Global ETD Search

311	Information Security Culture and Threat Perception : Comprehension and awareness of latent threats in organisational settings concerned with information security Lambe, Erik January 2018 (has links) A new challenge for organisations in the 21st century is how they should ensure information security in a time and environment where the widespread use of Information Communication Technologies (ICTs), such as smartphones, means that information has been made vulnerable in numerous new ways. Recent research on information security has focused on information security culture and how to successfully communicate security standards within an organisation. This study aims to examine how latent threats to information security are conceptualised and examined within an organisation in which information security is important. Since threats posed by ICTs are said to be latent, this study wishes to explore in what ways an inclusion of threat conceptualisation can have in understanding what constitutes an efficacious information security culture when the intention is to ensure information security. The study focuses on the Swedish armed forces, and compare how threats to information security posed by interaction with private ICTs are communicated in information security policies and how they are conceptualised by the members of the organisation. Through interviews conducted with service members, the findings of this study indicate that it is possible to successfully communicate the contents of information security policies without mandating the members of the organisation to read the sources themselves. Furthermore, the study identified a feature of information security culture, in this paper called supererogatory vigilance to threats to information security, which might be of interest for future studies in this area, since it offers adaptive protection to new threats to information security that goes beyond what the established sources protects against. Information security information security culture information security policy administration policy implementation latent threats ICT dynamic frame analysis Political Science Statsvetenskap
312	Cybersäkerhet - Forskning och industri, en fallstudie : Cybersäkerhetshot och lösningsförslag Lönnebo, Anton January 2018 (has links) Hot mot organisationers cybersäkerhet innebär stora risker för dessa. När organisationer drabbas av incidenter så som dataintrång kan de kostnader som följer av detta vara mycket höga. Tidigare forskning påvisar att forskning inom cybersäkerhet ofta brister i att utforska och förstå de utmaningar verksamheter ställs inför, med detta som motivering utforskar denna studie de lösningsförslag som relaterad forskning respektive cybersäkerhetsindustrin presenterar gällande de hot som omfattas av studien. Utifrån denna kartläggning förväntades studien att kunna bidra med att minska eventuella kunskapsluckor mellan forskningen och cybersäkerhetsindustrin ifall sådana påträffas. Denna studies frågeställning är; "Gällande de i uppsatsen studerade hoten, hur skiljer sig cybersäkerhetsindustrins lösningsförslag från de lösningar som presenteras i den vetenskapliga litteraturen?" Befintlig forskning gällande respektive hot studerades och sedan utfördes semistrukturerade intervjuer med personal från ett cybersäkerhetsföretag. Studiens resultat visar på många likheter och skillnader mellan de presenterade lösningsförslagen, identifierar en grupp relaterade bifynd och bidrar med förslag gällande vilka lösningsförslag som bör utredas ytterligare. cybersecurity threats solutions business continuity ciso cybersäkerhet hot lösningar kontinuitetsplanering ciso Information Systems, Social aspects
313	Towards a unified fraud management and digital forensic framework for mobile applications Bopape, Rudy Katlego 06 1900 (has links) Historically, progress in technology development has continually created new opportunities for criminal activities which, in turn, have triggered the need for the development of new security-sensitive systems. Organisations are now adopting mobile technologies for numerous applications to capitalise on the mobile revolution. They are now able to increase their operational efficiency as well as responsiveness and competitiveness and, most importantly, can now meet new, growing customers’ demands. However, although mobile technologies and applications present many new opportunities, they also present challenges. Threats to mobile phone applications are always on the rise and, therefore, compel organisations to invest money and time, among other technical controls, in an attempt to protect them from incurring losses. The computerisation of core activities (such as mobile banking in the banking industry, for example) has effectively exposed organisations to a host of complex fraud challenges that they have to deal with in addition to their core business of providing services to their end consumers. Fraudsters are able to use mobile devices to remotely access enterprise applications and subsequently perform fraudulent transactions. When this occurs, it is important to effectively investigate and manage the cause and findings, as well as to prevent any future similar attacks. Unfortunately, clients and consumers of these organisations are often ignorant of the risks to their assets and the consequences of the compromises that might occur. Organisations are therefore obliged, at least, to put in place measures that will not only minimise fraud but also be capable of detecting and preventing further similar incidents. The goal of this research was to develop a unified fraud management and digital forensic framework to improve the security of Information Technology (IT) processes and operations in organisations that make available mobile phone applications to their clients for business purposes. The research was motivated not only by the increasing reliance of organisations on mobile applications to service their customers but also by the fact that digital forensics and fraud management are often considered to be separate entities at an organisational level. This study proposes a unified approach to fraud management and digital forensic analysis to simultaneously manage and investigate fraud that occurs through the use of mobile phone applications. The unified Fraud Management and Digital Forensic (FMDF) framework is designed to (a) determine the suspicious degree of fraudulent transactions and (b) at the same time, to feed into a process that facilitates the investigation of incidents. A survey was conducted with subject matter experts in the banking environment. Data was generated through a participatory self-administered online questionnaire. Collected data was then presented, analysed and interpreted quantitatively and qualitatively. The study found that there was a general understanding of the common fraud management methodologies and approaches throughout the banking industry and the use thereof. However, while many of the respondents indicated that fraud detection was an integral part of their processes, they take a rather reactive approach when it comes to fraud management and digital forensics. Part of the reason for the reactive approach is that many investigations are conducted in silos, with no central knowledge repository where previous cases can be retrieved for comparative purposes. Therefore, confidentiality, integrity and availability of data are critical for continued business operations. To mitigate the pending risks, the study proposed a new way of thinking that combines both components of fraud management and digital forensics for an optimised approach to managing security in mobile applications. The research concluded that the unified FMDF approach was considered to be helpful and valuable to professionals who participated in the survey. Although the case study focused on the banking industry, the study appears to be instrumental in informing other types of organisations that make available the use of mobile applications for their clients in fraud risk awareness and risk management in general. / Computing / M. Sc. (Computing) Fraud management Digital forensics Mobile applications Mobile devices Threats Frameworks Process models Paradigms 005.35 Mobile apps Mobile device forensics Fraud -- Management Cell phone systems -- Security measures
314	Revisionsplikten - Byråernas förändrade utbud av tjänster Alstermark, Viktoria, Kopparmalms, Karin January 2012 (has links) Syfte: I november år 2010 avskaffas revisionsplikten i Sverige för mindre företag. Med den utgångspunkten grundar sig studien i att studera och identifiera de nya förutsättningarna på revisionsmarknaden efter att revisionsplikten avskaffats. Metod: Uppsatsen är inriktad i ett kvalitativt perspektiv. Empirin som samlats in via personliga intervjuer utgår från teori om revisionspliktens avskaffande, från Europanivå till den svenska lagen, för att sedan mynna ut i en analys och en slutsats. Resultat & slutsats: Undersökningen påvisar att såväl större som mindre revisionsbyråer har haft kundförluster, men bara i enstaka fall och har inte påverkat byråerna i någon större utsträckning. Studien är för tidigt ute för att se någon radikal förändring. / Aim: In November 2010, the audit is abolished for small businesses in Sweden. With that in consideration, this study will examine and identify the new conditions in the audit market after the audit requirement has been eliminated. The aim is to create an understanding of the effects that the legislative change has had on accounting firms. Method: The essay is based on a qualitative approach. The empirical data, which has been collected through personal interviews, are based on the theory of the audit abolishment, from a European level to the Swedish law, and then to culminate in an analysis and a conclusion. Result & Conclusions: The study proves that larger as well as smaller audit businesses have lost customers, but only in a few cases and has not affected the firms in any greater extent. The study has been conducted too soon to detect any radical changes. Audit liability auditing auditor economics finance small business threats and possibilities Revisionsplikt revision revisorn revisionsbyrå ekonomi småföretag hot och möjligheter Social Sciences Samhällsvetenskap
315	Rysslands politiska utveckling : En fallstudie över svensk säkerhetspolitik Lundqvist, Emelie January 2009 (has links) The Swedish security policy has changed from stressing neutrality to embrace co-operation within the EU and other organisations. New threats like terrorism, boarder-crossing criminality and natural disasters require new ways to deal with this type of problems to protect the society. Since the beginning of 21st century the high Russian economic growth has made it possible for the country to play an increasingly role as a superpower on the international political stage. In the same time the democratic development has been replaced by an autocratic rule which has obstructed the Russian- European relations. From a Swedish security policy view the Russian political development is of importance and the picture of Russian as a threat has changed from 1996 to 2008/09. 1996 there were an optimistic view of Russia and that it finally could integrate with the rest of Europe but in 2008/09 this as changed. Today Russian politics strive not to democracy and integration but to the role as a superpower and to gain influence in it’s near abroad. Russia politics development Sweden security policy EU emerging threats
316	Håll käften! Näthotet mot demokratin – en kvalitativ intervjustudie om näthatets konsekvenser för journalistiken / Shut up! The internet threat against democracy – a qualitative interview study on net hate and it's consequences for journalism Ekblom, Carl January 2013 (has links) The purpose of this essay is to study the consequences of the swedish concept ”näthat” (hate on the internet hate), similar to the english hate speech, against swedish journalists and it's consequences for journalism as a whole in a democracy. How does it affect swedish journalists to have sensitive information about themselves and their families on public websites? How does threats from anonymous people affect them? The study focus on the work ethics of journalism and it's function in a democratic society, how net hate affects it, and what consequences net hate may have on democracy. The method of choice is a qualitative interview study, where the results from the interviews were analyzed against the theoretical science. The following people were chosen for the interviews: Helena Giertta, editor in chief at the newspaper Journalisten, Björn Wiman, head of culture at the newspaper Dagens Nyheter, Ann Persson, reporter at Dagens Nyheter, Johan Everljung, legally responsible publisher at the Swedish Television in Umeå, and Josefine Holgersson, reporter at the Swedish Television in Umeå. In short: The study concludes that net hate is a big threat against journalism, in the sense that it can, and is, being used as a tool to silent journalists and sources that speaks about sensitive subjects as feminism, immigrants and related matters. It is also clear that some groups are more frequently using it, such as xenophobic groups. The problem is therefore that many people, at the risk of being subject of net hate, decide not to participate in neither the public conversations in society or as sources in the media. As a consequence, some matters will not be featured and reported on, and that is very problematic not only for journalism as a whole, but also for democracy. / Syftet med uppsatsen var att undersöka vilka konsekvenser så kallat ”näthat”, har på journalistiken: Hur påverkas journalister av att bli uthängda och hotade av anonyma? Vad får det för konsekvenser för journalistiken? Tyngdpunkten i undersökningen ligger på den journalistiska yrkesrollen i en samhällelig kontext, hur den påverkas av näthat, vad näthatet kan få för konsekvenser för demokratin och även att problematisera och studera begreppet näthat. Metodologiskt bygger studien på en kvalitativ intervjustudie där resultaten ska jämföras med, och analyseras mot, normativ teori i form av befintlig litteratur och empirisk forskning. För att få svar på studiens frågeställningar valdes fem informanter ut genom strategiskt och snöbollsurval efter sin yrkesmässiga relevans. Valda informanter var Helena Giertta, chefredaktör på tidningen Journalisten, Björn Wiman, kulturchef på Dagens Nyheter, Ann Persson, nyhetsreporter på DN, Johan Everljung, ansvarig utgivare på SVT i Umeå och Josefine Holgersson, nyhetsreporter på SVT i Umeå. Med hjälp av materialet (intervjuer, och litteratur) ville studien ge en bild av hur näthatet påverkar journalistiken och journalisters yrkesutövande. Kortfattat kom studien fram till att hot och hat på nätet är ett stort problem för journalistiken och det kan få stora konsekvenser för demokratin. Näthat används som ett verktyg för att tysta journalister och källor som vissa grupper (oftast främlingsfientliga) ogillar. Det är tydligt att vissa ämnen som ”feminism”, ”invandrare” och ”flyktingar” är extra känsliga och ofta generar näthat. Att det dessutom ofta är redan utsatta grupper som påverkas (exempelvis kvinnor och flyktingar) gör problemet ännu allvarligare då det kan leda till att dessa än mer utesluts eller väljer att inte medverka i det offentliga samtalet, vilket urholkar journalistikens demokratiuppdrag: att förmedla information, vara ett forum för debatt och diskussion, kommentera samhällsskeenden och granska politiken. Net hate hate speech threats against journalist journalism journalism ethics journalists democracy net crimes Näthat journalistik journalister demokrati hate speech nätbrott Media Studies Medievetenskap
317	O uso de ameaças como estratégia argumentativa em audiências do PROCON Santos, Rogéria Tarocco dos 18 April 2018 (has links) Submitted by Geandra Rodrigues (geandrar@gmail.com) on 2018-07-26T11:53:31Z No. of bitstreams: 1 rogeriataroccodossantos.pdf: 2125003 bytes, checksum: 7a863de42d7c4e833f0f2b5f2f710d20 (MD5) / Approved for entry into archive by Adriana Oliveira (adriana.oliveira@ufjf.edu.br) on 2018-07-26T13:53:35Z (GMT) No. of bitstreams: 1 rogeriataroccodossantos.pdf: 2125003 bytes, checksum: 7a863de42d7c4e833f0f2b5f2f710d20 (MD5) / Made available in DSpace on 2018-07-26T13:53:35Z (GMT). No. of bitstreams: 1 rogeriataroccodossantos.pdf: 2125003 bytes, checksum: 7a863de42d7c4e833f0f2b5f2f710d20 (MD5) Previous issue date: 2018-04-18 / O presente trabalho tem como objetivo de pesquisa investigar o uso de ameaças em contexto de conflito, mais especificamente, em audiências de conciliação do PROCON. Essas audiências são caracterizadas pela tentativa de formulação de um acordo entre consumidor (reclamante) e fornecedor de bens ou serviços (reclamado) e são mediadas por um representante do órgão (conciliador). Nesta situação institucional, o fato de o reclamante e o reclamado possuírem posições diferentes acerca da reclamação gera um embate de ideias no qual cada participante busca sustentar seu ponto de vista por meio de argumentos. Para análise, selecionamos cinco audiências intituladas: Ok veículos, Rui Pedreiro, Banco Previdência, Banco Sul e Brasimac, estas foram gravadas em áudio e transcritas de acordo com as convenções da Análise da Conversa. Todas as audiências pertencem ao acervo do projeto ―O papel da avaliação na argumentação em situações de conflito‖, coordenado pela Profª. Drª. Amitza Torres Vieira na Universidade Federal de Juiz de Fora. Com base nos estudos clássicos da Argumentação (ARISTÓTELES, 1978; TOULMIN, 1958; PERELMAN & OLBRECHTS-TYTECA, 1996 [1958] e GARCIA, 1978) e também em estudos interacionais (SCHIFFRIN, 1987; GILLE, 2000; VIEIRA, 2003; 2007 e BARLETTA, 2014), este estudo buscou investigar o uso de ameaças para fins argumentativos em contextos institucionais. Para analisar as ameaças, utilizamos como aporte teórico as postulações de Salgueiro (2010) e Gales (2015). A análise do presente estudo é de natureza qualitativa e interpretativa (DENZIN e LINCOLN, 2006), com base em dados reais de fala, transcritos segundo as convenções do modelo Jefferson. Os resultados mostram que quando cada parte sustenta seu ponto de vista e não se mostra disposta à formulação do acordo, a ameaça pode ser utilizada como recurso argumentativo a fim de estabelecer a resolução do conflito. Embora as ameaças sejam produzidas com a intenção de persuadir, só são aceitas quando o interlocutor avalia seu conteúdo como prejudicial. Além disso, o tipo de ameaça produzido também interfere na aceitação destas. / The purpose of this paper is to investigate the use of threats in the conflict context, more specifically, in conciliation hearings of PROCON. These hearings are characterized by the attempt to formulate an agreement between consumer (complainant) and supplier of goods or services (defendant) and are mediated by a representative of the institution (conciliator). In this institutional situation, the fact that the complainant and the defendant have different positions on the complaint generates a clash of ideas in which each participant tries to support his point of view by means of arguments. For analysis, we selected five audiences entitled: Ok vehicles, Rui Pedreiro, Banco Previdência, Banco Sul and Brasimac, these were recorded in audio and transcribed according to the conventions of the Conversation Analysis. All the hearings belong to the data of the project "The role of the evaluation in the argumentation in conflict situations", coordinated by Drª. Amitza Torres Vieira at the Federal University of Juiz de Fora. Based on the classical studies of Argumentation (Aristotle, 1978, Toulmin, 1958, Perelman & Olbrechts-Tyteca, 1996 [1958] and GARCIA, 1978) and also in inter-disciplinary studies (SCHIFFRIN, 1987; GILLE, 2000; VIEIRA, 2003; BARLETTA, 2014), this study sought to investigate the use of threats for argumentative purposes in institutional contexts. In order to analyze the threats, we use as a theoretical contribution the claims of Salgueiro (2010) and Wales (2015). The analysis of the present study is qualitative and interpretive (DENZIN and LINCOLN, 2006), based on real speech data, transcribed according to the conventions of the Jefferson‘s model. The results show that when each part sustains its point of view and does not have willingness to formulate the agreement, the threat can be used as an argumentative resource in order to resolve the conflict. Although threats are produced with the intention of persuading, they are only accepted when the interlocutor evaluates its content as harmful. Moreover, the type of threat produced also interferes in its acceptance. Ameaças Argumentação Movimentos argumentativos Situação de conflito Audiências de conciliação Threats Argumentation Argumentative argument Conflict situation Conciliation hearings
318	Virtualization Security Threat Forensic and Environment Safeguarding Zahedi, Saed January 2014 (has links) The advent of virtualization technologies has evolved the IT infrastructure and organizations are migrating to virtual platforms. Virtualization is also the foundation for cloud platform services. Virtualization is known to provide more security into the infrastructure apart from agility and flexibility. However security aspects of virtualization are often overlooked. Various attacks to the virtualization hypervisor and its administration component are desirable for adversaries. The threats to virtualization must be rigorously scrutinized to realize common breaches and knowing what is more attractive for attackers. In this thesis a current state of perimeter and operational threats along with taxonomy of virtualization security threats is provided. The common attacks based on vulnerability database are investigated. A distribution of the virtualization software vulnerabilities, mapped to the taxonomy is visualized. The famous industry best practices and standards are introduced and key features of each one are presented for safeguarding the virtualization environments. A discussion of other possible approaches to investigate the severity of threats based on automatic systems is presented. Virtualization security virtual machine threats virtualization architecture Virtualization threat taxonomy virtualization threat trends Common Vulnerabilities of virtualization Virtualization best practices virtualization standards Computer Sciences Datavetenskap (datalogi)
319	Security in VoIP-Current Situation and Necessary Development Gao, Li Li January 2006 (has links) Nowadays, VoIP is getting more and more popular. It helps company to reduce cost, extends service to remote area, produce more service opportunities, etc. Besides these advantages, VoIP also put forward security problems. In this paper, we introduce the popular protocols in VoIP and their security mechanisms, by introducing threats to VoIP, we point out the vulnerabilities with the security mechanisms of each VoIP protocol, and give recommendation for each VoIP protocol. In the conclusion part, we evaluate the vulnerabilities of each protocol, and point out in the future, with better protocol architecture, enhanced security policies, VoIP will has a brighter future. VoIP Security MGCP threats risk IPSec Hash encryption. VoIP vulnerability VoIP protocols H.323. SIP RTP RTCP Computer Sciences Datavetenskap (datalogi)
320	Threats in Information Security : Beyond technical solutions. - Using Threat Tree Analysis / Hot mot Informationssäkerhet : Bortom tekniska lösningar. - Använda Hotträdsanalys Olandersson, Sandra, Fredsson, Jeanette January 2001 (has links) To be able to protect an organisation's resources, it is important to understand what there is to protect and what to protect it from. The first step is to try to analyse the security threats that exist against an organisation's resources to explore the risks. Threats have to be identified, for the organisation to protect its resources and find where the optimal placement against threats is. This thesis analysis whether it is possible to obtain a Threat Tree Analysis that is useful for developing an information security policy for the municipality in Ronneby, using the SS 62 77 99-1 standard. A co-operation between the technical solutions and the administrative security is necessary to achieve information security, together with ordinary common sense. True, each of these can help improve security, but none of them is a complete solution. Security is not a product - it is a process. Threat trees form the basis of understanding that process. In this thesis, we have been using a qualitative method. The analysis method is a case study at the Social Department, at the municipality in Ronneby. Through interviews it has come us to hand, that the organisation has not established an information security policy which should give the code of practice for how the work of information security will pursue within the organisation. The organisation does neither use a model for structuring threats nor a method for collecting threats against information today. Through the structure of possible threats, the personnel generates an understanding of the organisation and takes active part finding adequate threats within the Social Department. As users understand the importance of security, how to use it, and where to report suspected violations, they can do a great deal to reduce the risk to loose information. Important to remember is that the education is an ongoing process, new users need training and trained users need reminding, especially when new technologies or processes are introduced. Thus, Threat Tree Analysis is useful for continuing towards developing an information security policy according to SS 62 77 99-1 standard. / För att kunna skydda en organisations resurser är det viktigt att förstå vad organisationen behöver skydda och vad den ska skydda det ifrån. Det första steget är att analysera hot mot organisationens resurser för att uppskatta riskerna. Hot måste identifieras för att organisationen ska kunna skydda sina resurser och hitta den optimala placeringen av åtgärder mot hot. Denna uppsatsen undersöker om det är möjligt att skapa en hotträdsanalys som är användbar för skapandet av en informationssäkerhetspolicy för Ronneby kommun, genom att använda standarden SS 62 77 99-1. Vi betonar i uppsatsen att ett samarbete mellan existerande tekniska lösningar och administrativ säkerhet är nödvändigt för att uppnå informationssäkerhet. Visst kan var och en av dessa hjälpa till att förbättra säkerheten, men ingen av dem är ensam den kompletta lösningen. Säkerhet är inte en produkt - det är en process. Hotträd formar grunden för en förståelse av den processen. I denna uppsats har vi använt en kvalitativ metod. Analysmetoden är en fallstudie på Socialförvaltningen i Ronneby kommun. Genom intervjuer har vi fått fram att organisationen inte har etablerat en informationssäkerhetspolicy, vilken ska ge riktlinjer för hur säkerhetsarbetet ska fullföljas inom organisationen. Organisationen använder varken en modell för att identifiera hot mot information eller en metod för att strukturera hoten. Genom strukturen av möjliga hot, genererar personalen en förståelse för organisationen och tar aktivt del i att identifiera hot mot Socialförvaltningen. Detta medför att alla användare förstår hur viktigt det är med säkerhet, vart de ska rapportera misstänkta händelser och de kan göra mycket för att minska risken att förlora information. Det är viktigt att komma ihåg att utbildning är en pågående process, nya användare behöver utbildning och utbildade användare behöver vidareutbildning, speciellt när nya tekniker eller processer introduceras. Därför är hotträdsanalysen en användbar modell för arbetet mot att skapa en informationssäkerhetspolicy enligt standarden SS 62 77 99-1. / Sandra Olandersson Blåbärsvägen 27 372 38 RONNEBY 0457 / 12084 Jeanette Fredsson Villa Viola 372 36 RONNEBY 0457 / 26616 Information security Administrative security Information technology security Resources Vulnerability Security awareness Risk assessments Threats Threat tree analysis Information security policy Computer Sciences Datavetenskap (datalogi)

Search results