Dissertations / Theses on the topic 'CyberSecurty'
To see the other types of publications on this topic, follow the link: CyberSecurty.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'CyberSecurty.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Петрухно, Ігор Русланович. "Data Mining та машинні техніки навчання для виявлення вторгнення в кібербезпеку робототехнічних та автономних систем." Master's thesis, Київ, 2018. https://ela.kpi.ua/handle/123456789/26428.
Full textAbstract:
У роботі розглянуто проблему в області кібербезпеки повязану з методами аналізу великих масивів даних для робототехнічних систем. Об’єктом даної роботи є дослідницька система на базі методології паралельних обчислень використовуючи інструменти Hadoop.
Предметом виступають методи та процеси Data Mining і машинних технік навчання для виявлення вторгнення в кібербезпеку робототехнічних і автономних систем.
В поданої роботі, розглянуто основні особливості існуючої системи (SIEM). які дозволяє оброблювати великі масиви даних, її переваги та недоліки, Здійснений аналіз тактик по побудові Security Analitics System, які впливають на точність, надійність, продуктивність, масштабованість проектуємих IDS систем.
Реалізована дослідницька система на базі методології паралельних обчислень використовуючи інструменти Hadoop, що забезпечує ефективне функціонування в умовах атак.
Дана система може бути використана в діяльності конкретної установи, а також може бути використаний і іншими установами для вдосконалення паралельних обчислень використовуючи інструменти Hadoop, також дана концепція викладу даного дослідження може бути використана в якості методичного посібника при розробці системи виявлення вторгнення в кібербезпеку робототехнічних і автономних систем.
Дозволяє збільшити швидкість обробки даних та зменшити час аналізу данних використовуючи парадигму MapReduce.
Розмір пояснювальної записки – 111 аркушів, містить 31 ілюстрацій, 26 таблиць, 5 додатків.The paper deals with the problem of cybersecurity associated with methods of analysis of large data sets for robotic systems. The object of this work is a research system based on the methodology of parallel computing using Hadoop tools. The subject is the methods and processes of Data Mining and machine learning techniques to detect the invasion of the cybersecurity of robotic and autonomous systems. In the given work, the main features of the existing system (SIEM) are considered. which allows processing large volumes of data, its advantages and disadvantages, Analysis of the tactics for constructing the Security Analitics System, which affect the accuracy, reliability, performance, scalability of project IDS systems. A research system implemented on the basis of parallel computing methodology using the Hadoop tools, which provides effective operation under attack conditions. This system can be used in the activities of a particular institution, and can also be used by other institutions to improve parallel computing using Hadoop tools, this concept can also be used as a methodological guide for the development of a system for detecting cybersecurity robotic and autonomous systems . Allows you to increase the speed of data processing and reduce the time of data analysis using the MapReduce paradigm. The size of the explanatory note is 111 sheets, contains 31 illustrations, 26 tables, 5 appendices.
2
Poluzzi, Lorenzo. "IA & Cybersecurity." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2020.
Find full textAbstract:
L'integrazione tra Intelligenza Artificiale e Cybersecurity nasce per migliorare l'efficienza, la crescita e la possibilità di rendere sicuro un sistema col minore sforzo, perchè si creino già sistemi di protezione "intelligenti" in grado quindi di essere autonomi nel scovare nuovi attacchi e aggiornarsi, analizzare centinaia e centinaia di dati, traffico e prendere delle decisioni.
Analizzerò separatamente diversi concetti di Cybersecurity, I.A. e come sia possibile integrare quest'ultima al fine di innalzare i livelli di sicurezza; si mostrerà anche un esempio pratico di un software (Attack Prophecy) che analizza il traffico della rete e tramite I.A. allerta l'utente e prende decisioni.
Lo scopo di questo elaborato è di mettere in relazione Attack Prophecy con un altro Web Application Firewall (WAF) open source tra i più conosciuti chiamato ModSecurity che non integra al suo interno nessun meccanismo di Intelligenza Artificiale, così da avere un confronto tra i due Software e creare resoconto tra i benefici della Cybersecurity classica adoperata senza I.A. e la Cybersecurity impiegata tramite I.A. .
3
Howard, David J. "Development of the Cybersecurity Attitudes Scale and Modeling Cybersecurity Behavior and its Antecedents." Scholar Commons, 2018. https://scholarcommons.usf.edu/etd/7306.
Full textAbstract:
As organizations have become more reliant on computers and technology to operate in a globalized world, they have also become more vulnerable to cyberattacks on their networks. The expense to organizations from cyberattacks now exceeds $400 billion USD annually. These costs highlight the need for behavioral research in the cyber domain. The first phase of this research developed an instrument to measure workers’ cybersecurity attitudes. An iterative process resulted in a scale with good psychometric properties - The Cybersecurity Attitudes Scale. The scale measures two factors: cyber policy adherence attitudes and perceived vulnerability to a cyberattack. The second phase of this research used the theory of planned behavior as a theoretical framework to model the relationship between personality facets, policy adherence attitudes, perceived vulnerability, locus of control, cybersecurity climate, and cybersecurity behaviors. While the hypothesized model had poor fit for the data, there was a strong relationship between cybersecurity attitudes (i.e. policy adherence attitudes and perceived vulnerability) and dutifulness, altruism, compliance, cybersecurity climate, and cybersecurity behavior. This research provides practical value to academic researchers and organizations by providing a scale to measure cybersecurity attitudes and to help organizations better understand the nature of the antecedents that lead to cybersecurity attitudes and behavior.
4
Lingelbach, Kembley Kay. "Perceptions of Female Cybersecurity Professionals Toward Factors that Encourage Females to the Cybersecurity Field." Diss., NSUWorks, 2018. https://nsuworks.nova.edu/gscis_etd/1056.
Full textAbstract:
Despite multiple national, educational, and industry initiatives, women continue to be underrepresented in the cybersecurity field. Only 11% of cybersecurity professionals, globally, are female. This contributes to the growing overall shortage of workers in the field. This research addressed the significant underrepresentation of females in the cybersecurity workforce. There are many practitioner and industry studies that suggest self-efficacy, discrimination and organizational culture play important roles in the low rate of women in the cybersecurity field. A limited number of scholarly studies identify causal factors; however, there is not a general consensus or framework to explain the problem thoroughly. Moreover, there exists a significant gap in theoretical framework utilizing qualitative methods to demystify the complex factors of engaging females to pursue the cybersecurity field.
This study utilized a grounded theory approach to interview twelve female cybersecurity professionals to discover their perceptions of the cybersecurity field. The participants revealed strategies that could encourage females to pursue the cybersecurity field. Data analysis included a data coding process and a constant comparative method of interview transcripts. This study identified four factors of engagement and one unexpected co-factor that are perceived to have an impact on decisions to pursue the cybersecurity field. The four factors identified were awareness, support, intrinsic and extrinsic values. The interesting find of the cybersecurity mindset profile factor that is perceived to enhance the success of career trajectory warrants additional research to discover the impacts on decision to pursue the cybersecurity field.
This findings of this research gives women a voice in recommending strategies to encourage other females to pursue the cybersecurity field. The findings also aid in demystifying the complexity of the factors by organizing and categorizing them in a logical sense in order to present a theoretical model to encourage females into the field of cybersecurity. Moreover, this study provides holistic insight to academicians and practitioners in developing future cybersecurity professionals. Additionally, it adds to the body of knowledge by answering the call for that additional qualitative approaches in methodology by bringing data richness and to generate new theoretical frameworks in cybersecurity research.
5
Tagert, Adam C. "Cybersecurity Challenges in Developing Nations." Research Showcase @ CMU, 2010. http://repository.cmu.edu/dissertations/22.
Full textAbstract:
This thesis examines the guidance that is being given to developing nations that are rapidly deploying information and communication technologies. It studied the African countries of Rwanda and Tunisia to draw lessons of the situation and potential methods of improving the situation. The thesis found that developing nations are often recommended to implement a conglomeration of existing rules and regulations found in other countries especially in European countries and in the United States. Developing countries are also recommended to create national CERTs, organizations of cybersecurity experts to coordinate a nation to respond to cyber incidents. The proposed rules and regulations are largely irrelevant for developing nations and the proposed missions of a CERT do not match the needs of those countries. In promoting better guidance, the thesis identifies and discusses several challenges. It finds policy makers in developing nations are aware of the cyber threat, and that the cyber threat is different and often smaller in less ICT developed nations even if they are using similar equipment and software. To help craft better recommendations, the thesis identifies the benefits of ICT especially in agriculture, education and government. These benefits are analyzed to determine whether they would be protected by current guidance and the analysis determines that protecting ICT use in government should be the priority. In crafting future guidance the challenges are that nations have differences in ICT architecture and ICT use, and developing nations have fewer resources but also they have different resources to use. Another such difference is the common lack of a private cybersecurity sector and different expectations of government. This thesis concludes with discussing unexpected results. The first is Rwandan policy makers desire good enough security and have a higher risk tolerance concerning cyber threats than is found in more developed nations. In addition, open source software can be a potential way to reduce the cost of cyberspace defense and this thesis makes an initial investigation. The lesson of the thesis is that cybersecurity strategy is not a one size fits all and so it must be customized for each country.
6
Falco, Gregory J. "Cybersecurity for urban critical infrastructure." Thesis, Massachusetts Institute of Technology, 2018. http://hdl.handle.net/1721.1/118226.
Full textAbstract:
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Urban Studies and Planning, 2018.Cataloged from PDF version of thesis.
Includes bibliographical references (pages 110-116).
Our cities are under attack. Urban critical infrastructure which includes the electric grid, water networks, transportation systems and public health and safety services are constantly being targeted by cyberattacks. Urban critical infrastructure has been increasingly connected to the internet for the purpose of operational convenience and efficiency as part of the growing Industrial Internet of Things (HoT). Unfortunately, when deciding to connect these systems, their cybersecurity was not taken seriously. A hacker can monitor, access and change these systems at their discretion because of the infrastructure's lack of security. This is not only a matter of potential inconvenience. Digital manipulation of these devices can have devastating physical consequences. This dissertation describes three steps cities should take to prepare for cyberattacks and defend themselves accordingly. First, cities must understand how an attacker might compromise its critical infrastructure. In the first chapter, I describe and demonstrate a methodology for enumerating attack vectors across a citys CCTV security system. The attack methodology uses established cybersecurity typologies to develop an attack ruleset for an Al planner that was programmed to perform attack generation. With this, cities can automatically determine all possible approaches hackers can take to compromise their critical infrastructure. Second, cities need to prioritize their cyber risks. There are hundreds of attack permutations for a given system and thousands for a city. In the second chapter, I develop a risk model for urban critical infrastructure. The model helps prioritize vulnerabilities that are frequently exploited for HoT Supervisory Control and Data Acquisition (SCADA) systems. Finally, cities need tools to defend themselves. In the third chapter, I present a nontechnical approach to defending against attacks called cyber negotiation. Cyber negotiation is one of several non-technical cyberdefense tools I call Defensive Social Engineering, where victims can use social engineering against the hacker. Cyber negotiation involves using a negotiation framework to defend against attacks with steps urban critical infrastructure operators can take before, during and after an attack. This study combines computer science and urban planning (Urban Science) to provide a starting point for cities to prepare for and protect themselves against cyberattacks.
by Gregory J. Falco.
Ph. D.
7
Pierce, Adam O. "Exploring the Cybersecurity Hiring Gap." ScholarWorks, 2016. https://scholarworks.waldenu.edu/dissertations/3198.
Full textAbstract:
Cybersecurity is one of the fastest growing segments of information technology. The Commonwealth of Virginia has 30,000 cyber-related jobs open because of the lack of skilled candidates. The study is necessary because some business managers lack strategies for hiring cybersecurity professionals for U.S. Department of Defense (DoD) contracts. The purpose of this case study was to explore strategies business managers in DoD contracting companies used to fill cybersecurity positions. The conceptual framework used for this study was the organizational learning theory. A purposeful sample of 8 successful business managers with cybersecurity responsibilities working for U.S. DoD contracting companies that successfully hired cybersecurity professionals in Hampton Roads, VA participated in the study. Data collection included semistructured interviews and a review of job postings from the companies represented by the participants. Coding, content, and thematic analysis were the methods used to analyze data. Within-methods triangulation was used to add accuracy to the analysis. At the conclusion of the data analysis, two main themes emerged: maintaining contractual requirements and a strong recruiting process. Contractual requirements guided how hiring managers hired cybersecurity personnel and executed the contract. A strong hiring process added efficiency to the hiring process. The findings of the study may contribute to positive social change by encouraging the recruitment and retention of cybersecurity professionals. Skilled cybersecurity professionals may safeguard businesses and society from Internet crime, thereby encouraging the safe exchange and containment of data.
8
Reid, Rayne. "Guidelines for cybersecurity education campaigns." Thesis, Nelson Mandela University, 2017. http://hdl.handle.net/10948/14091.
Full textAbstract:
In our technology- and information-infused world, cyberspace is an integral part of modern-day society. As the number of active cyberspace users increases, so too does the chances of a cyber threat finding a vulnerable target increase. All cyber users who are exposed to cyber risks need to be educated about cyber security. Human beings play a key role in the implementation and governing of an entire cybersecurity and cybersafety solution. The effectiveness of any cybersecurity and cybersafety solutions in a societal or individual context is dependent on the human beings involved in the process. If these human beings are either unaware or not knowledgeable about their roles in the security solution they become the weak link in these cybersecurity solutions. It is essential that all users be educated to combat any threats. Children are a particularly vulnerable subgroup within society. They are digital natives and make use of ICT, and online services with increasing frequency, but this does not mean they are knowledgeable about or behaving securely in their cyber activities. Children will be exposed to cyberspace throughout their lifetimes. Therefore, cybersecurity and cybersafety should be taught to children as a life-skill. There is a lack of well-known, comprehensive cybersecurity and cybersafety educational campaigns which target school children. Most existing information security and cybersecurity education campaigns limit their scope. Literature reports mainly on education campaigns focused on primary businesses, government agencies and tertiary education institutions. Additionally, most guidance for the design and implementation of security and safety campaigns: are for an organisational context, only target organisational users, and mostly provide high-level design recommendations. This thesis addressed the lack of guidance for designing and implementing cybersecurity and cybersafety educational campaigns suited to school learners as a target audience. The thesis aimed to offer guidance for designing and implementing education campaigns that educate school learners about cybersecurity and cybersafety. This was done through the implementation of an action research process over a five-year period. The action research process involved cybersecurity and cybersafety educational interventions at multiple schools. A total of 18 actionable guidelines were derived from this research to guide the design and implementation of cybersecurity and cybersafety education campaigns which aim to educate school children.
9
Nilsen, Richard. "Measuring Cybersecurity Competency: An Exploratory Investigation of the Cybersecurity Knowledge, Skills, and Abilities Necessary for Organizational Network Access Privileges." NSUWorks, 2017. http://nsuworks.nova.edu/gscis_etd/1017.
Full textAbstract:
Organizational information system users (OISU) that are victimized by cyber threats are contributing to major financial and information losses for individuals, businesses, and governments. Moreover, it has been argued that cybersecurity competency is critical for advancing economic prosperity and maintaining national security. The fact remains that technical cybersecurity controls may be rendered useless due to a lack of cybersecurity competency of OISUs. All OISUs, from accountants to cybersecurity forensics experts, can place organizational assets at risk. However, that risk is increased when OISUs do not have the cybersecurity competency necessary for operating an information system (IS). The main goal of this research study was to propose and validate, using subject matter experts (SME), a reliable hands-on prototype assessment tool for measuring the cybersecurity competency of an OISU. To perform this assessment, SMEs validated the critical knowledge, skills, and abilities (KSA) that comprise the cybersecurity competency of OISUs. Primarily using the Delphi approach, this study implemented four phases of data collection using cybersecurity SMEs for proposing and validating OISU: KSAs, KSA measures, KSA measure weights, and cybersecurity competency threshold. A fifth phase of data collection occurred measuring the cybersecurity competency of 54 participants. Phase 1 of this study performed five semi-structured SME interviews before using the Delphi method and anonymous online surveys of 30 cybersecurity SMEs to validate OISU cybersecurity KSAs found in literature and United States government (USG) documents. The results of Phase 1 proposed and validated three OISU cybersecurity abilities, 23 OISU cybersecurity knowledge units (KU), and 22 OISU cybersecurity skill areas (SA). In Phase 2, two rounds of the Delphi method with anonymous online surveys of 15 SMEs were used to propose and validate OISU cybersecurity KSA measures. The results of Phase 2 proposed and validated 90 KSA measures for 47 knowledge topics (KT) and 43 skill tasks (ST). In Phase 3, using the Delphi method with anonymous online surveys, a group of 15 SMEs were used to propose and validate OISU cybersecurity KSA weights. The results of Phase 3 proposed and validated the weights for four knowledge categories (KC) and four skill categories (SC). When Phase 3 was completed, the MyCyberKSAsTM prototype assessment tool was developed using the results of Phases 1-3, and Phase 4 was initiated. In Phase 4, using the Delphi method with anonymous online surveys, a group of 15 SMEs were used to propose and validate an OISU cybersecurity competency threshold (index score) of 80%, which was then integrated into the MyCyberKSAsTM prototype tool. Before initiating Phase 5, the MyCyberKSAsTM prototype tool was fully tested by 10 independent testers to verify the accuracy of data recording by the tool. After testing of the MyCyberKSAsTM prototype tool was completed, Phase 5 of this study was initiated. Phase 5 of this study measured the cybersecurity competency of 54 OISUs using the MyCyberKSAsTM prototype tool. Upon completion of Phase 5, data analysis of the cybersecurity competency results of the 54 OISUs was conducted. Data analysis was conducted in Phase 5 by computing levels of dispersion and one-way analysis of variance (ANOVA). The results of the ANOVA data analysis from Phase 5 revealed that annual cybersecurity training and job function are significant, showing differences in OISU cybersecurity competency. Additionally, ANOVA data analysis from Phase 5 showed that age, cybersecurity certification, gender, and time with company were not significant thus showing no difference in OISU cybersecurity competency. The results of this research study were validated by SMEs as well as the MyCyberKSAsTM prototype tool; and proved that the tool is capable of assessing the cybersecurity competency of an OISU. The ability for organizations to measure the cybersecurity competency of OISUs is critical to lowering risks that could be exploited by cyber threats. Moreover, the ability for organizations to continually measure the cybersecurity competency of OISUs is critical for assessing workforce susceptibility to emerging cyber threats. Furthermore, the ability for organizations to measure the cybersecurity competency of OISUs allows organizations to identify specific weaknesses of OISUs that may require additional training or supervision, thus lowering risks of being exploited by cyber threats.
10
Taiola, Matteo. "Cybersecurity in impianti dell'industria di processo." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2021.
Find full textAbstract:
Nel corso degli ultimi decenni, i processi industriali hanno subito una sempre maggiore automatizzazione e una crescente connessione con reti esterne.
Nell’industria di processo, dove il livello di automazione è sempre stato elevato, l’innovazione tecnologica ha richiesto sempre una maggiore interconnessione tra i sistemi di produzione e sistemi esterni di gestione.
La connessione dei sistemi ha portato a una crescita economica, ottimizzazione dei processi e un aumento della velocità di produzione, dovuti alla gestione dei controlli del processo e dei dati di funzionamento; ciò però, ha portato anche a esporre l’azienda a rischi per la sicurezza da attacchi informatici.
Le minacce alla sicurezza sui sistemi di controllo automatizzato industriale stanno diventando una preoccupazione crescente per tutti gli impianti industriali, in particolare per quelli in cui grandi quantità di sostanze pericolose sono immagazzinate o manipolate.
Lo scopo di questa tesi è verificare l’applicabilità e l’efficacia di due metodologie proposte per l’identificazione degli scenari che possono avere luogo in seguito alla manipolazione dannosa (eseguita da remoto o in seguito ad accesso fisico nella sala controllo) del sistema di controllo e sicurezza di un impianto di processo: PHAROS (Process Hazard Analysis of Remote manipulations through the cOntrol System) e POROS (Process Operability analysis of Remote manipulations through the cOntrol System).
PHAROS permette d’ identificare gli eventi pericolosi originati dalle apparecchiature di processo, che possono essere innescati attraverso una manipolazione malevola dei BPCS e del SIS; mentre POROS mira all'individuazione dei top event che possono portare all'arresto dell'impianto e alla conseguente interruzione della produttività per un certo periodo di tempo, causata da una manipolazione malevola.
11
Gomez, Cesar A. "Cybersecurity of unmanned aircraft systems (UAS)." Thesis, Utica College, 2015. http://pqdtopen.proquest.com/#viewpdf?dispub=1605296.
Full textAbstract:
The purpose of this research was to investigate the cybersecurity controls needed to protect Unmanned Aircraft Systems (UAS) to ensure the safe integration of this technology into the National Airspace System (NAS) and society. This research presents the current vulnerabilities present in UAS technology today along with proposed countermeasures, a description of national and international rules, standards, and activities pertaining to UAS and cybersecurity, and a minimum set of safety operational requirements which are recommended to be implemented by manufacturers of small UAS and mandated by governing agencies. UAS attacks are defined in three categories: hardware attack, wireless attack, and sensor spoofing. The future influx of small and hobby oriented UAS should consider a minimum set of regulated cyber safety standards right out of the box, such as Geofencing technology and isolated auto safety measures. The commonality between national and international cyber related activities point to several operational requirements, hardware limitations, and heightened UAS vulnerabilities. These include type of radio frequency spectrum that is used during operation, methods for detect and avoid, safety measures, lost link procedures, and corrupted data communications.
12
Schluderberg, Larry E. "Addressing the cybersecurity Malicious Insider threat." Thesis, Utica College, 2015. http://pqdtopen.proquest.com/#viewpdf?dispub=1571095.
Full textAbstract:
Malicious Insider threats consist of employees, contractors, or business partners who either have current authorized access, or have had authorized access to an organization's critical information and have intentionally misused that access in a manner that compromised the organization. Although incidents initiated by malicious insiders are fewer in number than those initiated by external threats, insider incidents are more costly on average because the threat is already trusted by the organization and often has privileged access to the organization's most sensitive information. In spite of the damage they cause there are indications that the seriousness of insider incidents are underappreciated as threats by management. The purpose of this research was to investigate who constitutes MI threats, why and how they initiate attacks, the extent to which MI activity can be modeled or predicted, and to suggest some risk mitigation strategies. The results reveal that addressing the Malicious Insider threat is much more than just a technical issue. Dealing effectively with the threat involves managing the dynamic interaction between employees, their work environment and work associates, the systems with which they interact, and organizational policies and procedures. Techniques for detecting and mitigating the threat are available and can be effectively applied. Some of the procedural and technical methods include definition of, follow through, and consistent application of corporate, and dealing with adverse events indigenous to the business environment. Other methods include conduct of a comprehensive Malicious Insider risk assessment, selective monitoring of employees in response to behavioral precursors, minimizing unknown access paths, control of the organization's production software baseline, and effective use of peer reporting.
Keywords: Cybersecurity, Professor Paul Pantani, CERT, insider, threat, IDS, SIEMS. FIM, RBAC, ABAC, behavioral, peer, precursors, access, authentication, predictive, analytics, system, dynamics, demographics.
13
Mattina, Brendan Casey. "MARCS: Mobile Augmented Reality for Cybersecurity." Thesis, Virginia Tech, 2017. http://hdl.handle.net/10919/78220.
Full textAbstract:
Network analysts have long used two-dimensional security visualizations to make sense of network data. As networks grow larger and more complex, two-dimensional visualizations become more convoluted, potentially compromising user situational awareness of cyber threats. To combat this problem, augmented reality (AR) can be employed to visualize data within a cyber-physical context to restore user perception and improve comprehension; thereby, enhancing cyber situational awareness. Multiple generations of prototypes, known collectively as Mobile Augmented Reality for Cyber Security, or MARCS, were developed to study the impact of AR on cyber situational awareness. First generation prototypes were subjected to a formative pilot study of 44 participants, to generate user-centric performance data and feedback, which motivated the design and development of second generation prototypes and provided initial insight into the potentially beneficial impact of AR on cyber situational awareness. Second generation prototypes were subjected to a summative secondary study by 50 participants, to compare the impact of AR and non-AR visualizations on cyber situational awareness. Results of the secondary study suggest that employing AR to visualize cyber threats in a cyber-physical context collectively improves user threat perception and comprehension, indicating that, in some cases, AR security visualizations improve user cyber situational awareness over non-AR security visualizations.Master of Science
14
Ash, Sarah L. "Cybersecurity of wireless implantable medical devices." Thesis, Utica College, 2016. http://pqdtopen.proquest.com/#viewpdf?dispub=10109631.
Full textAbstract:
Wireless implantable medical devices are used to improve and prolong the lives of persons with critical medical conditions. The World Society of Arrhythmias reported that 133,262 defibrillators had been implanted in the United States in 2009 (NBC News, 2012). With the convenience of wireless technology comes the possibility of wireless implantable medical devices being accessed by unauthorized persons with malicious intents. Each year, the Food and Drug Agency (FDA) collects information on medical device failures and has found a substantial increase in the numbers of failures each year (Sametinger, Rozenblit, Lysecky, & Ott, 2015). Mark Goodman, founder of the Future Crimes Institute, wrote an article regarding wireless implantable medical devices (2015). According to Goodman, approximately 300,000 Americans are implanted with wireless implantable medical devices including, but not limited to, cardiac pacemakers and defibrillators, cochlear implants, neurostimulators, and insulin pumps. In upwards of 2.5 million people depend on wireless implantable medical devices to control potential life-threatening diseases and complications. It was projected in a 2012 study completed by the Freedonia Group that the need for wireless implantable medical devices would increase 7.7 percent annually, creating a 52 billion dollar business by 2015 (Goodman, 2015). This capstone project will examine the current cybersecurity risks associated with wireless implantable medical devices. The research will identify potential security threats, current security measures, and consumers’ responsibilities and risks once they acquire the wireless implantable medical devices. Keywords: Cybersecurity, Professor Christopher M. Riddell, critical medical conditions, FDA, medical device failures, risk assessment, wireless networks.
15
Kuznietsova, Tetiania, and Andrii Chyrkov. "State and perspectives of aircraft cybersecurity." Thesis, National aviation university, 2021. https://er.nau.edu.ua/handle/NAU/50678.
Full textAbstract:
During the latest events in the aviation world, where experts in the
field of cybersecurity (example) opened the possibility of gaining access
to the aircraft's on-board systems, industry experts (and not only)
thought about it. And we are doing quite a lot. There are many existing
guides that contain recommendations and practices, for example:
«Software Considerations in Airborne Systems and Equipment
Certification» contains recommendations for evaluating security and
assuring software quality. There is a separation of access, because all
systems are somehow connected to each other through the on-board
network (take at least maintenance to determine failures):
The FAA continues to consider the aircraft guidelines acceptable for
software certification, although they acknowledge that the guidelines do
not fully cover all areas of software development and life cycle
processes, and can sometimes be misinterpreted.
16
Siltanen, Ella. "Whose Responsibility is Cybersecurity? : A Comparative Qualitative Content Analysis of Discourses in the EU’s Cybersecurity Strategies 2013-2020." Thesis, Malmö universitet, Institutionen för globala politiska studier (GPS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:mau:diva-45956.
Full textAbstract:
Cybersecurity is an increasingly important topic to all actors from the private individuals to international institutions. The borderless nature of the internet has however made it more difficult for nation states to take care of their own security and institutions like the EU are also coping with the difficulties of defending themselves from attacks that can affect practically any part of the system and cause wide-spread damage. The EU has tried to address these issues by publishing strategies to improve the cybersecurity of the Union and its Member States. This thesis studies the discourse that is used by the Union in its strategies from 2013 and 2020. This is done to determine how the EU portrays each level, the national, institutional, or private and how responsible they are for the cybersecurity in the Union and to see how this discourse has changed in the previous few years. The theoretical framework of the thesis consists of neofunctionalism and historical institutionalism which are used to explain the direction of the development of the EU’s discourse. The study is conducted using critical discourse analysis and qualitative content analysis. The findings of the analysis suggest that there is noticeable shift to the EU taking more responsibility and actions to ensure its cybersecurity. Similarly it seems remarkable how the importance of the private sector seems to have diminished in the newer discourse.
17
Camporesi, Mirko. "Securopoly: un gioco per l'insegnamento della Cybersecurity." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2017. http://amslaurea.unibo.it/13274/.
Full textAbstract:
All'interno della tesi sono presentati vari argomenti legati al mondo della sicurezza informatica e del suo insegnamento. Lo scopo di questo lavoro è presentare la tecnica della gamification e la sua applicazione nel panorama della cybersecurity moderna. Inoltre, viene proposto un gioco di società chiamato Securopoly che implementa le nozioni descritte e che è basato fortemente sul Framework Nazionale per la cybersecurity, un documento che pone gli standard che ogni organizzazione e ogni azienda dovrebbero soddisfare per essere all'avanguardia nel tentativo di difendersi da attacchi informatici.
18
Chung, Kristie (Kristie J. ). "Applying systems thinking to healthcare data cybersecurity." Thesis, Massachusetts Institute of Technology, 2015. http://hdl.handle.net/1721.1/105307.
Full textAbstract:
Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, Engineering Systems Division, 2015.Cataloged from PDF version of thesis.
Includes bibliographical references (pages 85-90).
Since the HITECH Act of 2009, adoption of Electronic Health Record (EHR) systems in US healthcare organizations has increased significantly. Along with the rapid increase in usage of EHR, cybercrimes are on the rise as well. Two recent cybercrime cases from early 2015, the Anthem and Premera breaches, are examples of the alarming increase of cybercrimes in this domain. Although modem Information Technology (IT) systems have evolved to become very complex and dynamic, cybersecurity strategies have remained static. Cyber attackers are now adopting more adaptive, sophisticated tactics, yet the cybersecurity counter tactics have proven to be inadequate and ineffective. The objective of this thesis is to analyze the recent Anthem security breach to assess the vulnerabilities of Anthem's data systems using current cybersecurity frameworks and guidelines and the Systems-Theoretic Accident Model and Process (STAMP) method. The STAMP analysis revealed Anthem's cybersecurity strategy needs to be reassessed and redesigned from a systems perspective using a holistic approach. Unless our society and government understand cybersecurity from a sociotechnical perspective, we will never be equipped to protect valuable information and will always lose this battle.
by Kristie Chung.
S.M. in Engineering and Management
19
Johnson, Tanner West. "Evaluating an Educational Cybersecurity Playable Case Study." BYU ScholarsArchive, 2018. https://scholarsarchive.byu.edu/etd/7592.
Full textAbstract:
The realities of cyberattacks have become more and more prevalent in the world today. Due to the growing number of these attacks, the need for highly trained individuals has also increased. Because of a shortage of qualified candidates for these positions, there is an increasing need for cybersecurity education within high schools and universities. In this thesis, I discuss the development and evaluation of Cybermatics, an educational simulation, or playable case study, designed to help students learn and develop skills within the cybersecurity discipline.
This playable case study was designed to allow students to gain an understanding of the field of cybersecurity and give them a taste of what a day in the life of a cybersecurity professional might be. It focuses on being an authentic experience so that students feel immersed within the simulation while completing their tasks, instead of regarding it as merely another assignment. We ran a pilot test of this playable case study in a university-level, introductory Information Technology class of 51 students. We found that Cybermatics increased the selfreported likelihood of over 70% of participants to pursue a career in a cybersecurity field. It also helped students understand the importance of leadership and ethics to a cybersecurity professional. We also found that the simulation helped students feel more confident about their ability to complete cybersecurity-related tasks.
20
Ahmed, Jaleel. "Empirical Analysis of a Cybersecurity Scoring System." Scholar Commons, 2019. https://scholarcommons.usf.edu/etd/7722.
Full textAbstract:
In the field of cybersecurity, the top-level management make use of metrics to decide if the organization is doing well to protect itself from cyber attacks or is in tatters leaving itself susceptible against the vast threats looming around. Not only that but metrics are even used to measure the performance of the security team. The aim of this thesis is to show how economics is closely related to cybersecurity and how metrics play an important role in policy making of an organization. Furthermore, I scrutinize one of the leading security score providers for the way they detect botnet infection. Botnet infection is a part of compromised system group in their score card categories that amounts to 55\% of the total security score. So, it becomes essential for the security score providers to have the right method of grading a company since it will have an impact on how they use their resources to protect itself from outside threat and the insurance premium they pay to cover any successful cyber attacks. I have found out that the data on which the botnet infection vector is graded has false positives. I shed light on security analyst and security team on a whole in their role in making decisions according to the security score. It is even the duty of the security team to work ethically, that is, the aim should not be to improve the security score rather the aim should be to protect the organization from outside attacks and if it happens to increase the security rating then be it so.
21
Shirazi, Patrick. "Identifying Challenges in Cybersecurity Data Visualization Dashboards." Thesis, Luleå tekniska universitet, Institutionen för system- och rymdteknik, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-80412.
Full textAbstract:
Nowadays, a massive amount of cybersecurity data-objects, such as security events, logs,messages, are flowing through different cybersecurity systems. With the enormous fastdevelopment of different cloud environments, big data, IoT, and so on, these amounts of data areincreasingly revolutionary. One of the challenges for different security actors, such as securityadmins, cybersecurity analysis, and network technicians, is how to utilize this amount of data inorder to reach meaningful insights, so they can be used further in diagnosis, validation, forensicand decision-making purposes. In order to make useful and get meaningful insights from this data, we need to have efficientdashboards that simplify the data and provide a human-understandable presentation of data. Currently, there are plenty of SIEM and visualization dashboard tools that are using a variety ofreport generator engines to generate charts and diagrams. Although there have been manyadvances in recent years due to utilizing AI and big data, security professionals are still facingsome challenges in using the visualization dashboards. During recent years, many research studies have been performed to discover and address thesetypes of challenges. However, due to the rapid change in the way of working in many companies(e.g. digital transformation, agile way of working, etc.) and besides utilizing cloud environments,that are providing almost everything as a service, it is needed to discover what challenges are stillthere and whether they are still experiencing the same challenges or new ones have emerged. Following a qualitative method and utilizing the Delphi technique with two rounds of interviews,the results show that although the technical and tool-specific concerns really matter, the mostsignificant challenges are due to the business architecture and the way of working.
22
M, Kunyk A. "CYBERSECURITY POLICY IN THE REPUBLIC OF POLAND." Thesis, Юриспруденція в сучасному інформаційному просторі: [Матеріали ІХ Міжнародної науково-практичної конференції, м. Київ, Національний авіаційний університет, 1 березня 2019 р.] Том 1. – Тернопіль: Вектор, 2019. – 394 с, 2019. http://er.nau.edu.ua/handle/NAU/38074.
Full text
23
Karpova. "THE MAIN ASPECTS OF MAINTAINING EFFECTIVE CYBERSECURITY." Thesis, Київ 2018, 2018. http://er.nau.edu.ua/handle/NAU/33747.
Full text
24
Kaijankoski, Eric A. "Cybersecurity information sharing between public–private sector agencies." Thesis, Monterey, California: Naval Postgraduate School, 2015. http://hdl.handle.net/10945/45204.
Full textAbstract:
Approved for public release; distribution is unlimitedGovernment agencies, businesses, and individuals alike have become more dependent on technology, and the desire and need for interconnectedness has led to increasing network vulnerability affecting both government and private sectors. Recognizing both government and private sector agencies individually lack the capabilities to defend against cyber threats, President Obama has called for a more robust and resilient cybersecurity alliance that encourages information-sharing partnerships with private sector owners and operators in charge of protecting U.S. critical infrastructure. Despite the recent drive for cyber legislation and policies, government agencies and private companies have seemed reluctant to share information related to cyber-attacks and threats with one another. To discover the deeper underlying issues that inhibit public-private cooperation, and to evaluate the effectiveness of public-private partnerships (PPPs) to advance cyber information sharing, this thesis examines the banking and finance sector of U.S. critical infrastructure sector. In doing so, it identifies reasons why information-sharing problems exist between government agencies and private companies; investigates how PPPs satisfy national cybersecurity needs; and, in turn, reveals issues for policymakers to consider when shaping policies that encourage an open dialog between the public and private sector.
25
Coria, Jose Calderon. "Curriculum modules in support of tabletop cybersecurity games." Thesis, Monterey, California: Naval Postgraduate School, 2013. http://hdl.handle.net/10945/37604.
Full textAbstract:
Approved for public release; distribution is unlimitedThe number of bachelor degrees in computer science has continued to decline over the past decade. These trends similarly affect cyber security sub-discipline of computer science. The non-digital computer security board game [d0x3d!] aims to teach cyber security concepts to a young, non-CS audience, to increase interest in the subject, and have a positive effect on computer science education. We develop curriculum modules in the form of lesson plans to complement this game. This demonstrates how the game can be used in an academic setting to scaffold instruction that introduces security concepts to K-12 audiences, more formally.
26
Hanson, Eric Gerald. "A network of nations why effective cybersecurity requires /." Connect to Electronic Thesis (CONTENTdm), 2009. http://worldcat.org/oclc/476725684/viewonline.
Full text
27
GARZA, ADRIANA BEATRIZ. "AN ANALYSIS OF THE ETHICS BEHIND CYBERSECURITY MANAGEMENT." Thesis, The University of Arizona, 2016. http://hdl.handle.net/10150/618707.
Full textAbstract:
This paper will explore cyber breaches, and the ethics behind a company’s decisionmaking
when it comes to cyber security. At a time when cyber attacks and breaches against wellknown,
and reputable companies were at an all-time high, an interest to study different cyber
breaches and a company’s reaction to the cyber breach began to develop. In order to analyze the
various cyber attacks that had taken place in recent years, a case study was completed,
examining three different companies in North America that had gone through a cyber attack –
Target, Ashley Madison, and Liverpool. Additionally, research of the different types of cyber
attacks and the various tactics companies utilize to avoid a cyber attack was conducted. The
research was guided by the question of whether Target, Ashley Madison, and Liverpool were
ethical in their response that followed their respective cyber breaches. Thus, this paper will
discuss the many facets of cyber security most relevant to companies, in addition to an ethical
analysis of each company’s actions following their respective cyber breach.
28
Zeng, Kui. "Exploring cybersecurity requirements in the defense acquisition process." Thesis, Capitol Technology University, 2016. http://pqdtopen.proquest.com/#viewpdf?dispub=10165487.
Full textAbstract:
The federal government is devoted to an open, safe, free, and dependable cyberspace that empowers innovation, enriches business, develops the economy, enhances security, fosters education, upholds democracy, and defends freedom. Despite many advantages— federal and Department of Defense cybersecurity policies and standards, the best military power equipped with the most innovative technologies in the world, and the best military and civilian workforces ready to perform any mission—the defense cyberspace is vulnerable to a variety of threats. This study explores cybersecurity requirements in the defense acquisition process. The literature review exposes cybersecurity challenges that the government faces in the federal acquisition process, and the researcher examines cybersecurity requirements in defense acquisition documents. The study reveals that cybersecurity is not at a level of importance equal to that of cost, technical, and performance in the current defense acquisition process. The study discloses the defense acquisition guidance does not reflect the change of cybersecurity requirements, and the defense acquisition processes are deficient, ineffective, and inadequate to describe and consider cybersecurity requirements, weakening the government’s overall efforts to implement cybersecurity framework into the defense acquisition system. The study recommends defense organizations elevate the importance of cybersecurity during the acquisition process, to help the government’s overall efforts to develop, build, and operate in an open, secure, interoperable, and reliable cyberspace.
29
Deshpande, Pranita. "Assessment Of Two Pedagogical Tools For Cybersecurity Education." ScholarWorks@UNO, 2018. https://scholarworks.uno.edu/td/2557.
Full textAbstract:
Cybersecurity is an important strategic areas of computer science, and a difficult discipline to teach effectively. To enhance and provide effective teaching and meaningful learning, we develop and assess two pedagogical tools: Peer instruction, and Concept Maps. Peer instruction teaching methodology has shown promising results in core computer science courses by reducing failure rates and improving student retention in computer science major. Concept maps are well-known technique for improving student-learning experience in class. This thesis document presents the results of implementing and evaluating the peer instruction in a semester-long cybersecurity course, i.e., introduction to computer security. Development and evaluation of concept maps for two cybersecurity courses: SCADA security systems, and digital forensics. We assess the quality of the concept maps using two well-defined techniques: Waterloo rubric, and topological scoring. Results clearly shows that overall concept maps are of high-quality and there is significant improvement in student learning gain during group-discussion.
30
Smith, Willarvis. "A Comprehensive Cybersecurity Defense Framework for Large Organizations." Diss., NSUWorks, 2019. https://nsuworks.nova.edu/gscis_etd/1083.
Full textAbstract:
There is a growing need to understand and identify overarching organizational requirements for cybersecurity defense in large organizations. Applying proper cybersecurity defense will ensure that the right capabilities are fielded at the right locations to safeguard critical assets while minimizing duplication of effort and taking advantage of efficiencies. Exercising cybersecurity defense without an understanding of comprehensive foundational requirements instills an ad hoc and in many cases conservative approach to network security. Organizations must be synchronized across federal and civil agencies to achieve adequate cybersecurity defense. Understanding what constitutes comprehensive cybersecurity defense will ensure organizations are better protected and more efficient.
This work, represented through design science research, developed a model to understand comprehensive cybersecurity defense, addressing the lack of standard requirements in large organizations. A systemic literature review and content analysis were conducted to form seven criteria statements for understanding comprehensive cybersecurity defense. The seven criteria statements were then validated by a panel of expert cyber defenders utilizing the Delphi consensus process. Based on the approved criteria, the team of cyber defenders facilitated the development of a Comprehensive Cybersecurity Defense Framework prototype for understanding cybersecurity defense. Through the Delphi process, the team of cyber defense experts ensured the framework matched the seven criteria statements. An additional and separate panel of stakeholders conducted the Delphi consensus process to ensure a non-biased evaluation of the framework.
The comprehensive cybersecurity defense framework is developed through the data collected from two distinct and separate Delphi panels. The framework maps risk management, behavioral, and defense in depth frameworks with cyber defense roles to offer a comprehensive approach to cyber defense in large companies, agencies, or organizations. By defining the cyber defense tasks, what those tasks are trying to achieve and where best to accomplish those tasks on the network, a comprehensive approach is reached.
31
Boutwell, Mark. "Exploring Industry Cybersecurity Strategy in Protecting Critical Infrastructure." ScholarWorks, 2019. https://scholarworks.waldenu.edu/dissertations/7965.
Full textAbstract:
Successful attacks on critical infrastructure have increased in occurrence and sophistication. Many cybersecurity strategies incorporate conventional best practices but often do not consider organizational circumstances and nonstandard critical infrastructure protection needs. The purpose of this qualitative multiple case study was to explore cybersecurity strategies used by information technology (IT) managers and compliance officers to mitigate cyber threats to critical infrastructure. The population for this study comprised IT managers and compliance officers of 4 case organizations in the Pacific Northwest United States. The routine activity theory developed by criminologist Cohen and Felson in 1979 was used as the conceptual framework. Data collection consisted of interviews with 2 IT managers, 3 compliance officers, and 25 documents related to cybersecurity and associated policy governance. A software tool was used in a thematic analysis approach against the data collected from the interviews and documentation. Data triangulation revealed 4 major themes: a robust workforce training program is crucial, make infrastructure resiliency a priority, importance of security awareness, and importance of organizational leadership support and investment. This study revealed key strategies that may help improve cybersecurity strategies used by IT and compliance professionals, which can mitigate successful attacks against critical infrastructure. The study findings will contribute to positive social change through an exploration and contextual analysis of cybersecurity strategy with situational awareness of IT practices to enhance cyber threat mitigation and inform business processes.
32
Padlipsky, Sarah. "Using Offline Activities to Enhance Online Cybersecurity Education." DigitalCommons@CalPoly, 2018. https://digitalcommons.calpoly.edu/theses/1956.
Full textAbstract:
Since the beginning of the 21st century, the United States has experienced the impact of a technological revolution. One effect of this technological revolution is the creation of entirely new careers related to the field of technology, including cybersecurity. Continued growth in the cybersecurity industry means a greater number of jobs will be created, adding to the existing number of jobs that are challenging an under-educated and under-trained workforce. The goal of this thesis is to increase the effectiveness of cybersecurity education. This thesis studies whether an online course in cybersecurity can be enhanced by offline, in-person activities that mirror traditional classroom methods. To validate the research, two groups of high school students participated in an online course with only one group participating in offline activities. The results showed that the group that participated in both the online and offline portions of the course had a higher percentage of student retention, a more positive mindset towards cybersecurity, and an improved performance in the course.
33
Uwakweh, Ozioma I. F. "Cybersecurity in the Retail Industry: Third Party Implications." University of Cincinnati / OhioLINK, 2020. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1595848539891614.
Full text
34
Rajasooriya, Sasith Maduranga. "Cybersecurity: Probabilistic Behavior of Vulnerability and Life Cycle." Scholar Commons, 2017. http://scholarcommons.usf.edu/etd/6933.
Full textAbstract:
Analysis on Vulnerabilities and Vulnerability Life Cycle is at the core of Cybersecurity related studies. Vulnerability Life Cycle discussed by S. Frei and studies by several other scholars have noted the importance of this approach. Application of Statistical Methodologies in Cybersecurity related studies call for a greater deal of new information. Using currently available data from National Vulnerability Database this study develops and presents a set of useful Statistical tools to be applied in Cybersecurity related decision making processes.
In the present study, the concept of Vulnerability Space is defined as a probability space. Relevant theoretical analyses are conducted and observations in the vulnerability space in aspects of events and states are discussed.
Transforming IT related cybersecurity issues into analytical formation so that abstract and conceptual knowledge from Mathematics and Statistics can be applied is a challenge. However, to overcome rising threats from Cyber-attacks such an integration of analytical foundation to understand the issues and develop strategies is essential. In the present study we apply well known Markov approach in a new approach of Vulnerability Life Cycle to develop useful analytical methods to assess the Risk associated with a vulnerability. We also presents, a new Risk Index integrating the results obtained and details from the Common Vulnerability Scoring System (CVSS).
In addition, a comprehensive study on the Vulnerability Space is presented discussing the likelihood of probable events in the probability sub-spaces of vulnerabilities.
Finally, an Extended Vulnerability Life Cycle model is presented and discussed in relation to States and Events in the Vulnerability Space that lays down a strong foundation for any future vulnerability related analytical research efforts.
35
Rodrigo, Hansapani Sarasepa. "Bayesian Artificial Neural Networks in Health and Cybersecurity." Scholar Commons, 2017. http://scholarcommons.usf.edu/etd/6940.
Full textAbstract:
Being in the era of Big data, the applicability and importance of data-driven models like artificial neural network (ANN) in the modern statistics have increased substantially. In this dissertation, our main goal is to contribute to the development and the expansion of these ANN models by incorporating Bayesian learning techniques. We have demonstrated the applicability of these Bayesian ANN models in interdisciplinary research including health and cybersecurity.
Breast cancer is one of the leading causes of deaths among females. Early and accurate diagnosis is a critical component which decides the survival of the patients. Including the well known ``Gail Model", numerous efforts are being made to quantify the risk of diagnosing malignant breast cancer. However, these models impose some limitations on their use of risk prediction. In this dissertation, we have developed a diagnosis model using ANN to identify the potential breast cancer patients with their demographic factors and the previous mammogram results. While developing the model, we applied the Bayesian regularization techniques (evidence procedure), along with the automatic relevance determination (ARD) prior, to minimize the network over-fitting. The optimal Bayesian network has 81\% overall accuracy in correctly classifying the actual status of breast cancer patients, 59\% sensitivity in accurately detecting the malignancy and 83\% specificity in correctly detecting non-malignancy. The area under the receiver operating characteristic curve (0.7940) shows that this is a moderate classification model.
We then present a new Bayesian ANN model for developing a nonlinear Poisson regression model which can be used for count data modeling. Here, we have summarized all the important steps involved in developing the ANN model, including the forward-propagation, backward-propagation and the error gradient calculations of the newly developed network. As a part of this, we have introduced a new activation function into the output layer of the ANN and error minimizing criterion, using count data. Moreover, we have expanded our model to incorporate the Bayesian learning techniques. The performance our model is tested using simulation data.
In addition to that, a piecewise constant hazard model is developed by extending the above nonlinear Poisson regression model under the Bayesian setting. This model can be utilized over the other conventional methods for accurate survival time prediction. With this, we were able to significantly improve the prediction accuracies. We captured the uncertainties of our predictions by incorporating the error bars which could not achieve with a linear Poisson model due to the overdispersion in the data. We also have proposed a new hybrid learning technique, and we evaluated the performance of those techniques with a varying number of hidden nodes and data size.
Finally, we demonstrate the suitability of Bayesian ANN models for time series forecasting by using an online training algorithm. We have developed a vulnerability forecast model for the Linux operating system by using this approach.
36
Choi, Min Suk. "Assessing the Role of User Computer Self-Efficacy, Cybersecurity Countermeasures Awareness, and Cybersecurity Skills toward Computer Misuse Intention at Government Agencies." NSUWorks, 2013. http://nsuworks.nova.edu/gscis_etd/119.
Full textAbstract:
Cybersecurity threats and vulnerabilities are causing substantial financial losses for governments and organizations all over the world. Cybersecurity criminals are stealing more than one billion dollars from banks every year by exploiting vulnerabilities caused by bank users' computer misuse. Cybersecurity breaches are threatening the common welfare of citizens since more and more terrorists are using cyberterrorism to target critical infrastructures (e.g., transportation, telecommunications, power, nuclear plants, water supply, banking) to coerce the targeted government and its people to accomplish their political objectives. Cyberwar is another major concern that nations around the world are struggling to get ready to fight. It has been found that intentional and unintentional users' misuse of information systems (IS) resources represents about 50% to 75% of cybersecurity threats and vulnerabilities to organizations. Computer Crime and Security Survey revealed that nearly 60% of security breaches occurred from inside the organization by users.
Computer users are one of the weakest links in the information systems security chain, because users seem to have very limited or no knowledge of user computer self-efficacy (CSE), cybersecurity countermeasures awareness (CCA), and cybersecurity skills (CS). Users' CSE, CCA, and CS play an important role in users' computer misuse intention (CMI). CMI can be categorized as unauthorized access, use, disruption, modification, disclosure, inspection, recording, or destruction of information system data. This dissertation used a survey to empirically assess users' CSE, CCA, CS, and computer misuse intention (CMI) at government agencies. This study used Partial Least Square (PLS) technique to measure the fit of a theoretical model that includes seven independent latent variables (CSE, UAS-P, UAS-T, UAC-M, CCS, CIS, & CAS) and their influences on the dependent variable CMI. Also, PLS was used to examine if the six control variables (age, gender, job function, education level, length of working in the organization, & military status such as veteran) had any significant impact on CMI.
This study included data collected from 185 employees of a local and state transportation agency from a large metropolitan in the northeastern United States. Participants received an email invitation to take the Web-based survey. PLS was used to test the four research hypotheses. The results of the PLS model showed that UAC-M and CIS were significant contributors (p
37
Nieminen, Linda. "Why is human trafficking excluded from the EU’s cybersecurity? : An explorative study about cybersecurity and human trafficking in the European Union." Thesis, Försvarshögskolan, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:fhs:diva-9698.
Full textAbstract:
Combatting human trafficking is one of the top priorities in the European Union and Europol. Nonetheless, Europe is one of worlds’ leading regions for most trafficked human beings. Human trafficking is often connected to organised crime such as drug trafficking, cybercrime and child pornography and occurs across borders. 21st century’s digital age has broadly shifted human trafficking from the real-life to the cyberspace. However, human trafficking is not mentioned in any EU cybersecurity policies. This thesis aims to explore, using a feminist security approach, why human trafficking is overlooked in the European Union cybersecurity. By conducting an interpretive content analysis and using the method of deconstruction, I investigated the silences of human trafficking and gender. Leaning on feminist theories of securitisation, hegemonic masculinity and poststructural feminism, three significant assumptions were identified. The first assumption was that human trafficking is overlooked in the EU cybersecurity because of the non-human referent object of security. The second was that it is overlooked because of hegemonic masculinity. And lastly, because the issue is seen as private and therefore do not belong to cybersecurity. By analysing EU cybersecurity policies, I identified that the EU cybersecurity is dominated by norms of hegemonic masculinity and gendered social hierarchies. In the EU cybersecurity, threats related to non-human objects are constructed and gain hegemony over human rights and social policies. This study has raised important questions about the nature of cybersecurity in the EU, and greater efforts are needed to ensure women’s security in the cyberspace. These results suggest that if the EU aims to combat human trafficking wholehearted, it needs to start with acknowledging human trafficking as a threat in the cyberspace.
38
Tontini, Gian Carlo Raffaele. "Cybersecurity e dispositivi medici: fasi di sviluppo e governance." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2017. http://amslaurea.unibo.it/14616/.
Full textAbstract:
Sicurezza informatica, cybersecurity sono tematiche entrate a far parte di prepotenza dell'ambito sanitario. Questa crescente attenzione è giustificabile dal fatto che le moderne tecnologie informatiche hanno e continueranno ad avere un forte impatto sulla cura della salute dell'individuo.
39
Laurent, David, and Robin Sinz. "FinTech: The role of Perceived cybersecurity and Organizational trust." Thesis, Umeå universitet, Företagsekonomi, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:umu:diva-161759.
Full textAbstract:
Context: The advent of the Information and Communication Technologies mostly referred to “digitalization”; offers a new paradigm. Information technology is now perceived as a disruptive innovation capable of shaking up the traditional financial industry. On one side and as a result of the former trend, a new taxonomy emerged under the name of “FinTech” corresponding to the embracement of “digitalization”. FinTech is implicated in the process of disintermediation through innovation. On the other hand and due to the recent incidents at the macroeconomic level such as the 2008 financial crisis or even more recently the Snowden case; the regulatory environment is undergoing drastic changes. Even though the changing regulatory environment firstly acted as a catalyst by promoting the FinTech phenomenon into the spotlight, it inherently touched upon one of the prominent challenges of “FinTech”: to the extent Information Security. Along the line, the FinTech ecosystem which is symbolized by the “Always Available” expression conveys an explicit statement which is yet challenged by the threat of cyberattacks and emphasized by the duality between availability and security. The existing paradox reasserts the growing need for trust from a customer perspective. Purpose: In this thesis, the authors aimed to investigate the information security and consumer trust challenges within the FinTech ecosystem by empirically testing the customer’s perceptions on the variables that are likely to affect technological adoption Design/Methodology/approach: A cross sectional quantitative study was conducted with the distribution of a self-completion questionnaire to FinTech customers in Sweden. The designed conceptual model was built on the previous work of Stewart & Jürjens (2018). Stewart and Jürjens (2018) extended the TAM model by considering: Data Security, Customer Trust, Value Added, User Design Interface and FinTech Promotion. In this thesis, the authors adapted Stewart and Jürjens model (2018) by redefining “Data Security” and “Customer Trust”. Three regressions have been performed: one binary logistic regression and two multiple regressions. Findings: We first ran a principal component analysis in order to reduce dimensionality within our questionnaire. We performed a PCA with an oblique rotation which helped us to produce factor scores. Based on the binary logistic regression, we found out that only Perceived Usefulness and Device security was significantly affecting our respondent’s payment intention. The multiple regression intending to predict the respondent’s intention to use based the on the factor scores from the PCA, revealed that Perceived Usefulness, Usability & ergonomics, Device security and Organizational trust were significant. Lastly, the final regression suggested that Overall trust and security were significantly affecting the respondent’s intention to use. In essence, it appeared that both dimensions are affecting the technological acceptance of users of mobile payment applications. Research Limitations/implications: There are multiple limitations to our study, the first one being the use of a convenience sampling. Therefore, our results lack of generalizations. Yet, the results of our study confirm what the antecedents of customer’s intention to use mobile payment applications are, to the extent that both security and trust matter.
40
Pertierra, Arrojo Marcos (Marcos A. ). "Investigating coevolutionary algorithms For expensive fitness evaluations in cybersecurity." Thesis, Massachusetts Institute of Technology, 2018. http://hdl.handle.net/1721.1/120388.
Full textAbstract:
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2018.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.
Cataloged from student-submitted PDF version of thesis.
Includes bibliographical references (pages 75-76).
Coevolutionary algorithms require evaluating fitness of solutions against adversaries, and vice versa, in order to select high quality individuals to generate offspring and evolve the population. However, some problems require computationally expensive fitness evaluations, which makes it hard to generate solutions in a feasible amount of time. In this thesis, we devise coevolutionary algorithms and methods that achieve good results with fewer fitness evaluations, and we present methods for selecting a solution to deploy after running experiments with multiple coevolutionary algorithms. Comparing our new algorithms presented with baselines, we found that MEULockstepCoev performs relatively well, especially for attackers.
by Marcos Pertierra Arrojo.
M. Eng.
41
Galán, Carlos Manuel, and Cordero Carlos Galán. "Public cybersecurity as guarantee of the exercise of rights." Derecho & Sociedad, 2017. http://repositorio.pucp.edu.pe/index/handle/123456789/117704.
Full textAbstract:
The development of fundamental human rights contained in the texts of the Universal Declarations and the Constitutions of democratic states requires that information systems that support its exercise are permanently operational. However, this need is constantly violated by many cyberattacks that, in the heart of the matter, seek to undermine the free exercise of such rights. It is in this environment where public cybersecurity, understood as the set of legal regulations, methods, procedures and tools, finds its reason for being and is configured as the only appropriate means of ensuring social coexistence in accordance with the principles of the Rule of Law.
42
Girmay, Mesele Asmelash. "AUTOSARLang: Threat Modeling and Attack Simulation for Vehicle Cybersecurity." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-240410.
Full textAbstract:
The rapid growth and development of the Information and Communications Technology attract many industries including the automotive industry. Since the last four decades, the automotive engineering has been impacted by the Information Technology. Nowadays, modern vehicles are being designed with up to hundreds of electronic control units (ECUs) and be able to communicate with other vehicles, infrastructure, and other things via wireless networks and sensors. For such in-vehicle networks, serial bus systems like CAN bus, LIN bus, FlexRay, and MOST are standardized. Parallel to this, the automotive industry vendors designed and standardized automotive open systems architecture (AUTOSAR) software platform. AUTOSAR has two main standards - the classical platform and adaptive platform. The classical platform (CP) is designed for the current embedded ECUs, whereas the adaptive platform (AP) is being designed for the future intelligent ECUs. The intelligent AP ECU constitute many multi-processing processors and Ethernet to realize the future autonomous vehicles.On the other hand, automotive industries shall ensure “safety first” in their design and regard it as part of their market feature. Directly or indirectly, the safety of the modern connected vehicles is related to their cybersecurity. Today, cybersecurity professionals are conducting researches to bring remarkable solutions to the sophisticated cyberattacks. One approach of cybersecurity solution is to make a cyber threat modeling and attack simulations. Example, meta-attack-language (MAL) is a threat modeling and attack simulation language, which is designed to make domain-specific threat analysis.In this study, potential assets of an automotive vehicle with AP ECUs are identified. Then, threats of each identified asset are collected from different literature. With both inputs, a cyber threat model is written using MAL. Finally, validation of the model is made with a simulation language. Consequently, modern vehicle with AP ECUs is modeled and simulated.This study contributes four important things - list of potential assets that AP running vehicle constitutes, collected list of threats of the identified assets, validated cyber threat model, and simulation test cases for each potential attack paths in the model.Den snabba tillväxten och utvecklingen av informations- och kommunikationstekniken lockar många branscher, däribland bilindustrin. Sedan de senaste fyra decennierna har automotive engineering påverkats av informationstekniken. Numera är moderna fordon utformade med upp till hundratals elektroniska styrenheter (ECU) och kan kommunicera med andra fordon, infrastruktur och andra saker via trådlösa nätverk och sensorer. För sådana inbyggda nätverk är seriella bussystem som CAN-buss, LIN-buss, FlexRay och MOST standardiserade. Parallellt med detta har automotive-leverantörerna utformat och standardiserat automatsystem för öppna systemarkitekturer (AUTOSAR). AUTOSAR har två huvudstandarder - den klassiska plattformen och den adaptiva plattformen. Den klassiska plattformen (CP) är utformad för nuvarande inbyggda ECU, medan den adaptiva plattformen (AP) är utformad för framtida intelligenta ECU. Den intelligenta AP-enheten utgör många processorer och Ethernet för att förverkliga de framtida autonoma fordonen. Bilindustrin ska å andra sidan säkerställa "säkerhet först" i sin design och betrakta den som en del av deras marknadsfunktion. Direkt eller indirekt är säkerheten hos moderna anslutna fordon relaterad till sin cybersäkerhet. Idag genomför cybersecurity-proffs för att få anmärkningsvärda lösningar på de sofistikerade cyberattackarna. Ett tillvägagångssätt för cybersecurity-lösningen är att göra en modellering av cyberhot och attack simuleringar. Exempel, meta-attack-language (MAL) är ett hot modellerings-och attack simuleringsspråk, som är utformat för att göra domänspecifik hotanalys. I denna studie identifieras potentiella tillgångar i ett fordonsbil med AP-ECU. Därefter samlas hot av varje identifierad tillgång från olika litteratur. Med båda ingångarna skrivs en cyber-hotmodell med MAL. Slutligen görs validering av modellen med ett simuleringsspråk. Följaktligen modelleras och simuleras moderna fordon med AP-ECU. Denna studie bidrar till fyra viktiga saker - en lista över potentiella tillgångar som AP-körfordon utgör, samlad lista över hot av identifierade tillgångar, validerad cyberhot-modell och simuleringsprovfall för varje potentiell attackvägar i modellen.
43
Kedrowitsch, Alexander Lee. "Deceptive Environments for Cybersecurity Defense on Low-power Devices." Thesis, Virginia Tech, 2017. http://hdl.handle.net/10919/86164.
Full textAbstract:
The ever-evolving nature of botnets have made constant malware collection an absolute necessity for security researchers in order to analyze and investigate the latest, nefarious means by which bots exploit their targets and operate in concert with each other and their bot master.
In that effort of on-going data collection, honeypots have established themselves as a curious and useful tool for deception-based security. Low-powered devices, such as the Raspberry Pi, have found a natural home with some categories of honeypots and are being embraced by the honeypot community. Due to the low cost of these devices, new techniques are being explored to employ multiple honeypots within a network to act as sensors, collecting activity reports and captured malicious binaries to back-end servers for later analysis and network threat assessments. While these techniques are just beginning to gain their stride within the security community, they are held back due to the minimal amount of deception a traditional honeypot on a low-powered device is capable of delivering.
This thesis seeks to make a preliminary investigation into the viability of using Linux containers to greatly expand the deception possible on low-powered devices by providing isolation and containment of full system images with minimal resource overhead. It is argued that employing Linux containers on low-powered device honeypots enables an entire category of honeypots previously unavailable on such hardware platforms. In addition to granting previously unavailable interaction with honeypots on Raspberry Pis, the use of Linux containers grants unique advantages that have not previously been explored by security researchers, such as the ability to defeat many types of virtual environment and monitoring tool detection methods.Master of Science
44
Saber, Jennifer. "Determining Small Business Cybersecurity Strategies to Prevent Data Breaches." ScholarWorks, 2016. https://scholarworks.waldenu.edu/dissertations/4991.
Full textAbstract:
Cybercrime is one of the quickest growing areas of criminality. Criminals abuse the speed, accessibility, and privacy of the Internet to commit diverse crimes involving data and identity theft that cause severe damage to victims worldwide. Many small businesses do not have the financial and technological means to protect their systems from cyberattack, making them vulnerable to data breaches. This exploratory multiple case study, grounded in systems thinking theory and routine activities theory, encompassed an investigation of cybersecurity strategies used by 5 small business leaders in Middlesex County, Massachusetts. The data collection process involved open-ended online questionnaires, semistructured face-to-face interviews, and review of company documents. Based on methodological triangulation of the data sources and inductive analysis, 3 emergent themes identified are policy, training, and technology. Key findings include having a specific goal and tactical approach when creating small business cybersecurity strategies and arming employees with cybersecurity training to increase their awareness of security compliance. Recommendations include small business use of cloud computing to remove the burden of protecting data on their own, thus making it unnecessary to house corporate servers. The study has implications for positive social change because small business leaders may apply the findings to decrease personal information leakage, resulting from data breaches, which affects the livelihood of individuals or companies if disclosure of their data occurs.
45
Hoskins, Brittany Noel. "The Rhetoric of Commoditized Vulnerabilities: Ethical Discourses in Cybersecurity." Thesis, Virginia Tech, 2015. http://hdl.handle.net/10919/52943.
Full textAbstract:
The field of cybersecurity is relatively uncharted by rhetoricians and sociologists but nevertheless laden with terminological assumptions, violent metaphors, and ethical conflicts. This study explores the discourse surrounding the morally contentious practice of hackers selling software vulnerabilities to third parties instead of disclosing them to the affected technology companies. Drawing on grounded theory, I utilize a combination of quantitative word-level analysis and qualitative coding to assess how notions of right and wrong on this topic are framed by three groups: 1) the hackers themselves, 2) technology companies, and 3) reporters. The results show that the most commonly constructed argument was based on a "greater good" ethic, in which rhetors argue for reducing risk to "us all" or to innocent computer users. Additionally, the technology companies and hackers assiduously build their ethos to increase their trustworthiness in the public mind. Ultimately, studying this unexplored area of "gray hat hacking" has important implications for policymakers creating new cybersecurity legislation, reporters attempting to accurately frame the debate, and information technology professionals whose livelihoods are affected by evolving social norms.Master of Arts
46
Johnson, William. "Development of Peer Instruction Material for a Cybersecurity Curriculum." ScholarWorks@UNO, 2017. http://scholarworks.uno.edu/td/2367.
Full textAbstract:
Cybersecurity classes focus on building practical skills alongside the development of the open mindset that is essential to tackle the dynamic cybersecurity landscape. Unfortunately, traditional lecture-style teaching is insufficient for this task. Peer instruction is a non-traditional, active learning approach that has proven to be effective in computer science courses. The challenge in adopting peer instruction is the development of conceptual questions. This thesis presents a methodology for developing peer instruction questions for cybersecurity courses, consisting of four stages: concept identification, concept trigger, question presentation, and development. The thesis analyzes 279 questions developed over two years for three cybersecurity courses: introduction to computer security, network penetration testing, and introduction to computer forensics. Additionally, it discusses examples of peer instruction questions in terms of the methodology. Finally, it summarizes the usage of a workshop for testing a selection of peer instruction questions as well as gathering data outside of normal courses.
47
Blackwood-Brown, Carlene G. "An Empirical Assessment of Senior Citizens’ Cybersecurity Awareness, Computer Self-Efficacy, Perceived Risk of Identity Theft, Attitude, and Motivation to Acquire Cybersecurity Skills." Diss., NSUWorks, 2018. https://nsuworks.nova.edu/gscis_etd/1047.
Full textAbstract:
Cyber-attacks on Internet users have caused billions of dollars in losses annually. Cybercriminals launch attacks via threat vectors such as unsecured wireless networks and phishing attacks on Internet users who are usually not aware of such attacks. Senior citizens are one of the most vulnerable groups who are prone to cyber-attacks, and this is largely due to their limited cybersecurity awareness and skills. Within the last decade, there has been a significant increase in Internet usage among senior citizens. It was documented that senior citizens had the greatest rate of increase in Internet usage over all the other age groups during the past decade. However, whenever senior citizens use the Internet, they are being targeted and exploited particularly for financial crimes, with estimation that one in five becoming a victim of financial fraud, costing more than $2.6 billion per year. Increasing the cybersecurity awareness and skills levels of Internet users have been recommended to mitigate the effects of cyber-attacks. However, it is unclear what motivates Internet users, particularly senior citizens, to acquire cybersecurity skills so that they can identify as well as mitigate the effects of the cyber-attacks. It is also not known how effective cybersecurity awareness training are on the cybersecurity skill level of senior citizens. Therefore, the main goal of this quantitative study was to empirically investigate the factors that contributed to senior citizens’ motivation to acquire cybersecurity skills so that they would be able to identify and mitigate cyber-attacks, as well as assess their actual cybersecurity skills level. This was done by assessing a model of contributing factors identified in prior literature (senior citizens’ cybersecurity awareness, computer self-efficacy, perceived risk of identity theft, & older adults’ computer technology attitude) on the motivation of senior citizens to acquire cybersecurity skills. This study utilized a Web-based survey to measure the contributing factors and a hands-on scenarios-based iPad app called MyCyberSkills™ that was developed and empirically validated in prior research to measure the cybersecurity skills level of the senior citizens. All study measures were done before and after cybersecurity awareness training (pre- & post-test) to uncover if there were any differences on the assessed models and scores due to such treatment. The study included a sample of 254 senior citizens with a mean age of about 70 years.
Path analyses using Smart PLS 3.0 were done to assess the pre- and post-test models to determine the contributions of each contributing factor to senior citizens’ motivation to acquire cybersecurity skills. Additionally, analysis of variance (ANOVA) and analysis of covariance (ANCOVA) using SPSS were done to determine significant mean difference between the pre-and post-test levels of the senior citizens’ cybersecurity skill level. The path analysis results indicate that while all paths on both models were significant, many of the paths had very low path coefficients, which in turn, indicated weak relationships among the assessed paths. However, although the path coefficients were lower than expected, the findings suggest that both intrinsic and extrinsic motivation, along with antecedents such as senior citizens’ cybersecurity awareness, computer self-efficacy, perceived risk of identity theft, and older adults’ computer technology attitude significantly impact the cybersecurity skill levels of senior citizens. The analysis of variance results indicated that there was a significant increase in the mean cybersecurity skills scores from 59.67% to 64.51% (N=254) as a result of the cybersecurity awareness training. Hence, the cybersecurity awareness training was effective in increasing the cybersecurity skill level of the senior citizens, and empowered them with small but significant improvement in the requisite skills to take mitigating actions against cyberattacks.
The analysis of covariance results indicated that, except for years using computers, all the other demographic indicators were not significant. Contributions from this study add to the body of knowledge by providing empirical results on the factors that motivate senior citizens to acquire cybersecurity skills, and thus, may help in reducing some of the billions of dollars in losses accrued to them because of cyber-attacks. Senior citizens will also benefit in that they will be better able to identify and mitigate the effects of cyber-attacks should they attend cybersecurity awareness trainings. Additionally, the recommendations from this study can be useful to law enforcement and other agencies that work with senior citizens in reducing the number of cases relating to cybersecurity issues amongst senior citizens, and thus, free up resources to fight other sources of cybercrime for law enforcement agencies.
48
Rodrigue, Tiina K. O. "The Power and Politics of Cybersecurity: A Quantitative Study of Federal Cash Windfall Allocation as a Measure of Impact on Comprehensive Cybersecurity Posture." Thesis, The George Washington University, 2021. http://pqdtopen.proquest.com/#viewpdf?dispub=28152128.
Full textAbstract:
In their attempts to create a comprehensive cybersecurity posture, chief information security officers (CISOs) can only be as effective as the resources they garner. In the federal context, budgets and spends are ultimately under the auspices of the agency heads who set priorities and direction. This study sought to gain insight on the impact of organizational power and politics in the cybersecurity post-budgetary process within U.S. federal government agencies through a comparative examination of budgeted versus actual spending. It addressed one research question: To what extent do power and politics impact the federal cybersecurity budgetary cash windfall allocation and the resultant organizational cybersecurity posture? The literature of organizational power and politics establishes means to measure the impact of individual and group power on budgets, funding, allocations, expenditures, and gamesmanship. Applied in the federal cybersecurity arena, the impact of power and politics on budgets and spend can be measured to better understand and mitigate risk factors in cybersecurity posture. A quantitative cross-sectional causal-comparative approach with a CISO survey was leveraged to study the topic ex post facto. The study utilized three phases of data collection from publicly available sources and primary data collection, as well as five phases of data analysis covering 2009 to 2016, to examine civilian cabinet-level agencies across the executive branch of the federal government. Findings showed that most agencies were budgeting cybersecurity in a comprehensive fashion. However, actual expenditures were significantly reduced from budgetary allocations and remained focused on the area of technology, leaving the people, process, and policy aspects of cybersecurity posture at times unfunded. Further, the results showed that the agency head and CISO had little to no power or political connectedness and there were intractable barriers against improving their dyadic relationship. The CISO’s career at the agency and political awareness, among other factors, were statistically significant in predicting the differences of cybersecurity technology budgets and spends, but the greatest effect was seen in agency head connectedness and political connectedness. Considering the vital importance of the CISO in the federal sphere, these findings point to issues that need to be further studied and addressed to effectuate a comprehensive cybersecurity posture.
49
Catota, Quintana Frankie. "Cybersecurity Capabilities in a Critical Infrastructure Sector of a Developing Nation." Research Showcase @ CMU, 2016. http://repository.cmu.edu/dissertations/697.
Full textAbstract:
When information technology is incorporated into the operations of financial critical infrastructure, it brings with it a range of cyber risks, and mitigating them requires that firms and regulators develop capabilities to foster protection. The sophistication of cyber threats to the financial sector has been growing rapidly. Developed nations have worked hard to improve their knowledge of these threats and establish strategies to respond accordingly. However, in developing nations, both the understanding of the risks posed by cyber threats and the ability to address those risks have been slower to evolve. Developing the needed cybersecurity capabilities in developing countries encounter challenges that need to be identified and addressed. In order to begin to do that, this thesis reports on three studies conducted in the context of Ecuador. The first study identifies and assesses incident experiences, challenges, barriers, and desired actions reported by financial security managers with the objective of identifying strategies to enhance incident response capabilities. The second study begins with the security incidents reported by the Ecuadorian financial stakeholders during the first study and assesses the potential effectiveness of the government policy that is intended to address IT risk in the financial sector. The third study explores the challenges that universities face in order to provide cybersecurity instruction to protect critical infrastructure and explores potential strategies to advance cybersecurity education at the university level. In support of this work we collected data from national practitioners involved in responding to security incidents and in developing cybersecurity skills. Sixty-one in-depth, semi-structured interviews across five cities were conducted (95% in person, the rest by telephone) with respondents who had good knowledge in the subjects. Respondents come mainly from: the financial sector (CISOs, risk and IT managers, security chiefs, security officers, authorities); telecommunications sector, especially ISPs (managers, directors, engineers, authorities); and academia (deans, directors, professors). We transcribed all the interviews, coded them and conducted qualitative text analysis. This research finds that (1) the financial sector is already facing risks driven by outsiders and insiders that lead to fraud and operational errors and failures. The main barriers to improving protection are small team size, network visibility, inadequate internal coordination, technology updating, lack of training, and lack of awareness. The sector has little community support to respond to incidents, and the national legal framework has not supported appropriate prosecution of cyber criminals; (2) the national IT risk management policy has reasonably covered most countermeasures related to reported security incidents. There are however, several areas of gap, one of the most important is network security, which can enable sophisticated malware attacks; (3) today the level of cybersecurity education is mostly elementary in Ecuador. Academic interviewees at only four of the thirteen universities studied expressed confidence that they can provide students with reasonable preparation. Ecuador needs to design a national cybersecurity plan that prioritizes protection for critical infrastructure and should support strategies that allow the country to enhance cybersecurity capabilities. Properly designed these initiatives should allow the nation to develop a core structure to confront current and emergent cyber challenges in the financial sector and other critical national operations, and build the human resources necessary to continue that effort.
50
Di, Santi Silvio. "La cybersecurity delle reti IT Medicali e dei Dispotivi Medici." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2017. http://amslaurea.unibo.it/13665/.
Full textAbstract:
L'attenzione legata alle minacce cyber è un trend che continua a crescere di anno in anno. Nel mondo della sanità si assiste ad un continuo processo di digitalizzazione che inevitabilmente porta con sé tutte le minacce già note ad altre realtà che impiegano le tecnologie IT per fornire servizi. Nel presente elaborato è stata fornita una visione di quelle che sono le architetture di rete, passando poi in rassegna minacce e attacchi ai quali le reti sono esposte. Inoltre si è voluta fornire una statistica attuale degli attacchi andati a buon fine nell'ultimo anno, evidenziando come il settore sanità sia uno dei principali obbiettivi. Sono stati poi analizzati i due principali standard in merito alla gestione del rischio per software dispositivo medico e reti IT che includono dispositivi medici. Da questa analisi è risultato come il rischio cibernetico venga sì preso in considerazione insieme a tutti gli altri rischi, ma in maniera marginale, portando potenzialmente a situazioni di grave pericolo. Gli aspetti di cybersecurity non possono più essere una condizione al contorno degli odierni sistemi ma diventare sempre più centrali per garantire il requisito di security first a tutti i livelli.