Global ETD Search

641	Probability analysis and financial model development of MITRE ATT&CK Enterprise Matrix's attack steps and mitigations / Sannolikhetsanalys och utveckling av finansiell modell av MITRE ATT&CK Enterprise matrisens attacksteg och försvar Evensjö, Lina January 2020 (has links) Cyberattacks are becoming a greater concern as our society is digitized to a greater extent, with the storage of sensitive information being a rule rather than an exception. This poses a need of a time- and cost efficient way to assess the cyber security of an enterprise. The threat modeling language enterpriseLang constitute just that, where a general enterprise system assumption allows for re-usage on several enterprise systems. The language is created with Meta Attack Language and is based on the knowledgeable attack- and mitigation steps of MITRE ATT&CK Enterprise Matrix. Since all possible attack paths are not equally likely, probability distributions need to be applied to the attack and mitigation steps. The work presented in this paper includes the provision of probability distributions to a handful of them, mainly connected to gaining initial access to a system with the help of user execution. Beyond this, the financial impact an attack can have and if mitigation measures are financially profitable are examined. To calculate this, a Return on Response Investment model is developed. / Cyberattacker håller på att bli ett större orosmoment allteftersom vårt samhälle digitaliseras i större utsräckning, där lagring av känslig information snarare har blivit regel än undantag. Detta utgör ett behov av ett tids- och kostnadseffektivt sätt att bedömma cybersäkerheten hos ett företag. Hotmodelleringsspråket enterpriseLang är just detta, där antagandet av ett generellt företagssystem möjliggör återanvändning på flera olika system. Språket är skapat med Meta Attack Language och är baserat på kända attack- och försvarssteg från MITRE ATT&CK Enterprise matris. Eftersom alla möjliga attackvägar inte utnyttjas i lika stor utsträckning, behöver sannolikhetsfördelningar tilldelas till attack- och försvarsstegen. Arbetet som presenteras i den här rapporten inkluderar tilldelningen av sannolikhetsfördelningar till en handfull av dem, i synnerhet de kopplade till att få inital åtkomst till ett system med hjälp av användarutföranden. Utöver detta undersöks också den finansiella påverkan en attack kan ha samt om försvarsåtgärder är finansiellt lönsamma. En modell för avkastning på en sådan investering utvecklas för att kunna beräkna detta. cyber security threat modeling attack paths probability financial impact cybersäkerhet hotmodellering attackvägar sannolikhet finansiell påverkan Information Systems
642	The effect of priming intelligence malleability on stereotype threat and performance. Burns, Kathleen C. 01 January 2003 (has links) (PDF) No description available. Adaptability Psychology Math anxiety Priming Psychology Stereotypes Social psychology Threat Psychology Women in mathematics
643	Social rejection as a mediating variable in the link between stereotype threat and math performance. Yopyk, Darren A.J. 01 January 2005 (has links) (PDF) No description available. Athletes Psychology Math anxiety Priming Psychology Rejection Psychology Stereotypes Social psychology Threat Psychology
644	Unauthorized Smart Lock Access : Ethical Hacking of Smart Lock Systems / Obehörig åtkomst av smarta lås : Etisk hackning av smarta låssystem Winkelmann, Albin January 2022 (has links) IoT devices have become more common in our everyday lives as they provide more useful features than traditional devices. One such device is the smart door lock, which enables homeowners to grant access on a user-specified level through digital keys and remote operation. However, as smart locks are meant to protect everything we own, they become an attractive target for attackers. This thesis evaluates the Yale Linus and Gimdow smart lock systems through a comprehensive security examination. In order to provide insight into the IT security of common smart locks on the market today and whether or not the companies behind the locks researched have implemented mitigations towards common attacks on smart locks found in earlier research. In doing so, Gimdow proved to lack basic security measures as an attacker could easily get unauthorized access. The Yale Linus system was deemed to have sufficient IT security as no immediate vulnerabilities were found. / IoT-enheter har blivit vanligare i vår vardag eftersom de tillhandahåller fler funktioner än traditionella enheter. En av dessa enheter är det smarta dörrlåset. Låset gör det möjligt för husägare att, på en användarspecificerad nivå, ge åtkomst till hushållet genom digitala nycklar och fjärrstyrning. Men eftersom smarta lås är avsedda att skydda allt vi äger, blir de ett attraktivt mål för angripare. Denna avhandling utvärderade två smarta låssystem av Yale Linus och Gimdow genom en omfattande säkerhetsundersökning. Målet var att ge insikt i IT-säkerheten för smarta lås på marknaden idag, samt kolla ifall låsföretagena bakom de valda låsen har tagit tidigare forskning angående attacker på smart lås i åtanke. I den här studien visade det sig att Gimdow saknar grundläggande säkerhetsåtgärder vilket tillåter en angripare att lätt få obehörig åtkomst. Yale Linus-systemet ansågs ha tillräcklig IT-säkerhet eftersom inga omedelbara sårbarheter kunde hittas. IoT threat modeling computer security smart lock pentesting IoT hotmodellering datasäkerhet smarta lås penetrationstestning Computer and Information Sciences Data- och informationsvetenskap
645	Agency Through the We: Group-Based Control Theory Fritsche, Immo 13 June 2023 (has links) How do people maintain a sense of control when they realize the noncontingencies in their personal life and their strong interdependence with other people? Why do individuals continue to act on overwhelming collective problems, such as climate change, that are clearly beyond their personal control? Group-based control theory proposes that it is social identification with agentic groups and engagement in collective action that serve to maintain and restore people’s sense of control, especially when their personal control is threatened. As a consequence, group-based control may enable people to act adaptively and stay healthy even when personal control seems futile. These claims are supported by evidence showing increased in-group identification and group-based action intentions following reminders of low personal control. Furthermore, these responses of identifying with agentic in-groups increase people’s perceived control and well-being. This article succinctly presents group-based control theory and relevant empirical findings. It also elaborates on how group-based control relates to other social-identity motives and how it may explain social phenomena. info:eu-repo/classification/ddc/150 ddc:150
646	To Spy the Lie. Detecting the Insider Threat of Espionage Bergström, Emma January 2023 (has links) Acts committed by insiders have risen during past years, and there is a need for a better understanding of how preventive measures can be used, not just remedial action after the fact. The current narrative in research when discussing espionage was motive; why someone committed espionage. The aim of this study was to create a theoretical model of a ‘risk individual’ and, with the use of the model, techniques for personality assessment and text analysis, develop an artefact, a self-assessment test, that could be used to assess if a person had a higher risk to commit the act of espionage. Design Science research was chosen as a main methodological approach with supporting methods throughout. A survey was chosen to collect the data and the data was analyzed quantitatively. The artefact is partly based on selfassessment questionnaires and partly on themes identified as necessary when a governmental agency conducted personal security interviews for potential new hires. In order to achieve the research goal, data from 52 individuals were collected and analyzed using various quantitative methods. When applying internal reliability testing to the risk factors proposed by the theoretical model, seven out of the eight factors had good reliability. One factor, stress, performed poorly. This was probably due to the width of the questions asked, from personal to professional stress. This resulted in stress being removed from further testing. The remaining seven factors correlated with each other, apart from one, entitlement. This risk factor correlated with ethical flexibility but not the other six risk factors. In order to test how well the Big Five correlated with risk, the mean of a risk individual was calculated and compared with the five factors of OCEAS. The five factors all correlated negatively with risk, with agreeableness having the highest negative correlation and extroversion having the lowest. Differences could be seen when comparing the ten participants with the highest mean risk score to the ten with the lowest for both the Big Five and the risk factors in the theoretical model. The differences for the Big Five were lower than those for the theoretical model, i.e., both Big Five and the theoretical model work as sorting out higher-risk individuals. However, they worked better together and provided a more profound picture than using just one or the other. The open-text questions were analyzed with the help of wordlists to calculate how the participants used different types of pronouns when writing. One wordlist provided potentially interesting results (the word list for ‘I’), while the others did not. Insider threat insider risk espionage personality traits theoretical model of risk factors personality assessment Computer Sciences Datavetenskap (datalogi)
647	The Effects of Ego Threat and Self-Esteem Boost on Overall Self-Control Ability. Williamson, Jessica Rose 07 May 2011 (has links) (PDF) Self-control enables people to make decisions that can promote overall well-being. Such decisions include refraining from overeating or the decision to motivate individuals to persevere when faced with difficulties. The purpose of this study was to determine if not requiring the expenditure of self-control and boosting self-esteem would enable participants to persist longer at a task designed to measure self-control than participants who were required to expend self-control and received an ego threat. No significant main effects were found for self-control manipulations, F (1, 223) = .54, p = .46, or for self-esteem manipulations, F (1, 223) = .01, p = .91. No significant interaction effects were found. F(3, 219) = .785, p =.503. ego-depletion self-esteem boost ego threat self-control self-esteem Psychology Social and Behavioral Sciences Social Psychology
648	Using Semantic Data for Penetration Testing : A Study on Utilizing Knowledge Graphs for Offensive Cybersecurity / Användning av Semantisk Teknologi för Sårbarhetstestning : En Studie för att Applicera Kunskapsgrafer för Offensiv Cybersäkerhet Wei, Björn January 2022 (has links) Cybersecurity is an expanding and prominent field in the IT industry. As the amount of vulnerabilities and breaches continue to increase, there is a need to properly test these systems for internal weaknesses in order to prevent intruders proactively. Penetration testing is the act of emulating an adversary in order to test a system’s behaviour. However, due to the amount of possible vulnerabilities and attack methods that exists, the prospect of efficiently choosing a viable weakness to test or selecting a fairly adequate attack method becomes a cumbersome task for the penetration tester. The main objective of this thesis is to explore and show how the semantic data concept of Knowledge Graphs can assist a penetration tester during decision-making and vulnerability analysis. Such as providing insight to attacks a system could experience based on a set of discovered vulnerabilities, and emulate these attacks in order to test the system. Additionally, design aspects for developing a Knowledge Graph based penetration testing system are made and discussions on challenges and complications for the combined fields are also addressed. In this work, three design proposals are made based on inspiration from Knowledge Graph standards and related work. A prototype is also created, based on a penetration testing tool for web applications, OWASP ZAP. Which is then connected to a vulnerability database in order to gain access to various cybersecurity related data, such as attack descriptions on specific types of vulnerabilities. The analysis of the implemented prototype illustrates that Knowledge Graphs display potential for improving data extracted from a vulnerability scan. By connecting a Knowledge Graph to a vulnerability database, penetration testers can extract information and receive suggestions of attacks, reducing their cognitive burden. The drawbacks of this works prototype indicate that in order for a Knowledge Graph penetration testing system to work, the method of extracting information needs to be interfaced in a more user-friendly manner. Additionally, the reliance on specific standardizations create the need to develop several integration modules. Semantic data penetration testing Knowledge Graphs vulnerability analysis threat modelling web application data analysis Computer Sciences Datavetenskap (datalogi)
649	Striving for group agency: threat to personal control increases the attractiveness of agentic groups Stollberg, Janine, Fritsche, Immo, Bäcker, Anna 12 August 2022 (has links) When their sense of personal control is threatened people try to restore perceived control through the social self. We propose that it is the perceived agency of ingroups that provides the self with a sense of control. In three experiments, we for the first time tested the hypothesis that threat to personal control increases the attractiveness of being part or joining those groups that are perceived as coherent entities engaging in coordinated group goal pursuit (agentic groups) but not of those groups whose agency is perceived to be low. Consistent with this hypothesis we found in Study 1 (N = 93) that threat to personal control increased ingroup identification only with task groups, but not with less agentic types of ingroups that were made salient simultaneously. Furthermore, personal control threat increased a sense of collective control and support within the task group, mediated through task-group identification (indirect effects). Turning to groups people are not (yet) part of, Study 2 (N = 47) showed that personal control threat increased relative attractiveness ratings of small groups as possible future ingroups only when the relative agency of small groups was perceived to be high. Perceived group homogeneity or social power did not moderate the effect. Study 3 (N = 78) replicated the moderating role of perceived group agency for attractiveness ratings of entitative groups, whereas perceived group status did not moderate the effect. These findings extend previous research on group-based control, showing that perceived agency accounts for group-based responses to threatened control. info:eu-repo/classification/ddc/150 ddc:150
650	Socialarbetares upplevelser av hot och våld : En narrativ studie / Social workers' experience of client violence : A narrative study Bornudd, Felicia, Bergqvist, Yasmine January 2022 (has links) The purpose of this narrative study is to highlight social workers' experiences of threats and violence within their profession, as well as the variety of resources to fend off, remedy and manage the risk of threats and violence. The present problem is how threats and violence are underreported, partly due to social workers' views on their own profession and a work climate that might not encourage reporting incidents. Previous studies have shown high prevalence of threats and violence within social work and consequences that follow, such as high levels of stress, leading to burnout. Other studies found that the fear of being exposed to threats and violence can result in self-censorship, thereby limiting autonomy and professional judgment. Through interviews we found that social workers had experienced violence and threats of different sorts, primarily verbal threats. The overall perception was of understanding nature due to injustice that many clients face, resulting in expressions of strong emotions. However, some social workers described their work as characterized by imminent threats, rather than fear of being exposed. The preventing resources provided at the workplace are described as mostly effective and fulfilling of its purpose, while others find that they create unnecessary distance between them and clients. The social workers perceive themselves as fairly prepared for violent or threatening situations, mainly through their education, but emphasize experience over any type of education. They also emphasize the support from colleagues and managers as valuable and important resources. By highlighting the narrative of social workers we hope to bring awareness to this issue and encourage an open dialogue. Client violence narrative resources social worker threat under-reporting Hot klientvåld narrativ resurser socialarbetare underrapportering Social Work Socialt arbete

Search results