Ett lapptäcke av säkerhetsskydd över Sverige : Utmaningar för civila verksamheter vid applicering av säkerhetsskyddsanalys för stärkt nationell säkerhet / A Quilt of Security Protection over Sweden : Challenges for Civilian Organisations when Applying Security Protection Analysis for Strengthened National Security

Sjöström, Elin

January 2019

Informationssäkerhet är idag någonting som blivit allt viktigare med den ökade mängd information som bearbetas och den ökade risken för antagonistiska händelser. Att bygga upp ett omfattande säkerhetsskydd genom att genomföra en grundläggande säkerhetsskyddsanalys är därför av vikt för de verksamheter som kan påverka Sveriges säkerhet. Denna studie har undersökt detta genom att besvara två frågeställningar: 1.Vilka utmaningar finns det vid applicering av säkerhetsskyddsanalys för civila verksamheter inom Sverige? och 2. Hur bör dessa verksamheter applicera säkerhetsskyddsanalys för att handskas med de identifierade utmaningarna? För att besvara dessa frågor har en kvalitativ fallstudie genomförts där empiri har samlats in genom en dokumentstudie, semistrukturerade intervjuer, och en observation. Empirin har sedan analyserats genom hermeneutisk analys och analys inspirerad från grundad teori. Studiens resultat har sedan tagits fram i tre steg. Först genom en kartläggning av säkerhetsskyddsanalysen där analysen delades in i sex huvudsakliga steg: verksamhetsanalys, identifiering av skyddsvärde, konsekvensanalys, säkerhetshotbedömning, sårbarhetsanalys, och identifiering och värdering av säkerhetsåtgärder. Sedan genom att ta fram 24 utmaningar som delades in i fyra huvudsakliga områden: nationella utmaningar, verksamhetsutmaningar, ledningsutmaningar, och medarbetarutmaningar. Slutligen genom att sammanföra kartläggningen av säkerhetsskyddsanalysen och de identifierade utmaningarna till ett gemensamt ramverk för applicering av säkerhetsskyddsanalys. Den utförda studiens kunskapsbidrag är ett stöd och en förståelse av säkerhetsskyddsanalysens utförande för civila verksamheter för att minska bristerna i deras säkerhetsskydd. / In the present day, Information security has become an increasingly important matter due to the growing amount of information being processed as well as the increasing risk for antagonistic events. To build an extensive security protection through executing a fundamental security protection analysis is therefore of great importance for the organisations which are involved with the security of Sweden. This study has investigated the matter through answering two research questions: 1. Which challenges arise when applying security protection analysis for civil organisations in Sweden? and 2. How should these organisations apply security protection analysis to be able to deal with the identified challenges? A qualitative case study was completed to answer these questions with empirical data collected through a document study, semi-structured interviews, and observation. The empirical data were analysed by means of hermeneutic analysis and analysis informed by grounded theory. The result of the study has therefore been produced in three steps. First, through a mapping of the securty protection analysis where the analysis was divided into six main steps: activity analysis, identification of protection value, consequence analysis, security threat assessment, vulnerability analysis, and identification and valuation of security actions. Then, through producing 24 challenges, which were divided into four main areas: national challenges, organisation challenges, governance challenges, and coworker challenges. Finally, through combining the mapping of the security protection analysis and the identified challenges to a joint framework for application of security protection analysis. The konwledge contribution of the performed study is a support and an understanding of the execution of the security protection analysis for civil organisations to reduce the deficiencies in their security protection.

Security protection

Security protection analysis

Security protection legislation

Information security

Security of Sweden

Säkerhetsskydd

Säkerhetsskyddsanalys

Säkerhetsskyddslagstiftning

Informationssäkerhet

Sveriges säkerhet

Information Systems, Social aspects

Development of an Autonomous Multi-Agent Drone Protection and Apprehension System for Persistent Operations

Reed D Lamy (12463386)

28 April 2022

<p> </p> <p>This work proposes a proof of concept along with a prototype of a multi-agent autonomous drone system that can be used to detect, and capture a intruding adversarial drone. The functional Counter Unmanned Aerial System (CUAS) prototype is used to convey the feasibility of a persistent multi-agent aerial protection and apprehension system by demonstrating important features of the mission through both simulation and field testing.<br> </p> <p> </p>

Mechanical Engineering

Control Systems, Robotics and Automation

Automation and Control Engineering

drones (UAV)

Mission Planning

security protection

Les antécédents et les conséquences des risques perçus dans les achats sur Internet en Chine et en France : une approche interculturelle / Antecedents and consequences of perceived risk in Internet shopping in China and France : a cross-cultural approach

Zheng, Lili

01 July 2013

Les risques perçus associés aux achats en ligne ont un effet critique sur la prise de décision du consommateur. En outre, étant donnée la mondialisation rapide des achats en ligne, une compréhension des raisons pour lesquelles les risques perçus varient en fonction de différentes cultures dans les achats en ligne est pertinente. La question de recherche qui motive cette étude est la suivante: « Quelles sont les différences significatives dans les effets de plusieurs déterminants des risques perçus dans les achats de vêtements en ligne en fonction des différences culturelles entre la Chine et la France ? » Un modèle d'équations structurelles est développé sur les relations hypothétiques entre les construits de l'étude. La recherche a apporté quelques résultats. Tout d'abord, nous avons constaté que les répondants chinois et français perçoivent de faibles niveaux de risques non-personnels et personnels dans leurs achats de vêtements sur Internet, mais les répondants chinois perçoivent un niveau plus élevé de risques non-personnels et personnels que les français. Le deuxième résultat principal est que le rôle des déterminants des risques perçus (la préoccupation des informations personnelles, la protection de la sécurité et la réputation des vendeurs en ligne) sur les risques perçus dans les achats en ligne varient selon les cultures. La réputation du site Web est plus valorisée dans les cultures collectivistes (Chine), tandis que la préoccupation des informations personnelles et la protection de la sécurité sont plus valorisées dans les cultures individualistes (France). Enfin, à la fois pour l'échantillon chinois et français, les risques perçus non-personnels ont un effet significatif sur l'intention à racheter. D'autre part, en ce qui concerne l'effet des risques perçus personnels, nous avons constaté qu'il y avait un effet négatif des risques perçus personnels sur les consommateurs chinois. / The perceived risks associated with online shopping have a critical effect on consumer decision making. In addition, cultural values provide a good theoretical basis for understanding perceived risk. Given the rapid globalization of online shopping, an understanding of the reasons why perceived risk vary in different cultures regarding online shopping should be crucial. The research question furnishing the main impetus for this study is: What are the significant differences in the effect of several determinants of perceived risk of online clothing shopping depending on cultural differences between China and France? Structural equation models with the maximum likelihood estimation method are employed to test all the hypothesized relationships. The research puts forth some findings. First, it is interesting to note that both the Chinese and French respondents perceive low levels of non-personal and personal risk regarding their online clothing purchases, but the Chinese respondents perceive higher non-personal risk than the French respondents and higher personal risk than the French respondents. The second key finding is that privacy concerns, security protection, and reputation have different effects on both consumer perception of non-personal risk and personal risk depending on cultural differences. Reputation is more valued in collectivist cultures (China), while privacy concerns and security protection are more valued in individualist cultures (France). Additionally, for both the Chinese and French samples, non-personal perceived risk significantly effects intention to repurchase. We found personal perceived risk has a significant effect only on Chinese consumer intention to repurchase.

Perception des risques en ligne

Interculturel

Intention à reacheter

Réputation du site web

Protection de la sécurité

Online perceived risk

Cross-cultural

Repurchase intention

Website retailer reputation

Security protection

Privacy concerns

Detecção e recuperação de intrusão com uso de controle de versão / Intrusion detection and recovery with revision control systems

Cavalcante, Gabriel Dieterich

05 May 2010

Orientador: Paulo Lício de Geus / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-16T05:27:31Z (GMT). No. of bitstreams: 1 Cavalcante_GabrielDieterich_M.pdf: 3073328 bytes, checksum: aeb145421a7f9c0c3d3ac872eb9ac054 (MD5) Previous issue date: 2010 / Resumo: Existe uma grande quantidade de configurações presentes em sistemas atuais e gerir essas configurações é um trabalho árduo para qualquer administrador de sistema. Inúmeras configurações podem ser definidas para uma só máquina e as combinações entre elas implicam de forma significativa no seu desempenho. A partir do momento que um sistema em pleno funcionamento pára de funcionar, algo em sua estrutura pode ter mudado. Este cenário é comum no processo de desenvolvimento de software onde o código fonte pode deixar de compilar ou ainda uma funcionalidade pode se perder. Controladores de versão são usados para reverter o estado do código para uma data anterior, solucionando o problema. Verificadores de Integridade são utilizados para detectar estas mudanças, porém não possuem mecanismos específicos para recuperação. Este estudo propõe e implementa uma arquitetura integrada que combina verificação de integridade e mecanismos de recuperação. Foram executados testes para determinar a sobrecarga total deste método, além de estudos de caso para verificar a sua eficiência de recuperação / Abstract: Current computer systems have a huge number of configurations that are hard to manage. The combinations of system configurations can impact on performance and behavior. From the moment that a system stops working correctly it is remarkable that something has changed. That is in common in software development, where changes made by the programmer may result in some features no longer working or the project not compiling anymore. Revision control systems can recover a previous state of the source code through revision mechanisms. Integrity checking is used to catch file modifications, however this technique does nothing toward recovering those files. This study proposes and implements an integrated architecture that combines integrity checking and restoring mechanisms. Tests were executed in order to measure the load imposed by the solution. In addition, analysis of three case studies shows the efficiency of the adopted solution / Mestrado / Segurança de Computadores

Sistemas operacionais (Computadores)

Software - Manutenção

Software - Segurança

Computer networks - Security systems

Operating systems (Computing)

Software - Recover

Software - Security/Protection

Risk Assessment of Power System Catastrophic Failures and Hidden Failure Monitoring & Control System

Qiu, Qun

11 December 2003

One of the objectives of this study is to develop a methodology, together with a set of software programs that evaluate, in a power system, the risks of catastrophic failures caused by hidden failures in the hardware or software components of the protection system. The disturbance propagation mechanism is revealed by the analysis of the 1977 New York Blackout. The step-by-step process of estimating the relay hidden failure probability is presented. A Dynamic Event Tree for the risk-based analysis of system catastrophic failures is proposed. A reduced 179-bus WSCC sample system is studied and the simulation results obtained from California sub-system are analyzed. System weak links are identified in the case study. The issues relating to the load and generation uncertainties for the risk assessment of system vulnerabilities are addressed. A prototype system - the Hidden Failure Monitoring and Control System (HFMCS) - is proposed to mitigate the risk of power system catastrophic failures. Three main functional modules - Hidden Failure Monitoring, Hidden Failure Control and Misoperation Tracking Database - and their designs are presented. Hidden Failure Monitoring provides the basis that allows further control actions to be initiated. Hidden Failure Control is realized by using Adaptive Dependability/Security Protection, which can effectively stop possible relay involvement from triggering or propagating disturbance under stressed system conditions. As an integrated part of the HFMCS, a Misoperation Tracking Database is proposed to track the performance of automatic station equipment, hence providing automatic management of misoperation records for hidden failure analysis. / Ph. D.

Power System Protection

Catastrophic Failures

Dynamic Event Tree

Risk Assessment

Hidden Failures

Hidden Failure Control

Hidden Failure Monitoring

Production Simulation

Misoperation Tracking Database

Power System