Strategie pro rozvoj vzdělávání v oblasti bezpečnosti ICT na vysokých školách / Strategy for the development of education in the field of ICT security at universities

Sulanová, Monika

January 2017

The thesis deals with the problems of education in ICT security experts at universities in order to design a strategy for the development of education in present degree courses that dealing with this issue. The theoretical part focuses on the definition of ICT security and to familiarize the reader with the basic concepts of information security management and management of cyber security and gives an overview of the overall development of ICT security and the current trends in this area. It also describes the current situation on the labor market in relation to ICT security and the education of professionals in this field and characterizes the existing recommendations for education in ICT security. Practical part focuses on analyzing the current education ic ICT security and on analyzing the knowledge and skills requirements of the labor market to professionals in this area. Defines the basic professional role and knowledge domains that should be covered by this role. In the analytical part they are evaluated current profiles of graduates Master's degree programs focused on this area in order to find gaps in the knowledge base of graduates based on the requirements of the labor market and the existing recommendations. The results of the analysis are input to define a strategy on education in ICT security, which gives basic recommendations on how to eliminate the shortcomings.

Educação previdenciária como exercício de cidadania

Matos, Maristela Araujo de

23 May 2012

Made available in DSpace on 2016-04-26T20:21:11Z (GMT). No. of bitstreams: 1 Maristela Araujo de Matos.pdf: 279326 bytes, checksum: 359716e3ba3e2b73a15d0b2861234d37 (MD5) Previous issue date: 2012-05-23 / This thesis addresses education as an exercise of citizenship concerning the extension of and guarantee to social security protection. Education aims at developing and enhancing human capability, shaping well-rounded human beings, and thus enabling individuals to live in society as citizens entitled to rights. For such, the right to social security is guaranteed by the constitution as a fundamental social right and must be respected as such and enforced by the State. Additionally, it should be remarked that public policies consist of state intervention programs, which together with popular participation focus on implementation of and respect to fundamental rights, including the right to social security. Therefore, the right to social security focuses on protection against potential social contingencies, a purpose that has not been fully achieved, considering that a large portion of the economically active population is not covered by social security, owing to lack of information and knowledge about such rights and duties, since they are deprived of education about social security, which hinders the full exercise of citizenship and constitutes the object of this study / A presente dissertação trata da educação como exercício de cidadania na ampliação e garantia de proteção previdenciária. A educação tem como finalidade desenvolver e aperfeiçoar a capacidade humana, formando o ser humano de maneira completa, para que o indivíduo esteja apto a conviver em sociedade, tornando-se um cidadão sujeito de direito. Para tanto, os direitos previdenciários positivados constitucionalmente como direitos fundamentais sociais são valores fundamentais que devem ser respeitados e aplicados pelo Estado. Ao lado disso, deve-se ter presente que as políticas públicas consistem em programas de intervenção estatal, em conjunto com a participação popular, com vistas à realização e efetivação dos direitos fundamentais, em que estão inseridos os direitos previdenciários. Com isso, os direitos previdenciários têm por escopo a proteção quanto a possíveis contingências sociais, entretanto não têm alcançado de forma absoluta a sua finalidade, considerando-se que uma grande parcela da população economicamente ativa está excluída de cobertura previdenciária, em virtude da ausência de informação e conhecimento sobre tais direitos e deveres, uma vez que está desprovida de educação previdenciária, o que insurge em afronta ao exercício de cidadania, sendo este o objeto do presente estudo

Educação

Direitos fundamentais sociais

Políticas públicas

Cidadania

Educação previdenciária

Education

Undeniable social rights

Public policies

Citizenship

Social security education

An investigation into information security practices implemented by Research and Educational Network of Uganda (RENU) member institution

Kisakye, Alex

06 November 2012

Educational institutions are known to be at the heart of complex computing systems in any region in which they exist, especially in Africa. The existence of high end computing power, often connected to the Internet and to research network grids, makes educational institutions soft targets for attackers. Attackers of such networks are normally either looking to exploit the large computing resources available for use in secondary attacks or to steal Intellectual Property (IP) from the research networks to which the institutions belong. Universities also store a lot of information about their current students and staff population as well as alumni ranging from personal to financial information. Unauthorized access to such information violates statutory requirement of the law and could grossly tarnish the institutions name not to mention cost the institution a lot of money during post-incident activities. The purpose of this study was to investigate the information security practices that have been put in place by Research and Education Network of Uganda (RENU) member institutions to safeguard institutional data and systems from both internal and external security threats. The study was conducted on six member institutions in three phases, between the months of May and July 2011 in Uganda. Phase One involved the use of a customised quantitative questionnaire tool. The tool - originally developed by information security governance task-force of EDUCAUSE - was customised for use in Uganda. Phase Two involved the use of a qualitative interview guide in a sessions between the investigator and respondents. Results show that institutions rely heavily on Information and Communication Technology (ICT) systems and services and that all institutions had already acquired more than three information systems and had acquired and implemented some of the cutting edge equipment and systems in their data centres. Further results show that institutions have established ICT departments although staff have not been trained in information security. All institutions interviewed have ICT policies although only a few have carried out policy sensitization and awareness campaigns for their staff and students. / TeX

Computer hackers

Výzvy pro CIO / Challenges for CIO

Kouřimský, Vlastimil

January 2011

The diploma thesis deals with the issue of the chosen current trends of ICT. The CIO represents the crucial person of the whole thesis. The aim of the thesis is to describe and comment on the connection of the role of the CIO with trends and challenges he/she has to face in recent times. To fulfill this aim it is necessary to realize the current trends through the integration of surveys of the renowned companies dealing with the ICT market. The field overhang of these studies dedicated to technologies is essential. The benefit of the thesis consists of the connection of the business and ICT at the CIO level. The abstraction from technical specifications of the particular trend as well as from the managerial point of view creates an image of the challenges for the CIO in the company context. The introductory part of the thesis reflects the position of ICT in companies and creates an image of the internal connection of the company as a whole. The core of the main part of the thesis contains chapters dedicated to the trends in particular: data analysis, content analysis, social business, big data, ICT security and education. Each of these main chapters describes the current state of the ICT field and its role in the company context. The last part of each main chapter deals with the benefit and the role of the CIO for the mentioned field. CIO's influence on the challenge, allies and possible risks of the trend are mentioned. At the end of the thesis the benefit of the CIO for the company and his/her role of facing challenges which come from the ICT field are evaluated. CIO plays an important role as a responsible person for particular challenges. Nevertheless, as it is apparent from the thesis, the CIO is not the only important part of the system that is necessary to create the maximum from each challenge.

IT security : Education, Knowledge and Awareness / IT Säkerhet : utbildning, kunskap och medvetenhet

Schiöld, Ellinor, Andersson, Sanna

January 2022

IT systems that contain large volumes of information are today extremely valuable to organizations. As the IT systems grow bigger, more challenges are emerging, vulnerability increases and control decreases. Organizations are using IT security to protect their IT systems from different threats and the human factor can be seen as one of the biggest risks towards IT security. Therefore it is not optimal to only focus on the technical solutions and measures, the focus should also be on the employees IT security knowledge and IT security awareness. To increase the knowledge of IT security and to make the employees more IT security aware requires continuous work and IT security education is often mentioned as a factor to increase IT security- knowledge and awareness. Despite this, challenges are mentioned in previous research, which means that even if an employee participates in an IT security education, the organizations can not take for granted that their employees have gained IT security knowledge or know how to act more security aware. IT security education, IT security knowledge and IT security is mentioned as three factors that can affect IT security. Three research questions were intended to be answered within this research with the purpose to investigate if these factors increase each other. Three hypotheses were also forming the basis for answering the research questions. With a quantitative method and questionnaire this research reached out to 158 employees at different Swedish branches within machine manufacturing, advertising, municipal work and sales industry. Results showed that one of the three hypotheses was accepted and the other two hypotheses were not accepted. This result also gave answers to the research questions regarding that IT security education does not increase IT security knowledge, IT security knowledge does not increase IT security awareness but IT security education increases IT security awareness.

IT security

IT security education

IT security knowledge

IT security awareness

IT security measures

employees

insider threats

human factor

Information Systems

Gamifying Attack Path Reporting : Preliminary design of an educational cyber security game

Misnik, Anna, Zakko, Shafeek

January 2022

With rapid digitalization and technical growth, the IT systems that we are using are becoming extremely complicated and intertwined. This created as a result, more challenging security problems that get complicated alongside the systems, and the need for advanced solutions to prevent the exploitation of systems vulnerabilities. Cloud computing services are one of the infrastructures in most need for complex security systems for mitigating and preventing possible threats. Education in cyber security field is obligated to maintain continuous innovation and advancement to meet the market needs of cyber security specialists. The options available today for educating about cyber security are mostly part of the traditional teaching approaches. To supplement the cyber security field with more educational solutions, our project studies the pattern of attack graphs and maps them to design a simple 2D video game level that presents an educational hacking game and evaluates the different design aspects and their matching for the prespecified requirement. The outcome of the project is a Minimum Viable Product (MVP) in the form of a testable demo level of the game. The produced MVP connects cyber security aspects within cloud computing to its own objects. The game’s graphical and level design had the biggest focus in the project, functionality was not largely implemented. The MVP is to be developed further in future work to implement a full functioning design. / IT-system som används blir extremt komplicerade och sammanflätade på grund av snabb digitalisering och teknisk tillväx. Detta orsakade mer utmanande säkerhetsproblem och därför behov av avancerade lösningar för att förhindra exploatering av systemsårbarheter blir mer aktuellt. Molntjänster är en av de infrastrukturer med det största behovet av komplexa säkerhetssystem för att mildra och förebygga möjliga hot. Utbildning inom cybersäkerhetsområdet är skyldig att upprätthålla kontinuerliga innovationer och framsteg för att möta marknadens behov för cybersäkerhetsspecialister. För att förse cybersäkerhetsområdet med fler pedagogiska lösningar, studerar vårt projekt mönster för attackgrafer och kartlägger dem. Resultatet blir ett enkel 2D-videospel presenterat i form av ett pedagogiskt hackingspel som utvärderar de olika designaspekterna och deras matchning med det förspecificerade kravet. Resultatet av projektet är en Minsta Lönsamma Produkt (MLP), nämligen ett körbart demo av potentiella spelet. Den producerade MLP:n kopplar cybersäkerhetsaspekter inom molntjänster till sina objekter. Spelets grafiskdesign och banadesign hade det största fokuset i projektet, funktionaliteten var inte till stor del implementerad. MVP:n borde utvecklas vidare i framtida arbeten i syfte att implementera en fullständig körbar design för produkten.

Gamification

Cyber Security Education

Game Design

Meta Attack Language

Attack Simulations

Hacking

Spelifiering

Cybersäkerhetsutbildning

Spel Design

Meta Attack Språk

Attacksimuleringar

Dataintrång

Computer and Information Sciences

Data- och informationsvetenskap

Time Orientation, Rational Choice and Deterrence: an Information Systems Perspective

Pope, Michael Brian

17 August 2013

The present study examines General Deterrence Theory (GDT) and its "parent," Rational Choice Theory (RCT), in an information security setting, assessing the behavioral intent to violate organizational policy under varying levels of certainty, severity and celerity of negative sanction. Also assessed is the individual computer user's time orientation, as measured by the Consideration of Future Consequences (CFC) instrument (Strathman et. al, 1994). How does rational consideration of violation rewards influence the impact of sanctions on individuals? How does time orientation impact intent to violate security policy? How do these operate in an IS context? These questions are examined by assessing the responses of university students (N = 443) to experimental manipulations of sanctions and rewards. Answering vignettes with the factorial survey method, intent to violate is assessed in a setting of Internet piracy of electronic textbooks while being monitored by computer security systems. Findings show that, although traditional GDT variables and reward impact intent to violate, CFC does not cause the hypothesized moderating effect on these variables. However, post-hoc analysis reveals a direct effect of time orientation on behavioral intent, as well as a weak moderating effect opposite of the hypotheses, indicating increased time orientation positively moderates, rather than negatively moderates, the impact of reward on intent to violate. Implications for theory and practice, and future research directions, are discussed.

ebooks

copyright infringement

criminal sanctions

piracy

factorial survey method

computer crime

organizational justice

workplace deviance

consideration of future consequences

business information systems

differential deterrence

management information systems

information security

time orientation

time preference

time perspective

general deterrence theory

rational choice theory

computer security