Dissertations / Theses on the topic 'Databases security'
To see the other types of publications on this topic, follow the link: Databases security.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Databases security.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Chung, Sun S. "Anti-Tamper Databases: Querying Encrypted Databases." online version, 2006. http://rave.ohiolink.edu/etdc/view?acc%5Fnum=case1136677144.
Full text
2
Kong, Yibing. "Security and privacy model for association databases." Access electronically, 2003. http://www.library.uow.edu.au/adt-NWU/public/adt-NWU20031126.142250/index.html.
Full text
3
Redfield, Catherine M. S. "Practical security for multi-user web application databases." Thesis, Massachusetts Institute of Technology, 2012. http://hdl.handle.net/1721.1/76820.
Full textAbstract:
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2012.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.
Cataloged from student-submitted PDF version of thesis.
Includes bibliographical references (p. 67-68).
Online web applications are continuously vulnerable to attacks on their users' data. Outside adversaries can gain unauthorized access by exploiting unknown vulnerabilities; curious or malicious database administrators can examine or alter the data in situ. Multiple Principal CryptDB protects against attacks on web application servers. By chaining encryption keys to user passwords, an attacker gaining access to decrypted data through issuing arbitrary queries to the database through CryptDB cannot access data belonging to offline users. A logging system and distributed key storage for CryptDB constrain the pool of possibly compromised data after an attack. Multiple Principal CryptDB can be used to secure the data of six web applications examined, with 2-8 lines of altered source code and 15-111 annotations added to the schema. On the phpBB web forum application, Multiple Principal CryptDB reduces throughput by only 14.5%, with 24 sensitive fields encrypted, and adds less than 26ms of latency to each individual query.
by Catherine M.S. Redfield.
M.Eng.
4
Zhang, Ye, and 张叶. "Query and access control over encrypted databases." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2010. http://hub.hku.hk/bib/B45689726.
Full text
5
Farooqi, Norah. "Applying dynamic trust based access control to improve XML databases' security." Thesis, University of Sheffield, 2013. http://etheses.whiterose.ac.uk/4468/.
Full textAbstract:
XML (Extensible Mark-up Language) databases are an active research area. The topic of security in XML databases is important as it includes protecting sensitive data and providing a secure environment to users. Trust based access is an established technique in many fields, such as networks and distributed systems, but it has not previously been used for XML databases. In Trust Based Access Control, user privileges are calculated dynamically depending on the user’s behaviour. In this thesis, the novel idea of applying Trust Based Access Control (TBAC) for XML databases has been developed. This approach improves security and provides dynamic access control for XML databases. It manages access policy depending on users’ trustworthiness and prevents unauthorised processes, malicious transactions, and misuse from both outsiders and insiders. A practical Trust Based Access Control system for XML databases was evaluated. The dynamic access control has been tested from security, scalability, functionality, performance, and storage perspectives. The experimental results illustrate the flexibility of Trust Values and the scalability of the system with small to large XML databases and with various numbers of users. The results show that the main research idea of this study is worth pursuing and the system could be developed further.
6
Ofori-Duodu, Michael Samuel. "Exploring Data Security Management Strategies for Preventing Data Breaches." ScholarWorks, 2019. https://scholarworks.waldenu.edu/dissertations/7947.
Full textAbstract:
Insider threat continues to pose a risk to organizations, and in some cases, the country at large. Data breach events continue to show the insider threat risk has not subsided. This qualitative case study sought to explore the data security management strategies used by database and system administrators to prevent data breaches by malicious insiders. The study population consisted of database administrators and system administrators from a government contracting agency in the northeastern region of the United States. The general systems theory, developed by Von Bertalanffy, was used as the conceptual framework for the research study. The data collection process involved interviewing database and system administrators (n = 8), organizational documents and processes (n = 6), and direct observation of a training meeting (n = 3). By using methodological triangulation and by member checking with interviews and direct observation, efforts were taken to enhance the validity of the findings of this study. Through thematic analysis, 4 major themes emerged from the study: enforcement of organizational security policy through training, use of multifaceted identity and access management techniques, use of security frameworks, and use of strong technical control operations mechanisms. The findings of this study may benefit database and system administrators by enhancing their data security management strategies to prevent data breaches by malicious insiders. Enhanced data security management strategies may contribute to social change by protecting organizational and customer data from malicious insiders that could potentially lead to espionage, identity theft, trade secrets exposure, and cyber extortion.
7
Olk, Jeffrey S. "Exploring the lack of interoperability of databases within Department of Homeland Security interagency environment concerning maritime port security." Thesis, Monterey, Calif. : Naval Postgraduate School, 2009. http://edocs.nps.edu/npspubs/scholarly/theses/2009/March/09Mar%5FOlk.pdf.
Full textAbstract:
Thesis (M.S. in Information Technology Management)--Naval Postgraduate School, March 2009.Thesis Advisor(s): Bordetsky, Alex. "March 2009." Description based on title screen as viewed on April 23, 2009. Author(s) subject terms: Interoperability, HSIN, Department of Homeland Security, Command and Control, Situational Awareness, Maritime Port Security, USCG, CBP. Includes bibliographical references (p. 63-67). Also available in print.
8
Kohler, Matthew J., and Shawn W. Stroud. "An effective access control mechanism and multilevel security for multilevel secure databases." Thesis, Monterey, California. Naval Postgraduate School, 1989. http://hdl.handle.net/10945/25865.
Full text
9
Patterson, Joanna. "Cyber-Security Policy Decisions in Small Businesses." ScholarWorks, 2017. https://scholarworks.waldenu.edu/dissertations/4551.
Full textAbstract:
Cyber-attacks against small businesses are on the rise yet small business owners often lack effective strategies to avoid these attacks. The purpose of this qualitative multiple case study was to explore the strategies small business owners use to make cyber-security decisions. Bertalanffy's general systems theory provided the conceptual framework for this study. A purposive sample of 10 small business owners participated in the interview process and shared their decision-making methodologies and influencers. The small business owners were vetted to ensure their strategies were effective through a series of qualification questions. The intent of the research question and corresponding interview questions was to identify strategies that successful small business owners use to make cyber-security decisions. Data analysis consisted of coding keywords, phrases, and sentences from semi structured interviews as well as document analysis. The following themes emerged: government requirements, peer influence, budgetary constraints, commercial standards, and lack of employee involvement. According to the participants, budgetary constraints and peer influence were the most influential factors when making decisions regarding cyber-security strategies. Through exposing small business owners to proven strategies, the implications for social change include a reduction of their small business operating costs and assistance with compliance activities.
10
Hermansson, Tobias. "FiLDB : An Architecture for Securely Connecting Databases to the Internet." Thesis, University of Skövde, Department of Computer Science, 2001. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-625.
Full textAbstract:
Today more and more Information systems exist and they contain more and more information. Many information systems contain information about people that is secret or sensitive. Such information should not be allowed to leak from a database. This problem grows more and more as databases are made available via the Internet.
There have been a number of publicised occasions where hackers have passed security barriers and got information that is not intended to be publicly available. There have also been cases where the administrators of systems have made mistakes, so that classified information was published on the Internet.
The FiLDB architecture uses existing technology together with new components to provide an environment in which databases can be connected to the Internet without losing security. Two databases, with physical separation between them, are used as a security measure. Secret information is stored only in an internal database, which is separated from the Internet. An external database contains information which is to be used from the Internet, and hence sensitive information is not stored in this database.
11
Burchett, Ian. "Quantifying Computer Network Security." TopSCHOLAR®, 2011. http://digitalcommons.wku.edu/theses/1118.
Full textAbstract:
Simplifying network security data to the point that it is readily accessible and usable by a wider audience is increasingly becoming important, as networks become larger and security conditions and threats become more dynamic and complex, requiring a broader and more varied security staff makeup. With the need for a simple metric to quantify the security level on a network, this thesis proposes: simplify a network’s security risk level into a simple metric. Methods for this simplification of an entire network’s security level are conducted on several characteristic networks. Identification of computer network port vulnerabilities from NIST’s Network Vulnerability Database (NVD) are conducted, and via utilization of NVD’s Common Vulnerability Scoring System values, composite scores are created for each computer on the network, and then collectively a composite score is computed for the entire network, which accurately represents the health of the entire network. Special concerns about small numbers of highly vulnerable computers or especially critical members of the network are confronted.
12
Brown, David A. "Examining the Behavioral Intention of Individuals' Compliance with Information Security Policies." ScholarWorks, 2017. https://scholarworks.waldenu.edu/dissertations/3750.
Full textAbstract:
Target Corporation experienced an information security breach resulting in compromising customers' financial information. Management is responsible for implementing adequate information security policies that protect corporate data and minimize financial losses. The purpose of this experimental study was to examine the effect of a fear appeal communication on an individual's information security policy behavioral intention. The sample population involved information technology professionals randomly selected from the SurveyMonkey audience. A research model, developed using constructs from deterrence theory and protection motivation theory, became the structural model used for partial least squares-structural equation modeling (PLS-SEM) analysis of the survey response data, which indicated that self-efficacy was statistically significant. The remaining model variables, perceived threat vulnerability, perceived threat severity, response efficacy, informal sanction certainty, informal sanction severity, formal sanction certainty, and formal sanction severity, were not statistically significant. A statistically significant self-efficacy result could indicate confidence among the population to comply with information security policies. The nonsignificant results could indicate the fear appeal treatment did not motivate a change in behavior or information security policy awareness bias was introduced by selecting information technology professionals. Social change in information security could be achieved by developing an effective information security policy compliance fear appeal communication, which could change information security compliance behavior and contribute to securing the nation's critical cyber infrastructure and protecting data.
13
Araujo, Neto Afonso Comba de. "Security Benchmarking of Transactional Systems." reponame:Biblioteca Digital de Teses e Dissertações da UFRGS, 2012. http://hdl.handle.net/10183/143292.
Full textAbstract:
A maioria das organizações depende atualmente de algum tipo de infraestrutura computacional para suportar as atividades críticas para o negócio. Esta dependência cresce com o aumento da capacidade dos sistemas informáticos e da confiança que se pode depositar nesses sistemas, ao mesmo tempo que aumenta também o seu tamanho e complexidade. Os sistemas transacionais, tipicamente centrados em bases de dados utilizadas para armazenar e gerir a informação de suporte às tarefas diárias, sofrem naturalmente deste mesmo problema. Assim, uma solução frequentemente utilizada para amenizar a dificuldade em lidar com a complexidade dos sistemas passa por delegar sob outras organizações o trabalho de desenvolvimento, ou mesmo por utilizar soluções já disponíveis no mercado (sejam elas proprietárias ou abertas). A diversidade de software e componentes alternativos disponíveis atualmente torna necessária a existência de testes padronizados que ajudem na seleção da opção mais adequada entre as alternativas existentes, considerando uma conjunto de diferentes características. No entanto, o sucesso da investigação em testes padronizados de desempenho e confiabilidade contrasta radicalmente com os avanços em testes padronizados de segurança, os quais têm sido pouco investigados, apesar da sua extrema relevância. Esta tese discute o problema da definição de testes padronizados de segurança, comparando-o com outras iniciativas de sucesso, como a definição de testes padronizados de desempenho e de confiabilidade. Com base nesta análise é proposta um modelo de base para a definição de testes padronizados de segurança. Este modelo, aplicável de forma genérica a diversos tipos de sistemas e domínios, define duas etapas principais: qualificação de segurança e teste padronizado de confiança. A qualificação de segurança é um processo que permite avaliar um sistema tendo em conta os aspectos e requisitos de segurança mais evidentes num determinado domínio de aplicação, dividindo os sistemas avaliados entre aceitáveis e não aceitáveis. O teste padronizado de confiança, por outro lado, consiste em avaliar os sistemas considerados aceitáveis de modo a estimar a probabilidade de existirem problemas de segurança ocultados ou difíceis de detectar (o objetivo do processo é lidar com as incertezas inerentes aos aspectos de segurança). O modelo proposto é demonstrado e avaliado no contexto de sistemas transacionais, os quais podem ser divididos em duas partes: a infraestrutura e as aplicações de negócio. Uma vez que cada uma destas partes possui objetivos de segurança distintos, o modelo é utilizado no desenvolvimento de metodologias adequadas para cada uma delas. Primeiro, a tese apresenta um teste padronizado de segurança para infraestruturas de sistemas transacionais, descrevendo e justificando todos os passos e decisões tomadas ao longo do seu desenvolvimento. Este teste foi aplicado a quatro infraestruturas reais, sendo os resultados obtidos cuidadosamente apresentados e analisados. Ainda no contexto das infraestruturas de sistemas transacionais, a tese discute o problema da seleção de componentes de software. Este é um problema complexo uma vez que a avaliação de segurança destas infraestruturas não é exequível antes da sua entrada em funcionamento. A ferramenta proposta, que tem por objetivo ajudar na seleção do software básico para suportar este tipo de infraestrutura, é aplicada na avaliação e análise de sete pacotes de software distintos, todos alternativas tipicamente utilizadas em infraestruturas reais. Finalmente, a tese aborda o problema do desenvolvimento de testes padronizados de confiança para aplicações de negócio, focando especificamente em aplicações Web. Primeiro, é proposta uma abordagem baseada no uso de ferramentas de análise de código, sendo apresentadas as diversas experiências realizadas para avaliar a validade da proposta, incluindo um cenário representativo de situações reais, em que o objetivo passa por selecionar o mais seguro de entre sete alternativas de software para suportar fóruns Web. Com base nas análises realizadas e nas limitações desta proposta, é de seguida definida uma abordagem genérica para a definição de testes padronizados de confiança para aplicações Web.Most organizations nowadays depend on some kind of computer infrastructure to manage business critical activities. This dependence grows as computer systems become more reliable and useful, but so does the complexity and size of systems. Transactional systems, which are database-centered applications used by most organizations to support daily tasks, are no exception. A typical solution to cope with systems complexity is to delegate the software development task, and to use existing solutions independently developed and maintained (either proprietary or open source). The multiplicity of software and component alternatives available has boosted the interest in suitable benchmarks, able to assist in the selection of the best candidate solutions, concerning several attributes. However, the huge success of performance and dependability benchmarking markedly contrasts with the small advances on security benchmarking, which has only sparsely been studied in the past. his thesis discusses the security benchmarking problem and main characteristics, particularly comparing these with other successful benchmarking initiatives, like performance and dependability benchmarking. Based on this analysis, a general framework for security benchmarking is proposed. This framework, suitable for most types of software systems and application domains, includes two main phases: security qualification and trustworthiness benchmarking. Security qualification is a process designed to evaluate the most obvious and identifiable security aspects of the system, dividing the evaluated targets in acceptable or unacceptable, given the specific security requirements of the application domain. Trustworthiness benchmarking, on the other hand, consists of an evaluation process that is applied over the qualified targets to estimate the probability of the existence of hidden or hard to detect security issues in a system (the main goal is to cope with the uncertainties related to security aspects). The framework is thoroughly demonstrated and evaluated in the context of transactional systems, which can be divided in two parts: the infrastructure and the business applications. As these parts have significantly different security goals, the framework is used to develop methodologies and approaches that fit their specific characteristics. First, the thesis proposes a security benchmark for transactional systems infrastructures and describes, discusses and justifies all the steps of the process. The benchmark is applied to four distinct real infrastructures, and the results of the assessment are thoroughly analyzed. Still in the context of transactional systems infrastructures, the thesis also addresses the problem of the selecting software components. This is complex as evaluating the security of an infrastructure cannot be done before deployment. The proposed tool, aimed at helping in the selection of basic software packages to support the infrastructure, is used to evaluate seven different software packages, representative alternatives for the deployment of real infrastructures. Finally, the thesis discusses the problem of designing trustworthiness benchmarks for business applications, focusing specifically on the case of web applications. First, a benchmarking approach based on static code analysis tools is proposed. Several experiments are presented to evaluate the effectiveness of the proposed metrics, including a representative experiment where the challenge was the selection of the most secure application among a set of seven web forums. Based on the analysis of the limitations of such approach, a generic approach for the definition of trustworthiness benchmarks for web applications is defined.
14
Hoeppner, Joseph A. "A Comparison of Cloud Computing Database Security Algorithms." UNF Digital Commons, 2015. http://digitalcommons.unf.edu/etd/596.
Full textAbstract:
The cloud database is a relatively new type of distributed database that allows companies and individuals to purchase computing time and memory from a vendor. This allows a user to only pay for the resources they use, which saves them both time and money. While the cloud in general can solve problems that have previously been too costly or time-intensive, it also opens the door to new security problems because of its distributed nature. Several approaches have been proposed to increase the security of cloud databases, though each seems to fall short in one area or another.
This thesis presents the Hoeppner Security Algorithm (HSA) as a solution to these security problems. The HSA safeguards user’s data and metadata by adding fake records alongside the real records, breaking up the database by column or groups of columns, and by storing each group in a different cloud. The efficiency and security of this algorithm was compared to the Alzain algorithm (one of the proposed security solutions that inspired the HSA), and it was found that the HSA outperforms the Alzain algorithm in most every way.
15
Raybourn, Tracey. "Bucketization Techniques for Encrypted Databases: Quantifying the Impact of Query Distributions." Bowling Green State University / OhioLINK, 2013. http://rave.ohiolink.edu/etdc/view?acc_num=bgsu1363638271.
Full text
16
Harmon, Eric. "Strategies Used by Cloud Security Managers to Implement Secure Access Methods." ScholarWorks, 2018. https://scholarworks.waldenu.edu/dissertations/4728.
Full textAbstract:
Cloud computing can be used as a way to access services and resources for many organizations; however, hackers have created security concerns for users that incorporate cloud computing in their everyday functions. The purpose of this qualitative multiple case study was to explore strategies used by cloud security managers to implement secure access methods to protect data on the cloud infrastructure. The population for this study was cloud security managers employed by 2 medium size businesses in the Atlanta, Georgia metropolitan area and that have strategies to implement secure access methods to protect data on the cloud infrastructure. The technology acceptance model was used as the conceptual framework for the study. Data were collected from semi-structured interviews of 7 security managers and review of 21 archived documents that reflected security strategies from past security issues that occurred. Data analysis was performed using methodological triangulation and resulted in the identification of three major themes: implementing security policies, implementing strong authentication methods, and implementing strong access control methods. The findings from this research may contribute to positive social by decreasing customers' concerns regarding personal information that is stored on the cloud being compromised.
17
Dawson, Alan Robert. "Exploring Strategies for Implementing Information Security Training and Employee Compliance Practices." ScholarWorks, 2019. https://scholarworks.waldenu.edu/dissertations/7794.
Full textAbstract:
Humans are the weakest link in any information security (IS) environment. Research has shown that humans account for more than half of all security incidents in organizations. The purpose of this qualitative case study was to explore the strategies IS managers use to provide training and awareness programs that improve compliance with organizational security policies and reduce the number of security incidents. The population for this study was IS security managers from 2 organizations in Western New York. Information theory and institutional isomorphism were the conceptual frameworks for this study. Data collection was performed using face-to-face interviews with IS managers (n = 3) as well as secondary data analysis of documented IS policies and procedures (n = 28). Analysis and coding of the interview data was performed using a qualitative analysis tool called NVivo, that helped identify the primary themes. Developing IS policy, building a strong security culture, and establishing and maintaining a consistent, relevant, and role-based security awareness and training program were a few of the main themes that emerged from analysis. The findings from this study may drive social change by providing IS managers additional information on developing IS policy, building an IS culture and developing role-specific training and awareness programs. Improved IS practices may contribute to social change by reducing IS risk within organizations as well as reducing personal IS risk with improved IS habits.
18
Cornejo-Ramirez, Mario. "Security for the cloud." Thesis, Paris Sciences et Lettres (ComUE), 2016. http://www.theses.fr/2016PSLEE049/document.
Full textAbstract:
La cryptographie a été un facteur clé pour permettre la vente de services et du commerce par Internet. Le cloud computing a amplifié cette révolution et est devenu un service très demandé grâce à ses avantages comme : puissance de calcul importante, services à bas coûts, rendement, évolutivité, accessibilité et disponibilité. Parallèlement à la hausse de nouveaux business, des protocoles pour des calculs sécurisés ont aussi émergé. Le but de cette thèse est de contribuer à la sécurité des protocoles d’Internet existants en fournissant une analyse de la source aléatoire de ces protocoles et en introduisant des protocoles mieux adaptés pour les environnements des cloud computing. Nous proposons de nouvelles constructions en améliorant l'efficacité des solutions actuelles afin de les rendre plus accessibles et pratiques. Nous fournissons une analyse de sécurité détaillée pour chaque schéma avec des hypothèses raisonnables. Nous étudions la sécurité du cloud computing à différents niveaux. D'une part, nous formalisons un cadre pour analyser quelques-uns des générateurs de nombres pseudo-aléatoires populaires à ce jour qui sont utilisés dans presque chaque application cryptographique. D'autre part, nous proposons deux approches efficaces pour des calculs en cloud. Le premier permet à un utilisateur de partager publiquement son secret de haute entropie avec des serveurs différents pour plus tard le récupérer par interaction avec certains de ces serveurs en utilisant seulement son mot de passe et sans données authentifiées. Le second permet à un client d'externaliser à un serveur une base de données en toute sécurité, qui peut être recherchée et modifiée ultérieurementCryptography has been a key factor in enabling services and products trading over the Internet. Cloud computing has expanded this revolution and it has become a highly demanded service or utility due to the advantages of high computing power, cheap cost of services, high performance, scalability, accessibility as well as availability. Along with the rise of new businesses, protocols for secure computation have as well emerged. The goal of this thesis is to contribute in the direction of securing existing Internet protocols by providing an analysis of the sources of randomness of these protocols and to introduce better protocols for cloud computing environments. We propose new constructions, improving the efficiency of current solutions in order to make them more accessible and practical. We provide a detailed security analysis for each scheme under reasonable assumptions. We study the security in a cloud computing environment in different levels. On one hand, we formalize a framework to study some popular real-life pseudorandom number generators used in almost every cryptographic application. On the other, we propose two efficient applications for cloud computing. The first allows a user to publicly share its high-entropy secret across different servers and to later recover it by interacting with some of these servers using only his password without requiring any authenticated data. The second, allows a client to securely outsource to a server an encrypted database that can be searched and modified later
19
Johnson, Kenneth Tyrone. "The Training Deficiency in Corporate America: Training Security Professionals to Protect Sensitive Information." ScholarWorks, 2017. https://scholarworks.waldenu.edu/dissertations/4145.
Full textAbstract:
Increased internal and external training approaches are elements senior leaders need to know before creating a training plan for security professionals to protect sensitive information. The purpose of this qualitative case study was to explore training strategies telecommunication industry leaders use to ensure security professionals can protect sensitive information. The population consisted of 3 senior leaders in a large telecommunication company located in Dallas, Texas that has a large footprint of securing sensitive information. The conceptual framework on which this study was based was the security risk planning model. Semistructured interviews and document reviews helped to support the findings of this study. Using the thematic approach, 3 major themes emerged. The 3 themes included security training is required for all professionals, different approaches to training are beneficial, and using internal and external training's to complement each other. The findings revealed senior leaders used different variations of training programs to train security professionals on how to protect sensitive information. The senior leaders' highest priority was the ability to ensure all personnel accessing the network received the proper training. The findings may contribute to social change by enhancing area schools' technology programs with evolving cyber security technology, helping kids detect and eradicate threats before any loss of sensitive information occurs.
20
Gutta, Ramamohan. "Managing Security Objectives for Effective Organizational Performance Information Security Management." ScholarWorks, 2019. https://scholarworks.waldenu.edu/dissertations/7147.
Full textAbstract:
Information is a significant asset to organizations, and a data breach from a cyberattack harms reputations and may result in a massive financial loss. Many senior managers lack the competencies to implement an enterprise risk management system and align organizational resources such as people, processes, and technology to prevent cyberattacks on enterprise assets. The purpose of this Delphi study was to explore how the managerial competencies for information security and risk management senior managers help in managing security objectives and practices to mitigate security risks. The National Institute of Standards and Technology framework served as the foundation for this study. The sample was made up of 12 information security practitioners, information security experts, and managers responsible for the enterprise information security management. Participants were from Fortune 500 companies in the United States. Selection was based on their level of experience and knowledge of the topic being studied. Data were collected using a 3 round Delphi study of 12 experts in information security and risk management. Statistical analysis was performed on the collected data during a 3 round Delphi study. The mean, standard deviation, majority agreement, and ranges were used to determine the final concensus for this research study. Findings of this study included the need for managerial support, risk management strategies, and developling the managerial and technical talent to mitigate and respond to cyberattacks. Findings may result in a positive social change by providing information that helps managers to reduce the number of data breaches from cyberattacks, which benefits companies, employees, and customers.
21
Kongnso, Fedinand Jaiventume. "Best Practices to Minimize Data Security Breaches for Increased Business Performance." ScholarWorks, 2015. https://scholarworks.waldenu.edu/dissertations/1825.
Full textAbstract:
In the United States, businesses have reported over 2,800 data compromises of an estimated 543 million records, with security breaches costing firms approximately $7.2 million annually. Scholars and industry practitioners have indicated a significant impact of security breaches on consumers and organizations. However, there are limited data on the best practices for minimizing the impact of security breaches on organizational performance. The purpose of this qualitative multicase study was to explore best practices technology leaders use to minimize data security breaches for increased business performance. Systems theory served as the conceptual framework for this study. Fourteen participants were interviewed, including 2 technology executives and 5 technical staff, each from a banking firm in the Northcentral United States and a local government agency in the Southcentral United States. Data from semistructured interviews, in addition to security and privacy policy statements, were analyzed for methodological triangulation. Four major themes emerged: a need for implementation of security awareness education and training to mitigate insider threats, the necessity of consistent organization security policies and procedures, an organizational culture promoting data security awareness, and an organizational commitment to adopt new technologies and innovative processes. The findings may contribute to the body of knowledge regarding best practices technology leaders can use for securing organizational data and contribute to social change since secure organizational data might reduce consumer identity theft.
22
Pavlou, Kyriacos Eleftheriou. "Database Forensics in the Service of Information Accountability." Diss., The University of Arizona, 2012. http://hdl.handle.net/10150/265817.
Full textAbstract:
Regulations and societal expectations have recently emphasized the need to mediate access to valuable databases, even by insiders. At one end of a spectrum is the approach of restricting access to information; at the other is information accountability. The focus of this work is on effecting information accountability of data stored in relational databases. One way to ensure appropriate use and thus end-to-end accountability of such information is through continuous assurance technology, via tamper detection in databases built upon cryptographic hashing. We show how to achieve information accountability by developing and refining the necessary approaches and ideas to support accountability in high-performance databases. These concepts include the design of a reference architecture for information accountability and several of its variants, the development of a sequence of successively more sophisticated forensic analysis algorithms and their forensic cost model, and a systematic formulation of forensic analysis for determining when the tampering occurred and what data were tampered with. We derive a lower bound for the forensic cost and prove that some of the algorithms are optimal under certain circumstances. We introduce a comprehensive taxonomy of the types of possible corruption events, along with an associated forensic analysis protocol that consolidates all extant forensic algorithms and the corresponding type(s) of corruption events they detect. Finally, we show how our information accountability solution can be used for databases residing in the cloud. In order to evaluate our ideas we design and implement an integrated tamper detection and forensic analysis system named DRAGOON. This work shows that information accountability is a viable alternative to information restriction for ensuring the correct storage, use, and maintenance of high-performance relational databases.
23
Boyer, Edward D. "Understanding Usability-related Information Security Failures in a Healthcare Context." NSUWorks, 2014. http://nsuworks.nova.edu/gscis_etd/13.
Full textAbstract:
This research study explores how the nature and type of usability failures impact task performance in a healthcare organization. Healthcare organizations are composed of heterogeneous and disparate information systems intertwined with complex business processes that create many challenges for the users of the system. The manner in which Information Technology systems and products are implemented along with the overlapping intricate tasks the users have pose problems in the area of usability. Usability research primarily focuses on the user interface; therefore, designing a better interface often leaves security in question. When usability failures arise from the incongruence between healthcare task and the technology used in healthcare organizations, the security of information is jeopardized. Hence, the research problem is to understand the nature and types of usability-related security failures and how they can be reduced in a Healthcare Information System.
This research used a positivist single case study design with embedded units, to understand the nature and type of usability-related information systems security failures in a Healthcare context. The nature and types of usability failures were identified following a four-step data analysis process that used terms that defined (1) user failures in a large healthcare organization, (2) Task Technology Fit theory, (3) the Confidentiality Integrity and Availability triad of information protection that captured usability-related information system security failures, and (4) by conducting semi-structured interviews with users of the Healthcare Information System capturing and recording their interactions with the usability failure.
The captured reported usability-related information system security failures dated back five years within a healthcare organization consisting of a network of 128 medical centers. The evaluation of five years of data and over 8,000 problems reported by healthcare workers allowed this research to identify the misalignment of healthcare task to the technology used, and how the misalignment impacted both information security and user performance. The nature of usability failures were centered on technical controls, however, the cause of the failures was predominately information integrity failures and the unavailability of applications and systems. Usability-related information system security failures are primarily not recognized due to the nature of healthcare task along with the methods healthcare workers use to mitigate such failures by employing workarounds to complete a task. Applying non-technical security controls within the development process provides the clearest path to addressing throughout the organization the captured usability-related information system security failures.
24
Peters, Timothy M. "DEFY: A Deniable File System for Flash Memory." DigitalCommons@CalPoly, 2014. https://digitalcommons.calpoly.edu/theses/1230.
Full textAbstract:
While solutions for file system encryption can prevent an adversary from determining the contents of files, in situations where a user wishes to hide even the existence of data, encryption alone is not enough. Indeed, encryption may draw attention to those files, as they most likely contain information the user wishes to keep secret, and coercion can be a very strong motivator for the owner of an encrypted file system to surrender their secret key.
Herein we present DEFY, a deniable file system designed to work exclusively with solid-state drives, particularly those found in mobile devices. Solid-state drives have unique properties that render previous deniable file system designs impractical or insecure. Further, DEFY provides features not offered by any single prior work, including: support for multiple layers of deniability, authenticated encryption, and an ability to quickly and securely delete data from the device. We have implemented a prototype based on the YAFFS and WhisperYaffs file systems. An evaluation shows DEFY performs comparatively with WhisperYaffs.
25
Griffin, Tony. "Strategies to Prevent Security Breaches Caused by Mobile Devices." ScholarWorks, 2017. https://scholarworks.waldenu.edu/dissertations/4628.
Full textAbstract:
Data breaches happen almost every day in the United States and, according to research, the majority of these breaches occur due to a lack of security with organizations' mobile devices. Although most of the security policies related to mobile devices currently in place may meet the guidelines required by law, they often fail to prevent a data breach caused by a mobile device. The main purpose of this qualitative single case study was to explore the strategies used by security managers to prevent data breaches caused by mobile devices. The study population consisted of security managers working for a government contractor located in the southeastern region of the United States. Ludwig von Bertalanffy's general systems theory was used as the conceptual framework of this study. The data collection process included interviews with organization security managers (n = 5) and company documents and procedures (n = 13) from the target organization related to mobile device security. Data from the interviews and organizational documents were coded using thematic analysis. Methodological triangulation of the data uncovered 4 major themes: information security policies and procedures, security awareness, technology management tools, and defense-in-depth. The implications for positive social change from this study include the potential to enhance the organizations' security policies, cultivate a better security awareness training program, and improve the organizations data protection strategies. In addition, this study outlines some strategies for preventing data breaches caused by mobile devices while still providing maximum benefit to its external and internal customers.
26
Sheinidashtegol, Pezhman. "Impact of DDoS Attack on the Three Common HypervisorS(Xen, KVM, Virtual Box)." TopSCHOLAR®, 2016. http://digitalcommons.wku.edu/theses/1646.
Full textAbstract:
Cloud computing is a technology of inter-connected servers and resources that use virtualization to utilize the resources, flexibility, and scalability. Cloud computing is accessible through the network. This accessibility and utilization have its own benefit and drawbacks. Utilization and scalability make this technology more economic and affordable for even small businesses. Flexibility drastically reduces the risk of starting businesses. Accessibility allows cloud customers not to be restricted in a specific location until they could have access to the network, and in most cases through the internet.
These significant traits, however, have their own disadvantages. Easy accessibility makes it more convenient for the malicious user to have access to servers in the cloud. Virtualizations that come to existence by middleware software called Virtual Machine Managers (VMMs) or hypervisors come with different vulnerabilities. These vulnerabilities are adding to previously existed vulnerability of Networks and Operating systems and Applications. In this research we are trying to distinguish the most resistant Hypervisor between (Xen, KVM and Virtual Box) against Distributed Denial of Service (DDoS) attack, an attempt to saturate victim’s resources making them unavailable to legitimate users, or shutting down the services by using more than one machine as attackers by targeting three different resources (Network, CPU, Memory). This research will show how hypervisors act differently under the same attacks and conditions.
27
Bahrak, Behnam. "Ex Ante Approaches for Security, Privacy, and Enforcement in Spectrum Sharing." Diss., Virginia Tech, 2013. http://hdl.handle.net/10919/24720.
Full textAbstract:
Cognitive radios (CRs) are devices that are capable of sensing the spectrum and using its free portions in an opportunistic manner. The free spectrum portions are referred to as white spaces or spectrum holes. It is widely believed that CRs are one of the key enabling technologies for realizing a new regulatory spectrum management paradigm, viz. dynamic spectrum access (DSA). CRs often employ software-defined radio (SDR) platforms that are capable of executing artificial intelligence (AI) algorithms to reconfigure their transmission/reception (TX/RX) parameters to communicate efficiently while avoiding interference with licensed (a.k.a. primary or incumbent) users and unlicensed (a.k.a. secondary or cognitive) users.
When different stakeholders share a common resource, such as the case in spectrum sharing, security, privacy, and enforcement become critical considerations that affect the welfare of all stakeholders. Recent advances in radio spectrum access technologies, such as CRs, have made spectrum sharing a viable option for significantly improving spectrum utilization efficiency. However, those technologies have also contributed to exacerbating the difficult problems of security, privacy and enforcement. In this dissertation, we review some of the critical security and privacy threats that impact spectrum sharing. We also discuss ex ante (preventive) approaches which mitigate the security and privacy threats and help spectrum enforcement.Ph. D.
28
Harrell, Martha Nanette. "Factors impacting information security noncompliance when completing job tasks." NSUWorks, 2014. http://nsuworks.nova.edu/gscis_etd/21.
Full textAbstract:
Work systems are comprised of the technical and social systems that should harmoniously work together to ensure a successful attainment of organizational goals and objectives. Information security controls are often designed to protect the information system and seldom consider the work system design. Using a positivist case study, this research examines the user's perception of having to choose between completing job tasks or remaining compliant with information security controls. An understanding of this phenomenon can help mitigate the risk associated with an information system security user's choice. Most previous research fails to consider the work system perspective on this issue. This study is based on the socio-technical system theory, the Leavitt Diamond Model (1965). Using this model as a lens to examine user information security behavior and perspectives, the Synergistic Security Model was developed. The research data indicated that the relationships between the structure, technology, task and people constructs can have an impact on user information security behavior. The research found that a change in the organization's information security policies, technology, or a change in employee processes for task completion can impact a user's information security choice. Some of the information security situations found in the research could be easily changed to lower the risk of a user's choice to circumvent information security. This change could be a technical configuration change, a purchase of a new technology or a change in a process to help impact a user's choice to circumvent information security controls.
The Synergistic Security Model can help researchers understand the relationships between the general constructs found in a work system and how those relationships can influence user behaviors. The research presented in the paper examines a triad relationship between each work system construct, consisting of: Structure-Technology-People; Structure-Task-People; Task-Technology-People; and Task-Technology-Structure. The findings indicate that the relationship between the constructs can have a significant impact on user information security behavior and therefore should be a consideration when designing an efficient and effective information security program.
29
Betz, Linda. "An Analysis of the Relationship between Security Information Technology Enhancements and Computer Security Breaches and Incidents." NSUWorks, 2016. http://nsuworks.nova.edu/gscis_etd/960.
Full textAbstract:
Financial services institutions maintain large amounts of data that include both intellectual property and personally identifiable information for employees and customers. Due to the potential damage to individuals, government regulators hold institutions accountable for ensuring that personal data are protected and require reporting of data security breaches. No company wants a data breach, but finding a security incident or breach early in the attack cycle may decrease the damage or data loss a company experiences. In multiple high profile data breaches reported in major news stories over the past few years, there is a pattern of the adversary being inside the company’s network for months, and often law enforcement is the first to inform the company of the breach.
The problem that was investigated in this case study was whether new information technology (IT) utilized by Fortune 500 financial services companies led to the changes in data security incidents and breaches. The goal of this dissertation is to gain a deeper understanding on how IT can increase awareness of a security incident or breach, and can also decrease security incidents and breaches. This dissertation also explores how threat information sharing increases awareness and decreases information security incidents and breaches. The objective of the study was to understand how changes in IT can influence an increase or decrease in data security breaches.
This investigation was a case study of nine Fortune 500 financial services companies to understand what types of IT increase or decrease detection of security incidents and breaches. An increase in detecting and stopping a security incident or breach may have positive effects on the security of an enterprise. The longer a hacker has access to IT systems, the more entrenched they become and the more time the hacker has to locate data with high value. Time is of the essence to detect a compromise and react. The results of the case study showed that Fortune 500 companies utilized new IT that allowed them to improve their visibility of security incidents and breaches from months and years to hours and days.
30
Ayereby, Manouan Pierre-Marius. "Overcoming Data Breaches and Human Factors in Minimizing Threats to Cyber-Security Ecosystems." ScholarWorks, 2018. https://scholarworks.waldenu.edu/dissertations/6163.
Full textAbstract:
This mixed-methods study focused on the internal human factors responsible for data breaches that could cause adverse impacts on organizations. Based on the Swiss cheese theory, the study was designed to examine preventative measures that managers could implement to minimize potential data breaches resulting from internal employees' behaviors. The purpose of this study was to provide insight to managers about developing strategies that could prevent data breaches from cyber-threats by focusing on the specific internal human factors responsible for data breaches, the root causes, and the preventive measures that could minimize threats from internal employees. Data were collected from 10 managers and 12 employees from the business sector, and 5 government managers in Ivory Coast, Africa. The mixed methodology focused on the why and who using the phenomenological approach, consisting of a survey, face-to-face interviews using open-ended questions, and a questionnaire to extract the experiences and perceptions of the participants about preventing the adverse consequences from cyber-threats. The results indicated the importance of top managers to be committed to a coordinated, continuous effort throughout the organization to ensure cyber security awareness, training, and compliance of security policies and procedures, as well as implementing and upgrading software designed to detect and prevent data breaches both internally and externally. The findings of this study could contribute to social change by educating managers about preventing data breaches who in turn may implement information accessibility without retribution. Protecting confidential data is a major concern because one data breach could impact many people as well as jeopardize the viability of the entire organization.
31
Brobliauskas, Žilvinas. "Reliacinių duomenų bazių saugumo modelio tyrimas." Master's thesis, Lithuanian Academic Libraries Network (LABT), 2009. http://vddb.library.lt/obj/LT-eLABa-0001:E.02~2009~D_20090828_133828-02790.
Full textAbstract:
Žilvino Brobliausko magistro studijų baigiamajame darbe atliekamas daugiašalio reliacinių duomenų bazių saugumo modelio teorinis tyrimas: suformuluojami pagrindiniai reikalavimai, keliami tokio tipo modeliui; pasiūlomas modelis, leidžiantis vykdyti paiešką ir taikyti sumos, bei vidurkio agregatines funkcijas neiššifruojant skaitinių duomenų RDBVS pusėje; nurodomi pateikto modelio privalumai ir trūkumai. Pateikiama demonstracinė programa, realizuojanti pasiūlytą modelį.The multilateral security model of relational databases is analyzed in master thesis of Žilvinas Brobliauskas. The results of research includes: the formulated requirements for multilateral security model of relational databases, proposed model, which allows range queries and aggregation functions over encrypted data without decrypting them at RDBMS level, and determined advantages and disadvantages of it. The program which realizes proposed model is given as proof of concept.
32
Johnson, David Philip. "How Attitude Toward the Behavior, Subjective Norm, and Perceived Behavioral Control Affects Information Security Behavior Intention." ScholarWorks, 2017. https://scholarworks.waldenu.edu/dissertations/4454.
Full textAbstract:
The education sector is at high risk for information security (InfoSec) breaches and in need of improved security practices. Achieving data protections cannot be through technical means alone. Addressing the human behavior factor is required. Security education, training, and awareness (SETA) programs are an effective method of addressing human InfoSec behavior. Applying sociobehavioral theories to InfoSec research provides information to aid IT security program managers in developing improved SETA programs. The purpose of this correlational study was to examine through the theoretical lens of the theory of planned behavior (TPB) how attitude toward the behavior (ATT), subjective norm (SN), and perceived behavioral control (PBC) affected the intention of computer end users in a K-12 environment to follow InfoSec policy. Data collection was from 165 K-12 school administrators in Northeast Georgia using an online survey instrument. Data analysis occurred applying multiple linear regression and logistic regression. The TPB model accounted for 30.8% of the variance in intention to comply with InfoSec policies. SN was a significant predictor of intention in the model. ATT and PBC did not show to be significant. These findings suggest improvement to K-12 SETA programs can occur by addressing normative beliefs of the individual. The application of improved SETA programs by IT security program managers that incorporate the findings and recommendations of this study may lead to greater information security in K-12 school systems. More secure school systems can contribute to social change through improved information protection as well as increased freedoms and privacy for employees, students, the organization, and the community.
33
Twisdale, Jerry Allen. "Exploring SME Vulnerabilities to Cyber-criminal Activities Through Employee Behavior and Internet Access." ScholarWorks, 2018. https://scholarworks.waldenu.edu/dissertations/5428.
Full textAbstract:
Cybercriminal activity may be a relatively new concern to small and medium enterprises (SMEs), but it has the potential to create financial and liability issues for SME organizations. The problem is that SMEs are a future growth target for cybercrime activity as larger corporations begin to address security issues to reduce cybercriminal risks and vulnerabilities. The purpose of this study was to explore a small business owner's knowledge about to the principal elements of decision making for SME investment into cybersecurity education for employees with respect to internet access and employee vulnerabilities. The theoretical framework consisted of the psychological studies by Bandura and Jaishankar that might affect individual decision making in terms of employee risks created through internet use. This qualitative case study involved a participant interview and workplace observations to solicit a small rural business owner's knowledge of cybercriminal exploitation of employees through internet activities such as social media and the potential exploitation of workers by social engineers. Word frequency analysis of the collected data concluded that SME owners are ill equipped to combat employee exploitation of their business through social engineering. Qualitative research is consistent with understanding the decision factors for cost, technical support, and security threat prevention SME organizational leadership use and is the focus of this study as emergent themes. The expectation is that this study will aid in the prevention of social engineering tactics against SME employees and provide a platform for future research for SMEs and cybercriminal activity prevention.
34
Ellithorpe, James O. "The Role and Impact of Cyber Security Mentoring." Thesis, Walden University, 2016. http://pqdtopen.proquest.com/#viewpdf?dispub=10126660.
Full textAbstract:
Business organizations are faced with an enormous challenge to improve cyber security, as breeches and lapses through firewalls are increasingly commonplace. The Chief Information Security Officer (CISO) and Information Technology (IT) staff are constantly challenged to identify and purge online and network structural weaknesses. The goal is to reduce overall business risk because unresolved risks are a constant concern to consumers who are uneasy about cyber security failures. The purpose of this general qualitative study was to examine the role and impact of Cyber Security Mentoring (CSM) from the perspectives of the workplace CISO, mentors, and protégés, who were randomly polled from various workplace settings across the United States. Mentoring allows IT staff members to learn from their CISOs and from workplace mentor mistakes and successes. Workplace IT staff are also closest to the various attack methodologies used by cyber hackers, and cohort and dyadic mentoring may provide insight into and responding to cyber-attacks and improving cyber defenses. Sixty-eight sets of respondent data relating to field experience, formal education, professional industry cyber security certifications, and mentoring were compared and examined between respondents. The goal was to determine where respondents agreed and disagreed on issues pertaining to cyber security and CSM. The findings suggested that CSM with a qualified mentor could improve cyber security in the workplace; in addition, more time must be devoted to continued professional education. Implications for positive social change included the use of CSM to enhance cyber security through the sharing of incidents, mindsets, procedures and expertise, and improvement of customer-consumer security confidence.
35
Forde, Edward Steven. "Security Strategies for Hosting Sensitive Information in the Commercial Cloud." ScholarWorks, 2017. https://scholarworks.waldenu.edu/dissertations/3604.
Full textAbstract:
IT experts often struggle to find strategies to secure data on the cloud. Although current security standards might provide cloud compliance, they fail to offer guarantees of security assurance. The purpose of this qualitative case study was to explore the strategies used by IT security managers to host sensitive information in the commercial cloud. The study's population consisted of information security managers from a government agency in the eastern region of the United States. The routine active theory, developed by Cohen and Felson, was used as the conceptual framework for the study. The data collection process included IT security manager interviews (n = 7), organizational documents and procedures (n = 14), and direct observation of a training meeting (n = 35). Data collection from organizational data and observational data were summarized. Coding from the interviews and member checking were triangulated with organizational documents and observational data/field notes to produce major and minor themes. Through methodological triangulation, 5 major themes emerged from the data analysis: avoiding social engineering vulnerabilities, avoiding weak encryption, maintaining customer trust, training to create a cloud security culture, and developing sufficient policies. The findings of this study may benefit information security managers by enhancing their information security practices to better protect their organization's information that is stored in the commercial cloud. Improved information security practices may contribute to social change by providing by proving customers a lesser amount of risk of having their identity or data stolen from internal and external thieves
36
Tyler, Lamonte Bryant. "Exploring the Implementation of Cloud Security to Minimize Electronic Health Records Cyberattacks." ScholarWorks, 2018. https://scholarworks.waldenu.edu/dissertations/5281.
Full textAbstract:
Health care leaders lack the strategies to implement cloud security for electronic medical records to prevent a breach of patient data. The purpose of this qualitative case study was to explore strategies senior information technology leaders in the healthcare industry use to implement cloud security to minimize electronic health record cyberattacks. The theory supporting this study was routine activities theory. Routine activities theory is a theory of criminal events that can be applied to technology. The study's population consisted of senior information technology leaders from a medical facility in a large northeastern city. Data collection included semistructured interviews, phone interviews, and analysis of organizational documents. The use of member checking and methodological triangulation increased the validity of this study's findings among all participants. There were 5 major themes that emerged from the study (a) requirement of coordination with the electronic health record vendor and the private cloud vendor, (b) protection of the organization, (c) requirements based on government and organizational regulations, (d) access management, (e) a focus on continuous improvement. The results of this study may create awareness of the necessity to secure electronic health records in the cloud to minimize cyberattacks. Cloud security is essential because of its social impact on the ability to protect confidential data and information. The results of this study will further serve as a foundation for positive social change by increasing awareness in support of the implementation of electronic health record cloud security.
37
Kamin, Daud Alyas. "Exploring Security, Privacy, and Reliability Strategies to Enable the Adoption of IoT." ScholarWorks, 2017. https://scholarworks.waldenu.edu/dissertations/4382.
Full textAbstract:
The Internet of things (IoT) is a technology that will enable machine-to-machine communication and eventually set the stage for self-driving cars, smart cities, and remote care for patients. However, some barriers that organizations face prevent them from the adoption of IoT. The purpose of this qualitative exploratory case study was to explore strategies that organization information technology (IT) leaders use for security, privacy, and reliability to enable the adoption of IoT devices. The study population included organization IT leaders who had knowledge or perceptions of security, privacy, and reliability strategies to adopt IoT at an organization in the eastern region of the United States. The diffusion of innovations theory, developed by Rogers, was used as the conceptual framework for the study. The data collection process included interviews with organization IT leaders (n = 8) and company documents and procedures (n = 15). Coding from the interviews and member checking were triangulated with company documents to produce major themes. Through methodological triangulation, 4 major themes emerged during my analysis: securing IoT devices is critical for IoT adoption, separating private and confidential data from analytical data, focusing on customer satisfaction goes beyond reliability, and using IoT to retrofit products. The findings from this study may benefit organization IT leaders by enhancing their security, privacy, and reliability practices and better protect their organization's data. Improved data security practices may contribute to social change by reducing risk in security and privacy vulnerabilities while also contributing to new knowledge and insights that may lead to new discoveries such as a cure for a disease.
38
Mathias, Henry. "Analyzing Small Businesses' Adoption of Big Data Security Analytics." ScholarWorks, 2019. https://scholarworks.waldenu.edu/dissertations/6614.
Full textAbstract:
Despite the increased cost of data breaches due to advanced, persistent threats from malicious sources, the adoption of big data security analytics among U.S. small businesses has been slow. Anchored in a diffusion of innovation theory, the purpose of this correlational study was to examine ways to increase the adoption of big data security analytics among small businesses in the United States by examining the relationship between small business leaders' perceptions of big data security analytics and their adoption. The research questions were developed to determine how to increase the adoption of big data security analytics, which can be measured as a function of the user's perceived attributes of innovation represented by the independent variables: relative advantage, compatibility, complexity, observability, and trialability. The study included a cross-sectional survey distributed online to a convenience sample of 165 small businesses. Pearson correlations and multiple linear regression were used to statistically understand relationships between variables. There were no significant positive correlations between relative advantage, compatibility, and the dependent variable adoption; however, there were significant negative correlations between complexity, trialability, and the adoption. There was also a significant positive correlation between observability and the adoption. The implications for positive social change include an increase in knowledge, skill sets, and jobs for employees and increased confidentiality, integrity, and availability of systems and data for small businesses. Social benefits include improved decision making for small businesses and increased secure transactions between systems by detecting and eliminating advanced, persistent threats.
39
Miller, Nathan D. "Adapting the Skyline Operator in the NetFPGA Platform." Youngstown State University / OhioLINK, 2013. http://rave.ohiolink.edu/etdc/view?acc_num=ysu1369586333.
Full text
40
Kumka, David Harold. "Quantifying Performance Costs of Database Fine-Grained Access Control." NSUWorks, 2012. http://nsuworks.nova.edu/gscis_etd/204.
Full textAbstract:
Fine-grained access control is a conceptual approach to addressing database security requirements. In relational database management systems, fine-grained access control refers to access restrictions enforced at the row, column, or cell level. While a number of commercial implementations of database fine-grained access control are available, there are presently no generalized approaches to implementing fine-grained access control for relational database management systems.
Fine-grained access control is potentially a good solution for database professionals and system architects charged with designing database applications that implement granular security or privacy protection features. However, in the oral tradition of the database community, fine-grained access control is spoken of as imposing significant performance penalties, and is therefore best avoided. Regardless, there are current and emerging social, legal, and economic forces that mandate the need for efficient fine-grained access control in relational database management systems.
In the study undertaken, the author was able to quantify the performance costs associated with four common implementations of fine-grained access control for relational database management systems. Security benchmarking was employed as the methodology to quantify performance costs. Synthetic data from the TPC-W benchmark as well as representative data from a real-world application were utilized in the benchmarking process.
A simple graph-base performance model for Fine-grained Access Control Evaluation (FACE) was developed from benchmark data collected during the study. The FACE model is intended for use in predicting throughput and response times for relational database management systems that implement fine-grained access control using one of the common fine-grained access control mechanisms - authorization views, the Hippocratic Database, label-based access control, and transparent query rewrite. The author also addresses the issue of scalability for fine-grained access control mechanisms that were evaluated in the study.
41
Henning, Rhonda R. "Security Policies That Make Sense for Complex Systems: Comprehensible Formalism for the System Consumer." NSUWorks, 2014. http://nsuworks.nova.edu/gscis_etd/9.
Full textAbstract:
Information Systems today rarely are contained within a single user workstation, server, or networked environment. Data can be transparently accessed from any location, and maintained across various network infrastructures. Cloud computing paradigms commoditize the hardware and software environments and allow an enterprise to lease computing resources by the hour, minute, or number of instances required to complete a processing task. An access control policy mediates access requests between authorized users of an information system and the system's resources. Access control policies are defined at any given level of abstraction, such as the file, directory, system, or network, and can be instantiated in layers of increasing (or decreasing) abstraction. For the system end-user, the functional allocation of security policy to discrete system components, or subsystems, may be too complex for comprehension. In this dissertation, the concept of a metapolicy, or policy that governs execution of subordinate security policies, is introduced. From the user's perspective, the metapolicy provides the rules for system governance that are functionally applied across the system's components for policy enforcement. The metapolicy provides a method to communicate updated higher-level policy information to all components of a system; it minimizes the overhead associated with access control decisions by making access decisions at the highest level possible in the policy hierarchy. Formal definitions of policy often involve mathematical proof, formal logic, or set theoretic notation. Such policy definitions may be beyond the capability of a system user who simply wants to control information sharing. For thousands of years, mankind has used narrative and storytelling as a way to convey knowledge. This dissertation discusses how the concepts of storytelling can be embodied in computational narrative and used as a top-level requirements specification. The definition of metapolicy is further discussed, as is the relationship between the metapolicy and various access control mechanisms. The use of storytelling to derive the metapolicy and its applicability to formal requirements definition is discussed. The author's hypothesis on the use of narrative to explain security policy to the system user is validated through the use of a series of survey instruments. The survey instrument applies either a traditional requirements specification language or a brief narrative to describe a security policy and asks the subject to interpret the statements. The results of this research are promising and reflect a synthesis of the disciplines of neuroscience, security, and formal methods to present a potentially more comprehensible knowledge representation of security policy.
42
Zadig, Sean M. "Understanding the Impact of Hacker Innovation upon IS Security Countermeasures." NSUWorks, 2016. http://nsuworks.nova.edu/gscis_etd/976.
Full textAbstract:
Hackers external to the organization continue to wreak havoc upon the information systems infrastructure of firms through breaches of security defenses, despite constant development of and continual investment in new IS security countermeasures by security professionals and vendors. These breaches are exceedingly costly and damaging to the affected organizations. The continued success of hackers in the face of massive amounts of security investments suggests that the defenders are losing and that the hackers can innovate at a much faster pace.
Underground hacker communities have been shown to be an environment where attackers can learn new techniques and share tools pertaining to the defeat of IS security countermeasures. This research sought to understand the manner in which hackers diffuse innovations within these communities. Employing a multi-site, positivist case study approach of four separate hacking communities, the study examined how hackers develop, communicate, and eventually adopt these new techniques and tools, so as to better inform future attempts at mitigating these attacks. The research found that three classes of change agents are influential in the diffusion and adoption of an innovation: the developer/introducer of the innovation to the community, the senior member of a community, and the author of tutorials. Additionally, the research found that three innovation factors are key to successful diffusion and adoption: the compatibility of the innovation to the needs of the community, the complexity of the innovation, and the change in image conferred upon the member from adopting the innovation. The research also described the process by which innovations are adopted within the hacking communities and detailed phases in this process which are unique to these communities.
43
Larrimore, Nancy Page. "Risk Management Strategies to Prevent and Mitigate Emerging Operational Security Threats." ScholarWorks, 2018. https://scholarworks.waldenu.edu/dissertations/4866.
Full textAbstract:
Dependence on technology brings security compromises that have become a global threat that costs businesses millions of dollars. More than 7.6 million South Carolinians incurred effects from the 162 security breaches reported in 2011-2015. The purpose of this multiple case study was to explore the risk management strategies small business leaders use to prevent and mitigate operational security threats that produce financial losses. The population for this study consisted of 6 business leaders in South Carolina who have demonstrated successful experience in preventing and mitigating operational security threats. Transformational leadership theory provided the conceptual framework for exploring the overreaching research question. Data collection consisted of semistructured interviews with each participant and the collection of company documents that pertained to security procedures, audits, and reviews. Conducting semistructured interviews allowed participants to provide details of real-life experiences. Recorded interviews and transcriptions were analyzed through Moustakas's modified van Kaam method of analysis to identify emerging topics. The 4 themes that emerged were: (a) operational security training and awareness, (b) operational security culture and behavioral effects, (c) operational security policy and compliance, and (d) operational security challenges and risk management. By developing strategies and processes that reflect these themes, small business leaders can reduce financial losses to improve profitability and reduce unemployment, achieving social changes that can benefit society as a whole.
44
Davis, Robert Elliot. "Relationship between Corporate Governance and Information Security Governance Effectiveness in United States Corporations." ScholarWorks, 2017. https://scholarworks.waldenu.edu/dissertations/3873.
Full textAbstract:
Cyber attackers targeting large corporations achieved a high perimeter penetration success rate during 2013, resulting in many corporations incurring financial losses. Corporate information technology leaders have a fiduciary responsibility to implement information security domain processes that effectually address the challenges for preventing and deterring information security breaches. Grounded in corporate governance theory, the purpose of this correlational study was to examine the relationship between strategic alignment, resource management, risk management, value delivery, performance measurement implementations, and information security governance (ISG) effectiveness in United States-based corporations. Surveys were used to collect data from 95 strategic and tactical leaders of the 500 largest for-profit United States headquartered corporations. The results of the multiple linear regression indicated the model was able to significantly predict ISG effectiveness, F(5, 89) = 3.08, p = 0.01, R-² = 0.15. Strategic alignment was the only statistically significant (t = 2.401, p <= 0.018) predictor. The implications for positive social change include the potential to constructively understand the correlates of ISG effectiveness, thus increasing the propensity for consumer trust and reducing consumers' costs.
45
Rodriguez, Julio C. "Public Servants' Perceptions of the Cybersecurity Posture of the Local Government in Puerto Rico." ScholarWorks, 2019. https://scholarworks.waldenu.edu/dissertations/6370.
Full textAbstract:
The absence of legislation, the lack of a standard cybersecurity framework, and the failure to adopt a resilient cybersecurity posture can be detrimental to the availability, confidentiality, and integrity of municipal information systems. The purpose of this phenomenological study was to understand the cybersecurity posture of municipalities from the perception of public servants serving in information technology (IT) leadership roles in highly populated municipalities in the San Juan-Carolina-Caguas Metropolitan Statistical Area of Puerto Rico. The study was also used to address key factors influencing the cybersecurity posture of these municipalities. The theoretical framework was open system theory used in combination with a conceptual framework encompassing key dimensions influencing digital government. Data were collected using semistructured interviews with 10 public servants working in IT leadership positions in a municipal setting in Puerto Rico. Data analysis involved horizontalization, reduction, elimination, clustering, thematizing, validation, and development of individual and composite textural descriptions. Participants reported that the cybersecurity posture of their municipalities was resilient. Participants also reported that technological changes, politics, the economy, management support, and processes were key elements to achieve a resilient posture. Findings may be used to empower elected officials, policymakers, public servants, and practitioners to manage and improve elements affecting cybersecurity with the goal of achieving a resilient posture to deliver cybersecurity as a public good.
46
Nguyen, Huy Manh. "MABIC: Mobile Application Builder for Interactive Communication." TopSCHOLAR®, 2016. http://digitalcommons.wku.edu/theses/1747.
Full textAbstract:
Nowadays, the web services and mobile technology advance to a whole new level. These technologies make the modern communication faster and more convenient than the traditional way. People can also easily share data, picture, image and video instantly. It also saves time and money. For example: sending an email or text message is cheaper and faster than a letter. Interactive communication allows the instant exchange of feedback and enables two-way communication between people and people, or people and computer. It increases the engagement of sender and receiver in communication.
Although many systems such as REDCap and Taverna are built for improving the interactive communication between the servers and clients, there are still common drawbacks existing in these systems. These systems lack the support of the branching logic and two-way communication. They also require administrator’s programming skills to function the system adequately. These issues are the motivation of the project. The goal is to build a framework to speed up the prototype development of mobile application. The MABIC support the complex workflow by providing conditional logic, instantaneous interactivity between the administrators and participants and the mobility. These supported features of MABIC improve the interaction because it engages the participants to communicate more with the system. MABIC system provides the mobile electronic communication via sending a text message or pushing a notification to mobile’s device. Moreover, MABIC application also supports multiple mobile platforms. It helps to reduce the time and cost of development. In this thesis, the overview of MABIC system, its implementation, and related application is described.
47
Anye, Ernest Tamanji. "Factors Affecting Employee Intentions to Comply With Password Policies." ScholarWorks, 2019. https://scholarworks.waldenu.edu/dissertations/6965.
Full textAbstract:
Password policy compliance is a vital component of organizational information security. Although many organizations make substantial investments in information security, employee-related security breaches are prevalent, with many breaches being caused by negative password behavior such as password sharing and the use of weak passwords. The purpose of this quantitative correlational study was to examine the relationship between employees’ attitudes towards password policies, information security awareness, password self-efficacy, and employee intentions to comply with password policies. This study was grounded in the theory of planned behavior and social cognitive theory. A cross-sectional survey was administered online to a random sample of 187 employees selected from a pool of qualified Qualtrics panel members. Participants worked for organizations in the United States and were aware of the password policies in their own organizations. The collected data were analyzed using 3 ordinal logistic regression models, each representing a specific measure of employees’ compliance intentions. Attitudes towards policies and password self-efficacy were significant predictors of employees’ intentions to comply with password policies (odds ratios ≥ 1.257, p < .05), while information security awareness did not have a significant impact on compliance intentions. With more knowledge of the controllable predictive factors affecting compliance, information security managers may be able to improve password policy compliance and reduce economic loss due to related security breaches. An implication of this study for positive social change is that a reduction in security breaches may promote more public confidence in organizational information systems.
48
Jia, Hao. "A web application for Medasolution Healthcare Company customer service system." CSUSB ScholarWorks, 2005. https://scholarworks.lib.csusb.edu/etd-project/2612.
Full textAbstract:
Medasolution is a virtual company designed by the author to handle Medicare insurance business. The web application (which uses ASP.net and SQL Server 2000) facilitates communication between Medasolution and all its clients: members, employers, brokers, and medicare providers through separate web pages based on their category levels. The program incorporates security so that it follows government privacy rules regarding client information.
49
Callahan, Michael John. "Exploring Identity Management at Community Colleges in Texas with Open Access to College Computer Networks." ScholarWorks, 2011. https://scholarworks.waldenu.edu/dissertations/1641.
Full textAbstract:
The study addressed the lack of identity management practices in Texas community colleges to identify guest users who access college computers. Guest user access is required by Texas law and is part of the state's mission to bridge the technology gap; however, improper identification methods leave the college vulnerable to liability issues. The purpose of this study was to eliminate or mitigate liabilities facing colleges by creating and using security policies to identify guest users. This study combined the theoretical concepts of Cameron's internal security management model with the external trust models of the Liberty Alliance and Microsoft's Passport software. The research question revolved around the identity and access management framework used by 13 community colleges in Texas to track guest users and the college's ability to protect the college from illegal acts. Using a grounded theory approach, data were collected by interviewing 13 information technology management professionals at the community colleges regarding their security policies and procedures as well as by campus observations of security practices. The results of constant comparison analysis indicate that no universal theory was being used. Only 3 of the 13 colleges tracked guest user access. Reasons for not tracking guest access included lack of financial and technology resources and process knowledge. Based on these findings, the identity management infrastructure theory was recommended for network access control, self-registration, and identity authentication at these colleges and many other colleges. The implications for social change include raising awareness of the risks most community colleges face from network security breaches, regulatory noncompliance, and lawsuit damages that could result from the lack of an identity management process.
50
Abou, El Houda Zakaria. "Security Enforcement through Software Defined Networks (SDN)." Thesis, Troyes, 2021. http://www.theses.fr/2021TROY0023.
Full textAbstract:
La conception originale d'Internet n'a pas pris en compte les aspects de sécurité du réseau, l’objectif prioritaire était de faciliter le processus de communication. Par conséquent, de nombreux protocoles de l'infrastructure Internet exposent un ensemble de vulnérabilités. Ces dernières peuvent être exploitées par les attaquants afin de mener un ensemble d’attaques. Les attaques par déni de service distribué (DDoS) représentent une grande menace; DDoS est l'une des attaques les plus dévastatrices causant des dommages collatéraux aux opérateurs de réseau ainsi qu'aux fournisseurs de services Internet. Les réseaux programmables (SDN) ont émergé comme un nouveau paradigme promettant de résoudre les limitations de l’architecture réseau actuelle en découplant le plan de contrôle du plan de données. D'une part, cette séparation permet un meilleur contrôle du réseau et apporte de nouvelles capacités pour mitiger les attaques par DDoS. D'autre part, cette séparation introduit de nouveaux défis en matière de sécurité du plan de contrôle. L’enjeu de cette thèse est double. D'une part, étudier et explorer l’apport du SDN à la sécurité afin de concevoir des solutions efficaces qui vont mitiger plusieurs vecteurs d’attaques. D'autre part, protéger le SDN contre ces attaques. À travers ce travail de recherche, nous contribuons à la mitigation des attaques par déni de service distribué sur deux niveaux (intra et inter-domaine), et nous contribuons au renforcement de la sécurité dans le SDNThe original design of Internet did not take into consideration security aspects of the network; the priority was to facilitate the process of communication. Therefore, many of the protocols that are part of the Internet infrastructure expose a set of vulnerabilities that can be exploited by attackers to carry out a set of attacks. Distributed Denial-of-Service (DDoS) represents a big threat and one of the most devastating and destructive attacks plaguing network operators and Internet service providers (ISPs) in stealthy way. Software defined networks (SDN) is an emerging technology that promises to solve the limitations of the conventional network architecture by decoupling the control plane from the data plane. On one hand, the separation of the control plane from the data plane allows for more control over the network and brings new capabilities to deal with DDoS attacks. On the other hand, this separation introduces new challenges regarding the security of the control plane. This thesis aims to deal with DDoS attacks while protecting the resources of the control plane. In this thesis, we contribute to the mitigation of both intra-domain and inter-domain DDoS attacks, and we contribute to the reinforcement of security aspects in SDN