You searched for subject:(Information Security).
Showing records 1 – 30 of
2050 total matches.
◁ [1] [2] [3] [4] [5] … [69] ▶
University of Nairobi
1.
Mulievi, Amos M.
Information security policy framework for a manufacturing firm
.
Degree: 2009, University of Nairobi
URL: http://erepository.uonbi.ac.ke:8080/xmlui/handle/123456789/21667 
► Information and the supporting processes, systems, and networks are important business assets. Defining, achieving, maintaining, and improving information security is essential to maintain competitive edge,…
(more)
▼ Information and the supporting processes, systems, and networks are important business assets.
Defining, achieving, maintaining, and improving information security is essential to maintain
competitive edge, cashflow, profitability, legal compliance, and commercial image.
Information Security Policy is necessary to provide management direction and support for
information security in accordance with business requirements and relevant laws and
regulations. Management should set a clear policy direction in line with business objectives and
demonstrate support for, and commitment to, information security through the issue and
maintenance of an information security policy across the organization.
Organizations and their information systems and networks arefaced with security threatsfrom a
wide range of sources, including computer-assisted fraud, espionage, sabotage, vandalism, fire
or.flood. Damages caused by events such as malicious code, computer hacking, and denial of
service attacks have become more common, more ambitious, and increasingly sophisticated.
Information security should protect the interests of those relying on information, and the systems
and communications that deliver the information, from harm resulting infailures of availability,
confidentiality, integrity, authenticity, and non-repudiation.
The objective of this research project was to define and develop an Information Security Policy
Framework that is representative of the Kenyan manufacturing setup. The research involved
~valuation of a number of Information Security models; to design a framework that can be
adapted, customized and extended to address all areas of an organization. ISO/IEC 27002: 2005
Information Security model was used to ensure a more comprehensive security framework that is
representative and complete.
This research project also identified gaps in the existing local and global standards by carrying
out a detailed gap analysis to design a security policy framework that addresses all security
requirements of an organization. It also recommended implementation and maintenance
procedures that will ensure that security policyframeworks are complete, practical and effective.
Subjects/Keywords: Information Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Mulievi, A. M. (2009). Information security policy framework for a manufacturing firm
. (Thesis). University of Nairobi. Retrieved from http://erepository.uonbi.ac.ke:8080/xmlui/handle/123456789/21667
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Mulievi, Amos M. “Information security policy framework for a manufacturing firm
.” 2009. Thesis, University of Nairobi. Accessed February 26, 2021.
http://erepository.uonbi.ac.ke:8080/xmlui/handle/123456789/21667.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Mulievi, Amos M. “Information security policy framework for a manufacturing firm
.” 2009. Web. 26 Feb 2021.
Vancouver:
Mulievi AM. Information security policy framework for a manufacturing firm
. [Internet] [Thesis]. University of Nairobi; 2009. [cited 2021 Feb 26].
Available from: http://erepository.uonbi.ac.ke:8080/xmlui/handle/123456789/21667.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Mulievi AM. Information security policy framework for a manufacturing firm
. [Thesis]. University of Nairobi; 2009. Available from: http://erepository.uonbi.ac.ke:8080/xmlui/handle/123456789/21667
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
2.
Aljuhani, Ahamed.
Mitigation of Application Layer DDoS Flood Attack Against Web Servers.
Degree: 2020, The Catholic University of America
URL: http://hdl.handle.net/1961/cuislandora:213981
► The application-layer distributed denial of service (App-DDoS) attack is one of the most menacing types of cyberattacks that circumvent web servers. As attackers have developed…
(more)
▼ The application-layer distributed denial of service (App-DDoS) attack is one of the most menacing types of cyberattacks that circumvent web servers. As attackers have developed different techniques and methods, preventing App-DDoS attacks has become more difficult. A commonly targeted protocol in the application layer is the HTTP-GET flooding attack, where the attacker sends a large number of HTTP-GET requests from multiple infected devices, forcing the server to devote all available resources responding to all the requests. This attack exhausts the server’s resources and denies service to legitimate users. App-DDoS attacks are extremely costly in terms of resource exhaustion, affecting intended clients’ quality of service (QoS). The current range of defense mechanisms against App-DDoS attacks have several limitations, which include slow and delayed attack detection, increased computation load, and reduced hardware computational capacity.The aim of this research is to design and develop an App-DDoS attack detection and mitigation approach to defend web servers against such attacks. We develop a holistic DDoS mitigation framework to detect and mitigate all types of DDoS attacks. Our general defense model has four main components: a screener, policy control, a resource monitoring protocol, and a reporting module. These components interact during screening and security service stages to achieve robust mitigation of various types of DDoS attacks. Based on this general defense model, we derive a new specific scheme to detect and mitigate App-DDoS attacks at an early stage, ensuring the App-DDoS attacks will not degrade the QoS for legitimate users. Our defense system employs three principle modes: normal, screening, and suspicious. The defense scheme transits between these modes, based on the server load. The detection method employs machine learning (ML) techniques during the screening mode, improving detection of App-DDoS attacks. Our defense system is designed to automatically defeat App-DDoS attacks; every action is logged into the reporting module. We evaluate our defense system by testing its performance under different attack scenarios. The experimental results demonstrate our defense system is effective against App-DDoS attacks. This research seeks to help service providers reduce the risk of being a victim of App-DDoS attacks. Also, this research opens new perspectives in academic and industrial research to build and develop mechanisms based on our proposed model.
Computer science
Information security
Electrical Engineering and Computer Science
Degree Awarded: D.Engr. Electrical Engineering and Computer Science. The Catholic University of America
Advisors/Committee Members: The Catholic University of America (Degree granting institution), Taylor, Bradley (Thesis advisor), Nehmetallah, Georges (Committee member), Hang, Liu (Committee member), Al–Hammoshi, Mayyada (Committee member).
Subjects/Keywords: Information security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Aljuhani, A. (2020). Mitigation of Application Layer DDoS Flood Attack Against Web Servers. (Thesis). The Catholic University of America. Retrieved from http://hdl.handle.net/1961/cuislandora:213981
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Aljuhani, Ahamed. “Mitigation of Application Layer DDoS Flood Attack Against Web Servers.” 2020. Thesis, The Catholic University of America. Accessed February 26, 2021.
http://hdl.handle.net/1961/cuislandora:213981.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Aljuhani, Ahamed. “Mitigation of Application Layer DDoS Flood Attack Against Web Servers.” 2020. Web. 26 Feb 2021.
Vancouver:
Aljuhani A. Mitigation of Application Layer DDoS Flood Attack Against Web Servers. [Internet] [Thesis]. The Catholic University of America; 2020. [cited 2021 Feb 26].
Available from: http://hdl.handle.net/1961/cuislandora:213981.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Aljuhani A. Mitigation of Application Layer DDoS Flood Attack Against Web Servers. [Thesis]. The Catholic University of America; 2020. Available from: http://hdl.handle.net/1961/cuislandora:213981
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of North Florida
3.
Garrett, Keith.
Vulnerabililty Analysis of Multi-Factor Authentication Protocols.
Degree: 2016, University of North Florida
URL: https://digitalcommons.unf.edu/etd/715
► In this thesis, the author hypothesizes that the use of computationally intensive mathematical operations in password authentication protocols can lead to security vulnerabilities in those…
(more)
▼ In this thesis, the author hypothesizes that the use of computationally intensive mathematical operations in password authentication protocols can lead to security vulnerabilities in those protocols. In order to test this hypothesis: 1. A generalized algorithm for cryptanalysis was formulated to perform a clogging attack (a formof denial of service) on protocols that use computationally intensive modular exponentiation to guarantee security. 2. This technique was then applied to cryptanalyze four recent password authentication protocols, to determine their susceptibility to the clogging attack. The protocols analyzed in this thesis differ in their usage of factors (smart cards, memory drives, etc.) or their method of communication (encryption, nonces, timestamps, etc.). Their similarity lies in their use of computationally intensivemodular exponentiation as amediumof authentication. It is concluded that the strengths of all the protocols studied in this thesis can be combined tomake each of the protocols secure from the clogging attack. The conclusion is supported by designing countermeasures for each protocol against the clogging attack.
Subjects/Keywords: clogging attack security; Information Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Garrett, K. (2016). Vulnerabililty Analysis of Multi-Factor Authentication Protocols. (Thesis). University of North Florida. Retrieved from https://digitalcommons.unf.edu/etd/715
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Garrett, Keith. “Vulnerabililty Analysis of Multi-Factor Authentication Protocols.” 2016. Thesis, University of North Florida. Accessed February 26, 2021.
https://digitalcommons.unf.edu/etd/715.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Garrett, Keith. “Vulnerabililty Analysis of Multi-Factor Authentication Protocols.” 2016. Web. 26 Feb 2021.
Vancouver:
Garrett K. Vulnerabililty Analysis of Multi-Factor Authentication Protocols. [Internet] [Thesis]. University of North Florida; 2016. [cited 2021 Feb 26].
Available from: https://digitalcommons.unf.edu/etd/715.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Garrett K. Vulnerabililty Analysis of Multi-Factor Authentication Protocols. [Thesis]. University of North Florida; 2016. Available from: https://digitalcommons.unf.edu/etd/715
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
4.
Peng, Jinghui.
Secure covert communications over streaming media using dynamic steganography.
Degree: PhD, 2020, University of West London
URL: http://repository.uwl.ac.uk/id/eprint/6943/
;
https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.805261
► Streaming technologies such as VoIP are widely embedded into commercial and industrial applications, so it is imperative to address data security issues before the problems…
(more)
▼ Streaming technologies such as VoIP are widely embedded into commercial and industrial applications, so it is imperative to address data security issues before the problems get really serious. This thesis describes a theoretical and experimental investigation of secure covert communications over streaming media using dynamic steganography. A covert VoIP communications system was developed in C++ to enable the implementation of the work being carried out. A new information theoretical model of secure covert communications over streaming media was constructed to depict the security scenarios in streaming media-based steganographic systems with passive attacks. The model involves a stochastic process that models an information source for covert VoIP communications and the theory of hypothesis testing that analyses the adversary‘s detection performance. The potential of hardware-based true random key generation and chaotic interval selection for innovative applications in covert VoIP communications was explored. Using the read time stamp counter of CPU as an entropy source was designed to generate true random numbers as secret keys for streaming media steganography. A novel interval selection algorithm was devised to choose randomly data embedding locations in VoIP streams using random sequences generated from achaotic process. A dynamic key updating and transmission based steganographic algorithm that includes a one-way cryptographical accumulator integrated into dynamic key exchange for covert VoIP communications, was devised to provide secure key exchange for covert communications over streaming media. The discrete logarithm problem in mathematics and steganalysis using t-test revealed the algorithm has the advantage of being the most solid method of key distribution over a public channel. The effectiveness of the new steganographic algorithm for covert communications over streaming media was examined by means of security analysis, steganalysis using non parameter Mann-Whitney-Wilcoxon statistical testing, and performance and robustness measurements. The algorithm achieved the average data embedding rate of 800 bps, comparable to other related algorithms. The results indicated that the algorithm has no or little impact on real-time VoIP communications in terms of speech quality (< 5% change in PESQ with hidden data), signal distortion (6% change in SNR after steganography) and imperceptibility, and it is more secure and effective in addressing the security problems than other related algorithms.
Subjects/Keywords: Cyber security; Information security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Peng, J. (2020). Secure covert communications over streaming media using dynamic steganography. (Doctoral Dissertation). University of West London. Retrieved from http://repository.uwl.ac.uk/id/eprint/6943/ ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.805261
Chicago Manual of Style (16th Edition):
Peng, Jinghui. “Secure covert communications over streaming media using dynamic steganography.” 2020. Doctoral Dissertation, University of West London. Accessed February 26, 2021.
http://repository.uwl.ac.uk/id/eprint/6943/ ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.805261.
MLA Handbook (7th Edition):
Peng, Jinghui. “Secure covert communications over streaming media using dynamic steganography.” 2020. Web. 26 Feb 2021.
Vancouver:
Peng J. Secure covert communications over streaming media using dynamic steganography. [Internet] [Doctoral dissertation]. University of West London; 2020. [cited 2021 Feb 26].
Available from: http://repository.uwl.ac.uk/id/eprint/6943/ ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.805261.
Council of Science Editors:
Peng J. Secure covert communications over streaming media using dynamic steganography. [Doctoral Dissertation]. University of West London; 2020. Available from: http://repository.uwl.ac.uk/id/eprint/6943/ ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.805261
University of Wollongong
5.
Saad Alarifi, Abdulaziz.
Assessing and mitigating information security
risk in Saudi Arabia.
Degree: Doctor of
Philosophy, 2013, University of Wollongong
URL: 0806
INFORMATION
SYSTEMS,
080609
Information
Systems
Management
;
https://ro.uow.edu.au/theses/4317
► While the Web, cell phone ‘apps’ and cloud computing put a world of information at our fingertips, that information is under constant threat from…
(more)
▼ While the Web, cell
phone ‘apps’ and cloud computing put a world of
information at our fingertips, that information is under
constant threat from cyber vandals and hackers. This
thesis examines the level of Information Security
Awareness (ISA) among the general public and Information
Security (InfoSec) practices among IT departments in
organizations in Saudi Arabia. This examination was
conducted using an online survey that was based on
instruments produced by organizations specializing in
information security, such as the Malaysian Cyber
Security Organization, the Excellence of Information
Assurance Centre, and Alelm organization in Saudi Arabia.
Due to cultural constraints, it would ordinarily be
difficult to gather data from female respondents in Saudi
Arabia, however, the use of an online survey helped to
collect the data successfully. The ISA survey attracted
462 respondents from the general public and the InfoSec
survey attracted 124 respondent organizations. Results
indicated that information security awareness and
practices in Saudi Arabia are quite low. Several of the
areas of weakness in InfoSec appear to be related to the
level of censorship or the patriarchal and tribal nature
of Saudi culture. A new information security model
(InfoSec CAP) has been designed based on the findings of
the research results. This model provides appropriate
solutions and improvements for ISA and InfoSec practices
in Saudi Arabia. It will also help embed the identified
concepts in information security practice
globally.
Subjects/Keywords: information security; information security awareness; information systems; information security management
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Saad Alarifi, A. (2013). Assessing and mitigating information security
risk in Saudi Arabia. (Doctoral Dissertation). University of Wollongong. Retrieved from 0806 INFORMATION SYSTEMS, 080609 Information Systems Management ; https://ro.uow.edu.au/theses/4317
Chicago Manual of Style (16th Edition):
Saad Alarifi, Abdulaziz. “Assessing and mitigating information security
risk in Saudi Arabia.” 2013. Doctoral Dissertation, University of Wollongong. Accessed February 26, 2021.
0806 INFORMATION SYSTEMS, 080609 Information Systems Management ; https://ro.uow.edu.au/theses/4317.
MLA Handbook (7th Edition):
Saad Alarifi, Abdulaziz. “Assessing and mitigating information security
risk in Saudi Arabia.” 2013. Web. 26 Feb 2021.
Vancouver:
Saad Alarifi A. Assessing and mitigating information security
risk in Saudi Arabia. [Internet] [Doctoral dissertation]. University of Wollongong; 2013. [cited 2021 Feb 26].
Available from: 0806 INFORMATION SYSTEMS, 080609 Information Systems Management ; https://ro.uow.edu.au/theses/4317.
Council of Science Editors:
Saad Alarifi A. Assessing and mitigating information security
risk in Saudi Arabia. [Doctoral Dissertation]. University of Wollongong; 2013. Available from: 0806 INFORMATION SYSTEMS, 080609 Information Systems Management ; https://ro.uow.edu.au/theses/4317
University of Colorado
6.
Dixon, Bryan Charles.
Exploring Low Profile Techniques for Malicious Code Detection on Smartphones.
Degree: PhD, Computer Science, 2013, University of Colorado
URL: https://scholar.colorado.edu/csci_gradetds/69
► In recent years there has been a growing number of viruses, rootkits, and malware designed to gain access to system resources and information stored…
(more)
▼ In recent years there has been a growing number of viruses, rootkits, and malware designed to gain access to system resources and
information stored on smartphones. Most current approaches for detecting this malicious code have detrimental impacts on the user in terms of reduced functionality, slower network speeds, or loss of battery life. This work presents a number of approaches that have a minimal impact on the user but offer successful detection of potential malicious code on the smartphone. We do this primarily by focusing on anomalous power use as a method for detecting the presence of malicious code. This work also introduces ways to fine-tune the process by establishing a normal profile of power usage for each user, which increases the rate of malware detection.
Advisors/Committee Members: Shivakant Mishra, Richard Han, Qin Lv, John Black, Eric Keller.
Subjects/Keywords: Mobile Security; Security; Computer Sciences; Information Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Dixon, B. C. (2013). Exploring Low Profile Techniques for Malicious Code Detection on Smartphones. (Doctoral Dissertation). University of Colorado. Retrieved from https://scholar.colorado.edu/csci_gradetds/69
Chicago Manual of Style (16th Edition):
Dixon, Bryan Charles. “Exploring Low Profile Techniques for Malicious Code Detection on Smartphones.” 2013. Doctoral Dissertation, University of Colorado. Accessed February 26, 2021.
https://scholar.colorado.edu/csci_gradetds/69.
MLA Handbook (7th Edition):
Dixon, Bryan Charles. “Exploring Low Profile Techniques for Malicious Code Detection on Smartphones.” 2013. Web. 26 Feb 2021.
Vancouver:
Dixon BC. Exploring Low Profile Techniques for Malicious Code Detection on Smartphones. [Internet] [Doctoral dissertation]. University of Colorado; 2013. [cited 2021 Feb 26].
Available from: https://scholar.colorado.edu/csci_gradetds/69.
Council of Science Editors:
Dixon BC. Exploring Low Profile Techniques for Malicious Code Detection on Smartphones. [Doctoral Dissertation]. University of Colorado; 2013. Available from: https://scholar.colorado.edu/csci_gradetds/69
University of Plymouth
7.
Talib, Shuhaili.
Personalising information security education.
Degree: PhD, 2014, University of Plymouth
URL: http://hdl.handle.net/10026.1/2896
► Whilst technological solutions go a long way in providing protection for users online, it has been long understood that the individual also plays a pivotal…
(more)
▼ Whilst technological solutions go a long way in providing protection for users online, it has been long understood that the individual also plays a pivotal role. Even with the best of protection, an ill-informed person can effectively remove any protection the control might provide. Information security awareness is therefore imperative to ensure a population is well educated with respect to the threats that exist to one’s electronic information, and how to better protect oneself. Current information security awareness strategies are arguably lacking in their ability to provide a robust and personalised approach to educating users, opting for a blanket, one-size-fits-all solution. This research focuses upon achieving a better understanding of the information security awareness domain; appreciating the requirements such a system would need; and importantly, drawing upon established learning paradigms in seeking to design an effective personalised information security education. A survey was undertaken to better understand how people currently learn about information security. It focussed primarily upon employees of organisations, but also examined the relationship between work and home environments and security practice. The survey also focussed upon understanding how people learn and their preferences for styles of learning. The results established that some good work was being undertaken by organisations in terms of security awareness, and that respondents benefited from such training – both in their workplace and also at home – with a positive relationship between learning at the workplace and practise at home. The survey highlighted one key aspect for both the training provided and the respondents’ preference for learning styles. It varies. It is also clear, that it was difficult to establish the effectiveness of such training and the impact upon practice. The research, after establishing experimentally that personalised learning was a viable approach, proceeded to develop a model for information security awareness that utilised the already successful field of pedagogy and individualised learning. The resulting novel framework “Personalising Information Security Education (PISE)” is proposed. The framework is a holistic approach to solving the problem of information security awareness that can be applied both in the workplace environment and as a tool for the general public. It does not focus upon what is taught, but rather, puts into place the processes to enable an individual to develop their own information security personalised learning plan and to measure their progress through the learning experience.
Subjects/Keywords: 005.8; Information security awareness; Information security education
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Talib, S. (2014). Personalising information security education. (Doctoral Dissertation). University of Plymouth. Retrieved from http://hdl.handle.net/10026.1/2896
Chicago Manual of Style (16th Edition):
Talib, Shuhaili. “Personalising information security education.” 2014. Doctoral Dissertation, University of Plymouth. Accessed February 26, 2021.
http://hdl.handle.net/10026.1/2896.
MLA Handbook (7th Edition):
Talib, Shuhaili. “Personalising information security education.” 2014. Web. 26 Feb 2021.
Vancouver:
Talib S. Personalising information security education. [Internet] [Doctoral dissertation]. University of Plymouth; 2014. [cited 2021 Feb 26].
Available from: http://hdl.handle.net/10026.1/2896.
Council of Science Editors:
Talib S. Personalising information security education. [Doctoral Dissertation]. University of Plymouth; 2014. Available from: http://hdl.handle.net/10026.1/2896
8.
Kirkham, Andrew Nicholas.
Evaluating the Gasday Security Policy Through Penetration Testing and Application of the Nist Cybersecurity Framework.
Degree: 2016, Marquette University
URL: https://epublications.marquette.edu/theses_open/342
► This thesis explores cybersecurity from the perspective of the Marquette University GasDay lab. We analyze three different areas of cybersecurity in three independent chapters. Our…
(more)
▼ This thesis explores cybersecurity from the perspective of the Marquette University GasDay lab. We analyze three different areas of cybersecurity in three independent chapters. Our goal is to improve the cybersecurity capabilities of GasDay, Marquette University, and the natural gas industry. We present network penetration testing as a process of attempting to gain access to resources of GasDay without prior knowledge of any valid credentials. We discuss our method of identifying potential targets using industry standard reconnaissance methods. We outline the process of attempting to gain access to these targets using automated tools and manual exploit creation. We propose several solutions to those targets successfully exploited and recommendations for others. Next, we discuss GasDay Web and techniques to validate the
security of a web-based GasDay software product. We use a form of penetration testing specifically targeted for a website. We demonstrate several vulnerabilities that are able to cripple the availability of the website and recommendations to mitigate these vulnerabilities. We then present the results of performing an inspection of GasDay Web code to uncover vulnerabilities undetectable by automated tools and make suggestions on their fixes. We discuss recommendations on how vulnerabilities can be mitigated or detected in the future. Finally, we apply the NIST Cybersecurity Framework to GasDay. We present the Department of Energy recommendations for the natural gas industry. Using these recommendations and the NIST Framework, we evaluate the overall cybersecurity maturity of the GasDay lab. We present several recommendations where GasDay could improve the maturity levels that are cost-effective and easy to implement. We identify several items missing from a cybersecurity plan and propose methods to implement them. The results of this thesis show that cybersecurity at a research lab is difficult. We demonstrate that even as a member of Marquette University, GasDay cannot rely on Marquette for cybersecurity. We show that the primary obstacle is lack of
information - about cybersecurity and the assets GasDay controls. We make recommendations on how these items can be effectively created and managed.
Advisors/Committee Members: Corliss, Geroge, Brown, Ronald H., Povinelli, Richard J..
Subjects/Keywords: cybersecurity; information security; penetration testing; Information Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Kirkham, A. N. (2016). Evaluating the Gasday Security Policy Through Penetration Testing and Application of the Nist Cybersecurity Framework. (Thesis). Marquette University. Retrieved from https://epublications.marquette.edu/theses_open/342
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Kirkham, Andrew Nicholas. “Evaluating the Gasday Security Policy Through Penetration Testing and Application of the Nist Cybersecurity Framework.” 2016. Thesis, Marquette University. Accessed February 26, 2021.
https://epublications.marquette.edu/theses_open/342.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Kirkham, Andrew Nicholas. “Evaluating the Gasday Security Policy Through Penetration Testing and Application of the Nist Cybersecurity Framework.” 2016. Web. 26 Feb 2021.
Vancouver:
Kirkham AN. Evaluating the Gasday Security Policy Through Penetration Testing and Application of the Nist Cybersecurity Framework. [Internet] [Thesis]. Marquette University; 2016. [cited 2021 Feb 26].
Available from: https://epublications.marquette.edu/theses_open/342.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Kirkham AN. Evaluating the Gasday Security Policy Through Penetration Testing and Application of the Nist Cybersecurity Framework. [Thesis]. Marquette University; 2016. Available from: https://epublications.marquette.edu/theses_open/342
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
McMaster University
9.
Tu, Zhiling.
Information Security Management: A Critical Success Factors Analysis.
Degree: PhD, 2015, McMaster University
URL: http://hdl.handle.net/11375/18168
► Information security has been a crucial strategic issue in organizational management. Information security management (ISM) is a systematic process of effectively coping with information security…
(more)
▼ Information security has been a crucial strategic issue in organizational management. Information security management (ISM) is a systematic process of effectively coping with information security threats and risks in an organization, through the application of a suitable range of physical, technical or operational security controls, to protect information assets and achieve business goals. There is a strong need for rigorous qualitative and quantitative empirical studies in the field of organizational information security management in order to better understand how to optimize the ISM process.
Applying critical success factors approach, this study builds a theoretical model to investigate main factors that contribute to ISM success. The following tasks were carried out: (1) identify critical success factors of ISM performance; (2) build an ISM success model and develop related hypotheses; (3) develop construct measures for critical success factors and ISM performance evaluations; (4) collect data from the industry through interviews and surveys; and (5) empirically verify the model through quantitative analysis.
The proposed theoretical model was empirically tested with data collected from a survey of managers who were presently involved with decision making regarding their company's information security (N=219). Overall, the theoretical model was successful in capturing the main antecedents of ISM performance. The results suggest that with business alignment, organizational support, IT competences, and organizational awareness of security risks and controls, information security controls can be effectively developed, resulting in successful information security management.
This study contributes to the advancement of the information security management literature by (1) proposing a theoretical model to examine the effects of critical organizational success factors on the organization’s ISM performance, (2) empirically validating this proposed model, (3) developing and validating an ISM performance construct, and (4) reviewing the most influential information security management standards and trying to validate some basic guidelines of the standard.
Thesis
Doctor of Philosophy (PhD)
This thesis addresses three research questions: (1) How to measure ISM performance? (2) What are the critical factors that must be present to make ISM effective? And, (3) how do these factors contribute to the success of ISM?
To the best of the researcher’s knowledge, this is the first known study to empirically investigate the most important factors for ISM success and their impact on ISM performance. This study contributes to the advancement of the information security management literature by (1) proposing a theoretical model to examine the effects of critical organizational success factors on the organization’s ISM performance, (2) empirically validating this proposed model, (3) developing and validating an ISM performance construct, and (4) reviewing the most influential information security management standards and…
Advisors/Committee Members: Yuan, Yufei, Business.
Subjects/Keywords: Information Security Management
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Tu, Z. (2015). Information Security Management: A Critical Success Factors Analysis. (Doctoral Dissertation). McMaster University. Retrieved from http://hdl.handle.net/11375/18168
Chicago Manual of Style (16th Edition):
Tu, Zhiling. “Information Security Management: A Critical Success Factors Analysis.” 2015. Doctoral Dissertation, McMaster University. Accessed February 26, 2021.
http://hdl.handle.net/11375/18168.
MLA Handbook (7th Edition):
Tu, Zhiling. “Information Security Management: A Critical Success Factors Analysis.” 2015. Web. 26 Feb 2021.
Vancouver:
Tu Z. Information Security Management: A Critical Success Factors Analysis. [Internet] [Doctoral dissertation]. McMaster University; 2015. [cited 2021 Feb 26].
Available from: http://hdl.handle.net/11375/18168.
Council of Science Editors:
Tu Z. Information Security Management: A Critical Success Factors Analysis. [Doctoral Dissertation]. McMaster University; 2015. Available from: http://hdl.handle.net/11375/18168
University of Nairobi
10.
Abass, Jabir S.
A Survey Of Implementation Of Information Security Awareness Programs By Financial Institutions In Kenya
.
Degree: 2009, University of Nairobi
URL: http://hdl.handle.net/11295/96497
► The need for ICT in financial institutions is increasingly inevitable given that the number of transactions is high, customers are many and spread. In such…
(more)
▼ The need for ICT in financial institutions is increasingly inevitable given that the number of
transactions is high, customers are many and spread. In such cases manual methods of keeping
track of customer payments and transactions become very difficult and inefficient causing the
organizations to be susceptible to theft, frauds and errors. However with increased introduction
of ICT financial institutions are exposed to many risks that can result in the possibility of
financial loss or reputation risk. This has forced firms to undertake information security
awareness programs to protect these critical systems, hence the need for the study, which had
three objectives. The first objective was to determine the extent to which information system
security awareness program are implemented by financial institutions in Kenya. The second was
to determine the methods that financial institutions in Kenya use to propagate their information
system security awareness programs. The third was to establish the challenges faced in the
implementation of information system security awareness program in financial institutions in
Kenya.
Primary data was the main form of data used in this research and it was collected using
questionnaires. Forty questionnaires were personally administered to the respondents and out of
these thirty were collected. The questionnaires had both open and closed ended questions. The
respondents were IT security managers and the assistants in financial institutions. The ''drop and
pick later" method was used to administer the questionnaires. The data collected was subjected
to descriptive and factor analysis.
The findings of the of the study show that majority of the financial institutions in Kenya
appreciate the need for information security awareness and have implemented the same. The
findings further revealed that 100% of the organizations used New Hire Orientation and
Acceptance use Policy methods in undertaking information system security awareness. The
main challenges to implementing the awareness program in the firms were noted to be improper
training venue and lack of security awareness skills by trainers across most organizations.
The study shows that financial institutions have implemented information system security
awareness covering employees within the sector as a continued counter measures to security
threats. This is evidenced by the presence of information security team in most of the firms also
shows their inclination to reduce risks. Financial institutions are governed by a written and
formal information security policy which is continuously updated to keep abreast with
i x
technological changes. It was also evident that most financial institutions had budget for
information system security awareness programs.
It can therefore be concluded that information security awareness program have been
implemented by financial institutions in Kenya using various methods covering all employees
although faced with some challenges in its implementation.
Subjects/Keywords: Information Security Awareness
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Abass, J. S. (2009). A Survey Of Implementation Of Information Security Awareness Programs By Financial Institutions In Kenya
. (Thesis). University of Nairobi. Retrieved from http://hdl.handle.net/11295/96497
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Abass, Jabir S. “A Survey Of Implementation Of Information Security Awareness Programs By Financial Institutions In Kenya
.” 2009. Thesis, University of Nairobi. Accessed February 26, 2021.
http://hdl.handle.net/11295/96497.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Abass, Jabir S. “A Survey Of Implementation Of Information Security Awareness Programs By Financial Institutions In Kenya
.” 2009. Web. 26 Feb 2021.
Vancouver:
Abass JS. A Survey Of Implementation Of Information Security Awareness Programs By Financial Institutions In Kenya
. [Internet] [Thesis]. University of Nairobi; 2009. [cited 2021 Feb 26].
Available from: http://hdl.handle.net/11295/96497.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Abass JS. A Survey Of Implementation Of Information Security Awareness Programs By Financial Institutions In Kenya
. [Thesis]. University of Nairobi; 2009. Available from: http://hdl.handle.net/11295/96497
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Melbourne
11.
Onibere, Mazino.
Information security manager as a strategist.
Degree: 2015, University of Melbourne
URL: http://hdl.handle.net/11343/56595
► The modern organisation operates within a highly complex and sophisticated security threat landscape that exposes its information infrastructure to a range of security risks. This…
(more)
▼ The modern organisation operates within a highly complex and sophisticated security threat landscape that exposes its information infrastructure to a range of security risks. This threat landscape includes advanced persistent threat (APT) – attackers are well-trained, organised, well-funded and capable of utilising a range of technologies to inflict damage over a prolonged period of time (Giura & Wang 2012; Ahmad 2010). Unsurprisingly, despite the existence of industry ‘best-practice’ security standards and unprecedented levels of investment in security infrastructure, the rate of incidents continues to escalate. The fundamental premise of this thesis is that the level of sophistication of threat requires organisations to develop novel security strategies that draw on creative and lateral thinking approaches. Such a security campaign requires the security manager to function as a ‘strategist’ by exercising ‘strategic thinking’.
A review of security literature found little or no evidence that security managers are able or expected to function as strategists. Therefore this research project aims to identify the specific capabilities required by security managers to become effective strategists. A systematic literature review approach was adopted to determine 1) the existing role of the security manager from security literature, and 2) characteristics of a strategist from the management literature. Findings from a review of these literatures revealed 1) a strategic perspective of Information Security Management is missing, and 2) the management literature identifies a range of characteristics and qualities of a strategist. The latter was coded into the 5 dimensions of the strategist. These 5 dimensions are then discussed in the context of security managers and current strategic challenges facing security management. The result was a set of security capabilities required by security mangers to function as strategists. The thesis outlines implications for further research, including the need to expand the scope of literature review to warfare literature and the need to empirically test the 5 dimensions.
Subjects/Keywords: information security strategy; information security management; information security strategic challenges; information security strategist
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Onibere, M. (2015). Information security manager as a strategist. (Masters Thesis). University of Melbourne. Retrieved from http://hdl.handle.net/11343/56595
Chicago Manual of Style (16th Edition):
Onibere, Mazino. “Information security manager as a strategist.” 2015. Masters Thesis, University of Melbourne. Accessed February 26, 2021.
http://hdl.handle.net/11343/56595.
MLA Handbook (7th Edition):
Onibere, Mazino. “Information security manager as a strategist.” 2015. Web. 26 Feb 2021.
Vancouver:
Onibere M. Information security manager as a strategist. [Internet] [Masters thesis]. University of Melbourne; 2015. [cited 2021 Feb 26].
Available from: http://hdl.handle.net/11343/56595.
Council of Science Editors:
Onibere M. Information security manager as a strategist. [Masters Thesis]. University of Melbourne; 2015. Available from: http://hdl.handle.net/11343/56595
University of Hawaii – Manoa
12.
Aurigemma, Salvatore.
From the weakest link to the best defense : exploring the factors that affect employee intention to comply with information security policies.
Degree: 2016, University of Hawaii – Manoa
URL: http://hdl.handle.net/10125/101889
► Ph.D. University of Hawaii at Manoa 2013.
Information and information systems have become embedded in the fabric of contemporary organizations throughout the world. As the…
(more)
▼ Ph.D. University of Hawaii at Manoa 2013.
Information and information systems have become embedded in the fabric of contemporary organizations throughout the world. As the reliance on information technology has increased, so too have the threats and costs associated with protecting organizational information resources. To combat potential information security threats, organizations rely upon information security policies to guide employee actions.
Unfortunately, employee violations of such policies are common and costly enough that users are often considered the weakest link in information security. The challenge for researchers and practitioners alike is to help transform employees from the weakest link to the best line of information security defense.
Building upon recent empirical research in information security policy behavioral compliance, this study provides a composite theoretical framework that captures key factors shown to impact an employee's behavioral intent to comply with related policies. The theoretical framework is tested and validated in a real organizational context employing a robust and well-defined set of information security policies, a first in this burgeoning line of research. This study also evaluates how behavioral intent to follow security policies varies for employees for both the general specter of information security policy compliance and specific guidance for three common security threats.
This study found that the primary factors affecting behavioral intent (subjective norms, organizational commitment, attitude, perceived behavioral control, and selfefficacy) had strong, positive relationships with intent to comply with information security policies when examined at a high level of general compliance. However, when the factors affecting behavioral intent and attitude towards a security behavior were evaluated for specific information security threat contexts, individual factor importance and significance varied greatly.
These results indicate that threat context plays an essential role in clarifying the roles of specific behavioral antecedents; there may be limited value in future research focusing on general information security threats.
This study failed to establish a significant relationship between behavioral compliance intent and an employee's perception of his or her ability to enforce the mandatory information security policy requirements on coworkers. However, the study did highlight a potential gap in the composite theoretical framework for this important phenomenon, which should be addressed in future research.
Subjects/Keywords: information security policies
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Aurigemma, S. (2016). From the weakest link to the best defense : exploring the factors that affect employee intention to comply with information security policies. (Thesis). University of Hawaii – Manoa. Retrieved from http://hdl.handle.net/10125/101889
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Aurigemma, Salvatore. “From the weakest link to the best defense : exploring the factors that affect employee intention to comply with information security policies.” 2016. Thesis, University of Hawaii – Manoa. Accessed February 26, 2021.
http://hdl.handle.net/10125/101889.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Aurigemma, Salvatore. “From the weakest link to the best defense : exploring the factors that affect employee intention to comply with information security policies.” 2016. Web. 26 Feb 2021.
Vancouver:
Aurigemma S. From the weakest link to the best defense : exploring the factors that affect employee intention to comply with information security policies. [Internet] [Thesis]. University of Hawaii – Manoa; 2016. [cited 2021 Feb 26].
Available from: http://hdl.handle.net/10125/101889.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Aurigemma S. From the weakest link to the best defense : exploring the factors that affect employee intention to comply with information security policies. [Thesis]. University of Hawaii – Manoa; 2016. Available from: http://hdl.handle.net/10125/101889
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Texas – Austin
13.
Rueda, Daniel F.
Healthcare is the most breached industry : how do we change that?.
Degree: MSin Identity Management and Security, Identity Management and Security, 2017, University of Texas – Austin
URL: http://hdl.handle.net/2152/63766
► Healthcare is the most breached industry in the United States. Health records are now fetching more money on the black market than credit card numbers.…
(more)
▼ Healthcare is the most breached industry in the United States. Health records are now fetching more money on the black market than credit card numbers. Threats to Healthcare data
security come from criminal hackers, hacktivists, state-sponsored hackers, malicious employees with perhaps the greatest threat coming from accidental or negligent disclosure by employees. Most
information security related investments are driven by the need to meet Health Insurance Portability and Accountability Act (HIPAA) requirements. Typically, these investments are characterized by heavy reliance on technology, outsourcing
security activities, and risk transfer (Cyber Liability Policy). As a result of this compliance focused
security spending, little headway is made in reducing the number of breaches in healthcare. Two important weaknesses that will continue to inhibit progress in protecting health
information are: the industry lacks a culture of
security, and there is a lack of strong leadership among those tasked with overseeing
information security.
Advisors/Committee Members: Fleischmann, Kenneth R. (advisor), Blaha, Craig (committee member).
Subjects/Keywords: Healthcare; Information security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Rueda, D. F. (2017). Healthcare is the most breached industry : how do we change that?. (Masters Thesis). University of Texas – Austin. Retrieved from http://hdl.handle.net/2152/63766
Chicago Manual of Style (16th Edition):
Rueda, Daniel F. “Healthcare is the most breached industry : how do we change that?.” 2017. Masters Thesis, University of Texas – Austin. Accessed February 26, 2021.
http://hdl.handle.net/2152/63766.
MLA Handbook (7th Edition):
Rueda, Daniel F. “Healthcare is the most breached industry : how do we change that?.” 2017. Web. 26 Feb 2021.
Vancouver:
Rueda DF. Healthcare is the most breached industry : how do we change that?. [Internet] [Masters thesis]. University of Texas – Austin; 2017. [cited 2021 Feb 26].
Available from: http://hdl.handle.net/2152/63766.
Council of Science Editors:
Rueda DF. Healthcare is the most breached industry : how do we change that?. [Masters Thesis]. University of Texas – Austin; 2017. Available from: http://hdl.handle.net/2152/63766
University of Cincinnati
14.
Marck, Austin J.
Abusing Android TV Box for Fun and Profit.
Degree: MS, Education, Criminal Justice, and Human Services:
Information Technology-Distance Learning, 2017, University of Cincinnati
URL: http://rave.ohiolink.edu/etdc/view?acc_num=ucin1504786962271509
► Android devices can execute powerful attacks and leverage vulnerabilities within the Internet of Things (IoT) in ways similar to personal computers. Attacks on the Android…
(more)
▼ Android devices can execute powerful attacks and
leverage vulnerabilities within the Internet of Things (IoT) in
ways similar to personal computers. Attacks on the Android platform
against mobile devices is an area well explored by numerous
researchers.Devices powered by Android that are not mobile in
nature do not share many of the attack vectors found in prior
studies, and the limitations of these devices had not been
explored. We first examine the means with which one can exploit a
TV box device that is connected within the IoT, and what gaining
access to such a device means. We demonstrate the
security severity
of the Android TV box brought to home networks with case studies.
We also show that these proposed attacks cannot be detected by
current antivirus applications. Furthermore, we propose an
effective multi-line defense approach to secure our home networks
against these attacks.
Advisors/Committee Members: Wei, Xuetao (Committee Chair).
Subjects/Keywords: Information Technology; Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Marck, A. J. (2017). Abusing Android TV Box for Fun and Profit. (Masters Thesis). University of Cincinnati. Retrieved from http://rave.ohiolink.edu/etdc/view?acc_num=ucin1504786962271509
Chicago Manual of Style (16th Edition):
Marck, Austin J. “Abusing Android TV Box for Fun and Profit.” 2017. Masters Thesis, University of Cincinnati. Accessed February 26, 2021.
http://rave.ohiolink.edu/etdc/view?acc_num=ucin1504786962271509.
MLA Handbook (7th Edition):
Marck, Austin J. “Abusing Android TV Box for Fun and Profit.” 2017. Web. 26 Feb 2021.
Vancouver:
Marck AJ. Abusing Android TV Box for Fun and Profit. [Internet] [Masters thesis]. University of Cincinnati; 2017. [cited 2021 Feb 26].
Available from: http://rave.ohiolink.edu/etdc/view?acc_num=ucin1504786962271509.
Council of Science Editors:
Marck AJ. Abusing Android TV Box for Fun and Profit. [Masters Thesis]. University of Cincinnati; 2017. Available from: http://rave.ohiolink.edu/etdc/view?acc_num=ucin1504786962271509
University of Oxford
15.
Ankele, Robin.
Addressing syntactic privacy for privacy-preserving data analysis and data release.
Degree: PhD, 2020, University of Oxford
URL: http://ora.ox.ac.uk/objects/uuid:fdbfe37f-4860-4d8c-8f5f-e18ce68136cd
;
https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.820802
► Existing approaches to tackle the challenges of privacy-preserving data analysis and data release are subject to vulnerabilities from certain attacks (which is the case for…
(more)
▼ Existing approaches to tackle the challenges of privacy-preserving data analysis and data release are subject to vulnerabilities from certain attacks (which is the case for syntactic privacy models) or suffer in terms of efficiency, scalability or utility (which is the case for techniques based on secure multi-party computation). In addition, definitions of privacy (or any associated properties and notions) remain open to different interpretations among various stakeholders due to privacy’s multi-dimensional and multi-faceted nature. In such environments, individuals who are not necessarily privacy experts, such as software developers or system designers, may struggle to select an appropriate privacy model or mechanism to protect their systems. This dissertation presents simplifications, analyses, considerations and promotions in the context of privacy-preserving data analysis and data release to support utility, flexibility and privacy. As a first step, we facilitate understanding, application and analysis of syntactic privacy notions via abstraction to games. Via these games, we clarify understanding of, and relationships between, different privacy notions. Further, we give an unambiguous understanding of adversarial actions. We analyse previously defined privacy games with regards to their applicability and relationships to each other, and define policies to support predominantly non- experts to establish an overview and to select the ‘fitting’ privacy notion / game for their applications. In this context, we utilise our game-based definitions to analyse and reason about privacy properties in a content-based clustering recommendation system as well as a collaborative-filtering based classification recommender system. The second part is focused on the application to practice. Important in this context is the specification of requirements, which we derive from an analysis of multiple real world applications. Our use cases are predominately placed in distributed multi-party settings, where data remains split between mutually distrustful parties. Given these real world constraints, we adapt and investigate a novel approach (based on trusted computing techniques) that remains resilient to many implementation-specific vulnerabilities, and increases efficiency and scalability. Our investigation comprises an advanced threat analysis covering high-level privacy model attacks to low-level side-channel vulnerabilities; furthermore, we present benchmarking results illustrating the superiority in performance of our approach compared to existing solutions. Overall, we aim to foster understanding of privacy and applicability in data analysis and data release applications.
Subjects/Keywords: Information Security; Privacy
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Ankele, R. (2020). Addressing syntactic privacy for privacy-preserving data analysis and data release. (Doctoral Dissertation). University of Oxford. Retrieved from http://ora.ox.ac.uk/objects/uuid:fdbfe37f-4860-4d8c-8f5f-e18ce68136cd ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.820802
Chicago Manual of Style (16th Edition):
Ankele, Robin. “Addressing syntactic privacy for privacy-preserving data analysis and data release.” 2020. Doctoral Dissertation, University of Oxford. Accessed February 26, 2021.
http://ora.ox.ac.uk/objects/uuid:fdbfe37f-4860-4d8c-8f5f-e18ce68136cd ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.820802.
MLA Handbook (7th Edition):
Ankele, Robin. “Addressing syntactic privacy for privacy-preserving data analysis and data release.” 2020. Web. 26 Feb 2021.
Vancouver:
Ankele R. Addressing syntactic privacy for privacy-preserving data analysis and data release. [Internet] [Doctoral dissertation]. University of Oxford; 2020. [cited 2021 Feb 26].
Available from: http://ora.ox.ac.uk/objects/uuid:fdbfe37f-4860-4d8c-8f5f-e18ce68136cd ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.820802.
Council of Science Editors:
Ankele R. Addressing syntactic privacy for privacy-preserving data analysis and data release. [Doctoral Dissertation]. University of Oxford; 2020. Available from: http://ora.ox.ac.uk/objects/uuid:fdbfe37f-4860-4d8c-8f5f-e18ce68136cd ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.820802
Loughborough University
16.
Al-Hamar, Aisha.
Enhancing information security in organisations in Qatar.
Degree: PhD, 2018, Loughborough University
URL: http://hdl.handle.net/2134/33541
► Due to the universal use of technology and its pervasive connection to the world, organisations have become more exposed to frequent and various threats. Therefore,…
(more)
▼ Due to the universal use of technology and its pervasive connection to the world, organisations have become more exposed to frequent and various threats. Therefore, organisations today are giving more attention to information security as it has become a vital and challenging issue. Many researchers have noted that the significance of information security, particularly information security policies and awareness, is growing due to increasing use of IT and computerization. In the last 15 years, the State of Qatar has witnessed remarkable growth and development of its civilization, having embraced information technology as a base for innovation and success. The country has undergone tremendous improvements in the health care, education and transport sectors. Information technology plays a strategic role in building the country's knowledge-based economy. Due to Qatar s increasing use of the internet and connection to the global environment, it needs to adequately address the global threats arising online. As a result, the scope of this research is to investigate information security in Qatar and in particular the National Information Assurance (NIA) policy. There are many solutions for information security some technical and some non-technical such as policies and making users aware of the dangers. This research focusses on enhancing information security through non-technical solutions. The aim of this research is to improve Qatari organisations information security processes by developing a comprehensive Information Security Management framework that is applicable for implementation of the NIA policy, taking into account Qatar's culture and environment. To achieve the aim of this research, different research methodologies, strategies and data collection methods will be used, such as a literature review, surveys, interviews and case studies. The main findings of this research are that there is insufficient information security awareness in organisations in Qatar and a lack of a security culture, and that the current NIA policy has many barriers that need to be addressed. The barriers include a lack of information security awareness, a lack of dedicated information security staff, and a lack of a security culture. These barriers are addressed by the proposed information security management framework, which is based on four strategic goals: empowering Qataris in the field of information security, enhancing information security awareness and culture, activating the Qatar National Information Assurance policy in real life, and enabling Qatar to become a regional leader in information security. The research also provides an information security awareness programme for employees and university students. At the time of writing this thesis, there are already indications that the research will have a positive impact on information security in Qatar. A significant example is that the information security awareness programme for employees has been approved for implementation at the Ministry of Administrative Development Labour and…
Subjects/Keywords: 658.4; Information security; Information security policy; Information security awareness; Information security management system; Information security culture; Qatar National Information Assurance policy
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Al-Hamar, A. (2018). Enhancing information security in organisations in Qatar. (Doctoral Dissertation). Loughborough University. Retrieved from http://hdl.handle.net/2134/33541
Chicago Manual of Style (16th Edition):
Al-Hamar, Aisha. “Enhancing information security in organisations in Qatar.” 2018. Doctoral Dissertation, Loughborough University. Accessed February 26, 2021.
http://hdl.handle.net/2134/33541.
MLA Handbook (7th Edition):
Al-Hamar, Aisha. “Enhancing information security in organisations in Qatar.” 2018. Web. 26 Feb 2021.
Vancouver:
Al-Hamar A. Enhancing information security in organisations in Qatar. [Internet] [Doctoral dissertation]. Loughborough University; 2018. [cited 2021 Feb 26].
Available from: http://hdl.handle.net/2134/33541.
Council of Science Editors:
Al-Hamar A. Enhancing information security in organisations in Qatar. [Doctoral Dissertation]. Loughborough University; 2018. Available from: http://hdl.handle.net/2134/33541
University of Melbourne
17.
Lim, Joo Soon.
Defining the relationship between information security culture and information security practices.
Degree: 2012, University of Melbourne
URL: http://hdl.handle.net/11343/37628
► This thesis investigates the relationship between ‘information security culture’ and ‘information security practices’ in organisations. There has been considerable interest in this relationship due to…
(more)
▼ This thesis investigates the relationship between ‘information security culture’ and ‘information security practices’ in organisations. There has been considerable interest in this relationship due to recent and widespread recognition that poor information security practices, rather than insufficient technical controls, are the primary reason for information security problems. Additionally, it is argued that there is a need for information security culture to cultivate and support security practices. This implies that a relationship exists between them, and through understanding this relationship, improvements to information security in organisations can be made. This research asks the following main research question: What is the relationship between security culture and security practices?
This study develops a rigorous conceptual framework that identifies the particular security culture characteristics that support and guide security practices towards improving organisational information security. The framework is then used as the basis for qualitative followed by quantitative studies that empirically examine the precise relationship between security culture and security practices. This ‘mixed method’ approach has resulted in four main contributions. These are:
• Empirical establishment of the relationship between security culture and security practices• Refinement of security culture characteristics• Synthesis and empirical demonstration of the existence of security practices• Development of a valid and reliable instrument to measure the relationship between security culture characteristic and security practices.
This research found that a shared security vision, sense of employee empowerment, collaboration and cooperation, evidence-based decision making, and proper systems and processes, when simultaneously cultivated, explained most of the variance of existence of security practices in the six case organisations. In particular, ‘employee empowerment’ and ‘shared security vision’ have a favourable effect on the practice of security, which in turn benefits organisations.
Subjects/Keywords: information security; information security culture; information security practices
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Lim, J. S. (2012). Defining the relationship between information security culture and information security practices. (Doctoral Dissertation). University of Melbourne. Retrieved from http://hdl.handle.net/11343/37628
Chicago Manual of Style (16th Edition):
Lim, Joo Soon. “Defining the relationship between information security culture and information security practices.” 2012. Doctoral Dissertation, University of Melbourne. Accessed February 26, 2021.
http://hdl.handle.net/11343/37628.
MLA Handbook (7th Edition):
Lim, Joo Soon. “Defining the relationship between information security culture and information security practices.” 2012. Web. 26 Feb 2021.
Vancouver:
Lim JS. Defining the relationship between information security culture and information security practices. [Internet] [Doctoral dissertation]. University of Melbourne; 2012. [cited 2021 Feb 26].
Available from: http://hdl.handle.net/11343/37628.
Council of Science Editors:
Lim JS. Defining the relationship between information security culture and information security practices. [Doctoral Dissertation]. University of Melbourne; 2012. Available from: http://hdl.handle.net/11343/37628
18.
Korovessis, Peter.
Establishing an information security awareness and culture.
Degree: PhD, 2015, University of Plymouth
URL: http://hdl.handle.net/10026.1/3836
► In today’s business environment all business operations are enabled by technology. Its always on and connected nature has brought new business possibilities but at the…
(more)
▼ In today’s business environment all business operations are enabled by technology. Its always on and connected nature has brought new business possibilities but at the same time has increased the number of potential threats. Information security has become an established discipline as more and more businesses realize its value. Many surveys have indicated the importance of protecting valuable information and an important aspect that must be addressed in this regard is information security awareness. The human component has been recognized to have an important role in information security since the only way to reduce security risks is through making employees more information security aware. This also means that employees take responsibility of their actions when dealing with information in their everyday activities. The research is concentrated mainly on information security concepts alongside their relation to the human factor with evidence that users remain susceptible to information security threats, thus illustrating the need for more effective user training in order to raise the level of security awareness. Two surveys were undertaken in order to investigate the potential of raising security awareness within existing education systems by measuring the level of security awareness amongst the online population. The surveys analyzed not only the awareness levels and needs of students during their study and their preparation towards entering the workforce, but also whether this awareness level changes as they progress in their studies. The results of both surveys established that the awareness level of students concerning information security concepts is not at a sufficient level for students entering university education and does not significantly change as they progress their academic life towards entering the workforce. In respect to this, the research proposes and develops the information security toolkit as a prototype awareness raising initiative. The research goes one step further by piloting and evaluating toolkit effectiveness. As an awareness raising method, the toolkit will be the basis for the general technology user to understand the challenges associated with secure use of information technology and help him assess its current knowledge, identify lacks and weaknesses and acquire the required knowledge in order to be competent and confident users of technology.
Subjects/Keywords: 005.8; information security awareness; information security culture; information security surveys; information security practices; information security toolkit
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Korovessis, P. (2015). Establishing an information security awareness and culture. (Doctoral Dissertation). University of Plymouth. Retrieved from http://hdl.handle.net/10026.1/3836
Chicago Manual of Style (16th Edition):
Korovessis, Peter. “Establishing an information security awareness and culture.” 2015. Doctoral Dissertation, University of Plymouth. Accessed February 26, 2021.
http://hdl.handle.net/10026.1/3836.
MLA Handbook (7th Edition):
Korovessis, Peter. “Establishing an information security awareness and culture.” 2015. Web. 26 Feb 2021.
Vancouver:
Korovessis P. Establishing an information security awareness and culture. [Internet] [Doctoral dissertation]. University of Plymouth; 2015. [cited 2021 Feb 26].
Available from: http://hdl.handle.net/10026.1/3836.
Council of Science Editors:
Korovessis P. Establishing an information security awareness and culture. [Doctoral Dissertation]. University of Plymouth; 2015. Available from: http://hdl.handle.net/10026.1/3836
University of Melbourne
19.
Kudallur Ramanathan, Ritu lakshmi.
An exploratory study of information security auditing.
Degree: 2016, University of Melbourne
URL: http://hdl.handle.net/11343/212371
► Management of Information security in organizations is a form of risk management where threats to information assets are managed by implementing various controls. An important…
(more)
▼ Management of Information security in organizations is a form of risk management where threats to information assets are managed by implementing various controls. An important task in this cycle of Information Security risk management is Audit, whose function is to provide assurance to organizations that their security controls are indeed working as intended. Numerous frameworks and guidelines are available for auditing Information security. However, there is scant empirical evidence for the process followed in practice.
This research explores how security audits are conducted in practice. In order to do so, a qualitative study is conducted where 11 auditors are interviewed. The findings indicate a gap between what is expected of audit and what actually happens in practice. On exploring the Accounting roots of audit, we postulate that this gap is due to the differences in conceptualization of risk between the Accounting and Information Security discipline.
Subjects/Keywords: Information Security; Security Audit; Audit; Information Security Audit
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Kudallur Ramanathan, R. l. (2016). An exploratory study of information security auditing. (Masters Thesis). University of Melbourne. Retrieved from http://hdl.handle.net/11343/212371
Chicago Manual of Style (16th Edition):
Kudallur Ramanathan, Ritu lakshmi. “An exploratory study of information security auditing.” 2016. Masters Thesis, University of Melbourne. Accessed February 26, 2021.
http://hdl.handle.net/11343/212371.
MLA Handbook (7th Edition):
Kudallur Ramanathan, Ritu lakshmi. “An exploratory study of information security auditing.” 2016. Web. 26 Feb 2021.
Vancouver:
Kudallur Ramanathan Rl. An exploratory study of information security auditing. [Internet] [Masters thesis]. University of Melbourne; 2016. [cited 2021 Feb 26].
Available from: http://hdl.handle.net/11343/212371.
Council of Science Editors:
Kudallur Ramanathan Rl. An exploratory study of information security auditing. [Masters Thesis]. University of Melbourne; 2016. Available from: http://hdl.handle.net/11343/212371
University of Arkansas
20.
Yaseen, Qussai.
Mitigating Insider Threat in Relational Database Systems.
Degree: PhD, 2012, University of Arkansas
URL: https://scholarworks.uark.edu/etd/370
► The dissertation concentrates on addressing the factors and capabilities that enable insiders to violate systems security. It focuses on modeling the accumulative knowledge that…
(more)
▼ The dissertation concentrates on addressing the factors and capabilities that enable insiders to violate systems
security. It focuses on modeling the accumulative knowledge that insiders get throughout legal accesses, and it concentrates on analyzing the dependencies and constraints among data items and represents them using graph-based methods. The dissertation proposes new types of Knowledge Graphs (KGs) to represent insiders' knowledgebases. Furthermore, it introduces the Neural Dependency and Inference Graph (NDIG) and Constraints and Dependencies Graph (CDG) to demonstrate the dependencies and constraints among data items. The dissertation discusses in detail how insiders use knowledgebases and dependencies and constraints to get unauthorized knowledge. It suggests new approaches to predict and prevent the aforementioned threat. The proposed models use KGs, NDIG and CDG in analyzing the threat status, and leverage the effect of updates on the lifetimes of data items in insiders' knowledgebases to prevent the threat without affecting the availability of data items. Furthermore, the dissertation uses the aforementioned idea in ordering the operations of concurrent tasks such that write operations that update risky data items in knowledgebases are executed before the risky data items can be used in unauthorized inferences. In addition to unauthorized knowledge, the dissertation discusses how insiders can make unauthorized modifications in sensitive data items. It introduces new approaches to build Modification Graphs that demonstrate the authorized and unauthorized data items which insiders are able to update. To prevent this threat, the dissertation provides two methods, which are hiding sensitive dependencies and denying risky write requests. In addition to traditional RDBMS, the dissertation investigates insider threat in cloud relational database systems (cloud RDMS). It discusses the vulnerabilities in the cloud computing structure that may enable insiders to launch attacks. To prevent such threats, the dissertation suggests three models and addresses the advantages and limitations of each one.
To prove the correctness and the effectiveness of the proposed approaches, the dissertation uses well stated algorithms, theorems, proofs and simulations. The simulations have been executed according to various parameters that represent the different conditions and environments of executing tasks.
Advisors/Committee Members: Brajendra Panda, Gordon Beavers, Dale R. Thompson.
Subjects/Keywords: Applied sciences; Information security; Insider threat; Relational database; Security; Information Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Yaseen, Q. (2012). Mitigating Insider Threat in Relational Database Systems. (Doctoral Dissertation). University of Arkansas. Retrieved from https://scholarworks.uark.edu/etd/370
Chicago Manual of Style (16th Edition):
Yaseen, Qussai. “Mitigating Insider Threat in Relational Database Systems.” 2012. Doctoral Dissertation, University of Arkansas. Accessed February 26, 2021.
https://scholarworks.uark.edu/etd/370.
MLA Handbook (7th Edition):
Yaseen, Qussai. “Mitigating Insider Threat in Relational Database Systems.” 2012. Web. 26 Feb 2021.
Vancouver:
Yaseen Q. Mitigating Insider Threat in Relational Database Systems. [Internet] [Doctoral dissertation]. University of Arkansas; 2012. [cited 2021 Feb 26].
Available from: https://scholarworks.uark.edu/etd/370.
Council of Science Editors:
Yaseen Q. Mitigating Insider Threat in Relational Database Systems. [Doctoral Dissertation]. University of Arkansas; 2012. Available from: https://scholarworks.uark.edu/etd/370
University of Sydney
21.
Soyref, Maxim.
The holistic management of information security processes
.
Degree: 2014, University of Sydney
URL: http://hdl.handle.net/2123/13373
► Title: The holistic management of information security processes Keywords: cybersecurity, information security, strategy, security process, security governance, security management This research examines information security management…
(more)
▼ Title: The holistic management of information security processes Keywords: cybersecurity, information security, strategy, security process, security governance, security management This research examines information security management and associated processes within a large Australian financial institution by providing a rich, in-depth view of organisational information security management within the specifics of its dynamic context. Using a single in-depth qualitative case study, this research examines the role of internal and external actors in relation to the information security management processes. Relational process and stakeholder theoretical lenses are applied to derive the findings of this research. The three key outcomes of the research are: The information security management process is a product of a multitude of interactions between internal and external actors within organisations. These actors pursue individual agendas and objectives, therefore requiring those who ensure organisational information security to utilise a combination of cognitive, political and social processes to ensure cooperation. The use of such processes can contribute to the effectiveness of formal security governance, assist in embedding a security culture and help position information security as a business enabler. External and internal actors vary in their impact upon the information security process within organisations. This variation is a result of difference in power, legitimacy and urgency of these stakeholder claims. Internal and external stakeholders are continuously interacting with each other through a network of dynamic and multi-directional relationships. Identifying, prioritising and engaging with the variety of stakeholders impacting on the information management process can contribute to the achievement of organisational information security management objectives. A classification framework is provided that can guide the prioritisation process and seek appropriate modes of engagement with the
Subjects/Keywords: Cybersecurity;
Information security;
Strategy;
Security process;
Security governance;
Security management
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Soyref, M. (2014). The holistic management of information security processes
. (Thesis). University of Sydney. Retrieved from http://hdl.handle.net/2123/13373
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Soyref, Maxim. “The holistic management of information security processes
.” 2014. Thesis, University of Sydney. Accessed February 26, 2021.
http://hdl.handle.net/2123/13373.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Soyref, Maxim. “The holistic management of information security processes
.” 2014. Web. 26 Feb 2021.
Vancouver:
Soyref M. The holistic management of information security processes
. [Internet] [Thesis]. University of Sydney; 2014. [cited 2021 Feb 26].
Available from: http://hdl.handle.net/2123/13373.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Soyref M. The holistic management of information security processes
. [Thesis]. University of Sydney; 2014. Available from: http://hdl.handle.net/2123/13373
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Southern Cross University
22.
Ong, Lean-Ping.
Awareness of information security risks : an investigation of people aspects (a study in Malaysia).
Degree: 2015, Southern Cross University
URL: https://epubs.scu.edu.au/theses/449
► The rapid advances in technology in this millennium pose growing information security risks. Information security breaches can result in data or information loss, damaged reputations,…
(more)
▼ The rapid advances in technology in this millennium pose growing information security risks. Information security breaches can result in data or information loss, damaged reputations, intellectual property theft, legal problems or monetary losses. Although computer users are often seen as the weakest link in information security, the people aspect (as opposed to technological and procedural aspects) has still remained largely ignored in most research on information security risks. The need to examine the association between people aspects and information security risks is urgent, and ways to minimise or mitigate the upward trend in information security threats are needed.
Subjects/Keywords: information security; information security awareness; information security risk; people aspects; Business; Information Security; Management Information Systems; Social Psychology
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Ong, L. (2015). Awareness of information security risks : an investigation of people aspects (a study in Malaysia). (Thesis). Southern Cross University. Retrieved from https://epubs.scu.edu.au/theses/449
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Ong, Lean-Ping. “Awareness of information security risks : an investigation of people aspects (a study in Malaysia).” 2015. Thesis, Southern Cross University. Accessed February 26, 2021.
https://epubs.scu.edu.au/theses/449.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Ong, Lean-Ping. “Awareness of information security risks : an investigation of people aspects (a study in Malaysia).” 2015. Web. 26 Feb 2021.
Vancouver:
Ong L. Awareness of information security risks : an investigation of people aspects (a study in Malaysia). [Internet] [Thesis]. Southern Cross University; 2015. [cited 2021 Feb 26].
Available from: https://epubs.scu.edu.au/theses/449.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Ong L. Awareness of information security risks : an investigation of people aspects (a study in Malaysia). [Thesis]. Southern Cross University; 2015. Available from: https://epubs.scu.edu.au/theses/449
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Universiteit Utrecht
23.
Roeling, M.H.F.
Towards an aligned organization on information security.
Degree: 2012, Universiteit Utrecht
URL: http://dspace.library.uu.nl:8080/handle/1874/255403
► Information Security is mainly a topic that is considered to be Information Technology related. However, for successfully implementing information security, an organization’s information security program…
(more)
▼ Information Security is mainly a topic that is considered to be
Information Technology related. However, for successfully implementing
information security, an organization’s
information security program should reflect the business strategy. Nowadays
information security is in many companies enforced by the
Information Technology department, based on what they think should be in place to protect their business from inside and outside threats and risks. Besides,
information security covers many different subjects. This makes it hard for small and medium sized organizations to determine their
information security program. Involving the
Information Security Focus Area Maturity model (ISFAM) model in this process helps organizations in determining their current level of maturity and is capable of providing high level guidelines which the organization can use to structurally improve their
information security level.
Advisors/Committee Members: Spruit, M, Helms, R.
Subjects/Keywords: Information Security; Security; Maturity Model; Maturity
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Roeling, M. H. F. (2012). Towards an aligned organization on information security. (Masters Thesis). Universiteit Utrecht. Retrieved from http://dspace.library.uu.nl:8080/handle/1874/255403
Chicago Manual of Style (16th Edition):
Roeling, M H F. “Towards an aligned organization on information security.” 2012. Masters Thesis, Universiteit Utrecht. Accessed February 26, 2021.
http://dspace.library.uu.nl:8080/handle/1874/255403.
MLA Handbook (7th Edition):
Roeling, M H F. “Towards an aligned organization on information security.” 2012. Web. 26 Feb 2021.
Vancouver:
Roeling MHF. Towards an aligned organization on information security. [Internet] [Masters thesis]. Universiteit Utrecht; 2012. [cited 2021 Feb 26].
Available from: http://dspace.library.uu.nl:8080/handle/1874/255403.
Council of Science Editors:
Roeling MHF. Towards an aligned organization on information security. [Masters Thesis]. Universiteit Utrecht; 2012. Available from: http://dspace.library.uu.nl:8080/handle/1874/255403
University of Johannesburg
24.
Muchenje, Tonderai.
An analysis of the impact of emerging technology on organisations’ internal controls.
Degree: 2013, University of Johannesburg
URL: http://hdl.handle.net/10210/8597
► M.Comm. (Computer Auditing)
This study presents an evaluation of emerging information communication technology (ICT) solutions to the security internal control systems in South African organisations.…
(more)
▼ M.Comm. (Computer Auditing)
This study presents an evaluation of emerging information communication technology (ICT) solutions to the security internal control systems in South African organisations. Information systems have enabled companies to communicate more efficiently, gain competitive advantage and get a larger market share. These information systems therefore need to be protected securely as they are the vehicles and containers for critical information assets in decision-making processes. Therefore, this research study seeks to provide an overview of the emerging ICT solutions used to conduct business transactions, and share and communicate information. It identifies and analyses the new security risk associated with the emerging technology, and, finally, outlines the ICT security frameworks that can be used to identify, assess and evaluate organisations‟ security internal controls.
Subjects/Keywords: Computer auditing; Information security; Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Muchenje, T. (2013). An analysis of the impact of emerging technology on organisations’ internal controls. (Thesis). University of Johannesburg. Retrieved from http://hdl.handle.net/10210/8597
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Muchenje, Tonderai. “An analysis of the impact of emerging technology on organisations’ internal controls.” 2013. Thesis, University of Johannesburg. Accessed February 26, 2021.
http://hdl.handle.net/10210/8597.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Muchenje, Tonderai. “An analysis of the impact of emerging technology on organisations’ internal controls.” 2013. Web. 26 Feb 2021.
Vancouver:
Muchenje T. An analysis of the impact of emerging technology on organisations’ internal controls. [Internet] [Thesis]. University of Johannesburg; 2013. [cited 2021 Feb 26].
Available from: http://hdl.handle.net/10210/8597.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Muchenje T. An analysis of the impact of emerging technology on organisations’ internal controls. [Thesis]. University of Johannesburg; 2013. Available from: http://hdl.handle.net/10210/8597
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Wollongong
25.
Elashry, Ibrahim.
Pairing-free identity-based cryptography.
Degree: PhD, 2015, University of Wollongong
URL: ;
https://ro.uow.edu.au/theses/4409
► Identity-based cryptography (IBC) is considered nowadays as the evolution of public key cryptography because it completely eliminates the use of digital certificates by representing…
(more)
▼ Identity-based cryptography (IBC) is considered nowadays as the evolution of public key cryptography because it completely eliminates the use of digital certificates by representing the public key of a user as his identity. Although the first IBC proposed by Adi Shamir [Sha84] was based on RSA, most of the proposed IBC systems are based on bilinear pairings. This limite the use of IBC in the real world because of several reasons. First, a bilinear pairing is time- and power-inefficient and it takes around 2.5 times an RSA modular exponentiation based on MIRACL benchmarks. Second, these systems are incompatible with the most widely used public key cryptosystem (RSA) which makes them non-commercially appealing. Thus, it is useful to think outside the box and try to use different tools to construct IBC systems. These constructions may have unique security properties that do not exist in current IBC systems. We worked on constructing IBC systems based on RSA settings. We have improved the performance of identity-based encryption (IBE) systems, cryptanalysed IBE systems, implemented variants of IBE systems such as mediated encryption and attribute-based signcryption, and presented an identity-based authenticated key exchange (IBAKE) with some novel security features.
In this thesis, we first present some background about IBC and the motivation for solving the problems associated with pairing-based IBC. Then we give solutions to these problems along withthe thesis structure. Then, we give a literature review about IBC, including identity-based encrytpion (IBE) and key exchange (KE) with focusing on pairing-free constructions. We also review some application of IBC such as mediated cryptography and attribute-based cryptography, In addition, we review the definitions and preliminaries related to the contents of the thesis, including definitions of ssecurity models, hard problems, and some mathematical tools. Then, we review identity-based mediated RSA encryption and signature systems (IB-mRSA) presented by Boneh, Ding and Tsudik [BDT02]. We show that IB-mRSA is not secure and we present a secure modified version of it which is as efficient as the original system. We also propose a generic mediated encryption (GME) that transforms any IBE to a mediated version of this IBE. We also present two implementations of GME based on Boneh-Franklin FullIdent [BF01] which is a pairing-based IBE and Boneh, Gentry and Hamburg (BGH) AnonIBE [BGH07] which is a pairing-free IBE. After that, we present two efficient variants of (BGH) systems (BasicIBE, AnonIBE) [BGH07] in terms of ciphertext length and encryption/decryption speed. The ciphertext is as short as the BGH systems, but with more time-efficient algorithms.
We prove that these variants are as secure as the BGH systems. Then, we review an efficient variant of Boneh, Gentry and Hamburg BasicIBE presented by Jhanwar and Barua [JB08]. We prove that this IBE is not secure against an indistinguishable chosen plaintext attack (IND-ID-CPA) adversary and present a solution…
Subjects/Keywords: Information security-cryptography; key exchange; network security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Elashry, I. (2015). Pairing-free identity-based cryptography. (Doctoral Dissertation). University of Wollongong. Retrieved from ; https://ro.uow.edu.au/theses/4409
Chicago Manual of Style (16th Edition):
Elashry, Ibrahim. “Pairing-free identity-based cryptography.” 2015. Doctoral Dissertation, University of Wollongong. Accessed February 26, 2021.
; https://ro.uow.edu.au/theses/4409.
MLA Handbook (7th Edition):
Elashry, Ibrahim. “Pairing-free identity-based cryptography.” 2015. Web. 26 Feb 2021.
Vancouver:
Elashry I. Pairing-free identity-based cryptography. [Internet] [Doctoral dissertation]. University of Wollongong; 2015. [cited 2021 Feb 26].
Available from: ; https://ro.uow.edu.au/theses/4409.
Council of Science Editors:
Elashry I. Pairing-free identity-based cryptography. [Doctoral Dissertation]. University of Wollongong; 2015. Available from: ; https://ro.uow.edu.au/theses/4409
University of South Africa
26.
Nkwana, Mokata Johannes.
Protection of security information within government departments in South Africa
.
Degree: 2015, University of South Africa
URL: http://hdl.handle.net/10500/19897
► The protection of security information in government departments requires the active engagement of executive management to assess emerging threats and provide strong security risk control…
(more)
▼ The protection of
security information in government departments requires the active engagement of executive management to assess emerging threats and provide strong
security risk control measures. For most government departments, establishing effective protection of
security information is a major initiative, given the often continuous, strategic nature of typical
security efforts. This requires commitments or support from senior management and adequate resources. It necessitates the elevation of
information security management to positions of authority commensurate to the required responsibilities. This has been the trend in recent years as government departments are increasingly dependent on their
information assets and resources, while threats and disruptions continue to escalate in frequency and cost. It is clear from numerous recent studies that organisations that have taken the steps described in this research document and have implemented effective
information security risk control measures have achieved significant results in reduced losses and improved resource management. Given the demonstrable benefits, it is surprising that there have not been greater progress in effectively managing
information assets. Although regulatory compliance has been a major driver in improving the protection of
security information overall, this study has also shown that nearly half of all government departments are failing to initiate meaningful compliance efforts. Failure to address the identified vulnerabilities by government departments will result in espionage, covert influencing manipulation, fraud, sabotage and corruption.
Information security risk control measures include the elements required to provide senior management assurance that its direction and intent are reflected in the
security posture of the organisation by utilising a structured approach to implement an
information security programme. Once those elements are in place, senior management can be confident that adequate and effective protection of
security information will protect, as far as possible, the department’s vital
information assets.
Advisors/Committee Members: Govender, Doraval (advisor).
Subjects/Keywords: Government departments;
Information security;
Protective security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Nkwana, M. J. (2015). Protection of security information within government departments in South Africa
. (Masters Thesis). University of South Africa. Retrieved from http://hdl.handle.net/10500/19897
Chicago Manual of Style (16th Edition):
Nkwana, Mokata Johannes. “Protection of security information within government departments in South Africa
.” 2015. Masters Thesis, University of South Africa. Accessed February 26, 2021.
http://hdl.handle.net/10500/19897.
MLA Handbook (7th Edition):
Nkwana, Mokata Johannes. “Protection of security information within government departments in South Africa
.” 2015. Web. 26 Feb 2021.
Vancouver:
Nkwana MJ. Protection of security information within government departments in South Africa
. [Internet] [Masters thesis]. University of South Africa; 2015. [cited 2021 Feb 26].
Available from: http://hdl.handle.net/10500/19897.
Council of Science Editors:
Nkwana MJ. Protection of security information within government departments in South Africa
. [Masters Thesis]. University of South Africa; 2015. Available from: http://hdl.handle.net/10500/19897
27.
Leonard, David.
Technetium: Productivity Tracking for Version Control Systems.
Degree: MS(M.S.), Computer Science, 2016, City University of New York
URL: https://academicworks.cuny.edu/cc_etds_theses/632
► In recent years, the City College of New York has seen its Computer Science program grow immensely, to the point of overcrowding. This has…
(more)
▼ In recent years, the City College of New York has seen its Computer Science program grow immensely, to the point of overcrowding. This has negative implications for both students and professors, particularly in introductory computer science courses in which constant feedback, iteration and collaboration with others is key to success. In this paper we propose various models for collaboration among students in all course levels using distributed version control systems and implement a secure and efficient tool for visualizing collaborative efforts by observing past work [5]. Lastly, we lay the foundation for future work around additional collaborative metrics, features and plagiarism detection.
Advisors/Committee Members: William E. Skeith III.
Subjects/Keywords: security; visualization; collaboration; Computer Sciences; Information Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Leonard, D. (2016). Technetium: Productivity Tracking for Version Control Systems. (Thesis). City University of New York. Retrieved from https://academicworks.cuny.edu/cc_etds_theses/632
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Leonard, David. “Technetium: Productivity Tracking for Version Control Systems.” 2016. Thesis, City University of New York. Accessed February 26, 2021.
https://academicworks.cuny.edu/cc_etds_theses/632.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Leonard, David. “Technetium: Productivity Tracking for Version Control Systems.” 2016. Web. 26 Feb 2021.
Vancouver:
Leonard D. Technetium: Productivity Tracking for Version Control Systems. [Internet] [Thesis]. City University of New York; 2016. [cited 2021 Feb 26].
Available from: https://academicworks.cuny.edu/cc_etds_theses/632.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Leonard D. Technetium: Productivity Tracking for Version Control Systems. [Thesis]. City University of New York; 2016. Available from: https://academicworks.cuny.edu/cc_etds_theses/632
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Arkansas
28.
Moccaro, Matthew Francis.
Mobile Banking Security Using GPS and LDPC Codes.
Degree: MSCmpE, 2014, University of Arkansas
URL: https://scholarworks.uark.edu/etd/2314
► Mobile Banking is becoming a major part of our world's financial system. Being able to manage one's finances on a mobile device can provide…
(more)
▼ Mobile Banking is becoming a major part of our world's financial system. Being able to manage one's finances on a mobile device can provide services that can make users more productive. It can also serve as a means of financial freedom to those who are unable to access physical banking facilities due to distance, or other problems. However, with such freedom also comes the need for
security. A person's financial
information is one of the most targeted groups of
information by attackers. To secure these mobile freedoms, this paper presents a system to secure mobile banking procedures using global positioning systems (GPS) within mobile devices, and low density parity codes (LDPC). The approach is to determine a user's daily locations, set them as trusted locations, and use LDPC codes not only to obscure this data from attackers, but to help in correcting inaccurate GPS readings. The conclusions, based on thorough testing, is that this system is able to more readily secure a person's mobile banking applications on their mobile device.
Advisors/Committee Members: Dale Thompson, Craig Thompson, John Gauch.
Subjects/Keywords: Banking; Location; Mobile; Privacy; Security; Information Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Moccaro, M. F. (2014). Mobile Banking Security Using GPS and LDPC Codes. (Masters Thesis). University of Arkansas. Retrieved from https://scholarworks.uark.edu/etd/2314
Chicago Manual of Style (16th Edition):
Moccaro, Matthew Francis. “Mobile Banking Security Using GPS and LDPC Codes.” 2014. Masters Thesis, University of Arkansas. Accessed February 26, 2021.
https://scholarworks.uark.edu/etd/2314.
MLA Handbook (7th Edition):
Moccaro, Matthew Francis. “Mobile Banking Security Using GPS and LDPC Codes.” 2014. Web. 26 Feb 2021.
Vancouver:
Moccaro MF. Mobile Banking Security Using GPS and LDPC Codes. [Internet] [Masters thesis]. University of Arkansas; 2014. [cited 2021 Feb 26].
Available from: https://scholarworks.uark.edu/etd/2314.
Council of Science Editors:
Moccaro MF. Mobile Banking Security Using GPS and LDPC Codes. [Masters Thesis]. University of Arkansas; 2014. Available from: https://scholarworks.uark.edu/etd/2314
University of Arkansas
29.
Fuentes Tello, Victor.
Enforcing database security on cloud using a trusted third party based model.
Degree: MS, 2017, University of Arkansas
URL: https://scholarworks.uark.edu/etd/2438
► Cloud computing offers a considerable number of advantages to clients and organizations that use several capabilities to store sensitive data, interact with applications, or…
(more)
▼ Cloud computing offers a considerable number of advantages to clients and organizations that use several capabilities to store sensitive data, interact with applications, or use technology infrastructure to perform daily activities. The development of new models in cloud computing brings with it a series of elements that must be considered by companies, particularly when the sensitive data needs to be protected. There are some concerns related to
security that need to be taken into consideration when a service provider manage and store the data in a location outside the company. In this research, a model that uses a trusted third party (TPP) to enforce the database
security in the cloud is proposed. The model describes how a client processes a query securely by using encryption mechanisms and partitioning methods. The client establishes the communication with the TPP to retrieve the data from a cloud storage service. The TPP has two primary functions. First, perform a partition process over the data by using an index from one of the attributes in the table. As a result, the TPP sends to the cloud server the records in encrypted format with an index. Second, the TPP analyzes the client query to retrieve a segment of the data from the cloud based on the query conditions. The final result is submitted to the client in which a minimum workload is executed. Some simulations were performed to evaluate the efficiency of the model by using two partition techniques: Histogram based and Mondrian or Bisection Tree based partition. The strategy of the model is to process as much of the work at the TPP site and securely transmit the result. Using encrypted record in the cloud storage service prevents the provider to have any knowledge about the data and enforces the
security of the database.
Advisors/Committee Members: Brajendra Panda, Merwin Beavers, Wing Li.
Subjects/Keywords: Cloud computing; Database; Security; Information Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Fuentes Tello, V. (2017). Enforcing database security on cloud using a trusted third party based model. (Masters Thesis). University of Arkansas. Retrieved from https://scholarworks.uark.edu/etd/2438
Chicago Manual of Style (16th Edition):
Fuentes Tello, Victor. “Enforcing database security on cloud using a trusted third party based model.” 2017. Masters Thesis, University of Arkansas. Accessed February 26, 2021.
https://scholarworks.uark.edu/etd/2438.
MLA Handbook (7th Edition):
Fuentes Tello, Victor. “Enforcing database security on cloud using a trusted third party based model.” 2017. Web. 26 Feb 2021.
Vancouver:
Fuentes Tello V. Enforcing database security on cloud using a trusted third party based model. [Internet] [Masters thesis]. University of Arkansas; 2017. [cited 2021 Feb 26].
Available from: https://scholarworks.uark.edu/etd/2438.
Council of Science Editors:
Fuentes Tello V. Enforcing database security on cloud using a trusted third party based model. [Masters Thesis]. University of Arkansas; 2017. Available from: https://scholarworks.uark.edu/etd/2438
University of Central Florida
30.
Trapnell, Tyrone.
Federal, State and Local Law Enforcement Agency Interoperability Capabilities and Cyber Vulnerabilities.
Degree: 2019, University of Central Florida
URL: https://stars.library.ucf.edu/etd/6342
► The National Data Exchange (N-DEx) System is the central informational hub located at the Federal Bureau of Investigation (FBI). Its purpose is to provide network…
(more)
▼ The National Data Exchange (N-DEx) System is the central informational hub located at the Federal Bureau of Investigation (FBI). Its purpose is to provide network subscriptions to all Federal, state and local level law enforcement agencies while increasing
information collaboration across all domains. The National Data Exchange users must satisfy the Advanced Permission Requirements, confirming the terms of N-DEx
information use, and the Verification Requirement (verifying the completeness, timeliness, accuracy, and relevancy of N-DEx
information) through coordination with the record-owning agency (Management, 2018). A network infection model is proposed to simulate the spread impact of various cyber-attacks within Federal, state and local level law enforcement networks that are linked together through the topologies merging with the National Data Exchange (N-DEx) System as the ability to manipulate the live network is limited. The model design methodology is conducted in a manner that creates a level of organization from the state level to the local level of law enforcement agencies allowing for each organizational infection probability to be calculated and entered, thus making the model very specific in nature for determining spread or outbreaks of cyber-attacks among law enforcement agencies at all levels. This research will enable future researchers to further develop a model that is capable of detecting weak points within an
information structure when multiple topologies merge, allowing for more secure operations among law enforcement networks.
Advisors/Committee Members: Caulkins, Bruce.
Subjects/Keywords: Defense and Security Studies; Information Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Trapnell, T. (2019). Federal, State and Local Law Enforcement Agency Interoperability Capabilities and Cyber Vulnerabilities. (Masters Thesis). University of Central Florida. Retrieved from https://stars.library.ucf.edu/etd/6342
Chicago Manual of Style (16th Edition):
Trapnell, Tyrone. “Federal, State and Local Law Enforcement Agency Interoperability Capabilities and Cyber Vulnerabilities.” 2019. Masters Thesis, University of Central Florida. Accessed February 26, 2021.
https://stars.library.ucf.edu/etd/6342.
MLA Handbook (7th Edition):
Trapnell, Tyrone. “Federal, State and Local Law Enforcement Agency Interoperability Capabilities and Cyber Vulnerabilities.” 2019. Web. 26 Feb 2021.
Vancouver:
Trapnell T. Federal, State and Local Law Enforcement Agency Interoperability Capabilities and Cyber Vulnerabilities. [Internet] [Masters thesis]. University of Central Florida; 2019. [cited 2021 Feb 26].
Available from: https://stars.library.ucf.edu/etd/6342.
Council of Science Editors:
Trapnell T. Federal, State and Local Law Enforcement Agency Interoperability Capabilities and Cyber Vulnerabilities. [Masters Thesis]. University of Central Florida; 2019. Available from: https://stars.library.ucf.edu/etd/6342
◁ [1] [2] [3] [4] [5] … [69] ▶
. 
Open Access Theses and Dissertations
