Reducing Incongruity of Perceptions Related to Information Risk: Dialogical Action Research in Organizations

Sedlack, Derek J.

01 January 2012

A critical overreliance on the technical dimension of information security has recently shifted toward more robust, organizationally focused information security methods to countermand $54 billion lost from computer security incidents. Developing a more balanced approach is required since protecting information is not an all or nothing proposition. Inaccurate tradeoffs resulting from misidentified risk severity based on organizational group perceptions related to information risk form information security gaps. This dissertation applies dialogical action research to study the information security gap created by incongruent perceptions of organizational members related to information risk among different stakeholder communities. A new model, the Information Security Improvement model, based on Technological Frames of Reference (TFR), is proposed and tested to improve information security through reduced member incongruity. The model proved useful in realigning incongruent perceptions related to information risk within the studied organization. A process for identifying disparate information characteristics and potential influencing factors is also presented. The research suggested that the model is flexible and extensible, within the organizational context, and may be used to study incongruent individual perceptions (micro) or larger groups such as departments or divisions.

information

information security

information security improvement

information security strategy

information systems

technological frames of reference

Computer Sciences

Evaluation of Tracking Regimes for, and Security of, PLI Systems

Taheri, Shayan

01 May 2015

In the area of computer and network security, due to the insufficiency, high costs, and user-unfriendliness of existing defending methods against a number of cyber attacks, focus for developing new security improvement methods has shifted from the digital to analog domain. In the analog domain, devices are distinguished based on the present variations and characteristics in their physical signals. In fact, each device has unique features in its signal that can be used for identification and monitoring purposes. In this regard, the term physical layer identification (PLI) or device fingerprinting refers to the process of classifying different electronic devices based on their analog identities that are created by employment of signal processing and data analysis methods. Due to the fact that a device behavior undergoes changes due to variations in external and internal conditions, the available PLI techniques might not be able to identify the device reliably. Therefore, a tracking system that is capable of extracting and explaining the present variations in the electrical signals is required to be developed. In order to achieve the best possible tracking system, a number of prediction models are designed using certain statistical techniques. In order to evaluate the performance of these models, models are run on the acquired data from five different fabrications of the same device in four distinct experiments. The results of performance evaluation show that the surrounding temperature of a device is the best option for predicting its signal. The last part of this research project belongs to the security evaluation of a PLI system. The leveraged security examination technique exposes the PLI system to different types of attacks and evaluates its defending strength accordingly. Based on the mechanism of the employed attack in this work, the forged version of a device’s signal is generated using an arbitrary waveform generator (AWG) and is sent to the PLI system. The outcomes of this experiment indicate that the leveraged PLI technique is strong enough in defeating this attack.

cyber attacks

security improvement

Physical Layer Identification

PLI

tracking system

Computer Engineering