You searched for subject:(Information Security).
Showing records 1 – 30 of
1791 total matches.
◁ [1] [2] [3] [4] [5] … [60] ▶
University of Nairobi
1.
Mulievi, Amos M.
Information security policy framework for a manufacturing firm
.
Degree: 2009, University of Nairobi
URL: http://erepository.uonbi.ac.ke:8080/xmlui/handle/123456789/21667 
► Information and the supporting processes, systems, and networks are important business assets. Defining, achieving, maintaining, and improving information security is essential to maintain competitive edge,…
(more)
▼ Information and the supporting processes, systems, and networks are important business assets.
Defining, achieving, maintaining, and improving information security is essential to maintain
competitive edge, cashflow, profitability, legal compliance, and commercial image.
Information Security Policy is necessary to provide management direction and support for
information security in accordance with business requirements and relevant laws and
regulations. Management should set a clear policy direction in line with business objectives and
demonstrate support for, and commitment to, information security through the issue and
maintenance of an information security policy across the organization.
Organizations and their information systems and networks arefaced with security threatsfrom a
wide range of sources, including computer-assisted fraud, espionage, sabotage, vandalism, fire
or.flood. Damages caused by events such as malicious code, computer hacking, and denial of
service attacks have become more common, more ambitious, and increasingly sophisticated.
Information security should protect the interests of those relying on information, and the systems
and communications that deliver the information, from harm resulting infailures of availability,
confidentiality, integrity, authenticity, and non-repudiation.
The objective of this research project was to define and develop an Information Security Policy
Framework that is representative of the Kenyan manufacturing setup. The research involved
~valuation of a number of Information Security models; to design a framework that can be
adapted, customized and extended to address all areas of an organization. ISO/IEC 27002: 2005
Information Security model was used to ensure a more comprehensive security framework that is
representative and complete.
This research project also identified gaps in the existing local and global standards by carrying
out a detailed gap analysis to design a security policy framework that addresses all security
requirements of an organization. It also recommended implementation and maintenance
procedures that will ensure that security policyframeworks are complete, practical and effective.
Subjects/Keywords: Information Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Mulievi, A. M. (2009). Information security policy framework for a manufacturing firm
. (Thesis). University of Nairobi. Retrieved from http://erepository.uonbi.ac.ke:8080/xmlui/handle/123456789/21667
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Mulievi, Amos M. “Information security policy framework for a manufacturing firm
.” 2009. Thesis, University of Nairobi. Accessed February 22, 2020.
http://erepository.uonbi.ac.ke:8080/xmlui/handle/123456789/21667.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Mulievi, Amos M. “Information security policy framework for a manufacturing firm
.” 2009. Web. 22 Feb 2020.
Vancouver:
Mulievi AM. Information security policy framework for a manufacturing firm
. [Internet] [Thesis]. University of Nairobi; 2009. [cited 2020 Feb 22].
Available from: http://erepository.uonbi.ac.ke:8080/xmlui/handle/123456789/21667.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Mulievi AM. Information security policy framework for a manufacturing firm
. [Thesis]. University of Nairobi; 2009. Available from: http://erepository.uonbi.ac.ke:8080/xmlui/handle/123456789/21667
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Cincinnati
2.
Hausrath, Nathaniel L.
Methods for Hospital Network and Computer Security.
Degree: MS, Engineering and Applied Science: Computer
Science, 2011, University of Cincinnati
URL: http://rave.ohiolink.edu/etdc/view?acc_num=ucin1303845234
► Hospital IT security presents many unique challenges that must be solved by the entire organization. Network and computer threats can cause thousands of dollars in…
(more)
▼ Hospital IT
security presents many unique challenges
that must be solved by the entire organization. Network and
computer threats can cause thousands of dollars in lost time and
resources, legal repercussions, and damaged repu- tation. Despite
warnings from a wealth of public breach notifications, many
hospitals are inadequately prepared to deal with today’s
computer-based at- tacks.This thesis explores the root causes of
hospital network and computer in-
security, and addresses these
problems with methods implemented in actual hospitals. A lack of
comprehension of methods to assess and implement secu- rity
measures by hospital IT
security employees can hinder network
visibility and prevent their ability to stop threats. In addition,
these same people are unable to express
security concerns in terms
management can understand, harming their credibility within the
business as a whole. Without this sup- port, organizational change
is impossible. By addressing these concerns with a combination of
people, process, and tools, we can solve complex problems, protect
patient data, and ensure IT operations so hospitals can serve their
community and save lives.
Advisors/Committee Members: Franco, John (Committee Chair).
Subjects/Keywords: Information Technology; hospital it Security; information security; network security; computer security; hospital information security; security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Hausrath, N. L. (2011). Methods for Hospital Network and Computer Security. (Masters Thesis). University of Cincinnati. Retrieved from http://rave.ohiolink.edu/etdc/view?acc_num=ucin1303845234
Chicago Manual of Style (16th Edition):
Hausrath, Nathaniel L. “Methods for Hospital Network and Computer Security.” 2011. Masters Thesis, University of Cincinnati. Accessed February 22, 2020.
http://rave.ohiolink.edu/etdc/view?acc_num=ucin1303845234.
MLA Handbook (7th Edition):
Hausrath, Nathaniel L. “Methods for Hospital Network and Computer Security.” 2011. Web. 22 Feb 2020.
Vancouver:
Hausrath NL. Methods for Hospital Network and Computer Security. [Internet] [Masters thesis]. University of Cincinnati; 2011. [cited 2020 Feb 22].
Available from: http://rave.ohiolink.edu/etdc/view?acc_num=ucin1303845234.
Council of Science Editors:
Hausrath NL. Methods for Hospital Network and Computer Security. [Masters Thesis]. University of Cincinnati; 2011. Available from: http://rave.ohiolink.edu/etdc/view?acc_num=ucin1303845234
3.
Garrett, Keith.
Vulnerabililty Analysis of Multi-Factor Authentication Protocols.
Degree: 2016, University of North Florida
URL: https://digitalcommons.unf.edu/etd/715
► In this thesis, the author hypothesizes that the use of computationally intensive mathematical operations in password authentication protocols can lead to security vulnerabilities in those…
(more)
▼ In this thesis, the author hypothesizes that the use of computationally intensive mathematical operations in password authentication protocols can lead to security vulnerabilities in those protocols. In order to test this hypothesis: 1. A generalized algorithm for cryptanalysis was formulated to perform a clogging attack (a formof denial of service) on protocols that use computationally intensive modular exponentiation to guarantee security. 2. This technique was then applied to cryptanalyze four recent password authentication protocols, to determine their susceptibility to the clogging attack. The protocols analyzed in this thesis differ in their usage of factors (smart cards, memory drives, etc.) or their method of communication (encryption, nonces, timestamps, etc.). Their similarity lies in their use of computationally intensivemodular exponentiation as amediumof authentication. It is concluded that the strengths of all the protocols studied in this thesis can be combined tomake each of the protocols secure from the clogging attack. The conclusion is supported by designing countermeasures for each protocol against the clogging attack.
Subjects/Keywords: clogging attack security; Information Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Garrett, K. (2016). Vulnerabililty Analysis of Multi-Factor Authentication Protocols. (Thesis). University of North Florida. Retrieved from https://digitalcommons.unf.edu/etd/715
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Garrett, Keith. “Vulnerabililty Analysis of Multi-Factor Authentication Protocols.” 2016. Thesis, University of North Florida. Accessed February 22, 2020.
https://digitalcommons.unf.edu/etd/715.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Garrett, Keith. “Vulnerabililty Analysis of Multi-Factor Authentication Protocols.” 2016. Web. 22 Feb 2020.
Vancouver:
Garrett K. Vulnerabililty Analysis of Multi-Factor Authentication Protocols. [Internet] [Thesis]. University of North Florida; 2016. [cited 2020 Feb 22].
Available from: https://digitalcommons.unf.edu/etd/715.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Garrett K. Vulnerabililty Analysis of Multi-Factor Authentication Protocols. [Thesis]. University of North Florida; 2016. Available from: https://digitalcommons.unf.edu/etd/715
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Wollongong
4.
Saad Alarifi, Abdulaziz.
Assessing and mitigating information security risk in Saudi Arabia.
Degree: PhD, 2013, University of Wollongong
URL: 0806
INFORMATION
SYSTEMS,
080609
Information
Systems
Management
;
https://ro.uow.edu.au/theses/4317
► While the Web, cell phone ‘apps’ and cloud computing put a world of information at our fingertips, that information is under constant threat from…
(more)
▼ While the Web, cell phone ‘apps’ and cloud computing put a world of information at our fingertips, that information is under constant threat from cyber vandals and hackers. This thesis examines the level of Information Security Awareness (ISA) among the general public and Information Security (InfoSec) practices among IT departments in organizations in Saudi Arabia. This examination was conducted using an online survey that was based on instruments produced by organizations specializing in information security, such as the Malaysian Cyber Security Organization, the Excellence of Information Assurance Centre, and Alelm organization in Saudi Arabia. Due to cultural constraints, it would ordinarily be difficult to gather data from female respondents in Saudi Arabia, however, the use of an online survey helped to collect the data successfully. The ISA survey attracted 462 respondents from the general public and the InfoSec survey attracted 124 respondent organizations. Results indicated that information security awareness and practices in Saudi Arabia are quite low. Several of the areas of weakness in InfoSec appear to be related to the level of censorship or the patriarchal and tribal nature of Saudi culture. A new information security model (InfoSec CAP) has been designed based on the findings of the research results. This model provides appropriate solutions and improvements for ISA and InfoSec practices in Saudi Arabia. It will also help embed the identified concepts in information security practice globally.
Subjects/Keywords: information security; information security awareness; information systems; information security management
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Saad Alarifi, A. (2013). Assessing and mitigating information security risk in Saudi Arabia. (Doctoral Dissertation). University of Wollongong. Retrieved from 0806 INFORMATION SYSTEMS, 080609 Information Systems Management ; https://ro.uow.edu.au/theses/4317
Chicago Manual of Style (16th Edition):
Saad Alarifi, Abdulaziz. “Assessing and mitigating information security risk in Saudi Arabia.” 2013. Doctoral Dissertation, University of Wollongong. Accessed February 22, 2020.
0806 INFORMATION SYSTEMS, 080609 Information Systems Management ; https://ro.uow.edu.au/theses/4317.
MLA Handbook (7th Edition):
Saad Alarifi, Abdulaziz. “Assessing and mitigating information security risk in Saudi Arabia.” 2013. Web. 22 Feb 2020.
Vancouver:
Saad Alarifi A. Assessing and mitigating information security risk in Saudi Arabia. [Internet] [Doctoral dissertation]. University of Wollongong; 2013. [cited 2020 Feb 22].
Available from: 0806 INFORMATION SYSTEMS, 080609 Information Systems Management ; https://ro.uow.edu.au/theses/4317.
Council of Science Editors:
Saad Alarifi A. Assessing and mitigating information security risk in Saudi Arabia. [Doctoral Dissertation]. University of Wollongong; 2013. Available from: 0806 INFORMATION SYSTEMS, 080609 Information Systems Management ; https://ro.uow.edu.au/theses/4317
University of Colorado
5.
Dixon, Bryan Charles.
Exploring Low Profile Techniques for Malicious Code Detection on Smartphones.
Degree: PhD, Computer Science, 2013, University of Colorado
URL: https://scholar.colorado.edu/csci_gradetds/69
► In recent years there has been a growing number of viruses, rootkits, and malware designed to gain access to system resources and information stored…
(more)
▼ In recent years there has been a growing number of viruses, rootkits, and malware designed to gain access to system resources and
information stored on smartphones. Most current approaches for detecting this malicious code have detrimental impacts on the user in terms of reduced functionality, slower network speeds, or loss of battery life. This work presents a number of approaches that have a minimal impact on the user but offer successful detection of potential malicious code on the smartphone. We do this primarily by focusing on anomalous power use as a method for detecting the presence of malicious code. This work also introduces ways to fine-tune the process by establishing a normal profile of power usage for each user, which increases the rate of malware detection.
Advisors/Committee Members: Shivakant Mishra, Richard Han, Qin Lv, John Black, Eric Keller.
Subjects/Keywords: Mobile Security; Security; Computer Sciences; Information Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Dixon, B. C. (2013). Exploring Low Profile Techniques for Malicious Code Detection on Smartphones. (Doctoral Dissertation). University of Colorado. Retrieved from https://scholar.colorado.edu/csci_gradetds/69
Chicago Manual of Style (16th Edition):
Dixon, Bryan Charles. “Exploring Low Profile Techniques for Malicious Code Detection on Smartphones.” 2013. Doctoral Dissertation, University of Colorado. Accessed February 22, 2020.
https://scholar.colorado.edu/csci_gradetds/69.
MLA Handbook (7th Edition):
Dixon, Bryan Charles. “Exploring Low Profile Techniques for Malicious Code Detection on Smartphones.” 2013. Web. 22 Feb 2020.
Vancouver:
Dixon BC. Exploring Low Profile Techniques for Malicious Code Detection on Smartphones. [Internet] [Doctoral dissertation]. University of Colorado; 2013. [cited 2020 Feb 22].
Available from: https://scholar.colorado.edu/csci_gradetds/69.
Council of Science Editors:
Dixon BC. Exploring Low Profile Techniques for Malicious Code Detection on Smartphones. [Doctoral Dissertation]. University of Colorado; 2013. Available from: https://scholar.colorado.edu/csci_gradetds/69
University of Plymouth
6.
Talib, Shuhaili.
Personalising information security education.
Degree: PhD, 2014, University of Plymouth
URL: http://hdl.handle.net/10026.1/2896
► Whilst technological solutions go a long way in providing protection for users online, it has been long understood that the individual also plays a pivotal…
(more)
▼ Whilst technological solutions go a long way in providing protection for users online, it has been long understood that the individual also plays a pivotal role. Even with the best of protection, an ill-informed person can effectively remove any protection the control might provide. Information security awareness is therefore imperative to ensure a population is well educated with respect to the threats that exist to one’s electronic information, and how to better protect oneself. Current information security awareness strategies are arguably lacking in their ability to provide a robust and personalised approach to educating users, opting for a blanket, one-size-fits-all solution. This research focuses upon achieving a better understanding of the information security awareness domain; appreciating the requirements such a system would need; and importantly, drawing upon established learning paradigms in seeking to design an effective personalised information security education. A survey was undertaken to better understand how people currently learn about information security. It focussed primarily upon employees of organisations, but also examined the relationship between work and home environments and security practice. The survey also focussed upon understanding how people learn and their preferences for styles of learning. The results established that some good work was being undertaken by organisations in terms of security awareness, and that respondents benefited from such training – both in their workplace and also at home – with a positive relationship between learning at the workplace and practise at home. The survey highlighted one key aspect for both the training provided and the respondents’ preference for learning styles. It varies. It is also clear, that it was difficult to establish the effectiveness of such training and the impact upon practice. The research, after establishing experimentally that personalised learning was a viable approach, proceeded to develop a model for information security awareness that utilised the already successful field of pedagogy and individualised learning. The resulting novel framework “Personalising Information Security Education (PISE)” is proposed. The framework is a holistic approach to solving the problem of information security awareness that can be applied both in the workplace environment and as a tool for the general public. It does not focus upon what is taught, but rather, puts into place the processes to enable an individual to develop their own information security personalised learning plan and to measure their progress through the learning experience.
Subjects/Keywords: 005.8; Information security awareness; Information security education
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Talib, S. (2014). Personalising information security education. (Doctoral Dissertation). University of Plymouth. Retrieved from http://hdl.handle.net/10026.1/2896
Chicago Manual of Style (16th Edition):
Talib, Shuhaili. “Personalising information security education.” 2014. Doctoral Dissertation, University of Plymouth. Accessed February 22, 2020.
http://hdl.handle.net/10026.1/2896.
MLA Handbook (7th Edition):
Talib, Shuhaili. “Personalising information security education.” 2014. Web. 22 Feb 2020.
Vancouver:
Talib S. Personalising information security education. [Internet] [Doctoral dissertation]. University of Plymouth; 2014. [cited 2020 Feb 22].
Available from: http://hdl.handle.net/10026.1/2896.
Council of Science Editors:
Talib S. Personalising information security education. [Doctoral Dissertation]. University of Plymouth; 2014. Available from: http://hdl.handle.net/10026.1/2896
7.
Kirkham, Andrew Nicholas.
Evaluating the Gasday Security Policy Through Penetration Testing and Application of the Nist Cybersecurity Framework.
Degree: 2016, Marquette University
URL: https://epublications.marquette.edu/theses_open/342
► This thesis explores cybersecurity from the perspective of the Marquette University GasDay lab. We analyze three different areas of cybersecurity in three independent chapters. Our…
(more)
▼ This thesis explores cybersecurity from the perspective of the Marquette University GasDay lab. We analyze three different areas of cybersecurity in three independent chapters. Our goal is to improve the cybersecurity capabilities of GasDay, Marquette University, and the natural gas industry. We present network penetration testing as a process of attempting to gain access to resources of GasDay without prior knowledge of any valid credentials. We discuss our method of identifying potential targets using industry standard reconnaissance methods. We outline the process of attempting to gain access to these targets using automated tools and manual exploit creation. We propose several solutions to those targets successfully exploited and recommendations for others. Next, we discuss GasDay Web and techniques to validate the
security of a web-based GasDay software product. We use a form of penetration testing specifically targeted for a website. We demonstrate several vulnerabilities that are able to cripple the availability of the website and recommendations to mitigate these vulnerabilities. We then present the results of performing an inspection of GasDay Web code to uncover vulnerabilities undetectable by automated tools and make suggestions on their fixes. We discuss recommendations on how vulnerabilities can be mitigated or detected in the future. Finally, we apply the NIST Cybersecurity Framework to GasDay. We present the Department of Energy recommendations for the natural gas industry. Using these recommendations and the NIST Framework, we evaluate the overall cybersecurity maturity of the GasDay lab. We present several recommendations where GasDay could improve the maturity levels that are cost-effective and easy to implement. We identify several items missing from a cybersecurity plan and propose methods to implement them. The results of this thesis show that cybersecurity at a research lab is difficult. We demonstrate that even as a member of Marquette University, GasDay cannot rely on Marquette for cybersecurity. We show that the primary obstacle is lack of
information - about cybersecurity and the assets GasDay controls. We make recommendations on how these items can be effectively created and managed.
Advisors/Committee Members: Corliss, Geroge, Brown, Ronald H., Povinelli, Richard J..
Subjects/Keywords: cybersecurity; information security; penetration testing; Information Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Kirkham, A. N. (2016). Evaluating the Gasday Security Policy Through Penetration Testing and Application of the Nist Cybersecurity Framework. (Thesis). Marquette University. Retrieved from https://epublications.marquette.edu/theses_open/342
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Kirkham, Andrew Nicholas. “Evaluating the Gasday Security Policy Through Penetration Testing and Application of the Nist Cybersecurity Framework.” 2016. Thesis, Marquette University. Accessed February 22, 2020.
https://epublications.marquette.edu/theses_open/342.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Kirkham, Andrew Nicholas. “Evaluating the Gasday Security Policy Through Penetration Testing and Application of the Nist Cybersecurity Framework.” 2016. Web. 22 Feb 2020.
Vancouver:
Kirkham AN. Evaluating the Gasday Security Policy Through Penetration Testing and Application of the Nist Cybersecurity Framework. [Internet] [Thesis]. Marquette University; 2016. [cited 2020 Feb 22].
Available from: https://epublications.marquette.edu/theses_open/342.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Kirkham AN. Evaluating the Gasday Security Policy Through Penetration Testing and Application of the Nist Cybersecurity Framework. [Thesis]. Marquette University; 2016. Available from: https://epublications.marquette.edu/theses_open/342
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Hawaii – Manoa
8.
Aurigemma, Salvatore.
From the weakest link to the best defense : exploring the factors that affect employee intention to comply with information security policies.
Degree: 2016, University of Hawaii – Manoa
URL: http://hdl.handle.net/10125/101889
► Ph.D. University of Hawaii at Manoa 2013.
Information and information systems have become embedded in the fabric of contemporary organizations throughout the world. As the…
(more)
▼ Ph.D. University of Hawaii at Manoa 2013.
Information and information systems have become embedded in the fabric of contemporary organizations throughout the world. As the reliance on information technology has increased, so too have the threats and costs associated with protecting organizational information resources. To combat potential information security threats, organizations rely upon information security policies to guide employee actions.
Unfortunately, employee violations of such policies are common and costly enough that users are often considered the weakest link in information security. The challenge for researchers and practitioners alike is to help transform employees from the weakest link to the best line of information security defense.
Building upon recent empirical research in information security policy behavioral compliance, this study provides a composite theoretical framework that captures key factors shown to impact an employee's behavioral intent to comply with related policies. The theoretical framework is tested and validated in a real organizational context employing a robust and well-defined set of information security policies, a first in this burgeoning line of research. This study also evaluates how behavioral intent to follow security policies varies for employees for both the general specter of information security policy compliance and specific guidance for three common security threats.
This study found that the primary factors affecting behavioral intent (subjective norms, organizational commitment, attitude, perceived behavioral control, and selfefficacy) had strong, positive relationships with intent to comply with information security policies when examined at a high level of general compliance. However, when the factors affecting behavioral intent and attitude towards a security behavior were evaluated for specific information security threat contexts, individual factor importance and significance varied greatly.
These results indicate that threat context plays an essential role in clarifying the roles of specific behavioral antecedents; there may be limited value in future research focusing on general information security threats.
This study failed to establish a significant relationship between behavioral compliance intent and an employee's perception of his or her ability to enforce the mandatory information security policy requirements on coworkers. However, the study did highlight a potential gap in the composite theoretical framework for this important phenomenon, which should be addressed in future research.
Subjects/Keywords: information security policies
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Aurigemma, S. (2016). From the weakest link to the best defense : exploring the factors that affect employee intention to comply with information security policies. (Thesis). University of Hawaii – Manoa. Retrieved from http://hdl.handle.net/10125/101889
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Aurigemma, Salvatore. “From the weakest link to the best defense : exploring the factors that affect employee intention to comply with information security policies.” 2016. Thesis, University of Hawaii – Manoa. Accessed February 22, 2020.
http://hdl.handle.net/10125/101889.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Aurigemma, Salvatore. “From the weakest link to the best defense : exploring the factors that affect employee intention to comply with information security policies.” 2016. Web. 22 Feb 2020.
Vancouver:
Aurigemma S. From the weakest link to the best defense : exploring the factors that affect employee intention to comply with information security policies. [Internet] [Thesis]. University of Hawaii – Manoa; 2016. [cited 2020 Feb 22].
Available from: http://hdl.handle.net/10125/101889.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Aurigemma S. From the weakest link to the best defense : exploring the factors that affect employee intention to comply with information security policies. [Thesis]. University of Hawaii – Manoa; 2016. Available from: http://hdl.handle.net/10125/101889
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Nairobi
9.
Abass, Jabir S.
A Survey Of Implementation Of Information Security Awareness Programs By Financial Institutions In Kenya
.
Degree: 2009, University of Nairobi
URL: http://hdl.handle.net/11295/96497
► The need for ICT in financial institutions is increasingly inevitable given that the number of transactions is high, customers are many and spread. In such…
(more)
▼ The need for ICT in financial institutions is increasingly inevitable given that the number of
transactions is high, customers are many and spread. In such cases manual methods of keeping
track of customer payments and transactions become very difficult and inefficient causing the
organizations to be susceptible to theft, frauds and errors. However with increased introduction
of ICT financial institutions are exposed to many risks that can result in the possibility of
financial loss or reputation risk. This has forced firms to undertake information security
awareness programs to protect these critical systems, hence the need for the study, which had
three objectives. The first objective was to determine the extent to which information system
security awareness program are implemented by financial institutions in Kenya. The second was
to determine the methods that financial institutions in Kenya use to propagate their information
system security awareness programs. The third was to establish the challenges faced in the
implementation of information system security awareness program in financial institutions in
Kenya.
Primary data was the main form of data used in this research and it was collected using
questionnaires. Forty questionnaires were personally administered to the respondents and out of
these thirty were collected. The questionnaires had both open and closed ended questions. The
respondents were IT security managers and the assistants in financial institutions. The ''drop and
pick later" method was used to administer the questionnaires. The data collected was subjected
to descriptive and factor analysis.
The findings of the of the study show that majority of the financial institutions in Kenya
appreciate the need for information security awareness and have implemented the same. The
findings further revealed that 100% of the organizations used New Hire Orientation and
Acceptance use Policy methods in undertaking information system security awareness. The
main challenges to implementing the awareness program in the firms were noted to be improper
training venue and lack of security awareness skills by trainers across most organizations.
The study shows that financial institutions have implemented information system security
awareness covering employees within the sector as a continued counter measures to security
threats. This is evidenced by the presence of information security team in most of the firms also
shows their inclination to reduce risks. Financial institutions are governed by a written and
formal information security policy which is continuously updated to keep abreast with
i x
technological changes. It was also evident that most financial institutions had budget for
information system security awareness programs.
It can therefore be concluded that information security awareness program have been
implemented by financial institutions in Kenya using various methods covering all employees
although faced with some challenges in its implementation.
Subjects/Keywords: Information Security Awareness
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Abass, J. S. (2009). A Survey Of Implementation Of Information Security Awareness Programs By Financial Institutions In Kenya
. (Thesis). University of Nairobi. Retrieved from http://hdl.handle.net/11295/96497
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Abass, Jabir S. “A Survey Of Implementation Of Information Security Awareness Programs By Financial Institutions In Kenya
.” 2009. Thesis, University of Nairobi. Accessed February 22, 2020.
http://hdl.handle.net/11295/96497.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Abass, Jabir S. “A Survey Of Implementation Of Information Security Awareness Programs By Financial Institutions In Kenya
.” 2009. Web. 22 Feb 2020.
Vancouver:
Abass JS. A Survey Of Implementation Of Information Security Awareness Programs By Financial Institutions In Kenya
. [Internet] [Thesis]. University of Nairobi; 2009. [cited 2020 Feb 22].
Available from: http://hdl.handle.net/11295/96497.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Abass JS. A Survey Of Implementation Of Information Security Awareness Programs By Financial Institutions In Kenya
. [Thesis]. University of Nairobi; 2009. Available from: http://hdl.handle.net/11295/96497
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
McMaster University
10.
Tu, Zhiling.
Information Security Management: A Critical Success Factors Analysis.
Degree: PhD, 2015, McMaster University
URL: http://hdl.handle.net/11375/18168
► Information security has been a crucial strategic issue in organizational management. Information security management (ISM) is a systematic process of effectively coping with information security…
(more)
▼ Information security has been a crucial strategic issue in organizational management. Information security management (ISM) is a systematic process of effectively coping with information security threats and risks in an organization, through the application of a suitable range of physical, technical or operational security controls, to protect information assets and achieve business goals. There is a strong need for rigorous qualitative and quantitative empirical studies in the field of organizational information security management in order to better understand how to optimize the ISM process.
Applying critical success factors approach, this study builds a theoretical model to investigate main factors that contribute to ISM success. The following tasks were carried out: (1) identify critical success factors of ISM performance; (2) build an ISM success model and develop related hypotheses; (3) develop construct measures for critical success factors and ISM performance evaluations; (4) collect data from the industry through interviews and surveys; and (5) empirically verify the model through quantitative analysis.
The proposed theoretical model was empirically tested with data collected from a survey of managers who were presently involved with decision making regarding their company's information security (N=219). Overall, the theoretical model was successful in capturing the main antecedents of ISM performance. The results suggest that with business alignment, organizational support, IT competences, and organizational awareness of security risks and controls, information security controls can be effectively developed, resulting in successful information security management.
This study contributes to the advancement of the information security management literature by (1) proposing a theoretical model to examine the effects of critical organizational success factors on the organization’s ISM performance, (2) empirically validating this proposed model, (3) developing and validating an ISM performance construct, and (4) reviewing the most influential information security management standards and trying to validate some basic guidelines of the standard.
Thesis
Doctor of Philosophy (PhD)
This thesis addresses three research questions: (1) How to measure ISM performance? (2) What are the critical factors that must be present to make ISM effective? And, (3) how do these factors contribute to the success of ISM?
To the best of the researcher’s knowledge, this is the first known study to empirically investigate the most important factors for ISM success and their impact on ISM performance. This study contributes to the advancement of the information security management literature by (1) proposing a theoretical model to examine the effects of critical organizational success factors on the organization’s ISM performance, (2) empirically validating this proposed model, (3) developing and validating an ISM performance construct, and (4) reviewing the most influential information security management standards and…
Advisors/Committee Members: Yuan, Yufei, Business.
Subjects/Keywords: Information Security Management
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Tu, Z. (2015). Information Security Management: A Critical Success Factors Analysis. (Doctoral Dissertation). McMaster University. Retrieved from http://hdl.handle.net/11375/18168
Chicago Manual of Style (16th Edition):
Tu, Zhiling. “Information Security Management: A Critical Success Factors Analysis.” 2015. Doctoral Dissertation, McMaster University. Accessed February 22, 2020.
http://hdl.handle.net/11375/18168.
MLA Handbook (7th Edition):
Tu, Zhiling. “Information Security Management: A Critical Success Factors Analysis.” 2015. Web. 22 Feb 2020.
Vancouver:
Tu Z. Information Security Management: A Critical Success Factors Analysis. [Internet] [Doctoral dissertation]. McMaster University; 2015. [cited 2020 Feb 22].
Available from: http://hdl.handle.net/11375/18168.
Council of Science Editors:
Tu Z. Information Security Management: A Critical Success Factors Analysis. [Doctoral Dissertation]. McMaster University; 2015. Available from: http://hdl.handle.net/11375/18168
University of Melbourne
11.
Onibere, Mazino.
Information security manager as a strategist.
Degree: 2015, University of Melbourne
URL: http://hdl.handle.net/11343/56595
► The modern organisation operates within a highly complex and sophisticated security threat landscape that exposes its information infrastructure to a range of security risks. This…
(more)
▼ The modern organisation operates within a highly complex and sophisticated security threat landscape that exposes its information infrastructure to a range of security risks. This threat landscape includes advanced persistent threat (APT) – attackers are well-trained, organised, well-funded and capable of utilising a range of technologies to inflict damage over a prolonged period of time (Giura & Wang 2012; Ahmad 2010). Unsurprisingly, despite the existence of industry ‘best-practice’ security standards and unprecedented levels of investment in security infrastructure, the rate of incidents continues to escalate. The fundamental premise of this thesis is that the level of sophistication of threat requires organisations to develop novel security strategies that draw on creative and lateral thinking approaches. Such a security campaign requires the security manager to function as a ‘strategist’ by exercising ‘strategic thinking’.
A review of security literature found little or no evidence that security managers are able or expected to function as strategists. Therefore this research project aims to identify the specific capabilities required by security managers to become effective strategists. A systematic literature review approach was adopted to determine 1) the existing role of the security manager from security literature, and 2) characteristics of a strategist from the management literature. Findings from a review of these literatures revealed 1) a strategic perspective of Information Security Management is missing, and 2) the management literature identifies a range of characteristics and qualities of a strategist. The latter was coded into the 5 dimensions of the strategist. These 5 dimensions are then discussed in the context of security managers and current strategic challenges facing security management. The result was a set of security capabilities required by security mangers to function as strategists. The thesis outlines implications for further research, including the need to expand the scope of literature review to warfare literature and the need to empirically test the 5 dimensions.
Subjects/Keywords: information security strategy; information security management; information security strategic challenges; information security strategist
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Onibere, M. (2015). Information security manager as a strategist. (Masters Thesis). University of Melbourne. Retrieved from http://hdl.handle.net/11343/56595
Chicago Manual of Style (16th Edition):
Onibere, Mazino. “Information security manager as a strategist.” 2015. Masters Thesis, University of Melbourne. Accessed February 22, 2020.
http://hdl.handle.net/11343/56595.
MLA Handbook (7th Edition):
Onibere, Mazino. “Information security manager as a strategist.” 2015. Web. 22 Feb 2020.
Vancouver:
Onibere M. Information security manager as a strategist. [Internet] [Masters thesis]. University of Melbourne; 2015. [cited 2020 Feb 22].
Available from: http://hdl.handle.net/11343/56595.
Council of Science Editors:
Onibere M. Information security manager as a strategist. [Masters Thesis]. University of Melbourne; 2015. Available from: http://hdl.handle.net/11343/56595
University of Cincinnati
12.
Marck, Austin J.
Abusing Android TV Box for Fun and Profit.
Degree: MS, Education, Criminal Justice, and Human Services:
Information Technology-Distance Learning, 2017, University of Cincinnati
URL: http://rave.ohiolink.edu/etdc/view?acc_num=ucin1504786962271509
► Android devices can execute powerful attacks and leverage vulnerabilities within the Internet of Things (IoT) in ways similar to personal computers. Attacks on the Android…
(more)
▼ Android devices can execute powerful attacks and
leverage vulnerabilities within the Internet of Things (IoT) in
ways similar to personal computers. Attacks on the Android platform
against mobile devices is an area well explored by numerous
researchers.Devices powered by Android that are not mobile in
nature do not share many of the attack vectors found in prior
studies, and the limitations of these devices had not been
explored. We first examine the means with which one can exploit a
TV box device that is connected within the IoT, and what gaining
access to such a device means. We demonstrate the
security severity
of the Android TV box brought to home networks with case studies.
We also show that these proposed attacks cannot be detected by
current antivirus applications. Furthermore, we propose an
effective multi-line defense approach to secure our home networks
against these attacks.
Advisors/Committee Members: Wei, Xuetao (Committee Chair).
Subjects/Keywords: Information Technology; Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Marck, A. J. (2017). Abusing Android TV Box for Fun and Profit. (Masters Thesis). University of Cincinnati. Retrieved from http://rave.ohiolink.edu/etdc/view?acc_num=ucin1504786962271509
Chicago Manual of Style (16th Edition):
Marck, Austin J. “Abusing Android TV Box for Fun and Profit.” 2017. Masters Thesis, University of Cincinnati. Accessed February 22, 2020.
http://rave.ohiolink.edu/etdc/view?acc_num=ucin1504786962271509.
MLA Handbook (7th Edition):
Marck, Austin J. “Abusing Android TV Box for Fun and Profit.” 2017. Web. 22 Feb 2020.
Vancouver:
Marck AJ. Abusing Android TV Box for Fun and Profit. [Internet] [Masters thesis]. University of Cincinnati; 2017. [cited 2020 Feb 22].
Available from: http://rave.ohiolink.edu/etdc/view?acc_num=ucin1504786962271509.
Council of Science Editors:
Marck AJ. Abusing Android TV Box for Fun and Profit. [Masters Thesis]. University of Cincinnati; 2017. Available from: http://rave.ohiolink.edu/etdc/view?acc_num=ucin1504786962271509
University of Texas – Austin
13.
Rueda, Daniel F.
Healthcare is the most breached industry : how do we change that?.
Degree: MSin Identity Management and Security, Identity Management and Security, 2017, University of Texas – Austin
URL: http://hdl.handle.net/2152/63766
► Healthcare is the most breached industry in the United States. Health records are now fetching more money on the black market than credit card numbers.…
(more)
▼ Healthcare is the most breached industry in the United States. Health records are now fetching more money on the black market than credit card numbers. Threats to Healthcare data
security come from criminal hackers, hacktivists, state-sponsored hackers, malicious employees with perhaps the greatest threat coming from accidental or negligent disclosure by employees. Most
information security related investments are driven by the need to meet Health Insurance Portability and Accountability Act (HIPAA) requirements. Typically, these investments are characterized by heavy reliance on technology, outsourcing
security activities, and risk transfer (Cyber Liability Policy). As a result of this compliance focused
security spending, little headway is made in reducing the number of breaches in healthcare. Two important weaknesses that will continue to inhibit progress in protecting health
information are: the industry lacks a culture of
security, and there is a lack of strong leadership among those tasked with overseeing
information security.
Advisors/Committee Members: Fleischmann, Kenneth R. (advisor), Blaha, Craig (committee member).
Subjects/Keywords: Healthcare; Information security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Rueda, D. F. (2017). Healthcare is the most breached industry : how do we change that?. (Masters Thesis). University of Texas – Austin. Retrieved from http://hdl.handle.net/2152/63766
Chicago Manual of Style (16th Edition):
Rueda, Daniel F. “Healthcare is the most breached industry : how do we change that?.” 2017. Masters Thesis, University of Texas – Austin. Accessed February 22, 2020.
http://hdl.handle.net/2152/63766.
MLA Handbook (7th Edition):
Rueda, Daniel F. “Healthcare is the most breached industry : how do we change that?.” 2017. Web. 22 Feb 2020.
Vancouver:
Rueda DF. Healthcare is the most breached industry : how do we change that?. [Internet] [Masters thesis]. University of Texas – Austin; 2017. [cited 2020 Feb 22].
Available from: http://hdl.handle.net/2152/63766.
Council of Science Editors:
Rueda DF. Healthcare is the most breached industry : how do we change that?. [Masters Thesis]. University of Texas – Austin; 2017. Available from: http://hdl.handle.net/2152/63766
Loughborough University
14.
Al-Hamar, Aisha.
Enhancing information security in organisations in Qatar.
Degree: PhD, 2018, Loughborough University
URL: https://dspace.lboro.ac.uk/2134/33541
;
https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.747959
► Due to the universal use of technology and its pervasive connection to the world, organisations have become more exposed to frequent and various threats. Therefore,…
(more)
▼ Due to the universal use of technology and its pervasive connection to the world, organisations have become more exposed to frequent and various threats. Therefore, organisations today are giving more attention to information security as it has become a vital and challenging issue. Many researchers have noted that the significance of information security, particularly information security policies and awareness, is growing due to increasing use of IT and computerization. In the last 15 years, the State of Qatar has witnessed remarkable growth and development of its civilization, having embraced information technology as a base for innovation and success. The country has undergone tremendous improvements in the health care, education and transport sectors. Information technology plays a strategic role in building the country's knowledge-based economy. Due to Qatar s increasing use of the internet and connection to the global environment, it needs to adequately address the global threats arising online. As a result, the scope of this research is to investigate information security in Qatar and in particular the National Information Assurance (NIA) policy. There are many solutions for information security some technical and some non-technical such as policies and making users aware of the dangers. This research focusses on enhancing information security through non-technical solutions. The aim of this research is to improve Qatari organisations information security processes by developing a comprehensive Information Security Management framework that is applicable for implementation of the NIA policy, taking into account Qatar's culture and environment. To achieve the aim of this research, different research methodologies, strategies and data collection methods will be used, such as a literature review, surveys, interviews and case studies. The main findings of this research are that there is insufficient information security awareness in organisations in Qatar and a lack of a security culture, and that the current NIA policy has many barriers that need to be addressed. The barriers include a lack of information security awareness, a lack of dedicated information security staff, and a lack of a security culture. These barriers are addressed by the proposed information security management framework, which is based on four strategic goals: empowering Qataris in the field of information security, enhancing information security awareness and culture, activating the Qatar National Information Assurance policy in real life, and enabling Qatar to become a regional leader in information security. The research also provides an information security awareness programme for employees and university students. At the time of writing this thesis, there are already indications that the research will have a positive impact on information security in Qatar. A significant example is that the information security awareness programme for employees has been approved for implementation at the Ministry of Administrative Development Labour and…
Subjects/Keywords: Information security; Information security policy; Information security awareness; Information security management system; Information security culture; Qatar National Information Assurance policy
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Al-Hamar, A. (2018). Enhancing information security in organisations in Qatar. (Doctoral Dissertation). Loughborough University. Retrieved from https://dspace.lboro.ac.uk/2134/33541 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.747959
Chicago Manual of Style (16th Edition):
Al-Hamar, Aisha. “Enhancing information security in organisations in Qatar.” 2018. Doctoral Dissertation, Loughborough University. Accessed February 22, 2020.
https://dspace.lboro.ac.uk/2134/33541 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.747959.
MLA Handbook (7th Edition):
Al-Hamar, Aisha. “Enhancing information security in organisations in Qatar.” 2018. Web. 22 Feb 2020.
Vancouver:
Al-Hamar A. Enhancing information security in organisations in Qatar. [Internet] [Doctoral dissertation]. Loughborough University; 2018. [cited 2020 Feb 22].
Available from: https://dspace.lboro.ac.uk/2134/33541 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.747959.
Council of Science Editors:
Al-Hamar A. Enhancing information security in organisations in Qatar. [Doctoral Dissertation]. Loughborough University; 2018. Available from: https://dspace.lboro.ac.uk/2134/33541 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.747959
Loughborough University
15.
Al-Hamar, Aisha.
Enhancing information security in organisations in Qatar.
Degree: PhD, 2018, Loughborough University
URL: http://hdl.handle.net/2134/33541
► Due to the universal use of technology and its pervasive connection to the world, organisations have become more exposed to frequent and various threats. Therefore,…
(more)
▼ Due to the universal use of technology and its pervasive connection to the world, organisations have become more exposed to frequent and various threats. Therefore, organisations today are giving more attention to information security as it has become a vital and challenging issue. Many researchers have noted that the significance of information security, particularly information security policies and awareness, is growing due to increasing use of IT and computerization. In the last 15 years, the State of Qatar has witnessed remarkable growth and development of its civilization, having embraced information technology as a base for innovation and success. The country has undergone tremendous improvements in the health care, education and transport sectors. Information technology plays a strategic role in building the country's knowledge-based economy. Due to Qatar s increasing use of the internet and connection to the global environment, it needs to adequately address the global threats arising online. As a result, the scope of this research is to investigate information security in Qatar and in particular the National Information Assurance (NIA) policy. There are many solutions for information security some technical and some non-technical such as policies and making users aware of the dangers. This research focusses on enhancing information security through non-technical solutions. The aim of this research is to improve Qatari organisations information security processes by developing a comprehensive Information Security Management framework that is applicable for implementation of the NIA policy, taking into account Qatar's culture and environment. To achieve the aim of this research, different research methodologies, strategies and data collection methods will be used, such as a literature review, surveys, interviews and case studies. The main findings of this research are that there is insufficient information security awareness in organisations in Qatar and a lack of a security culture, and that the current NIA policy has many barriers that need to be addressed. The barriers include a lack of information security awareness, a lack of dedicated information security staff, and a lack of a security culture. These barriers are addressed by the proposed information security management framework, which is based on four strategic goals: empowering Qataris in the field of information security, enhancing information security awareness and culture, activating the Qatar National Information Assurance policy in real life, and enabling Qatar to become a regional leader in information security. The research also provides an information security awareness programme for employees and university students. At the time of writing this thesis, there are already indications that the research will have a positive impact on information security in Qatar. A significant example is that the information security awareness programme for employees has been approved for implementation at the Ministry of Administrative Development Labour and…
Subjects/Keywords: Information security; Information security policy; Information security awareness; Information security management system; Information security culture; Qatar National Information Assurance policy
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Al-Hamar, A. (2018). Enhancing information security in organisations in Qatar. (Doctoral Dissertation). Loughborough University. Retrieved from http://hdl.handle.net/2134/33541
Chicago Manual of Style (16th Edition):
Al-Hamar, Aisha. “Enhancing information security in organisations in Qatar.” 2018. Doctoral Dissertation, Loughborough University. Accessed February 22, 2020.
http://hdl.handle.net/2134/33541.
MLA Handbook (7th Edition):
Al-Hamar, Aisha. “Enhancing information security in organisations in Qatar.” 2018. Web. 22 Feb 2020.
Vancouver:
Al-Hamar A. Enhancing information security in organisations in Qatar. [Internet] [Doctoral dissertation]. Loughborough University; 2018. [cited 2020 Feb 22].
Available from: http://hdl.handle.net/2134/33541.
Council of Science Editors:
Al-Hamar A. Enhancing information security in organisations in Qatar. [Doctoral Dissertation]. Loughborough University; 2018. Available from: http://hdl.handle.net/2134/33541
University of Melbourne
16.
MAYNARD, SEAN.
Strategic information security policy quality assessment: a multiple constituency perspective.
Degree: 2010, University of Melbourne
URL: http://hdl.handle.net/11343/42194
► An integral part of any information security management program is the information security policy. The purpose of an information security policy is to define the…
(more)
▼ An integral part of any information security management program is the information security policy. The purpose of an information security policy is to define the means by which organisations protect the confidentiality, integrity and availability of information and its supporting infrastructure from a range of security threats.
The tenet of this thesis is that the quality of information security policy is inadequately addressed by organisations. Further, although information security policies may undergo multiple revisions as part of a process development lifecycle and, as a result, may generally improve in quality, a more explicit systematic and comprehensive process of quality improvement is required.
A key assertion of this research is that a comprehensive assessment of information security policy requires the involvement of the multiple stakeholders in organisations that derive benefit from the directives of the information security policy. Therefore, this dissertation used a multiple-constituency approach to investigate how security policy quality can be addressed in organisations, given the existence of multiple stakeholders. The formal research question under investigation was: How can multiple constituency quality assessment be used to improve strategic information security policy?
The primary contribution of this thesis to the Information Systems field of knowledge is the development of a model: the Strategic Information Security Policy Quality Model. This model comprises three components: a comprehensive model of quality components, a model of stakeholder involvement and a model for security policy development. The strategic information security policy quality model gives a holistic perspective to organisations to enable management of the security policy quality assessment process.
This research contributes six main contributions as stated below:
This research has demonstrated that a multiple constituency approach is effective for information security policy assessment
This research has developed a set of quality components for information security policy quality assessment
This research has identified that efficiency of the security policy quality assessment process is critical for organisations
This research has formalised security policy quality assessment within policy development
This research has developed a strategic information security policy quality model
This research has identified improvements that can be made to the security policy development lifecycle
The outcomes of this research contend that the security policy lifecycle can be improved by: enabling the identification of when different stakeholders should be involved, identifying those quality components that each of the different stakeholders should assess as part of the quality assessment, and showing organisations which quality components to include or to ignore based on their individual circumstances. This leads to a higher quality information security policy, and should impact positively on an…
Subjects/Keywords: information security management; information security policy; information security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
MAYNARD, S. (2010). Strategic information security policy quality assessment: a multiple constituency perspective. (Doctoral Dissertation). University of Melbourne. Retrieved from http://hdl.handle.net/11343/42194
Chicago Manual of Style (16th Edition):
MAYNARD, SEAN. “Strategic information security policy quality assessment: a multiple constituency perspective.” 2010. Doctoral Dissertation, University of Melbourne. Accessed February 22, 2020.
http://hdl.handle.net/11343/42194.
MLA Handbook (7th Edition):
MAYNARD, SEAN. “Strategic information security policy quality assessment: a multiple constituency perspective.” 2010. Web. 22 Feb 2020.
Vancouver:
MAYNARD S. Strategic information security policy quality assessment: a multiple constituency perspective. [Internet] [Doctoral dissertation]. University of Melbourne; 2010. [cited 2020 Feb 22].
Available from: http://hdl.handle.net/11343/42194.
Council of Science Editors:
MAYNARD S. Strategic information security policy quality assessment: a multiple constituency perspective. [Doctoral Dissertation]. University of Melbourne; 2010. Available from: http://hdl.handle.net/11343/42194
17.
Korovessis, Peter.
Establishing an information security awareness and culture.
Degree: PhD, 2015, University of Plymouth
URL: http://hdl.handle.net/10026.1/3836
► In today’s business environment all business operations are enabled by technology. Its always on and connected nature has brought new business possibilities but at the…
(more)
▼ In today’s business environment all business operations are enabled by technology. Its always on and connected nature has brought new business possibilities but at the same time has increased the number of potential threats. Information security has become an established discipline as more and more businesses realize its value. Many surveys have indicated the importance of protecting valuable information and an important aspect that must be addressed in this regard is information security awareness. The human component has been recognized to have an important role in information security since the only way to reduce security risks is through making employees more information security aware. This also means that employees take responsibility of their actions when dealing with information in their everyday activities. The research is concentrated mainly on information security concepts alongside their relation to the human factor with evidence that users remain susceptible to information security threats, thus illustrating the need for more effective user training in order to raise the level of security awareness. Two surveys were undertaken in order to investigate the potential of raising security awareness within existing education systems by measuring the level of security awareness amongst the online population. The surveys analyzed not only the awareness levels and needs of students during their study and their preparation towards entering the workforce, but also whether this awareness level changes as they progress in their studies. The results of both surveys established that the awareness level of students concerning information security concepts is not at a sufficient level for students entering university education and does not significantly change as they progress their academic life towards entering the workforce. In respect to this, the research proposes and develops the information security toolkit as a prototype awareness raising initiative. The research goes one step further by piloting and evaluating toolkit effectiveness. As an awareness raising method, the toolkit will be the basis for the general technology user to understand the challenges associated with secure use of information technology and help him assess its current knowledge, identify lacks and weaknesses and acquire the required knowledge in order to be competent and confident users of technology.
Subjects/Keywords: 005.8; information security awareness; information security culture; information security surveys; information security practices; information security toolkit
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Korovessis, P. (2015). Establishing an information security awareness and culture. (Doctoral Dissertation). University of Plymouth. Retrieved from http://hdl.handle.net/10026.1/3836
Chicago Manual of Style (16th Edition):
Korovessis, Peter. “Establishing an information security awareness and culture.” 2015. Doctoral Dissertation, University of Plymouth. Accessed February 22, 2020.
http://hdl.handle.net/10026.1/3836.
MLA Handbook (7th Edition):
Korovessis, Peter. “Establishing an information security awareness and culture.” 2015. Web. 22 Feb 2020.
Vancouver:
Korovessis P. Establishing an information security awareness and culture. [Internet] [Doctoral dissertation]. University of Plymouth; 2015. [cited 2020 Feb 22].
Available from: http://hdl.handle.net/10026.1/3836.
Council of Science Editors:
Korovessis P. Establishing an information security awareness and culture. [Doctoral Dissertation]. University of Plymouth; 2015. Available from: http://hdl.handle.net/10026.1/3836
Loughborough University
18.
Alkahtani, Hend K.
Raising the information security awareness level in Saudi Arabian organizations through an effective, culturally aware information security framework.
Degree: PhD, 2018, Loughborough University
URL: https://dspace.lboro.ac.uk/2134/28120
;
https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.740230
► The focus of the research is to improve the security of information systems in Saudi Arabian knowledge-intensive organisations by raising the awareness level among all…
(more)
▼ The focus of the research is to improve the security of information systems in Saudi Arabian knowledge-intensive organisations by raising the awareness level among all types of information system users. This is achieved by developing a culturally aware information security framework that requires the involvement of all types of information system user. Saudi Arabia has a unique culture that affects the security of information systems and, hence, the development of this information security framework. The research uses Princess Nora bint Abdul Rahman University (PNU), the largest all female university in Saudi Arabia, as a case study. The level of information security awareness among employees at Saudi Arabia Universities was tested. Surveys and interviews were conducted to gather data related to the information security system and its uses. It was found that most employees in Saudi Arabian organisations and universities are not involved in the development of any information security policy and, therefore, they are not fully aware of the importance of the security of information. The purpose of this study is to develop a cultural aware information security framework that does involve all types of employees contributing to the development of information security policy. The framework, consists of nine steps that were adapted, modified and arranged differently from the international best practice standard ISO 27K framework to fit the unique culture in Saudi Arabia. An additional step has been added to the framework to define and gather knowledge about the organisations population to justify its fit into the segregated working environment of many Saudi Arabian institutions. Part of the research objective is to educate employees to use this information security framework in order to help them recognise and report threats and risks they may encounter during their work, and therefore improve the overall level of information security awareness. The developed information security framework is a collection of ISO 27k best practice steps, re-ordered, and with the addition of one new step to enable the framework to fit the situation in Saudi Arabian segregation working environments. A before-assessment methodology was applied before the application of the culturally aware information security policy framework between two universities, Imam University which has ISO27K accreditation and PNU, the case study, to measure and compare their users information security awareness level. Then, an after-assessment methodology is used to demonstrate the framework effectiveness by comparing the level of awareness before the application of the culturally aware information security policy framework with the level of the awareness knowledge gained after the application.
Subjects/Keywords: Information systems; Information security; Security awareness; Saudi Arabian culture; Security policy
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Alkahtani, H. K. (2018). Raising the information security awareness level in Saudi Arabian organizations through an effective, culturally aware information security framework. (Doctoral Dissertation). Loughborough University. Retrieved from https://dspace.lboro.ac.uk/2134/28120 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.740230
Chicago Manual of Style (16th Edition):
Alkahtani, Hend K. “Raising the information security awareness level in Saudi Arabian organizations through an effective, culturally aware information security framework.” 2018. Doctoral Dissertation, Loughborough University. Accessed February 22, 2020.
https://dspace.lboro.ac.uk/2134/28120 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.740230.
MLA Handbook (7th Edition):
Alkahtani, Hend K. “Raising the information security awareness level in Saudi Arabian organizations through an effective, culturally aware information security framework.” 2018. Web. 22 Feb 2020.
Vancouver:
Alkahtani HK. Raising the information security awareness level in Saudi Arabian organizations through an effective, culturally aware information security framework. [Internet] [Doctoral dissertation]. Loughborough University; 2018. [cited 2020 Feb 22].
Available from: https://dspace.lboro.ac.uk/2134/28120 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.740230.
Council of Science Editors:
Alkahtani HK. Raising the information security awareness level in Saudi Arabian organizations through an effective, culturally aware information security framework. [Doctoral Dissertation]. Loughborough University; 2018. Available from: https://dspace.lboro.ac.uk/2134/28120 ; https://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.740230
University of Arkansas
19.
Yaseen, Qussai.
Mitigating Insider Threat in Relational Database Systems.
Degree: PhD, 2012, University of Arkansas
URL: https://scholarworks.uark.edu/etd/370
► The dissertation concentrates on addressing the factors and capabilities that enable insiders to violate systems security. It focuses on modeling the accumulative knowledge that…
(more)
▼ The dissertation concentrates on addressing the factors and capabilities that enable insiders to violate systems
security. It focuses on modeling the accumulative knowledge that insiders get throughout legal accesses, and it concentrates on analyzing the dependencies and constraints among data items and represents them using graph-based methods. The dissertation proposes new types of Knowledge Graphs (KGs) to represent insiders' knowledgebases. Furthermore, it introduces the Neural Dependency and Inference Graph (NDIG) and Constraints and Dependencies Graph (CDG) to demonstrate the dependencies and constraints among data items. The dissertation discusses in detail how insiders use knowledgebases and dependencies and constraints to get unauthorized knowledge. It suggests new approaches to predict and prevent the aforementioned threat. The proposed models use KGs, NDIG and CDG in analyzing the threat status, and leverage the effect of updates on the lifetimes of data items in insiders' knowledgebases to prevent the threat without affecting the availability of data items. Furthermore, the dissertation uses the aforementioned idea in ordering the operations of concurrent tasks such that write operations that update risky data items in knowledgebases are executed before the risky data items can be used in unauthorized inferences. In addition to unauthorized knowledge, the dissertation discusses how insiders can make unauthorized modifications in sensitive data items. It introduces new approaches to build Modification Graphs that demonstrate the authorized and unauthorized data items which insiders are able to update. To prevent this threat, the dissertation provides two methods, which are hiding sensitive dependencies and denying risky write requests. In addition to traditional RDBMS, the dissertation investigates insider threat in cloud relational database systems (cloud RDMS). It discusses the vulnerabilities in the cloud computing structure that may enable insiders to launch attacks. To prevent such threats, the dissertation suggests three models and addresses the advantages and limitations of each one.
To prove the correctness and the effectiveness of the proposed approaches, the dissertation uses well stated algorithms, theorems, proofs and simulations. The simulations have been executed according to various parameters that represent the different conditions and environments of executing tasks.
Advisors/Committee Members: Brajendra Panda, Gordon Beavers, Dale R. Thompson.
Subjects/Keywords: Applied sciences; Information security; Insider threat; Relational database; Security; Information Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Yaseen, Q. (2012). Mitigating Insider Threat in Relational Database Systems. (Doctoral Dissertation). University of Arkansas. Retrieved from https://scholarworks.uark.edu/etd/370
Chicago Manual of Style (16th Edition):
Yaseen, Qussai. “Mitigating Insider Threat in Relational Database Systems.” 2012. Doctoral Dissertation, University of Arkansas. Accessed February 22, 2020.
https://scholarworks.uark.edu/etd/370.
MLA Handbook (7th Edition):
Yaseen, Qussai. “Mitigating Insider Threat in Relational Database Systems.” 2012. Web. 22 Feb 2020.
Vancouver:
Yaseen Q. Mitigating Insider Threat in Relational Database Systems. [Internet] [Doctoral dissertation]. University of Arkansas; 2012. [cited 2020 Feb 22].
Available from: https://scholarworks.uark.edu/etd/370.
Council of Science Editors:
Yaseen Q. Mitigating Insider Threat in Relational Database Systems. [Doctoral Dissertation]. University of Arkansas; 2012. Available from: https://scholarworks.uark.edu/etd/370
Loughborough University
20.
Alkahtani, Hend K.
Raising the information security awareness level in Saudi Arabian organizations through an effective, culturally aware information security framework.
Degree: PhD, 2018, Loughborough University
URL: http://hdl.handle.net/2134/28120
► The focus of the research is to improve the security of information systems in Saudi Arabian knowledge-intensive organisations by raising the awareness level among all…
(more)
▼ The focus of the research is to improve the security of information systems in Saudi Arabian knowledge-intensive organisations by raising the awareness level among all types of information system users. This is achieved by developing a culturally aware information security framework that requires the involvement of all types of information system user. Saudi Arabia has a unique culture that affects the security of information systems and, hence, the development of this information security framework. The research uses Princess Nora bint Abdul Rahman University (PNU), the largest all female university in Saudi Arabia, as a case study. The level of information security awareness among employees at Saudi Arabia Universities was tested. Surveys and interviews were conducted to gather data related to the information security system and its uses. It was found that most employees in Saudi Arabian organisations and universities are not involved in the development of any information security policy and, therefore, they are not fully aware of the importance of the security of information. The purpose of this study is to develop a cultural aware information security framework that does involve all types of employees contributing to the development of information security policy. The framework, consists of nine steps that were adapted, modified and arranged differently from the international best practice standard ISO 27K framework to fit the unique culture in Saudi Arabia. An additional step has been added to the framework to define and gather knowledge about the organisations population to justify its fit into the segregated working environment of many Saudi Arabian institutions. Part of the research objective is to educate employees to use this information security framework in order to help them recognise and report threats and risks they may encounter during their work, and therefore improve the overall level of information security awareness. The developed information security framework is a collection of ISO 27k best practice steps, re-ordered, and with the addition of one new step to enable the framework to fit the situation in Saudi Arabian segregation working environments. A before-assessment methodology was applied before the application of the culturally aware information security policy framework between two universities, Imam University which has ISO27K accreditation and PNU, the case study, to measure and compare their users information security awareness level. Then, an after-assessment methodology is used to demonstrate the framework effectiveness by comparing the level of awareness before the application of the culturally aware information security policy framework with the level of the awareness knowledge gained after the application.
Subjects/Keywords: Information systems; Information security; Security awareness; Saudi Arabian culture; Security policy
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Alkahtani, H. K. (2018). Raising the information security awareness level in Saudi Arabian organizations through an effective, culturally aware information security framework. (Doctoral Dissertation). Loughborough University. Retrieved from http://hdl.handle.net/2134/28120
Chicago Manual of Style (16th Edition):
Alkahtani, Hend K. “Raising the information security awareness level in Saudi Arabian organizations through an effective, culturally aware information security framework.” 2018. Doctoral Dissertation, Loughborough University. Accessed February 22, 2020.
http://hdl.handle.net/2134/28120.
MLA Handbook (7th Edition):
Alkahtani, Hend K. “Raising the information security awareness level in Saudi Arabian organizations through an effective, culturally aware information security framework.” 2018. Web. 22 Feb 2020.
Vancouver:
Alkahtani HK. Raising the information security awareness level in Saudi Arabian organizations through an effective, culturally aware information security framework. [Internet] [Doctoral dissertation]. Loughborough University; 2018. [cited 2020 Feb 22].
Available from: http://hdl.handle.net/2134/28120.
Council of Science Editors:
Alkahtani HK. Raising the information security awareness level in Saudi Arabian organizations through an effective, culturally aware information security framework. [Doctoral Dissertation]. Loughborough University; 2018. Available from: http://hdl.handle.net/2134/28120
University of Sydney
21.
Soyref, Maxim.
The holistic management of information security processes
.
Degree: 2014, University of Sydney
URL: http://hdl.handle.net/2123/13373
► Title: The holistic management of information security processes Keywords: cybersecurity, information security, strategy, security process, security governance, security management This research examines information security management…
(more)
▼ Title: The holistic management of information security processes
Keywords: cybersecurity, information security, strategy, security process, security governance, security management
This research examines information security management and associated processes within a large Australian financial institution by providing a rich, in-depth view of organisational information security management within the specifics of its dynamic context. Using a single in-depth qualitative case study, this research examines the role of internal and external actors in relation to the information security management processes. Relational process and stakeholder theoretical lenses are applied to derive the findings of this research. The three key outcomes of the research are:
The information security management process is a product of a multitude of interactions between internal and external actors within organisations. These actors pursue individual agendas and objectives, therefore requiring those who ensure organisational information security to utilise a combination of cognitive, political and social processes to ensure cooperation. The use of such processes can contribute to the effectiveness of formal security governance, assist in embedding a security culture and help position information security as a business enabler.
External and internal actors vary in their impact upon the information security process within organisations. This variation is a result of difference in power, legitimacy and urgency of these stakeholder claims. Internal and external stakeholders are continuously interacting with each other through a network of dynamic and multi-directional relationships.
Identifying, prioritising and engaging with the variety of stakeholders impacting on the information management process can contribute to the achievement of organisational information security management objectives. A classification framework is provided that can guide the prioritisation process and seek appropriate modes of engagement with the
Subjects/Keywords: Cybersecurity;
Information security;
Strategy;
Security process;
Security governance;
Security management
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Soyref, M. (2014). The holistic management of information security processes
. (Thesis). University of Sydney. Retrieved from http://hdl.handle.net/2123/13373
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Soyref, Maxim. “The holistic management of information security processes
.” 2014. Thesis, University of Sydney. Accessed February 22, 2020.
http://hdl.handle.net/2123/13373.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Soyref, Maxim. “The holistic management of information security processes
.” 2014. Web. 22 Feb 2020.
Vancouver:
Soyref M. The holistic management of information security processes
. [Internet] [Thesis]. University of Sydney; 2014. [cited 2020 Feb 22].
Available from: http://hdl.handle.net/2123/13373.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Soyref M. The holistic management of information security processes
. [Thesis]. University of Sydney; 2014. Available from: http://hdl.handle.net/2123/13373
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Southern Cross University
22.
Ong, Lean-Ping.
Awareness of information security risks : an investigation of people aspects (a study in Malaysia).
Degree: 2015, Southern Cross University
URL: http://epubs.scu.edu.au/theses/449
► The rapid advances in technology in this millennium pose growing information security risks. Information security breaches can result in data or information loss, damaged reputations,…
(more)
▼ The rapid advances in technology in this millennium pose growing information security risks. Information security breaches can result in data or information loss, damaged reputations, intellectual property theft, legal problems or monetary losses. Although computer users are often seen as the weakest link in information security, the people aspect (as opposed to technological and procedural aspects) has still remained largely ignored in most research on information security risks. The need to examine the association between people aspects and information security risks is urgent, and ways to minimise or mitigate the upward trend in information security threats are needed.
Subjects/Keywords: information security; information security awareness; information security risk; people aspects; Business; Information Security; Management Information Systems; Social Psychology
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Ong, L. (2015). Awareness of information security risks : an investigation of people aspects (a study in Malaysia). (Thesis). Southern Cross University. Retrieved from http://epubs.scu.edu.au/theses/449
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Ong, Lean-Ping. “Awareness of information security risks : an investigation of people aspects (a study in Malaysia).” 2015. Thesis, Southern Cross University. Accessed February 22, 2020.
http://epubs.scu.edu.au/theses/449.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Ong, Lean-Ping. “Awareness of information security risks : an investigation of people aspects (a study in Malaysia).” 2015. Web. 22 Feb 2020.
Vancouver:
Ong L. Awareness of information security risks : an investigation of people aspects (a study in Malaysia). [Internet] [Thesis]. Southern Cross University; 2015. [cited 2020 Feb 22].
Available from: http://epubs.scu.edu.au/theses/449.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Ong L. Awareness of information security risks : an investigation of people aspects (a study in Malaysia). [Thesis]. Southern Cross University; 2015. Available from: http://epubs.scu.edu.au/theses/449
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of Johannesburg
23.
Muchenje, Tonderai.
An analysis of the impact of emerging technology on organisations’ internal controls.
Degree: 2013, University of Johannesburg
URL: http://hdl.handle.net/10210/8597
► M.Comm. (Computer Auditing)
This study presents an evaluation of emerging information communication technology (ICT) solutions to the security internal control systems in South African organisations.…
(more)
▼ M.Comm. (Computer Auditing)
This study presents an evaluation of emerging information communication technology (ICT) solutions to the security internal control systems in South African organisations. Information systems have enabled companies to communicate more efficiently, gain competitive advantage and get a larger market share. These information systems therefore need to be protected securely as they are the vehicles and containers for critical information assets in decision-making processes. Therefore, this research study seeks to provide an overview of the emerging ICT solutions used to conduct business transactions, and share and communicate information. It identifies and analyses the new security risk associated with the emerging technology, and, finally, outlines the ICT security frameworks that can be used to identify, assess and evaluate organisations‟ security internal controls.
Subjects/Keywords: Computer auditing; Information security; Computer security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Muchenje, T. (2013). An analysis of the impact of emerging technology on organisations’ internal controls. (Thesis). University of Johannesburg. Retrieved from http://hdl.handle.net/10210/8597
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Muchenje, Tonderai. “An analysis of the impact of emerging technology on organisations’ internal controls.” 2013. Thesis, University of Johannesburg. Accessed February 22, 2020.
http://hdl.handle.net/10210/8597.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Muchenje, Tonderai. “An analysis of the impact of emerging technology on organisations’ internal controls.” 2013. Web. 22 Feb 2020.
Vancouver:
Muchenje T. An analysis of the impact of emerging technology on organisations’ internal controls. [Internet] [Thesis]. University of Johannesburg; 2013. [cited 2020 Feb 22].
Available from: http://hdl.handle.net/10210/8597.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Muchenje T. An analysis of the impact of emerging technology on organisations’ internal controls. [Thesis]. University of Johannesburg; 2013. Available from: http://hdl.handle.net/10210/8597
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
California State University – Sacramento
24.
Song, Chunhui.
SQL injection attacks and countermeasures.
Degree: MS, Computer Science, 2010, California State University – Sacramento
URL: http://hdl.handle.net/10211.9/560
► SQL injection has become a predominant type of attacks that target web applications. It allows attackers to obtain unauthorized access to the back-end database by…
(more)
▼ SQL injection has become a predominant type of attacks that target web applications. It allows attackers to obtain unauthorized access to the back-end database by submitting malicious SQL query segments to change the intended application-generated SQL queries. Researchers have proposed various solutions to address SQL injection problems. However, many of them have limitations and often cannot address all kinds of injection problems. What???s more, new types of SQL injection attacks have arisen over the years. To better counter these attacks, identifying and understanding the types of SQL injections and existing countermeasures are very important. In this project, I presented a review of different types of SQL injections and illustrated how to use them to perform attacks. I also surveyed existing techniques against SQL injection attacks and analyzed their advantages and disadvantages. In addition, I identified techniques for building secure systems and applied them to my applications and database system, and illustrated how they were performed and the effect of them.
Advisors/Committee Members: Jin, Ying.
Subjects/Keywords: Web database security; Database vulnerability; Information security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Song, C. (2010). SQL injection attacks and countermeasures. (Masters Thesis). California State University – Sacramento. Retrieved from http://hdl.handle.net/10211.9/560
Chicago Manual of Style (16th Edition):
Song, Chunhui. “SQL injection attacks and countermeasures.” 2010. Masters Thesis, California State University – Sacramento. Accessed February 22, 2020.
http://hdl.handle.net/10211.9/560.
MLA Handbook (7th Edition):
Song, Chunhui. “SQL injection attacks and countermeasures.” 2010. Web. 22 Feb 2020.
Vancouver:
Song C. SQL injection attacks and countermeasures. [Internet] [Masters thesis]. California State University – Sacramento; 2010. [cited 2020 Feb 22].
Available from: http://hdl.handle.net/10211.9/560.
Council of Science Editors:
Song C. SQL injection attacks and countermeasures. [Masters Thesis]. California State University – Sacramento; 2010. Available from: http://hdl.handle.net/10211.9/560
Universiteit Utrecht
25.
Roeling, M.H.F.
Towards an aligned organization on information security.
Degree: 2012, Universiteit Utrecht
URL: http://dspace.library.uu.nl:8080/handle/1874/255403
► Information Security is mainly a topic that is considered to be Information Technology related. However, for successfully implementing information security, an organization’s information security program…
(more)
▼ Information Security is mainly a topic that is considered to be
Information Technology related. However, for successfully implementing
information security, an organization’s
information security program should reflect the business strategy. Nowadays
information security is in many companies enforced by the
Information Technology department, based on what they think should be in place to protect their business from inside and outside threats and risks. Besides,
information security covers many different subjects. This makes it hard for small and medium sized organizations to determine their
information security program. Involving the
Information Security Focus Area Maturity model (ISFAM) model in this process helps organizations in determining their current level of maturity and is capable of providing high level guidelines which the organization can use to structurally improve their
information security level.
Advisors/Committee Members: Spruit, M, Helms, R.
Subjects/Keywords: Information Security; Security; Maturity Model; Maturity
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Roeling, M. H. F. (2012). Towards an aligned organization on information security. (Masters Thesis). Universiteit Utrecht. Retrieved from http://dspace.library.uu.nl:8080/handle/1874/255403
Chicago Manual of Style (16th Edition):
Roeling, M H F. “Towards an aligned organization on information security.” 2012. Masters Thesis, Universiteit Utrecht. Accessed February 22, 2020.
http://dspace.library.uu.nl:8080/handle/1874/255403.
MLA Handbook (7th Edition):
Roeling, M H F. “Towards an aligned organization on information security.” 2012. Web. 22 Feb 2020.
Vancouver:
Roeling MHF. Towards an aligned organization on information security. [Internet] [Masters thesis]. Universiteit Utrecht; 2012. [cited 2020 Feb 22].
Available from: http://dspace.library.uu.nl:8080/handle/1874/255403.
Council of Science Editors:
Roeling MHF. Towards an aligned organization on information security. [Masters Thesis]. Universiteit Utrecht; 2012. Available from: http://dspace.library.uu.nl:8080/handle/1874/255403
University of Arkansas
26.
Moccaro, Matthew Francis.
Mobile Banking Security Using GPS and LDPC Codes.
Degree: MSCmpE, 2014, University of Arkansas
URL: https://scholarworks.uark.edu/etd/2314
► Mobile Banking is becoming a major part of our world's financial system. Being able to manage one's finances on a mobile device can provide…
(more)
▼ Mobile Banking is becoming a major part of our world's financial system. Being able to manage one's finances on a mobile device can provide services that can make users more productive. It can also serve as a means of financial freedom to those who are unable to access physical banking facilities due to distance, or other problems. However, with such freedom also comes the need for
security. A person's financial
information is one of the most targeted groups of
information by attackers. To secure these mobile freedoms, this paper presents a system to secure mobile banking procedures using global positioning systems (GPS) within mobile devices, and low density parity codes (LDPC). The approach is to determine a user's daily locations, set them as trusted locations, and use LDPC codes not only to obscure this data from attackers, but to help in correcting inaccurate GPS readings. The conclusions, based on thorough testing, is that this system is able to more readily secure a person's mobile banking applications on their mobile device.
Advisors/Committee Members: Dale Thompson, Craig Thompson, John Gauch.
Subjects/Keywords: Banking; Location; Mobile; Privacy; Security; Information Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Moccaro, M. F. (2014). Mobile Banking Security Using GPS and LDPC Codes. (Masters Thesis). University of Arkansas. Retrieved from https://scholarworks.uark.edu/etd/2314
Chicago Manual of Style (16th Edition):
Moccaro, Matthew Francis. “Mobile Banking Security Using GPS and LDPC Codes.” 2014. Masters Thesis, University of Arkansas. Accessed February 22, 2020.
https://scholarworks.uark.edu/etd/2314.
MLA Handbook (7th Edition):
Moccaro, Matthew Francis. “Mobile Banking Security Using GPS and LDPC Codes.” 2014. Web. 22 Feb 2020.
Vancouver:
Moccaro MF. Mobile Banking Security Using GPS and LDPC Codes. [Internet] [Masters thesis]. University of Arkansas; 2014. [cited 2020 Feb 22].
Available from: https://scholarworks.uark.edu/etd/2314.
Council of Science Editors:
Moccaro MF. Mobile Banking Security Using GPS and LDPC Codes. [Masters Thesis]. University of Arkansas; 2014. Available from: https://scholarworks.uark.edu/etd/2314
University of Arkansas
27.
Fuentes Tello, Victor.
Enforcing database security on cloud using a trusted third party based model.
Degree: MS, 2017, University of Arkansas
URL: https://scholarworks.uark.edu/etd/2438
► Cloud computing offers a considerable number of advantages to clients and organizations that use several capabilities to store sensitive data, interact with applications, or…
(more)
▼ Cloud computing offers a considerable number of advantages to clients and organizations that use several capabilities to store sensitive data, interact with applications, or use technology infrastructure to perform daily activities. The development of new models in cloud computing brings with it a series of elements that must be considered by companies, particularly when the sensitive data needs to be protected. There are some concerns related to
security that need to be taken into consideration when a service provider manage and store the data in a location outside the company. In this research, a model that uses a trusted third party (TPP) to enforce the database
security in the cloud is proposed. The model describes how a client processes a query securely by using encryption mechanisms and partitioning methods. The client establishes the communication with the TPP to retrieve the data from a cloud storage service. The TPP has two primary functions. First, perform a partition process over the data by using an index from one of the attributes in the table. As a result, the TPP sends to the cloud server the records in encrypted format with an index. Second, the TPP analyzes the client query to retrieve a segment of the data from the cloud based on the query conditions. The final result is submitted to the client in which a minimum workload is executed. Some simulations were performed to evaluate the efficiency of the model by using two partition techniques: Histogram based and Mondrian or Bisection Tree based partition. The strategy of the model is to process as much of the work at the TPP site and securely transmit the result. Using encrypted record in the cloud storage service prevents the provider to have any knowledge about the data and enforces the
security of the database.
Advisors/Committee Members: Brajendra Panda, Merwin Beavers, Wing Li.
Subjects/Keywords: Cloud computing; Database; Security; Information Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Fuentes Tello, V. (2017). Enforcing database security on cloud using a trusted third party based model. (Masters Thesis). University of Arkansas. Retrieved from https://scholarworks.uark.edu/etd/2438
Chicago Manual of Style (16th Edition):
Fuentes Tello, Victor. “Enforcing database security on cloud using a trusted third party based model.” 2017. Masters Thesis, University of Arkansas. Accessed February 22, 2020.
https://scholarworks.uark.edu/etd/2438.
MLA Handbook (7th Edition):
Fuentes Tello, Victor. “Enforcing database security on cloud using a trusted third party based model.” 2017. Web. 22 Feb 2020.
Vancouver:
Fuentes Tello V. Enforcing database security on cloud using a trusted third party based model. [Internet] [Masters thesis]. University of Arkansas; 2017. [cited 2020 Feb 22].
Available from: https://scholarworks.uark.edu/etd/2438.
Council of Science Editors:
Fuentes Tello V. Enforcing database security on cloud using a trusted third party based model. [Masters Thesis]. University of Arkansas; 2017. Available from: https://scholarworks.uark.edu/etd/2438
Edith Cowan University
28.
Coole, Michael P.
Theory of entropic security decay: The gradual degradation in effectiveness of commissioned security systems.
Degree: 2010, Edith Cowan University
URL: https://ro.ecu.edu.au/theses/372
► As a quantitative auditing tool for Physical Protection Systems (PPS) the Estimated Adversary Sequence Interruption (EASI) model has been available for many years. Nevertheless, once…
(more)
▼ As a quantitative auditing tool for Physical Protection Systems (PPS) the Estimated Adversary Sequence Interruption (EASI) model has been available for many years. Nevertheless, once a systems macro-state measure has been commissioned (Pi) against its defined threat using EASI, there must be a means of articulating its continued efficacy (steady state) or its degradation over time. The purpose of this multi-phase study was to develop the concept and define the term entropic security decay. Phase one presented documentary benchmarks for security decay. This phase was broken into three stages; stage one presented General Systems Theory (GST) as a systems benchmark for the study. Stage two applied the writings from stage one to physical security, and stage three presented a benchmark for considering physical system decay. Phase two incorporated the pilot study towards validating the feasibility of undertaking the main study and refining interview instrumentation. Phase three executed the main study, extracting and presenting security experts (N=6) thoughts, feelings and experiences with the phenomenon of security decay. Phase four provided the interpretative analysis, responding to the study’s research question.
Subjects/Keywords: Computer security; computer networks; Information Security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Coole, M. P. (2010). Theory of entropic security decay: The gradual degradation in effectiveness of commissioned security systems. (Thesis). Edith Cowan University. Retrieved from https://ro.ecu.edu.au/theses/372
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Chicago Manual of Style (16th Edition):
Coole, Michael P. “Theory of entropic security decay: The gradual degradation in effectiveness of commissioned security systems.” 2010. Thesis, Edith Cowan University. Accessed February 22, 2020.
https://ro.ecu.edu.au/theses/372.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
MLA Handbook (7th Edition):
Coole, Michael P. “Theory of entropic security decay: The gradual degradation in effectiveness of commissioned security systems.” 2010. Web. 22 Feb 2020.
Vancouver:
Coole MP. Theory of entropic security decay: The gradual degradation in effectiveness of commissioned security systems. [Internet] [Thesis]. Edith Cowan University; 2010. [cited 2020 Feb 22].
Available from: https://ro.ecu.edu.au/theses/372.
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
Council of Science Editors:
Coole MP. Theory of entropic security decay: The gradual degradation in effectiveness of commissioned security systems. [Thesis]. Edith Cowan University; 2010. Available from: https://ro.ecu.edu.au/theses/372
Note: this citation may be lacking information needed for this citation format:
Not specified: Masters Thesis or Doctoral Dissertation
University of South Africa
29.
Nkwana, Mokata Johannes.
Protection of security information within government departments in South Africa.
Degree: 2015, University of South Africa
URL: http://hdl.handle.net/10500/19897
► The protection of security information in government departments requires the active engagement of executive management to assess emerging threats and provide strong security risk control…
(more)
▼ The protection of
security information in government departments requires the active engagement of executive management to assess emerging threats and provide strong
security risk control measures. For most government departments, establishing effective protection of
security information is a major initiative, given the often continuous, strategic nature of typical
security efforts. This requires commitments or support from senior management and adequate resources. It necessitates the elevation of
information security management to positions of authority commensurate to the required responsibilities. This has been the trend in recent years as government departments are increasingly dependent on their
information assets and resources, while threats and disruptions continue to escalate in frequency and cost. It is clear from numerous recent studies that organisations that have taken the steps described in this research document and have implemented
effective
information security risk control measures have achieved significant results in reduced losses and improved resource management. Given the demonstrable benefits, it is surprising that there have not been greater progress in effectively managing
information assets. Although regulatory compliance has been a major driver in improving the protection of
security information overall, this study has also shown that nearly half of all government departments are failing to initiate meaningful compliance efforts. Failure to address the identified vulnerabilities by government departments will result in espionage, covert influencing manipulation, fraud, sabotage and corruption.
Information security risk control measures include the elements required to provide senior management assurance that its direction and intent are reflected in the
security posture of the organisation by utilising a structured approach to implement an
information security programme. Once those elements are in
place, senior management can be confident that adequate and effective protection of
security information will protect, as far as possible, the department’s vital
information assets.
Advisors/Committee Members: Govender, Doraval (advisor).
Subjects/Keywords: Government departments; Information security; Protective security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Nkwana, M. J. (2015). Protection of security information within government departments in South Africa. (Masters Thesis). University of South Africa. Retrieved from http://hdl.handle.net/10500/19897
Chicago Manual of Style (16th Edition):
Nkwana, Mokata Johannes. “Protection of security information within government departments in South Africa.” 2015. Masters Thesis, University of South Africa. Accessed February 22, 2020.
http://hdl.handle.net/10500/19897.
MLA Handbook (7th Edition):
Nkwana, Mokata Johannes. “Protection of security information within government departments in South Africa.” 2015. Web. 22 Feb 2020.
Vancouver:
Nkwana MJ. Protection of security information within government departments in South Africa. [Internet] [Masters thesis]. University of South Africa; 2015. [cited 2020 Feb 22].
Available from: http://hdl.handle.net/10500/19897.
Council of Science Editors:
Nkwana MJ. Protection of security information within government departments in South Africa. [Masters Thesis]. University of South Africa; 2015. Available from: http://hdl.handle.net/10500/19897
University of Wollongong
30.
Elashry, Ibrahim.
Pairing-free identity-based cryptography.
Degree: PhD, 2015, University of Wollongong
URL: ;
https://ro.uow.edu.au/theses/4409
► Identity-based cryptography (IBC) is considered nowadays as the evolution of public key cryptography because it completely eliminates the use of digital certificates by representing…
(more)
▼ Identity-based cryptography (IBC) is considered nowadays as the evolution of public key cryptography because it completely eliminates the use of digital certificates by representing the public key of a user as his identity. Although the first IBC proposed by Adi Shamir [Sha84] was based on RSA, most of the proposed IBC systems are based on bilinear pairings. This limite the use of IBC in the real world because of several reasons. First, a bilinear pairing is time- and power-inefficient and it takes around 2.5 times an RSA modular exponentiation based on MIRACL benchmarks. Second, these systems are incompatible with the most widely used public key cryptosystem (RSA) which makes them non-commercially appealing. Thus, it is useful to think outside the box and try to use different tools to construct IBC systems. These constructions may have unique security properties that do not exist in current IBC systems. We worked on constructing IBC systems based on RSA settings. We have improved the performance of identity-based encryption (IBE) systems, cryptanalysed IBE systems, implemented variants of IBE systems such as mediated encryption and attribute-based signcryption, and presented an identity-based authenticated key exchange (IBAKE) with some novel security features.
In this thesis, we first present some background about IBC and the motivation for solving the problems associated with pairing-based IBC. Then we give solutions to these problems along withthe thesis structure. Then, we give a literature review about IBC, including identity-based encrytpion (IBE) and key exchange (KE) with focusing on pairing-free constructions. We also review some application of IBC such as mediated cryptography and attribute-based cryptography, In addition, we review the definitions and preliminaries related to the contents of the thesis, including definitions of ssecurity models, hard problems, and some mathematical tools. Then, we review identity-based mediated RSA encryption and signature systems (IB-mRSA) presented by Boneh, Ding and Tsudik [BDT02]. We show that IB-mRSA is not secure and we present a secure modified version of it which is as efficient as the original system. We also propose a generic mediated encryption (GME) that transforms any IBE to a mediated version of this IBE. We also present two implementations of GME based on Boneh-Franklin FullIdent [BF01] which is a pairing-based IBE and Boneh, Gentry and Hamburg (BGH) AnonIBE [BGH07] which is a pairing-free IBE. After that, we present two efficient variants of (BGH) systems (BasicIBE, AnonIBE) [BGH07] in terms of ciphertext length and encryption/decryption speed. The ciphertext is as short as the BGH systems, but with more time-efficient algorithms.
We prove that these variants are as secure as the BGH systems. Then, we review an efficient variant of Boneh, Gentry and Hamburg BasicIBE presented by Jhanwar and Barua [JB08]. We prove that this IBE is not secure against an indistinguishable chosen plaintext attack (IND-ID-CPA) adversary and present a solution…
Subjects/Keywords: Information security-cryptography; key exchange; network security
Record Details
Similar Records
Cite
Share »
Record Details
Similar Records
Cite
« Share
❌
APA ·
Chicago ·
MLA ·
Vancouver ·
CSE |
Export
to Zotero / EndNote / Reference
Manager
APA (6th Edition):
Elashry, I. (2015). Pairing-free identity-based cryptography. (Doctoral Dissertation). University of Wollongong. Retrieved from ; https://ro.uow.edu.au/theses/4409
Chicago Manual of Style (16th Edition):
Elashry, Ibrahim. “Pairing-free identity-based cryptography.” 2015. Doctoral Dissertation, University of Wollongong. Accessed February 22, 2020.
; https://ro.uow.edu.au/theses/4409.
MLA Handbook (7th Edition):
Elashry, Ibrahim. “Pairing-free identity-based cryptography.” 2015. Web. 22 Feb 2020.
Vancouver:
Elashry I. Pairing-free identity-based cryptography. [Internet] [Doctoral dissertation]. University of Wollongong; 2015. [cited 2020 Feb 22].
Available from: ; https://ro.uow.edu.au/theses/4409.
Council of Science Editors:
Elashry I. Pairing-free identity-based cryptography. [Doctoral Dissertation]. University of Wollongong; 2015. Available from: ; https://ro.uow.edu.au/theses/4409
◁ [1] [2] [3] [4] [5] … [60] ▶
. 
Open Access Theses and Dissertations
