• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 21
  • 19
  • 4
  • 2
  • 1
  • 1
  • 1
  • 1
  • 1
  • Tagged with
  • 57
  • 57
  • 17
  • 14
  • 12
  • 10
  • 10
  • 10
  • 8
  • 8
  • 8
  • 7
  • 7
  • 7
  • 6
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

Efficient enforcement of security policies in distributed systems

Alzahrani, Ali Mousa G. January 2013 (has links)
Policy-based management (PBM) is an adaptable security policy mechanism in information systems (IS) that confirm only authorised users can access resources. A few decades ago, the traditional PBM has focused on closed systems, where enforcement mechanisms are trusted by system administrators who define access control policies. Most of current work on the PBM systems focuses on designing a centralised policy decision point (PDP), the component that evaluates an access request against a policy and reports the decision back, which can have performance and resilience drawbacks. Performance and resilience are a major concern for applications in military, health and national security domains where the performance is desirable to increase situational awareness through collaboration and to decrease the length of the decision making cycle. The centralised PDP also represents a single point of failure. In case of the failure of the centralised PDP, all resources in the system may cease to function. The efficient distribution of enforcement mechanisms is therefore key in building large scale policy managed distributed systems. Moving from the traditional PBM systems to dynamic PBM systems supports dynamic adaptability of behaviour by changing policy without recoding or stopping the system. The SANTA history-based dynamic PBM system has a formal underpinning in Interval Temporal Logic (ITL) allowing for formal analysis and verification to take place. The main aim of the research to automatically distribute enforcement mechanisms in the distributed system in order to provide resilience against network failure whilst preserving efficiency of policy decision making. The policy formalisation is based on SANTA policy model to provide a high level of assurance. The contribution of this work addresses the challenge of performance, manageability and security, by designing a Decentralised PBM framework and a corresponding Distributed Enforcements Architecture (DENAR). The ability of enforcing static and dynamic security policies in DENAR is the prime research issue, which balances the desire to distribute systems for flexibility whilst maintaining sufficient security over operations. Our research developed mechanisms to improve the efficiency of the enforcement of security policy mechanisms and their resilience against network failures in distributed information systems.
2

A Hierarchical Approach to Examine Long-Term Consequences of Educational Security Policies

Kapa, Ryan Robert 24 September 2018 (has links)
No description available.
3

Measuring Efficacy of Information Security Policies : A Case Study of UAE based company

Qureshi, Muhammad Sohail January 2012 (has links)
Nowadays information security policies are operative in many organizations. Currently few organizations take the pain of verifying the efficacy of these policies. Different standards and procedures exist about methods of measuring efficacy of information security policies. Choosing and implementing them depends mainly on the key performance indicators (KPIs) and key risk indicators (KRIs) of any particular organization. This thesis is a case study of an organization in United Arab Emirates (UAE). The basic aim of the research is to inquire and analyze how the efficacy of the implemented security policies is being measured in this particular organization and to propose a method which is more suitable to the needs of organization. The research is based on theoretical study, an interview and a questionnaire. The results of this thesis indicate that there are no formal mechanisms for measuring the efficacy of information security policies in the organization under consideration. Moreover the employees of the organization are also not much satisfied with information security awareness in the company, which can be another reason for ensuring that the efficacy is measured on regular basis. Therefore, a technique from ISO27004 has been used to demonstrate how this efficacy can be measured. It is a step by step procedure for which the information has been extracted from the interview and survey questionnaire responses.
4

A Study of the Effect of Information Security Policies on Information Security Breaches in Higher Education Institutions

Waddell, Stanie Adolphus 01 January 2013 (has links)
Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and Fulford undertook two studies in 2003 and in 2005 respectively that sought to catalogue the impact of the information security policy on breaches at businesses in the United Kingdom. The pair went on to call for additional studies in differing industry segments. This dissertation built upon Doherty and Fulford (2005). It sought to add to the body of knowledge by determining the statistical significance of the information security policy on breaches within Higher education. This research was able to corroborate the findings from Doherty and Fulford's original research. There were no observed statistically significant relationships between information security policies and the frequency and severity of information security breaches. This study also made novel contributions to the body of knowledge that included the analysis of the statistical relationships between information security awareness programs and information security breaches. This effort also analyzed the statistical relationships between information security policy enforcement and breaches. The results of the analysis indicated no statistically significant relationships. Additionally, this research observed that while information security policies are heavily utilized by colleges and universities, security awareness training is not heavily employed by institutions of higher education. This research noted that many institutions reported not having consistent enforcement of information security policies. The data observed during this research implies there is room for additional coverage of formal information security awareness programs and potentially a call to attempt alternative training methods to achieve a reduction of the occurrences and impact of security breaches. There is room for greater adoption of consistent enforcement of policy at higher education organizations. The results of this dissertation suggest that the existence of policy, training, and enforcement activities in and of themselves are not enough to sufficiently curtail breaches. Additional studies should be performed to better understand how breaches can be reduced.
5

A Study of the Contributions of Attitude, Computer Security Policy Awareness, and Computer Self-Efficacy to the Employees' Computer Abuse Intention in Business Environments

Blanke, Sandra Jetton 01 January 2008 (has links)
While computer technology is generally intended to increase employee productivity and effectiveness that same computer technology may be used in negative ways that reduces productivity and increases cost in the business environment. Computer abuse has occurred in the past 12 months in more than half of the business environments surveyed by the Computer Security Institute. To date, research results still indicate that employee computer abuse is problematic and continues to significantly increase. It is estimated American businesses will lose $63 billion each year due to employees' computer abuse on the Internet. This study was a predictive study that attempted to predict employees' computer abuse intention (CAI) in the business environment based on the contribution of attitude (ATT), computer security policy awareness (CSPA), and computer self-efficacy (CSE). Working professionals from the south central United States were surveyed to determine their ATT toward computer abuse, CSPA, and CSE, as well as their intention to commit computer abuse in the business environment. A theoretical model was proposed, and two statistical methods were used to formulate models and test predictive power: Multiple Linear Regression (MLR) and Ordinal Logistic Regression (OLR). It was predicted that ATT, CSPA, and CSE will have a significant impact on employee's CAI. Results demonstrated that ATT was a significant predictor in predicting employee CAI on both the MLR and OLR regression models. CSE was a significant predictor on the MLR model only. CSPA was not found to be a significant predictor of CAI on either regression models. There are two main contributions of this study. First, to develop and empirically validate models for predicting employee's CAI in the business environment. Second, to investigate the most significant construct of the three constructs studied that contribute to the employee's CAI in the business environment.
6

GridMultiPolicy: gerenciamento e efetivação de múltiplas políticas de controle de acesso em ambientes de grades computacionais. / GridMultiPolicy: management and enforcement of multiple policies of access control in computational grid environments.

Mattes, Leonardo 10 September 2007 (has links)
O termo grade computacional faz referência a uma classe de sistemas distribuídos que permitem a associação e a integração de múltiplos domínios em organizações virtuais. Um serviço de controle de acesso coerente a sistemas com estas características deve ser flexível para integrar múltiplas políticas, permitindo que administradores, sítios e usuários determinem as regras e os mecanismos para proteger seus recursos. Esta tese apresenta o GridMultiPolicy, um sistema flexível para o gerenciamento e a integração de múltiplas políticas e mecanismos para a efetivação de controle de acesso em ambientes de grade computacional. Adicionalmente, foram desenvolvidas políticas para demonstrar a capacidade do sistema proposto em oferecer respostas às necessidades presentes em cenários de uso de uma grade computacional. O impacto da utilização do GridMultiPolicy e das políticas desenvolvidas foi avaliado por meio de testes de desempenho. Palavras-chave: Grade computacional. Grades. Sistemas distribuídos. Políticas de segurança em organizações virtuais. GridMultiPolicy. / The term computational grid refers to a class of distributed systems that allows for the association and integration of multiple independent domains in virtual organizations. A coherent access control services in such a system should be flexible to integrate multiple polices so as to permit administrators, sites, and users to determine roles and mechanisms to protect their resources. This thesis introduces the GridMultiPolicy, a flexible system that manages and integrates multiple policies and mechanisms to enforce access control in grid environments. Additionally, policies have been developed to show how the proposed system is able to offer answers to security needs present in grid use scenarios. The impact of the GridMultiPolicy and the developed policies was evaluated by performance tests. Key-words: Computational grid. Grid. Distribuited system. Virtual organization. Policy and security for virtual organization. GridMultiPolicy.
7

Capturing mobile security policies precisely

Hallett, Joseph January 2018 (has links)
The security policies of mobile devices that describe how we should use these devices are often informally specified. Users have preferences for some apps over others. Some users may avoid apps which can access large amounts of their personal data, whilst others may not care. A user is unlikely to write down these policies or describe them using a formal policy language. This is unfortunate as without a formal description of the policy we cannot precisely reason about them. We cannot help users to pick the apps they want if we cannot describe their policies. Companies have mobile security policies that definehowan employee should use smart phone devices and tablet computers from home at work. A company might describe the policy in a natural language document for employees to read and agree to. They might also use some software installed on employee's devices to enforce the company rules. Without a link between the specification of the policy in the natural language document and the implementation of the policy with the tool, understanding how they are related can be hard. This thesis looks at developing an authorisation logic, called AppPAL, to capture the informal security policies of the mobile ecosystem, which we define as the interactions surrounding the use of mobile devices in a particular setting. This includes the policies of the users, the devices, the app stores, and the environments the users bring the devices into. Whilst earlier work has looked on checking and enforcing policies with low-level controls, this work aims to capture these informal policy's intents and the trust relationships within them separating the policy specification from its enforcement. This allows us to analyse the informal policies precisely, and reason about how they are used. We show how AppPAL instantiates SecPAL, a policy language designed for access control in distributed environments. We describe AppPAL's implementation as an authorisation logic for mobile ecosystems. We show how we can check AppPAL policies for common errors. Using AppPAL we show that policies describing users privacy preferences do not seem to match the apps users install. We explore the differences between app stores and how to create new ones based on policy. We look at five BYOD policies and discover previously unexamined idioms within them. This suggests aspects of BYOD policies not managed by current BYOD tools.
8

GridMultiPolicy: gerenciamento e efetivação de múltiplas políticas de controle de acesso em ambientes de grades computacionais. / GridMultiPolicy: management and enforcement of multiple policies of access control in computational grid environments.

Leonardo Mattes 10 September 2007 (has links)
O termo grade computacional faz referência a uma classe de sistemas distribuídos que permitem a associação e a integração de múltiplos domínios em organizações virtuais. Um serviço de controle de acesso coerente a sistemas com estas características deve ser flexível para integrar múltiplas políticas, permitindo que administradores, sítios e usuários determinem as regras e os mecanismos para proteger seus recursos. Esta tese apresenta o GridMultiPolicy, um sistema flexível para o gerenciamento e a integração de múltiplas políticas e mecanismos para a efetivação de controle de acesso em ambientes de grade computacional. Adicionalmente, foram desenvolvidas políticas para demonstrar a capacidade do sistema proposto em oferecer respostas às necessidades presentes em cenários de uso de uma grade computacional. O impacto da utilização do GridMultiPolicy e das políticas desenvolvidas foi avaliado por meio de testes de desempenho. Palavras-chave: Grade computacional. Grades. Sistemas distribuídos. Políticas de segurança em organizações virtuais. GridMultiPolicy. / The term computational grid refers to a class of distributed systems that allows for the association and integration of multiple independent domains in virtual organizations. A coherent access control services in such a system should be flexible to integrate multiple polices so as to permit administrators, sites, and users to determine roles and mechanisms to protect their resources. This thesis introduces the GridMultiPolicy, a flexible system that manages and integrates multiple policies and mechanisms to enforce access control in grid environments. Additionally, policies have been developed to show how the proposed system is able to offer answers to security needs present in grid use scenarios. The impact of the GridMultiPolicy and the developed policies was evaluated by performance tests. Key-words: Computational grid. Grid. Distribuited system. Virtual organization. Policy and security for virtual organization. GridMultiPolicy.
9

STRATEGIC PERCEPTIONS FROM INDONESIA, MALAYSIA AND SINGAPORE 1989-1992 AND THE IMPLICATIONS FOR AUSTRALIA'S SECURITY POLICIES

PRINCE, Peter January 1993 (has links)
Indonesia, Malaysia and Singapore are of key strategic importance for Australia. These three nations form the geographic and arguably the political core of the Association of Southeast Asian Nations (ASEAN). The growing resilience of ASEAN over the last quarter of a century has been a major factor in Australia's secure strategic outlook. In addition, the Indonesia - Malaysia - Singapore triangle lies across the most feasible military approaches to Australia. Hence strategic cohesion in this triangle greatly reduces the prospect of any kind of military threat to Australia.
10

Designing security policies and frameworks for web applications

Singh, Kapil 24 May 2011 (has links)
The new developments behind Web 2.0 have increased the complexity of web systems making the task of securing these systems a challenging problem. As a result, end-to-end security for web access has been hindered by the limitations of current web security policies and by the lack of systems that enable effective enforcement of policies. The focus of this dissertation is on how new tools and frameworks may be designed to aid the protection of web systems by acting as policy specification and enforcement points. In particular, we develop a set of policies and frameworks for three web players--the user, the web browser and the web application--that determine the end-to-end security of web content. Our contributions include a framework for users to specify security policies, a platform to enforce user policies for third-party applications, a systematic analysis of browser policy issues, and a mechanism to provide improved end-to-end security/integrity guarantees.

Page generated in 0.0943 seconds