. Designing and evaluating trust infrastructures for MANETs is very challenging. This stems from several pivotal overlapping aspects such as MANET constraints, application settings and performance. Also, there is a lack of practical approaches for assessing security in MANETs that take into account most of these aspects. Based on this, this thesis provides a methodological approach which consists of well-structured stages that allows the exploration of possible security alternatives and evaluates these alternatives against dimensions to selecting the best option. These dimensions include the operational level, security strength, performance, MANET contexts along with main security components in a form of a multidimensional security conceptual framework. The methodology describes interdependencies among these dimensions, focusing specifically on the service operational level in the network. To explore these different possibilities, the Server-based Security Architectures for MANETs (SSAM) simulation model has been created in the OMNeT++ simulation language. The thesis describes the conceptualisation, implementation, verification and validation of SSAM, as well as experimentation approaches that use SSAM to support the methodology of this thesis. In addition, three different real cases scenarios (academic, emergency and military domains) are incorporated in this study to substantiate the feasibility of the proposed methodology. The outcome of this approach provides MANET developers with a strategy along with guidelines of how to consider the appropriate security infrastructure that satisfies the settings and requirements of given MANET context.

004.6

Exploring the conflict of interest between knowledge-sharing and information security practices : an empirical case study

Ahmed, Ghosia

January 2017

Knowledge sharing and information security have become well-established concepts in academia and within organisations. Knowledge sharing aims to encourage individuals to share tacit and explicit knowledge with colleagues and stakeholders, yet on the other hand, information security initiatives aim to apply controls and restrictions to the knowledge that can be shared and how it can be shared, where the primary focus is usually on protecting explicit knowledge or information. This thesis draws attention to the largely unexplored and under-developed area of knowledge protection ; it investigates the paradoxical and concurrent nature of knowledge sharing and information security practices by exploring their relationship and understanding how this can affect an organisation and subsequently identifies ways of achieving a balance between the two practices. The empirical work was carried out through an interpretivist case study approach in the Energy Technologies Institute (ETI) an organisation that combines knowledge and expertise from partnerships with academia, industry and the UK government, in order to deliver innovative low carbon solutions. A novel team-based action learning approach was developed to generate individual, team and organisational learning and to help initiate change; the data was collected from three project teams about their knowledge and experiences of knowledge sharing and information security practices, which was then analysed and further supplemented with the ETI s organisational perspective and the researcher s own experience of collaborating with the ETI to contextualise the findings. Eight predominant overarching themes were identified that play an important role in and influence the organisation s knowledge sharing and information security practices. When looking at the practices of knowledge sharing and information security independently at the ETI, proactive and conscious efforts towards achieving the goals of each practice are evident. Knowledge is recognised as the ETI s core product and its effective dissemination is key for the organisation s success, which is why there is a keen attitude towards improving knowledge sharing internally and externally. On the other hand, a great deal of importance is given to protecting valuable knowledge and meeting stakeholders confidentiality requirements, thus, there are good systems, access controls, and information restrictions in place. In addition, strict legal and approval processes to protect information value and accuracy are implemented. However, when both knowledge sharing and information security - practices are compared from a broader perspective, evidence of issues arising from their conflicting nature is evident. Moreover, operating in a complex governance structure with various expectations and contractual agreements with stakeholders regarding confidentiality, has created a protective culture in the organisation surrounding its knowledge, which causes a hindrance to formal and informal knowledge sharing (including both, tacit and explicit forms) and makes identifying opportunities for fully exploiting knowledge and Intellectual Property an ongoing operational challenge. The research process facilitated the achievement of effective learning at individual, team and organisational level for the ETI about its practices, identification of challenges and areas of improvement, incorporation of learning and recommendations into its knowledge management strategy alongside existing activities to improve knowledge sharing. The contents of this thesis particularly the eight themes that have emerged from the research findings - are also contributing significantly to a project the organisation is carrying out to reflect on and review what has been learned from operating the ETI for the last 10 years. The thesis contributes to the existing body of knowledge, theoretically and practically, in the disciplines of knowledge management and information security; what was predominantly overlooked by previous literature, the empirical research findings surface evidence of the relationship between knowledge sharing and information security practices, showing their interconnectedness, and, the negative consequences of the two practices being treated and managed separately. For the action learning arena, a novel methodological approach underpinned by the action learning philosophy has been introduced that demonstrates how team action learning (i.e. using intact teams as opposed to conventional action learning teams) can be used to engage employees to share and combine their knowledge on real organisational issues, generate new learning and develop actions to initiate improvements in the organisation.

Proposta de um sistema de gerência de redes PLC utilizando SNMPv3 / Proposal of a management system for PLC networks using SNMPv3

OLIVEIRA, Diogo Nunes de

20 August 2009

Made available in DSpace on 2014-07-29T15:08:22Z (GMT). No. of bitstreams: 1 dissertacao diogo oliveira.pdf: 704815 bytes, checksum: 785a905781cd04a8e166c428e941689b (MD5) Previous issue date: 2009-08-20 / ACCESS technologies for data transmission, such as xDSL, Wi-¯ and cable modem are widely used because they support high data transmission rates at low cost. Among these technologies, Power Line Communications, known as PLC, is a promising solution. PLC technology transmits data over power network, which presents high capilarity, due to the fact that it is present in 99% of residences. Since most of its structure already exists, power supply concessionaries started investing in this solution to stop being only a power supply concessionary and to be also a telecommunication company. In order to obtain control over a technology it is necessary to use management techniques that permits the maximum extraction of information from technology and involved devices. One of the goals of this work is to present the management solution developed to PLC networks. This solution di®ers from network management solutions used on other data transmission technologies due to the transmission media utilized. The management software used as base of the management system implemented is a free and no cost software. The concept of free code was adopted to the solutions implemented to the management system. The other goal of this work is to present the proposal and implementation of an embedded system based on PIC microcontroller that performs conversion of versions of SNMP protocol, which is the default management protcol in TCP/IP based networks. This converter device brings security to PLC networks management, since PLC devices only support version 2c of SNMP protocol, which is faulty regarding security. Since SNMPv3 supports authentication and privacy al gorithms, the designed converter device is capable of providing security, due to its capacity of coding a SNMPv2c packet into a SNMPv3 packet, and vice-versa. / TECNOLOGIAS de acesso para transmiss~ao de dados, como xDSL, Wi-¯ e cable modem s~ao amplamente utilizadas por permitirem altas taxas de transmissãao a baixo custo. Dentre essas tecnologias, a Power Line Communications, conhecida como PLC, ¶e uma solução promissora. A tecnologia PLC permite a transmiss~ao de dados atrav¶es da rede el¶etrica, rede essa que apresenta elevada capilaridade, pois est¶a presente em 99% das resid^en- cias. Por ser uma tecnologia que j¶a tem grande parte de sua estrutura pronta, as concession¶arias de energia el¶etrica come»cam a investir nessa solu»c~ao, com o intuito de deixar de ser apenas uma concession¶aria de energia, passando a ser tamb¶em uma operadora de telecomunicações. Para ter controle sobre uma tecnologia ¶e necess¶ario utilizar t¶ecnicas de gerenciamento que permitam extrair o m¶aximo de informa»c~oes a respeito do funcionamento e estado da tecnologia e dos equipamentos envolvidos, e como resultado, proporcionar con¯abilidade nessa tecnologia. Este trabalho tem como um de seus objetivos apresentar a solu»c~ao de gerenciamento desenvolvida para redes PLC. Esta solu»c~ao difere de sistemas de gerência de outras tecnologias de transmiss~ao de dados devido ao meio utilizado para a transmiss~ao e por ser uma tecnologia ainda pouco utilizada. O software de gerenciamento utilizado como base do sistema de ger^encia que fora implementado ¶e um software de c¶odigo livre e gratuito. Para o desenvolvimento da ferramenta de gerência de redes PLC foi adotado o conceito do software livre, sendo assim, todos os softwares utilizados s~ao livres e gratuitos. O outro objetivo deste trabalho ¶e apresentar a proposta e implementa»c~ao de um sistema embarcado baseado em microcontrolador para realizar a convers~ao de vers~oes do protocolo SNMP, utilizado no gerenciamento de redes TCP/IP. A ¯nalidade deste conversor ¶e implementar seguran»ca no gerenciamento de redes PLC, visto que os ativos PLC suportam apenas o protocolo SNMP em sua vers~ao 2c, vers~ao esta que ¶e bastante falha se tratando de seguran»ca dos dados. Como o SN-MPv3 suporta algoritmos de autentica»c~ao e criptogra¯a, o equipamento conversor desenvolvido ¶e capaz de prover seguran»ca, devido µa sua capacidade de codi¯car um pacote SNMPv2c em um pacote SNMPv3, e vice-versa

gerenciamento de redes

segurança de redes

PLC

CNPQ::ENGENHARIAS

Zavedení ISMS v obchodní společnosti / Implementation of ISMS in the Commercial Company

Dejmek, Martin

January 2013

This master thesis deals with the implementation of information security management system in the company. It summarizes the theoretical background in this field and uses it to analyze the current state of information security, as well as analysis and risk management and not least the actual implementation of ISMS in the particular company. This work also contains three groups of measures that reduce the impact of identified risks and which also implements an essential parts of ISMS.

Betriebliche Mitbestimmung und Kündigungsschutz : die Funktionen betrieblicher Mitbestimmung im und deren Einfluss auf den Kündigungsschutz nach dem KSchG /

Beck, Carsten,

January 2004

Univ., Diss.--Köln, 2003. / Literaturverz. S. 345 - 372.

Analýza faktorů ovlivňujících přechod malých a středních podniků na cloudové ECM služby / Analysis of Cloud ECM Adoption Factors among SMB

Šimeček, Martin

January 2012

This thesis deals with a specific area of cloud computing - Enterprise Content Management services and their adoption among small and medium-sized businesses. The main goal is to identify and analyse factors affecting the expansion of cloud ECM services among SMBs. Secondary goals include definition of basic concepts, introduction of benefits and risks, definition of a suitable category, presentation of several products from this category, analysis of cloud computing adoption surveys, identification and analysis of main adoption barriers, description of products with focus on identified barriers and compilation of a set of recommendations for cloud service providers. These goals were achieved by studying literature, searching and analyzing cloud computing adoption surveys and consulting with professionals. This thesis contributes to the field with mapping of real world companies' opinions into practical recommendations for cloud computing vendors. Other contributions include definition of product parameters that are important when making a cloud ECM adoption decision, presentation of current market situation and how individual producers deal with main customers' barriers. Benefits for customers include cloud ECM market overview and showing which facts are worth their notice.

THE SECURITIZATION OF HUMANITARIAN AID: A CASE STUDY OF THE DADAAB REFUGEE CAMP

Rudolph, Terence

14 August 2013

This thesis examines, empirically, the securitization of aid delivery at the Dadaab refugee camps in Kenya. Through a series of semi-structured interviews with aid workers, it documents their security concerns, organizatinonal responses to security risks, and discusses the impacts of these concerns and responses on the delivery of aid to the camps. Armed with a biopolitical conceptualization of sovereignty, articulated in the human security paradigm, the humanitarian aid industry has increasingly reached beyond national borders to touch ‘bare life.’ By now, it is widely recognized that humanitarian principles such as neutrality have often failed to protect aid workers from violent attack as they increasingly venture into the world inhabited by “surplus populations.” Drawing on existing research, this study demonstrates how humanitarian aid delivery in high-risk environments, like refugee camps, is essential to the broader task of using aid to securitize and contain high-risk populations and political instability. Paradoxically, without the securitization of aid at the operational level, humanitarian workers are left exposed to the same enduring elements of insecurity that persistently threaten the lives of those they endeavor to help.

Zavádění řízení informační bezpečnosti ve zdravotnickém zařízení / The Implementation of Information Security in Healthcare Organization

Procingerová, Lucie

January 2017

This Master‘s thesis is based on knowledge of information security and its management. The thesis is divided into two parts. The first part provides the theoretical background, definitions and terminology according to the information security management and it is based on concepts from standard ISO 27000 series. The second part aims to analysis of a selected company. Following to this analysis proposal of implementation of information security management system and security guide is drawn up. This guide contains recommendations for ICT security management and advices in field of personal and physical security in company.

Zavedení managementu informační bezpečnosti v malém podniku / The Implementation of Information Security Management System in Small Company

Čampula, Roman

January 2013

This master’s (diploma) thesis analyzes security situation of the software company. It contains theoretical information which is necessary for the installation of the information security system. It also demonstrates the method of its application. On the basis of the security risks analysis it suggests arrangements which are currently necessary for the required information security in the company. The whole thesis is covered on the basis of the ČSN ISO/IEC 27001:2006 norm.

Die Rolle der Social Media im Information Security Management

Humpert-Vrielink, Frederik

January 2011

No description available.

info:eu-repo/classification/ddc/330

ddc:330