51 |
A Socio-technical Analysis of Information Systems Security Assurance : A Case Study for Effective AssuranceChaula, Job Asheri January 2006 (has links)
<p>This thesis examines the concepts of Information System (IS) security assurance using a socio-technical framework. IS security assurance deals with the problem of estimating how well a particular security system will function efficiently and effectively in a specific operational environment. In such environments, the IS interact with other systems such as ethical, legal, operational and administrative. Security failure in any of these systems may result in security failure of the whole system. </p><p>In this thesis a socio-technical framework is used to examine culture, usability problems, security internal controls, security requirements and re-use of security requirements of TANESCO information systems. TANESCO is the energy utility company in Tanzania where the case study was conducted. Results show that culture affects the way people approach IS security. Also results show that the socio-technical framework is effective in modeling systems security and its environment. The re-use of security requirements is also shown to significantly minimise the time taken when developing and improving security requirements for an IS. </p><p>The overall purpose of this thesis has been to develop a framework for information systems security assurance. The resulting framework of thinking brings together numerous assurance concepts into a coherent explanation that should be useful for any organisation or evaluators seeking to understand the underlying principals of systems security assurance. It contains organisational, cultural, and technical issues that should be looked at when considering and applying systems security assurance methods and techniques.</p>
|
52 |
ICT Security Readiness Checklist for Developing Countries : A Social-Technical ApproachTarimo, Charles N. January 2006 (has links)
<p>The consequences of Information and Communication Technology (ICT) revolution on society are almost impossible to enumerate. New types of ICT products, services and capabilities are finding their way into our offices, schools and homes - almost on daily basis; impacting the way we work, learn and live. Following this revolution, governments around the world have recognised that the transformation from traditional government to electronic government is one of the most important public policy issues to embrace. Likewise, organisations and businesses around the world are transforming from traditional organisations and businesses to their electronic equivalent.</p><p>However, to be a part in this revolution, it is important for the concerned governments and organisations to have an ability to differentiate between implementing a new IT/ICT system and a transformation to e-government, e-organisation, and e-business. E-government is not simply about implementing new ICT systems, but it is about changing business models and processes to do things differently and better. ICT offers the solutions, but e-government, eorganisation, and e-business are about changing the way they operate to achieve their mission objectives.Implicitly there are a number of key issues to be considered in this transformation. One such key issue is security, since many of the technical and social security control mechanisms that are in place today are rendered ineffective by the ICT revolution. As such, we can no longer rely entirely on our traditional security controls—e.g. physical access controls, security guards and locks—to ensure the security of an organisation’s assets, processes and communications. The multiplicity of new technical possibilities gives rise not only to new products, services and more efficient and effective ways of doing things, but also to the possibility of misuse of the technology. Consequently, new social and technical security controls are imperative in this revolution. However, research findings show that, in many cases, security issues come as an-after-thought in the ongoing transformations to ICT-enabled organisational or governmental contexts.</p><p>In this thesis, the challenges of the process of computerisation and other changes due to ICT are investigated from a security point of view. An explorative study of both theoretical and practical aspects of addressing ICT security in organisations was performed. The findings from some organisations studied show that, organisations—as social-technical systems—are facing a myriad of problems in their effort to adequately and effectively implementing a sound ICT security program. As a result, the organisations, individuals, or nations as a whole; may fail in meeting the challenges of exploiting the benefits of ICT; due, in part, to their failure to manage the risks which ICT presents—not being ‘e-ready’ in ICT security matters.</p><p>In view of the above, the following are the end products of the research: a Model of Security Knowledge, and a Social-Technical ICT Security Readiness Checklist. These end products draw from the available ICT-security knowledge-body and a practical experience from an empirical study conducted in Tanzania. We believe the model and checklist would serve as a starting point in assisting organisations having a similar security situation as those studied, to meet the security challenges of exploiting the benefits of ICT. By providing means for evaluation, formation and implementation of ICT security controls—both social and technical ones—the checklist can be helpful in managing the risks that ICT presents.</p>
|
53 |
Application of systems engineering principles for analysis of utility baseline development processJohnson, Benjamin D. 15 February 2017 (has links)
<p> There is a need in the energy services industry for companies to accurately estimate and verify energy savings. This starts with the accurate development of a utility baseline. Systems Engineering principles can be used to determine the optimal method to use for developing a utility baseline. Several Systems Engineering tools were used in this thesis, including a stakeholder analysis, needs and requirements files, requirements traceability, functional flow block diagrams, a work breakdown structure, trade studies, and verification and validation of requirements. These tools helped to identify three main components of the process for further analysis. The trade study was then used to determine the best way to address these components of the process, and resulted in innovative methods that had not previously been considered. The recommendations in this work will benefit both the energy services company and their customers.</p>
|
54 |
Use of Model-Based Design Methods for Enhancing Resiliency Analysis of Unmanned Aerial VehiclesKnox, Lenora A. 20 April 2017 (has links)
<p>The most common traditional non-functional requirement analysis is reliability. With systems becoming more complex, networked, and adaptive to environmental uncertainties, system resiliency has recently become the non-functional requirement analysis of choice. Analysis of system resiliency has challenges; which include, defining resilience for domain areas, identifying resilience metrics, determining resilience modeling strategies, and understanding how to best integrate the concepts of risk and reliability into resiliency. Formal methods that integrate all of these concepts do not currently exist in specific domain areas. Leveraging RAMSoS, a model-based reliability analysis methodology for Systems of Systems (SoS), we propose an extension that accounts for resiliency analysis through evaluation of mission performance, risk, and cost using multi-criteria decision-making (MCDM) modeling and design trade study variability modeling evaluation techniques. This proposed methodology, coined RAMSoS-RESIL, is applied to a case study in the multi-agent unmanned aerial vehicle (UAV) domain to investigate the potential benefits of a mission architecture where functionality to complete a mission is disseminated across multiple UAVs (distributed) opposed to being contained in a single UAV (monolithic). The case study based research demonstrates proof of concept for the proposed model-based technique and provides sufficient preliminary evidence to conclude which architectural design (distributed vs. monolithic) is most resilient based on insight into mission resilience performance, risk, and cost in addition to the traditional analysis of reliability.
|
55 |
COSYSMO 3.0| An Extended, Unified Cost Estimating Model for Systems EngineeringAlstad, James Patrick 29 January 2019 (has links)
<p> The discipline of systems engineering continues to increase in importance. There are more projects, projects are larger, and projects are more critical, and all of these mean that more and better systems engineering is required. It follows that the cost of systems engineering continues to increase in importance. In turn, it follows that accurate estimation of systems engineering costs continues to increase in importance, as systems engineering results suffer if a project either underestimates or overestimates its cost. </p><p> There are models for estimating systems engineering cost, notably COSYSMO 1.0, but all these models leave out some aspect of modern practices, and therefore tend to estimate a modern systems engineering cost inaccurately, or not at all. These modern practices include reuse of engineering artifacts, requirements volatility, and engineering in a system-of-systems context. While all of these practices have been addressed to some extent in research papers, there is no all-encompassing model that integrates all of them. </p><p> My research has resulted in an integrated model that includes the features of COSYSMO 1.0 and covers those modern practices. It is open and therefore widely available. I have completed a comprehensive model based, in part, on actual project data.</p><p>
|
56 |
A Holistic Approach for Managing ICT Security in Non-Commercial Organisations : A Case Study in a Developing CountryBakari, Jabiri Kuwe January 2007 (has links)
<p>The research reported here is about improvement of the ICT security management process in non-commercial organisations in order to reduce possible financial damage, taking into consideration the realities found in developing countries. The research took place in a developing country—Tanzania, where five organisations were involved. </p><p>The study is organised into seven papers covering: the state of ICT security management in the organisations; prerequisites when utilising the existing ICT security management approaches in attaining a solution for managing ICT security in the organisations; issues and challenges of managing ICT security; important aspects to be taken into consideration in order to successfully manage ICT security; and how the management of ICT security in non-commercial organisations could be improved. Among others, the research was motivated by the observed need for bridging the perception gap between the management and technicians when dealing with the ICT security problem, and consequently extending to a common understanding by the staff in the various departments and specialities within and between the departments. </p><p>The thesis contributes to increased empirical knowledge on the importance of the holistic ICT security management process. Particularly, our main contribution is the proposed holistic approach for managing ICT security in non-commercial organisations, organised in the form of guidelines with two main phases: the initialisation phase which involved the introduction of the ICT security management process in the organisation; and the internalised and continuous phase. </p>
|
57 |
Strategic Planning of Knowledge Management Systems : A Problem Exploration ApproachAidemark, Jan January 2007 (has links)
<p>Knowledge management (KM) is focused on the problems and opportunities of using organizational knowledge as a resource. Information systems that are used to support KM processes are called knowledge management systems (KMS). A KMS is distinguished from any information system by the organizational processes that it supports, that is, creation, capture, storage and dissemination of competences and knowledge. The research area can be summarized as: “Perspectives and frameworks for the strategic planning of knowledge management systems, i.e. information systems for the support of organizational knowledge processes”. We approach the problem area from a strategic point of view, assuming that the problems of the area are based on a socio-technical dimension and that a multiple-paradigm approach is necessary for dealing with the problems of the various KM areas. The research strategy applied to achieve this is interpretative case studies. A number of case studies are used for exploring KM planning areas, developing frameworks for planning and testing the resulting approach. The empirical material consists of three main case studies, together with a number of secondary cases by other writers in the KM field. The outcome of the research is a planning approach, which is given the name: “The problem exploration approach”. The approach is intended for the generation of ideas of possible systems, as a strategic part of knowledge management systems planning. The purpose of the planning approach is to support the creation of a portfolio of KMS. A KMS portfolio is a structured set of information systems that could be developed for an organizational unit. The approach consists of five planning frameworks, all targeting different aspects of an organization. “The problem exploration approach” and its development process are then examined for more general insights into the subject of strategic KM planning. As an outcome of this examination a 12-point program for balancing a planning approach is presented. </p>
|
58 |
Plot, Spectacle, and Experience : Contributions to the Design and Evaluation of Interactive StorytellingLaaksolahti, Jarmo January 2008 (has links)
<p>Interactive storytelling is a new form of storytelling emerging in the crossroads of many scholarly, artistic, and industrial traditions. In interactive stories the reader/spectator moves from being a receiver of a story to an active participant. By allowing participants to influence the progression and outcome of the story new experiences will arise. This thesis has worked on three aspects of interactive storytelling: plot, spectacle, and experience. The first aspect is concerned with finding methods for combining the linear structure of a story, with the freedom of action required for an interactive experience. Our contribution has focused on a method for avoiding unwanted plot twists by predicting the progression of a story and altering its course if such twists are detected.</p><p>The second aspect is concerned with supporting the storytelling process at the level of spectacle. In Aristotelian terms, spectacle refers to the sensory display that meets the audience of a drama and is ultimately what causes the experience. Our contribution focuses on graphically making changing emotions and social relations, important elements of dramatic stories in our vision, salient to players at the level of spectacle. As a result we have broadened the view of what is important for interactive storytelling, as well as what makes characters believable. So far not very much research has been done on evaluating interactive stories. Experience, the third aspect, is concerned with finding qualitative methods for evaluating the experience of playing an interactive story. In particular we were interested in finding methods that could tell us something about how a players experience evolved over time, in addition to qualities such as agency that have been claimed to be characteristic for interactive stories. Our contribution consists of two methods that we have developed and adapted for the purposes of evaluating interactive stories that can provide such information. The methods have been evaluated on three different interactive storytelling type games.</p>
|
59 |
Mobile Agent Approach to Congestion Control in Heterogeneous NetworksNguyen, Hong Van January 2008 (has links)
<p>One of the motivations to study the behavior of the Internet is to find out the best way to maintain the relative stability of the global network. This leads into the investigations of events that impair the performance of the system such as congestion that occurs whenever the demand for resources exceed the available capacity. When the congestion is left uncontrolled the performance of the whole system degrades through severe delays, lost packets, and even a complete shutdown of the network. Hence, congestion management through monitoring, detection and control is necessary in order to sustain acceptable levels of network performance and this may be done via the transport protocols. Consequently, many modifications of the original TCP protocol have been implemented to manage the control. On the other hand, unlike TCP, UDP has no knowledge of congestion whatsoever and hence unresponsive to the network problems.</p><p>The work explores the possibility to influence and modify the unresponsive behavior of UDP or similar protocols via the mobile agent paradigm. The autonomous entities are able to migrate across the network and sense the state of the network and when needed tame the intensity of UDP or alike flows to prevent congestion. The proposed model is termed the Combined Model for Congestion Control (CM4CC) and has two different objectives. The first one is to employ the host centric or end-to-end (E2E) congestion control mechanisms for the TCP flows; the second one is to invoke the mobile agent paradigm to manage the non-TCP (or UDP) traffic. Both mechanisms must work together to avoid congestion. When it eventually appears, they have to assist the network in speedy recovery and return to the normal mode of operation. The validity of the CM4CC has been verified through numerous simulation scenarios using the Optimized Network Engineering Tool (OPNET). The results provide the basis for an environment that makes possible the coexistence of responsive and unresponsive flows.</p>
|
60 |
Information Security in Distributed Healthcare : Exploring the Needs for Achieving Patient Safety and Patient PrivacyÅhlfeldt, Rose-Mharie January 2008 (has links)
<p>In healthcare, patient information is a critical factor. The right information at the right time is a necessity in order to provide the best possible care for a patient. Patient information must also be protected from unauthorized access in order to protect patient privacy. It is furthermore common for patients to visit more than one healthcare provider, which implies a need for cross border healthcare and continuity in the patient process.</p><p>This thesis is focused on information security in healthcare when patient information has to be managed and communicated between various healthcare actors and organizations. The work takes a practical approach with a set of investigations from different perspectives and with different professionals involved. Problems and needs have been identified, and a set of guidelines and recommendations has been suggested and developed in order to improve patient safety as well as patient privacy.</p><p>The results show that a comprehensive view of the entire area concerning patient information management between different healthcare actors is missing. Healthcare, as well as patient processes, have to be analyzed in order to gather knowledge needed for secure patient information management.</p><p>Furthermore, the results clearly show that there are deficiencies both at the technical and the administrative level of security in all investigated healthcare organizations.</p><p>The main contribution areas are: an increased understanding of information security by elaborating on the administrative part of information security, the identification of information security problems and needs in cross border healthcare, and a set of guidelines and recommendations in order to advance information security measures in healthcare.</p>
|
Page generated in 0.0908 seconds