Hospital security and force protection a guide to ensuring patient and employee safety /

Blackwell, Jeffery K.

January 1900

Thesis (Masters)--U.S. Army, Baylor University, 2006. / Title from PDF t.p. "April 2006." Includes bibliographical references.

Νέα υλικά θωρακίσεως έναντι φωτονίων και νετρονίων παραγομένων από ιατρικά μηχανήματα

Κουτρούμπας, Στυλιανός

15 June 2010

- / -

Ακτινολογία

Ιατρική

Μέτρα ασφαλείας

616.075 7

Radiology

Medicine

Security measures

The status of information security in South Africa

Warricker, Anina M.

03 1900

Thesis (MPhil)--Stellenbosch University, 2005. / ENGLISH ABSTRACT: The business and social environments are increasingly reliant on the information network, and the quality and integrity of the information to effectively conduct transactions, and "survive" in the new economy. These information networks facilitate communication and transactions between customers, suppliers, partners, and employees. Emerging technologies further encourage the extension of network boundaries beyond the branch office, to private homes, airports, and even the comer coffee shop, e.g. wireless internet access. Although technology advances contribute to significant increases in productivity, convenience, and competitive advantage, it also increases the risk of attacks on the integrity and confidentiality of any information interaction. One of the key questions is how to achieve the right level of information network security and implement effective protection systems, without impacting productivity by excessively restricting the flow of information. The issue of information security is not a localised problem, but a problem on global scale, and South African businesses are no less at risk than any other geographically located business. The risk of information security is even greater if aspects like globalisation are taken into account, and the growing inter-connectedness of the global business environment. The central question is: How does the South African business environment view information security, their perceived success in implementing information security measures, and their view of future trends in information security. Ingenue- Consulting is a global business focusing on technology consulting services, across a wide range of industries and technologies. Information security has been identified by Ingenue Consulting to be a global problem, and primary research into this business issue have been undertaken in different locations globally, e.g. Australia and South African executive level survey of what the perception and importance are of information security, of business leaders across public and private industries. Ingenue Consulting has an in-house research facility, and tasked them with conducting a survey in South Africa. The survey results can then be compared with global trends, and applied in the business environment, to highlight the impact of information security risks, and to help businesses to change and improve their information security processes and technologies. The research department started out doing an extensive literature study to identify global and local trends in information security, and to assist in the compilation of the survey questionnaire. A sample group of "blue chip" businesses across all industries was targeted at executive level to conduct a research survey - fifty interviews were conducted. The raw data was collated and analysed to formulate an opinion of the information security practices and perceptions of the business environment in South Africa. The survey confirmed that the South African market risks in terms of information security are very similar to global trends. Some of the key trends are: Information security agreements are normally signed at the onset of employment, but rarely updated or highlighted to ensure continued support and implementation. This is almost contradictory to the fact that information security are taken seriously by the executive level, and often discussed at board level. The mobility of information with the emergence of wireless networks is a key issue for most businesses - as information security is at its most vulnerable. Most of the respondents rated themselves ahead of the curve and their competitors - overestimation of competencies, could lead to larger future risks. The sensitive nature of information security industry makes benchmarking against local or global players difficult due to the sensitive nature -limited willingness to participate in a consultative forum. Companies that outsouree IT tend to "wash their hands off' security issues as the responsibility of the outsourcing vendor. Most local businesses haven't got a worldly view - they do not have an active process to find out what their peers are doing locally or globally, they rely mostly on vendor and consulting advice, or media coverage. / AFRIKAANSE OPSOMMING: Die besigheids en sosiale omgewings is toenemend afhanklik van die inligtings netwerke, en die kwaliteit en integriteit van inligting om transaksies effektief uit te voer, en om te "oorleef" in die nuwe ekonomie. Inligtings netwerke fasiliteer kommunikasie en transaksies tussen kliente, verskaffers, vennote, en werknemers. Nuwe tegnologiee verder veskuif netwerk grense, wyer as die tak-kantoor, na private huise, lughawens, of die koffie kafee - deur middel van draadlose internet toegang. Alhoewel tegnologie ontwikkelings bydra tot verbeterde produktiwiteit, en gemak van gebruik - dra dit ook by tot groter gevaar van aanvalle op die integriteit en konfidensialiteit van enige inligtings transaksie. Een van die sleutel vrae is hoe om die regte vlak van inligting netwerk sekuriteit te bereik, en om die regte beskermings metodes te implementeer - sonder om die produtiwiteit te inhibeer. Die inligting sekuritets vraagstuk is nie bloot 'n lokale vraagstuk nie, maar van globale skaal, en Suid-Afrikaanse besighede is nie minder in gevaar as enige ander besigheid in 'n ander lande nie, veral nie as aspekte soos globaliseering in ag geneem word nie. Die sentrale vraag is: Hoe sien die Suid-Afrikaanse besigheids wereld inligtings sekuriteit, en die waargenome sukses met die implementering van inligtings sekuriteit prosesse, en ook hoe hul die toekoms sien van inligtings sekuriteit. Ingenue* Consulting is 'n wereldwye besigheid, gefokus op tegnologie konsultasie dienste, oor 'n wye reeks industriee en tegnologiee. Inligting sekuriteit is deur Ingenue Consulting ge-identifiseer as 'n globale probleem, en primere navorsing in die area is al onderneem in verskillende geografiee, soos Australie en die Verenigde Koninkryk. Die Suid-Afrikaanse tak van Ingenue het vroeg in 2004 besluit om 'n lokale studie te doen oor top bestuur se persepsies van inligting sekuriteits risikos, in beide die publieke en privaat besigheids wereld. Die interne navorsings afdeling van Ingenue Consulting in Suid-Afrika is gevra om die nodige studie te ondeneem, om dit dan met globale studies te vergelyk, en te kan bepaal waar gapings mag wees, en hoe om die gapings aan te spreek. Die navorsings afdeling het begin deur 'n ekstensiewe literatuur studie te doen, as hulp tot die samestelling van die vrae-lys. 'n Teiken groep van top Suid-Afrikaanse besighede, verteenwoordigend van alle industriee is genader om 'n onderhoud toe te staan om die vrae-lys te voltooi - vyftig onderhoude was voltooi. Die rou data is gekollekteer en geanaliseer, om 'n opinie te formuleer oor die inligtings sekuriteit persepsies en praktyke van die besigheids omgewing in Suid-Afrika. Die navorsing het bevestig dat die Suid-Afrikaanse mark baie dieselfde is as ander geografiese markte - in terme van inligting sekuriteit. Van die sleutel konklusies is: Inligting sekuriteit ooreenkomste word meestal geteken met die aanvangs van diens, maar bitter selde dan weer opgevolg of hernu - dit is byna kontradikterend dat top bestuur ook baie besorg is oor inligting sekuriteit, en dat dit dikwels by raads vergaderings bespreek word. Die mobiliteit van inligting is 'n groeiende bekommernis, omrede inligting dan nog meer op risiko is. Meeste respondente sien hulself as beter of meer gevorderd as hul kompeteerders - 'n oor-estimasie van sukses in inligtings sekuriteit kan lei tot groter probleme in die toekoms. Die sensitiewe natuur van inligting sekuriteit maak ope vergelyking van gedetaileerde prosesse moeilik - en meeste besighede is nie bereid om deel te neem aan algemene gesprekke nie. Terwyl besighede wat hul tegnologie afdeling deur 'n derde party bestuur, neem geen verantwoordelikheid vir hul inligtings sekuriteit nie. 'n Groter bekommernis is dat besighede in Suid-Afrika nie 'n aktiewe proses het om op hoogte bly van wat die beste opsies is in inligtings sekuriteit nie, of wat hul teenstanders doen nie - maar vertrou op die advies van verkoops en konsultasie maatskappye, of media berigte.

Ingenue Consulting

Dissertations -- Information science

Theses -- Information science

Limiting vulnerability exposure through effective patch management: threat mitigation through vulnerability remediation

White, Dominic Stjohn Dolin

08 February 2007

This document aims to provide a complete discussion on vulnerability and patch management. The first chapters look at the trends relating to vulnerabilities, exploits, attacks and patches. These trends describe the drivers of patch and vulnerability management and situate the discussion in the current security climate. The following chapters then aim to present both policy and technical solutions to the problem. The policies described lay out a comprehensive set of steps that can be followed by any organisation to implement their own patch management policy, including practical advice on integration with other policies, managing risk, identifying vulnerability, strategies for reducing downtime and generating metrics to measure progress. Having covered the steps that can be taken by users, a strategy describing how best a vendor should implement a related patch release policy is provided. An argument is made that current monthly patch release schedules are inadequate to allow users to most effectively and timeously mitigate vulnerabilities. The final chapters discuss the technical aspect of automating parts of the policies described. In particular the concept of 'defense in depth' is used to discuss additional strategies for 'buying time' during the patch process. The document then goes on to conclude that in the face of increasing malicious activity and more complex patching, solid frameworks such as those provided in this document are required to ensure an organisation can fully manage the patching process. However, more research is required to fully understand vulnerabilities and exploits. In particular more attention must be paid to threats, as little work as been done to fully understand threat-agent capabilities and activities from a day to day basis. / TeX output 2007.02.08:2212 / Adobe Acrobat 9.51 Paper Capture Plug-in

Computer networks -- Security measures

Computer viruses

Computer security

Towards practical location systems with privacy protection

Chen, Zhuo

02 September 2015

With the rapid growth of mobile, ubiquitous and wearable computing, location-based services become an indispensable part of mobile internet. These services rely on the geographical position of the mobile devices and provide location-dependent contents or services to users, such as location-based in- stant messaging, POI browsing, map navigation, and location-based virtual reality games. Most existing systems implement these location-based services by always storing and transmitting raw, plaintext GPS coordinates. However, location information is arguably a private asset of individual user, and the disclosure of such information could lead to severe privacy disclosure of other even more sensitive information, such as religion, sexuality, medical condition, or political affiliation. To address this issue, researchers have proposed a series of techniques to protect user location privacy against location-based service providers. How- ever, it is challenging to apply these theoretical and sophisticated techniques ii to practical location systems because of the computational or network over- head imposed on the mobile devices as well as the complexity of the secure protocols and algorithms for application developers. In this thesis, I will study two real-life privacy-preserving location systems and show how they can be adopted by developers with little security background. The rst is outdoor proximity detection that determines whether two users (or a user and an ob- ject) are within a given distance threshold. This is a fundamental service in many geo-social or map services. For example, \People nearby" in Wechat and QQ interconnect users because of their locality and/or mutual interests in some topics, such as food and movies. The second is indoor location mon- itoring and tracking. Wearable devices such as smart watch and bracelets continually broadcast Bluetooth Low Energy signals, which can be easily cap- tured by monitoring devices such as WiFi routers and Bluetooth scanners. As more and more wearable devices emerge, unauthorized monitoring and track- ing by adversary becomes great privacy threats not only in the cyberworld, but also in the physical world. To protect location privacy, I develop a real- life location monitoring system that is based on Bluetooth Low Energy (BLE) privacy feature that changes the device physical address periodically. To en- able users to better control their privacy level while still providing monitoring and tracking service to authorized parties (e.g., for child and elderly care), I extend BLE privacy by enriching its privacy semantics with a comprehensive set of metrics, such as simple opt-in/out, k-anonymity, and granularity-based anonymity. Both systems have been posted online and evaluated in terms of accuracy and user study.

The conflict of interest between data sharing and data privacy : a middleware approach

Molema, Karabo Omphile

January 2016

Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2016. / People who are referred to as data owners in this study, use the Internet for various purposes and one of those is using online services like Gmail, Facebook, Twitter and so on. These online services are offered by organizations which are referred to as data controllers. When data owners use these service provided by data controllers they usually have to agree to the terms and conditions which gives data controllers indemnity against any privacy issues that may be raised by the data owner. Data controllers are then free to share that data with any other organizations, referred to as third parties. Though data controllers are protected from lawsuits it does not necessarily mean they are free of any act that may be considered a privacy violation by the data owner. This thesis aims to arrive at a design proposition using the design science research paradigm for a middleware extension, specifically focused on the Tomcat server which is a servlet engine running on the JVM. The design proposition proposes a client side annotation based API to be used by developers to specify classes which will carry data outside the scope of the data controller's system to a third party system, the specified classes will then have code weaved in that will communicate with a Privacy Engine component that will determine based on data owner's preferences if their data should be shared or not. The output of this study is a privacy enhancing platform that comprises of three components the client side annotation based API used by developers, an extension to Tomcat and finally a Privacy Engine.

Computer security

Data protection

Computer networks -- Security measures

Privacy, Right of

Aplicação de metricas a analise de segurança em redes metropolitanas de acesso aberto / Metrics application in metropolitan broadband access network security analysis

Miani, Rodrigo Sanches,

03 May 2009

Orientador: Leonardo de Souza Mendes / Dissertação (mestrado) - Universidade Estdual de Campinas, Faculdade de Engenharia Eletrica e de Computação / Made available in DSpace on 2018-08-13T09:33:37Z (GMT). No. of bitstreams: 1 Miani_RodrigoSanches_M.pdf: 1458322 bytes, checksum: 8aae1af3ae9789f087bb70e07f08660a (MD5) Previous issue date: 2009 / Resumo: As questões relacionadas à garantia de segurança influenciam diretamente o sucesso da implantação de redes metropolitanas de acesso aberto. Dessa forma, são necessários métodos eficientes para analisar a segurança destas redes em todos os níveis (organizacional, físico e de sistemas), a fim de propor soluções e implementar melhorias. Nossa proposta consiste em criar métricas de segurança específicas para as redes metropolitanas de acesso aberto que visam medir a eficiência dos programas de segurança e apoiar o planejamento das ações contra os problemas detectados. Este trabalho apresenta um conjunto de doze métricas de segurança para tais redes e os parâmetros para a sua definição, tais como dois modelos para o cálculo do indicador de segurança de uma métrica. Também serão apresentados os resultados obtidos com a aplicação de tais métricas para o estabelecimento de políticas de segurança na rede metropolitana de acesso aberto de Pedreira, cidade localizada no interior do estado de São Paulo. Os resultados mostraram que a aplicação de métricas bem definidas pode ser eficiente na detecção de vulnerabilidades e correção de problemas de segurança. / Abstract: Information security has direct influence on any successful deployment of metropolitan broadband access networks. Efficient methods are required for security analysis of metropolitan networks in all levels: organization, structure and system. This work proposes the development and application of specific security metrics for metropolitan broadband access networks that aim to measure the efficiency of security programs and support action planning against detected problems. The approach presented in this work show metrics developed for these networks and parameters for metrics definition, such as a model for calculation of a security indicator of a metric. This paper also presents results achieved from application of the metrics reported here to establish security policies in the metropolitan broadband access network of Pedreira, a city located in the state of São Paulo, Brazil. These results show that well formed security metrics can be efficient in vulnerability detection and solutions of security issues. / Mestrado / Telecomunicações e Telemática / Mestre em Engenharia Elétrica

Uma arquitetura baseada em um modelo gerente-agente para análise integrada e automação da coleta dos dados de métricas de segurança / An architecture based on agent-manager model for integrated analysis and automated data collection of security metrics

Vieira, Liniquer Kavrokov, 1986-

23 August 2018

Orientador: Leonardo de Souza Mendes / Dissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação / Made available in DSpace on 2018-08-23T07:06:39Z (GMT). No. of bitstreams: 1 Vieira_LiniquerKavrokov_M.pdf: 2833674 bytes, checksum: cfa01ff7e4008f52022430c9b3fba925 (MD5) Previous issue date: 2013 / Resumo: A dependência cada vez maior das redes de computadores torna a segurança da informação um elemento chave para os avanços e a continuidade dos serviços em nossa sociedade. Métricas de segurança são desenvolvidas com o intuito de oferecer uma base quantitativa e objetiva para auxiliar o gerenciamento da segurança em uma organização. Porém, a utilização de métricas para medir o nível de segurança, quando realizada de uma forma manual, pode exigir uma grande quantidade de tempo e esforço para coleta dos dados. Este trabalho propõe uma arquitetura baseada em um modelo gerente-agente para permitir a automação da coleta dos dados de diversos componentes de uma rede de computadores, visando ampliar a aplicação das métricas e auxiliar no gerenciamento de segurança. Uma ferramenta para medição e coleta automatizada dos dados foi desenvolvida baseada na arquitetura proposta e aplicada em uma rede de computadores. A ferramenta, além de auxiliar o administrador de rede nas tomadas de decisões, também facilita o gerenciamento das métricas através de um modelo de visualização. Testes foram realizados e mostraram que a arquitetura proposta é capaz de integrar o controle das informações e auxiliar o processo de monitoramento da segurança / Abstract: The requirement of organizations on computer network makes information security a key element to the evolution and continuity of services in our society. Security metrics are developed in order to offer a quantitative and objective basis for security assurance. However, the use of metrics to measuring security level, when performed in manually, can require a higher time and effort for data collection. This study proposes architecture based on agent-manager management model to allow the automated data collection from several components in a computer network, aiming to expand the security metrics application and support the security management. A tool for measurement and automated data collection based on the proposed architecture were developed and applied in a real computer network. This tool helps the network administrator in decision making and also facilitates the metrics management through a visualization model. Tests were performed showing that the proposed architecture is able to integrate the control of information and support the security monitoring process / Mestrado / Telecomunicações e Telemática / Mestre em Engenharia Elétrica

Security for e-commerce with specific reference to SAP

Wentzel, Jan Johannes

06 December 2011

M.Comm. / Poorly controlled E-Commerce vulnerabilities expose organisations to fraud that can result in major financial losses and embarrassment. Also, fraud can be committed while the perpetrator remains anonymous. It is therefore important that the auditor understand the security relating to SAP's E-Commerce solutions. This short dissertation will focus on the security features relating to E-Commerce with specific reference to SAP. The results of this investigation will be used to develop a model, which may be used to assist auditors to identify and evaluate the security controls in a typical E-Commerce environment as well as those present in a SAP R/3 environment.

Electronic commerce

Internet security measures

Internet auditing

SAP e-commerce solutions

'n Bestuurshulpmiddel vir die evaluering van 'n maatskappy se rekenaarsekerheidsgraad

Von Solms, Rossouw

13 May 2014

M.Sc. (Informatics) / Information is power. Any organization must secure and protect its entire information assets. Management is responsible for the well-being of the organization and consequently for computer security. Management must become and stay involved with the computer security situation of the organization, because the existence of any organization depends on an effective information system. One way in which management can stay continually involved and committed with the computer security situation of the organization, is by -, the periodic evaluation of computer security. The results from this evaluation process can initiate appropriate actions to increase computer security in areas needed. For effective management involvement, a tool is needed to aid management in monitoring the status of implementing computer security on a regular basis. The main objective of this dissertation is to develop such a management tool. Basically the thesis consists of three parts, namely framework for effective computer security evaluation, the definition of the criteria to be included in the tool and lastly, the tool itself. The framework (chapters 1 to 6) defines the basis on which the tool (chapters 7 to 9) is built, e.g. that computer security controls need to be cost-effective and should aid the organization in accomplishing its objectives. The framework is based on a two dimensional graph: firstly, tho various risk areas in which computer security should be applied and secondly, the severity of controls in each of these areas. The tool identifies numerous risk areas critical to the security of the computer and its environment. Each of these risk areas need to be evaluated to find out how well it is secured. From these results an overall computer security situation is pictured. The tool is presented as a spreadsheet, containing a number of questions. The built -in formulae in the spreadsheet perform calculations resulting in an appreciation of the computer security situation. The results of the security evaluation can be used by management to take appropriate actions regarding the computer security situation.

Data protection

Computer security