Relevant bibliographies by topics / Information security practice tests

Journal articles
Dissertations / Theses
Books
Book chapters
Conference papers
Reports

Academic literature on the topic 'Information security practice tests'

Author: Grafiati

Published: 28 July 2024

Last updated: 30 July 2024

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Information security practice tests.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "Information security practice tests"

Li, Chengcheng. "Penetration Testing Curriculum Development in Practice." Journal of Information Technology Education: Innovations in Practice 14 (2015): 085–99. http://dx.doi.org/10.28945/2189.

Full text

Abstract:

As both the frequency and the severity of network breaches have increased in recent years, it is essential that cybersecurity is incorporated into the core of business operations. Evidence from the U.S. Bureau of Labor Statistics (Bureau of Labor Statistics, 2012) indicates that there is, and will continue to be, a severe shortage of cybersecurity professionals nationwide throughout the next decade. To fill this job shortage we need a workforce with strong hands-on experience in the latest technologies and software tools to catch up with the rapid evolution of network technologies. It is vital that the IT professionals possess up-to-date technical skills and think and act one step ahead of the cyber criminals who are constantly probing and exploring system vulnerabilities. There is no perfect security mechanism that can defeat all the cyber-attacks; the traditional defensive security mechanism will eventually fail to the pervasive zero-day attacks. However, there are steps to follow to reduce an organization’s vulnerability to cyber-attacks and to mitigate damages. Active security tests of the network from a cyber-criminal’s perspective can identify system vulnerabilities that may lead to future breaches. “If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. But if you know the enemy and know yourself, you need not fear the result of hundred battles” (Sun, 2013). Penetration testing is a discipline within cybersecurity that focuses on identifying and exploiting the vulnerabilities of a network, eventually obtaining access to the critical business information. The pentesters, the security professionals who perform penetration testing, or ethical hackers, break the triad of information security - Confidentiality, Integrity, and Accountability (CIA) - as if they were a cyber-criminal. The purpose of ethical hacking or penetration testing is to know what the “enemy” can do and then generate a report for the management team to aid in strengthening the system, never to cause any real damages. This paper introduces the development of a penetration testing curriculum as a core class in an undergraduate cybersecurity track in Information Technology. The teaching modules are developed based on the professional penetration testing life cycle. The concepts taught in the class are enforced by hands-on lab exercises. This paper also shares the resources that are available to institutions looking for teaching materials and grant opportunities to support efforts when creating a similar curriculum in cybersecurity.

APA, Harvard, Vancouver, ISO, and other styles

Samios, Michael, Christos P. Evangelidis, and Emmanouil Serrelis. "Assessment of Information Security Vulnerabilities in Common Seismological Equipment." Seismological Research Letters 92, no. 2A (February 10, 2021): 933–40. http://dx.doi.org/10.1785/0220200151.

Full text

Abstract:

Abstract Modern seismic and Global Navigation Satellite Systems stations are nowadays equipped with Internet of Things devices that acquire, process, and transmit various geophysical parameters in near-real time. This technological advance has introduced a new threat paradigm for common seismological devices. Such threats can be assessed with standard information security methods and practices. This article aims to identify security weaknesses, describe weak security points and potential attacks on such environments, and anticipate the countermeasures needed. Real tests and attacks have been applied to demonstrate the lack of data encryption and user authentication processes, the risks posed by unencrypted communication protocols, unsafe practices regarding settings and passwords, and poor design implementations. All these factors may impact and possibly disrupt the daily operation of seismic observatories because they can lead to falsifying data, altering configurations, or producing malicious false alarms. These in turn may cause unnecessary public concern or distrust, financial losses, or even national security issues. For all these reasons, several countermeasures and solutions are also proposed and evaluated to address each of the identified vulnerabilities.

APA, Harvard, Vancouver, ISO, and other styles

Rohn, Eli, Gilad Sabari, and Guy Leshem. "Explaining small business InfoSec posture using social theories." Information & Computer Security 24, no. 5 (November 14, 2016): 534–56. http://dx.doi.org/10.1108/ics-09-2015-0041.

Full text

Abstract:

Purpose This study aims to investigate information technology security practices of very small enterprises. Design/methodology/approach The authors perform a formal information security field study using a representative sample. Using the Control Objectives for IT (COBIT) framework, the authors evaluate 67 information security controls and perform 206 related tests. The authors state six hypotheses about the findings and accept or reject those using inferential statistics. The authors explain findings using the social comparison theory and the rare events bias theory. Findings Only one-third of all the controls examined were designed properly and operated as expected. About half of the controls were either ill-designed or did not operate as intended. The social comparison theory and the rare events bias theory explain managers’s reliance on small experience samples which in turn leads to erroneous comprehension of their business environment, which relates to information security. Practical implications This information is valuable to executive branch policy makers striving to reduce information security vulnerability on local and national levels and small business organizations providing information and advice to their members. Originality/value Information security surveys are usually over-optimistic and avoid self-incrimination, yielding results that are less accurate than field work. To obtain grounded facts, the authors used the field research approach to gather qualitative and quantitative data by physically visiting active organizations, interviewing managers and staff, observing processes and reviewing written materials such as policies, procedure and logs, in accordance to common practices of security audits.

APA, Harvard, Vancouver, ISO, and other styles

Ikhalia, Ehinome, Alan Serrano, David Bell, and Panos Louvieris. "Online social network security awareness: mass interpersonal persuasion using a Facebook app." Information Technology & People 32, no. 5 (October 7, 2019): 1276–300. http://dx.doi.org/10.1108/itp-06-2018-0278.

Full text

Abstract:

Purpose Online social network (OSN) users have a high propensity to malware threats due to the trust and persuasive factors that underpin OSN models. The escalation of social engineering malware encourages a growing demand for end-user security awareness measures. The purpose of this paper is to take the theoretical cybersecurity awareness model TTAT-MIP and test its feasibility via a Facebook app, namely social network criminal (SNC). Design/methodology/approach The research employs a mixed-methods approach to evaluate the SNC app. A system usability scale measures the usability of SNC. Paired samples t-tests were administered to 40 participants to measure security awareness – before and after the intervention. Finally, 20 semi-structured interviews were deployed to obtain qualitative data about the usefulness of the App itself. Findings Results validate the effectiveness of OSN apps utilising a TTAT-MIP model – specifically the mass interpersonal persuasion (MIP) attributes. Using TTAT-MIP as a guidance, practitioners can develop security awareness systems that better leverage the intra-relationship model of OSNs. Research limitations/implications The primary limitation of this study is the experimental settings. Although the results testing the TTAT-MIP Facebook app are promising, these were set under experimental conditions. Practical implications SNC enable persuasive security behaviour amongst employees and avoid potential malware threats. SNC support consistent security awareness practices by the regular identification of new threats which may inspire the creation of new security awareness videos. Social implications The structure of OSNs is making it easier for malicious users to carry out their activities without the possibility of detection. By building a security awareness programme using the TTAT-MIP model, organisations can proactively manage security awareness. Originality/value Many security systems are cumbersome, inconsistent and non-specific. The outcome of this research provides organisations and security practitioners with a framework for designing and developing proactive and tailored security awareness systems.

APA, Harvard, Vancouver, ISO, and other styles

Yang, Wei, and Anni Jia. "Side-Channel Leakage Detection with One-Way Analysis of Variance." Security and Communication Networks 2021 (March 5, 2021): 1–13. http://dx.doi.org/10.1155/2021/6614702.

Full text

Abstract:

Side-channel analysis (SCA) is usually used for security evaluation to test the side-channel vulnerability of a cryptographic device. However, in practice, an analyser may need to cope with enormous amounts of side-channel measurement data to extract valuable information for SCA. Under the circumstances, side-channel leakage detection can be used to identify leakage points which contain secret information and therefore improve the efficiency of security assessment. This investigation proposes a new black-box leakage detection approach on the basis of the one-way analysis of variance (ANOVA). In accordance with the relevance between leakage points and inputs of a cryptographic algorithm, the proposed method divides side-channel samples into multiple classes and tests the difference among these classes by taking advantage of the one-way ANOVA. Afterwards, leakage points and nonleakage points can be distinguished by determining whether the null hypothesis is accepted. Further, we extend our proposed method to multichannel leakage detection. In particular, a new SCA attack with a F -statistic-based distinguisher is capable of developing if the input of the leakage detection approach is replaced by a sensitive intermediate variable. Practical experiments show the effectiveness of the proposed methods.

APA, Harvard, Vancouver, ISO, and other styles

Kubiak, Ireneusz, and Artur Przybysz. "Fourier and Chirp-Z Transforms in the Estimation Values Process of Horizontal and Vertical Synchronization Frequencies of Graphic Displays." Applied Sciences 12, no. 10 (May 23, 2022): 5281. http://dx.doi.org/10.3390/app12105281.

Full text

Abstract:

The electromagnetic protection of IT devices includes a number of organizational and technical measures aimed at ensuring control over radiated and conducted revealing emissions. This is of particular importance for ensuring information security in wireless communication and the processing of data presented in graphic form. In each of these cases, the occurring electromagnetic emissions pose the risk of a lack of electromagnetic immunity to the so-called eavesdropping process based on forming revealing emissions. Included in the elements of the security chain preventing electromagnetic eavesdropping on wireless communication and the devices building such systems are activities related to the determination of the Technical Device Security Level (TDSL) or its class. The above is related to the performance of electromagnetic emissions tests and identifying which of them must be treated as revealing emissions, which are only disturbances and do not threaten the security of the processed information. It is intuitively understandable that it is particularly important to ensure the security of interfaces that process video data. The nature of the electromagnetic emission signals generated by these interfaces means that the related information can be intercepted with the use of relatively simple methods, and under favorable circumstances even with the use of a receiving device not very technologically advanced. In the case of the electromagnetic safety assessment of video devices, common practice is therefore activities aimed at reconstructing information related to the video signal. This requires the parameters of the reconstructed image appropriate for the eavesdropped device operation mode and the conditions of recording the revealing emission signals to be determined. The article presents the results of works related to the analysis of the possibility of using spectral analysis methods (Fast Fourier FFT transform and Chirp-Z transform) to automate the process of determining the above-mentioned parameters in the case of reproducing images from emission signals recorded by using the ADC analog-to-digital converter.

APA, Harvard, Vancouver, ISO, and other styles

Ricciardi, Carlo, Adelmo Gubitosi, Donatella Vecchione, Giuseppe Cesarelli, Francesco De Nola, Roberto Ruggiero, Ludovico Docimo, and Giovanni Improta. "Comparing Two Approaches for Thyroidectomy: A Health Technology Assessment through DMAIC Cycle." Healthcare 10, no. 1 (January 8, 2022): 124. http://dx.doi.org/10.3390/healthcare10010124.

Full text

Abstract:

Total thyroidectomy is very common in endocrine surgery and the haemostasis can be obtained in different ways across surgery; recently, some devices have been developed to support this surgical phase. In this paper, a health technology assessment is conducted through the define, measure, analyse, improve, and control cycle of the Six Sigma methodology to compare traditional total thyroidectomy with the surgical operation performed through a new device in an overall population of 104 patients. Length of hospital stay, drain output, and time for surgery were considered the critical to qualities in order to compare the surgical approaches which can be considered equal regarding the organizational, ethical, and security impact. Statistical tests (Kolmogorov–Smirnov, t test, ANOVA, Mann–Whitney, and Kruskal–Wallis tests) and visual management diagrams were employed to compare the approaches, but no statistically significant difference was found between them. Considering these results, this study shows that the introduction of the device to perform total thyroidectomy does not guarantee appreciable clinical advantages. A cost analysis to quantify the economic impact of the device into the practice could be a future development. Healthy policy leaders and clinicians who are requested to make decisions regarding the supply of biomedical technologies could benefit from this research.

APA, Harvard, Vancouver, ISO, and other styles

Mundt, Christopher C. "Pyramiding for Resistance Durability: Theory and Practice." Phytopathology® 108, no. 7 (July 2018): 792–802. http://dx.doi.org/10.1094/phyto-12-17-0426-rvw.

Full text

Abstract:

Durable disease resistance is a key component of global food security, and combining resistance genes into “pyramids” is an important way to increase durability of resistance. The mechanisms by which pyramids impart durability are not well known. The traditional view of resistance pyramids considers the use of major resistance gene (R-gene) combinations deployed against pathogens that are primarily asexual. Interestingly, published examples of the successful use of pyramids in the traditional sense are rare. In contrast, most published descriptions of durable pyramids in practice are for cereal rusts, and tend to indicate an association between durability and cultivars combining major R-genes with incompletely expressed, adult plant resistance genes. Pyramids have been investigated experimentally for a diversity of pathogens, and many reduce disease levels below that of the single best gene. Resistance gene combinations have been identified through phenotypic reactions, molecular markers, and challenge against effector genes. As resistance genes do not express equally in all genetic backgrounds, however, a combination of genetic information and phenotypic analyses provide the ideal scenario for testing of putative pyramids. Not all resistance genes contribute equally to pyramids, and approaches have been suggested to identify the best genes and combinations of genes for inclusion. Combining multiple resistance genes into a single plant genotype quickly is a challenge that is being addressed through alternative breeding approaches, as well as through genomics tools such as resistance gene cassettes and gene editing. Experimental and modeling tests of pyramid durability are in their infancy, but have promise to help direct future studies of pyramids. Several areas for further work on resistance gene pyramids are suggested.

APA, Harvard, Vancouver, ISO, and other styles

Akashi, Nozomi, Kohei Nakajima, Mitsuru Shibayama, and Yasuo Kuniyoshi. "A mechanical true random number generator." New Journal of Physics 24, no. 1 (January 1, 2022): 013019. http://dx.doi.org/10.1088/1367-2630/ac45ca.

Full text

Abstract:

Abstract Random number generation has become an indispensable part of information processing: it is essential for many numerical algorithms, security applications, and in securing fairness in everyday life. Random number generators (RNGs) find application in many devices, ranging from dice and roulette wheels, via computer algorithms, lasers to quantum systems, which inevitably capitalize on their physical dynamics at respective spatio-temporal scales. Herein, to the best of our knowledge, we propose the first mathematically proven true RNG (TRNG) based on a mechanical system, particularly the triple linkage of Thurston and Weeks. By using certain parameters, its free motion has been proven to be an Anosov flow, from which we can show that it has an exponential mixing property and structural stability. We contend that this mechanical Anosov flow can be used as a TRNG, which requires that the random number should be unpredictable, irreproducible, robust against the inevitable noise seen in physical implementations, and the resulting distribution’s controllability (an important consideration in practice). We investigate the proposed system’s properties both theoretically and numerically based on the above four perspectives. Further, we confirm that the random bits numerically generated pass the standard statistical tests for random bits.

APA, Harvard, Vancouver, ISO, and other styles

Meira, Jessica Vieira de Souza, Murat Hancer, Sara Joana Gadotti dos Anjos, and Anita Eves. "Human resources practices and employee motivation in the hospitality industry: A cross-cultural research." Tourism and hospitality management 29, no. 2 (2023): 157–67. http://dx.doi.org/10.20867/thm.29.2.1.

Full text

Abstract:

Purpose –This study conducted a comparative analysis between hotels located in Brazil and England on human resource practices and employee motivation, using the cultural dimensions developed by Hofstede (1980) and the conservation of resources theory. Design/Methodology/Approach – Questionnaires were completed by 154 hotels, 96 and 58 dyads of human resources managers and frontline employees from Brazil and England, respectively, corresponding to a total of 308 respondents. Importance-performance analysis was used to examine the data collected through independent t-tests. Findings – The results showed that Brazilian managers considered training as the most important human resources practice, while information sharing had the best performance in their hotels. English managers ranked employment security with the highest importance and performance ratings. Brazilian frontline employees ranked intrinsic motivation with the highest importance and performance ratings, while English frontline employees ranked extrinsic motivation with the highest importance and performance ratings. Originality of the research – This research extended previous studies using the conservation of resources theory and also developed competitive strategies targeted to specific cultures. Another contribution was the comparative study between hotel employees (managers and frontline) from two countries (Brazil and England), applying the importance-performance analysis.

APA, Harvard, Vancouver, ISO, and other styles

More sources

Dissertations / Theses on the topic "Information security practice tests"

Ashenden, D. M. "Information security awareness : improving current research and practice." Thesis, University College London (University of London), 2015. http://discovery.ucl.ac.uk/1469598/.

Full text

Abstract:

Large-scale data losses experienced across both public and private sector organisations have led to expectations that organisations will develop a culture that supports information security aims and objectives. Despite the fact that many organisations now run awareness, education and training programmes for their employees, however, information security incidents due to employee misuse of information still keep occurring. This suggests that these programmes are not working. The research presented in this thesis examines ways to better understand employees’ attitudes towards information security with a view to improving current organisational practice. The research explores whether Chief Information Security Officers are delivering organisational change for information security, before moving on to better understand employee’s attitudes and how these are translated into behaviours. The research takes a mixed-methods approach that is not often used in information security research and combines both qualitative and quantitative analytical methods, grounded in the theory of social psychology. Case studies are carried out with Chief Information Security Officers as well as at the Office of Fair Trading and Prudential plc. The research delivers a survey tool that can be used in organisations to better understand how to frame information security messages so that they achieve their aims. An expert panel of users evaluated the survey. The research concluded that end users fall into two groups – the ‘I Can Handle It Group’ and the ‘It’s Out of My Control Group’ and these substantive findings have been validated by a field experiment. By mirroring the attributions of the dominant group the field experiment demonstrates that it is possible to influence employees’ behaviour.

APA, Harvard, Vancouver, ISO, and other styles

Williams, Patricia A. "An investigation into information security in general medical practice." Thesis, Edith Cowan University, Research Online, Perth, Western Australia, 2007. https://ro.ecu.edu.au/theses/274.

Full text

Abstract:

Increased demand by governments and patients for better healthcare communication has seen a growth in adoption of electronic medical records, with general practice as the cornerstone of this distributed environment. In this progressively more electronic state, general practice is charged with the responsibility to ensure confidentiality and privacy of patient infonnation. However, evidence suggests that protection of patient information is poorly handled in general practice. The deficiency in awareness of vulnerability and risk, together with the lack of appropriate controls and knowledge, leaves medical practice insecure and potentially vulnerable to information security breaches.

APA, Harvard, Vancouver, ISO, and other styles

Hove, Cathrine, and Marte Tårnes. "Information Security Incident Management : An Empirical Study of Current Practice." Thesis, Norges teknisk-naturvitenskapelige universitet, Institutt for telematikk, 2013. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-22651.

Full text

Abstract:

An increasing use of digital solutions suggests that organizations today are more exposed to attacks than before. Recent reports show that attacks get more advanced and that attackers choose their targets more wisely. Despite preventive measures being implemented, incidents occur occasionally. This calls for effective and efficient information security incident management. Several standards and guidelines addressing incident management exist. However, few studies of current practices have been conducted. In this thesis an empirical study was conducted where organizations' incident management practices were studied. The research was conducted as a case study of three large Norwegian organizations, where the data collection methods were interviews and document studies. Our findings show that the organizations were relatively compliant with standards and guidelines for incident management, but that there was still room for improvements. We found communication, information dissemination, employee involvement, experience and allocation of responsibilities to be important factors to an effective and efficient incident management process. Finally, we contribute with recommendations for performing successful information security incident management. We recommend organizations to use standards and guidelines as a basis for incident management, conduct regular rehearsals, utilize employees as part of the sensor network in incident detection and to conduct awareness campaigns for employees.

APA, Harvard, Vancouver, ISO, and other styles

Mahncke, Rachel J. "Measuring and applying information security governance within general medical practice." Thesis, Edith Cowan University, Research Online, Perth, Western Australia, 2016. https://ro.ecu.edu.au/theses/1797.

Full text

Abstract:

Australia is in the process of adopting a national approach towards the secure electronic exchange of health information. The health information contributions of general practices as the primary point of patient medical care, will be critical to the success of an interoperable national healthcare system. Sharing information creates vulnerabilities by increasing exposure to information security threats. Consequently, improvement in information security practice within general practice may positively contribute towards improved patient care by providing access to timely and accurate information. There is renewed focus within general practice on information security, inter alia the introduction of: the Royal Australian College of General Practitioners (RACGP, 2014) Computer and Information Security Standards (CISS, 2013); privacy law reform in 2014; an evolving national electronic heath record system; litigation relating to information breaches; and continuing Australian public support for mandatory data breach notification legislation.The implementation of reliable information security procedures within general practices will be critical to secure the exchange of confidential patient information. Protecting patient health information requires appropriate security measures in regards to technologies, policies, and procedures as well as ensuring that staff are well trained and aware of these security activities. Adherence to industry standard security activities will enable general practices to take responsibility for their information security thereby minimising the threat of lost or stolen information. To meet the rising number of information security threats, general practices need to adopt a framework of accountability and control to address and demonstrate effective information security management and governance. The governance component of information security remains insufficiently addressed within Australian general practice at present.This thesis demonstrates an application of international standards at a strategic level, and proposes a functional process improvement framework against which general practices can assess and implement effective information security governance. This interpretation and operationalisation of international governance of information security standard ISO/IEC 27014:2013 (ISO, 2013), had not previously been undertaken. Further, application of information security governance within the Australian general practice environment had not previously been undertaken, and formed the basis for establishing a positive information security culture.A qualitative action research methodology was utilised for the collection of national data. Further, iterative action research cycles were applied to develop the practical information security governance framework for use within general practice. Following a review of the literature, a preliminary framework was developed to include industry best practice standards and information security compliance criteria applicable to general practice. This initial governance framework extends the industry security standards developed by the RACGP CISS (2013), ISACA’s COBIT 5 (2012), NEHTA’s NESAF (2012) governance framework and Williams’ TIGS-CMM model (2007c). Information security experts validated the information security governance framework during focus groups and interview data collections, which included representatives from key Australian healthcare organisations.Following development, the governance framework was applied and tested within general practices during iterative cycles of interviews. General practice participants conducted a self-assessment against the framework, responded to semi-structured interview questions, and policy documentation was analysed. The governance framework was revised following these iterations and cycles of action research. The objective of this research method was to achieve a ‘theoretical saturation’ of the theory whereby the patterns in the general practice interviews indicated when no new information was being yielded (Mason 2010). A final cycle of a general practice interview was conducted to verify the appropriateness of the information security governance framework within Australian general practice.The contribution of this research was both theoretical and practical. A holistic governance framework and process was synthesised and formulated, which aimed to assist general practices to meet their legal and industry related compliance security responsibilities, by securing information assets in an escalating threat environment. The governance approach was designed to be achievable and sustainable for general practices over time, whilst encouraging incremental improvement in security performance. To address the people aspect of security, the governance process incorporated a risk-based structure for the review of security breaches and performance measures, to assist in making the necessary governance decisions by amending policies and processes, and accessing the required training. This strategic approach extends international and industry best practice of information security governance for use in Australian general practice, with the aim of improving the protection of confidential health information

APA, Harvard, Vancouver, ISO, and other styles

Mirbaz, Jamshid. "Säkerhetsstyrning inom den Finansiella Sektorn : En Studie på Best Practice hos Tre Svenska Banker." Thesis, KTH, Industriella informations- och styrsystem, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-98863.

Full text

Abstract:

For organizations that handle sensitive information, IT governance and information security are necessities in order to maintain credibility and to conduct its business efficiently. There are several known processes to increase security governance – which is a fusion of information security and IT governance. This master thesis examines if organizations use recognized processes and if it in that case would lead to higher security. The study is qualitative and conducted in the financial sector and based on Best Practice frameworks of the security governance in Swedish banks. Data collection was done through interviews and surveys that were triangulated to get a gathered picture of the quality of the security governance activities. The questionnaire surveys were graded according to the Likert scale. This work shows that banks use the processes described in the theory section, Chapter 3, and that they have adapted them to the business. The results from both the interviews and questionnaires show that Bank 3 has a high degree of security governance in the organization. This bank also had good cooperation and communication between the business and the IT side - they worked well aligned. There are clear indications that show that the banks take the methods and processes described in the study into consideration, but that they were adapted to the banks' operations. It is important that business and IT find meeting places - both parties need to contribute with their expertise to achieve the best possible outcome - a safe basis for security governance.

APA, Harvard, Vancouver, ISO, and other styles

Vega, Laurian. "Security in Practice: Examining the Collaborative Management of Sensitive Information in Childcare Centers and Physicians' Offices." Diss., Virginia Tech, 2011. http://hdl.handle.net/10919/37552.

Full text

Abstract:

Traditionally, security has been conceptualized as rules, locks, and passwords. More recently, security research has explored how people interact in secure (or insecure) ways in part of a larger socio-technical system. Socio-technical systems are comprised of people, technology, relationships, and interactions that work together to create safe praxis. Because information systems are not just technical, but also social, the scope of privacy and security concerns must include social and technical factors. Clearly, computer security is enhanced by developments in the technical arena, where researchers are building ever more secure and robust systems to guard the privacy and confidentiality of information. However, when the definition of security is broadened to encompass both human and technical mechanisms, how security is managed with and through the day-to-day social work practices becomes increasingly important. In this dissertation I focus on how sensitive information is collaboratively managed in socio-technical systems by examining two domains: childcare centers and physiciansâ offices. In childcare centers, workers manage the enrolled children and also the enrolled childâ s personal information. In physiciansâ offices, workers manage the patientsâ health along with the patientsâ health information. My dissertation presents results from interviews and observations of these locations. The data collected consists of observation notes, interview transcriptions, pictures, and forms. The researchers identified breakdowns related to security and privacy. Using Activity Theory to first structure, categorize, and analyze the observed breakdowns, I used phenomenological methods to understand the context and experience of security and privacy. The outcomes from this work are three themes, along with corresponding future scenarios. The themes discussed are security embodiment, communities of security, and zones of ambiguity. Those themes extend the literature in the areas of usable security, human-computer interaction, and trust. The presentation will use future scenarios to examine the complexity of developing secure systems for the real world.
Ph. D.

APA, Harvard, Vancouver, ISO, and other styles

Shear, Christopher James. "Business counterintelligence : sustainable practice or passing fad?" Thesis, Stellenbosch : University of Stellenbosch, 2009. http://hdl.handle.net/10019.1/1930.

Full text

Abstract:

Thesis (MA (Information Science))--University of Stellenbosch, 2009.
Traditional information protection mechanisms are no longer adequately placed to effectively deal with the adversarial threats that have arisen as a result of the rise in importance of knowledge for today’s organisations. Business counterintelligence appears to be a protective entity, which in principle can effectively engage with and mitigate many of these newly manifested threats. Yet, business counterintelligence is also an entity that is accompanied by a great deal of haze and confusion as to its use, implementation and integration within different organisations. This is evident from the literature where there currently exist multiple fragmented definitions of what business counterintelligence is. Organisations may as a result adopt a particular business counterintelligence definition that may not be effective for their context. This can result in the ineffective protection of critical information assets and the misappropriation of organisational resources; something which is not sustainable. This thesis proposes that in order to allay the confusion caused by these differing fragmented definitions, one needs to be able to arrive at a consolidated definition of what constitutes business counterintelligence; this thesis’s primary objective. This has been examined by firstly contextualising business counterintelligence in order to better understand the topic; the information society was used as a backdrop for this purpose. Secondly, an examination of the prevailing views of business counterintelligence and its role within organisations is offered in order to build clarity. Thirdly, a consolidated definition of business counterintelligence is proposed and its implications for different organisations examined. Finally, the implications of this consolidated definition for the sustainability of business counterintelligence are discussed and conclusions based on the evidence presented within the thesis drawn. Based on the arguments presented, this thesis postulates that a consolidated definition of business counterintelligence is more effective and is thus more sustainable.

APA, Harvard, Vancouver, ISO, and other styles

Sestorp, Isak, and André Lehto. "CPDLC in Practice : A Dissection of the Controller Pilot Data Link Communication Security." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-159840.

Full text

Abstract:

Controller-Pilot Data Link Communication, a technology that has been introduced to help offload the congested, previously used voice communication in larger airports, has in recent years started being questioned on its sufficiency in security. As the traffic load in air traffic communication keeps demanding more reliable and secure systems, we will in this thesis look at how widely CPDLC is actually used in practice in Europe. By using the newly introduced technology in software defined radios, we show that it is possible to capture and decode CPDLC messages to readable plain text. We furthermore discuss which type of attacks that could be possible with information retrieved from CPDLC communication.

APA, Harvard, Vancouver, ISO, and other styles

Sarmonpal, Sandra. "Learning Analytics from Research to Practice| A Content Analysis to Assess Information Quality on Product Websites." Thesis, Pepperdine University, 2018. http://pqdtopen.proquest.com/#viewpdf?dispub=13421041.

Full text

Abstract:

The purpose of this study was to examine and describe the nature of the research to practice gap in learning analytics applications in K12 educational settings. It was also the purpose of this study to characterize how learning analytics are currently implemented and understood. A secondary objective of this research was to advance a preliminary learning analytics implementation framework for practitioners. To achieve these purposes, this study applied quantitative content analysis using automated text analysis techniques to assess the quality of information provided on analytics-based product websites against learning analytics research. Because learning analytics implementations require adoption of analytical tools, characterizing content on analytics-based product websites provides insight into data practices in K12 schools and how learning analytics are practiced and understood. A major finding of this study was that learning analytics do not appear to be applied in ways that will improve learning outcomes for students as described by the research. A second finding was that policy influence expressed in the study corpus suggest competing interests within the current policy structure for K12 education settings. Keywords: quantitative content analysis, automated text analysis, learning analytics, big data, frameworks, educational technology, website content analysis

APA, Harvard, Vancouver, ISO, and other styles

Nguyen, Ngoc Tan. "A Security Monitoring Plane for Information Centric Networking : application to Named Data Networking." Thesis, Troyes, 2018. http://www.theses.fr/2018TROY0020.

Full text

Abstract:

L'architecture de l'Internet a été conçue pour connecter des hôtes distants. Mais l'évolution de son usage, qui s'apparente à celui d'une plate-forme mondiale pour la distribution de contenu met à mal son modèle de communication originale. Afin de mettre en cohérence l'architecture de l'Internet et son usage, de nouvelles architectures réseaux orientées contenu ont été proposées et celles-ci sont prêtes à être mises en oeuvre. Les questions de leur gestion, déploiement et sécurité se posent alors comme des verrous indispensables à lever pour les opérateurs de l'Internet. Dans cette thèse, nous proposons un plan de surveillance de la sécurité pour Named Data Networking (NDN), l'architecture la plus aboutie et bénéficiant d'une implémentation fonctionnelle. Dans le déploiement réel, nous avons caractérisé les attaques NDN les plus importantes - Interest Flooding Attack (IFA) et Content Poisoning Attack (CPA). Ces résultats ont permis de concevoir des micro-détecteurs qui reposent sur la théorie des tests d'hypothèses. L'approche permet de concevoir un test optimal (AUMP) capable d'assurer une probabilité de fausses alarmes (PFA) désirée en maximisant la puissance de détection. Nous avons intégré ces micro-détecteurs dans un plan de surveillance de la sécurité permettant de détecter des changements anormaux et les corréler par le réseau Bayésien, qui permet d'identifier les événements de sécurité dans un noeud NDN. Cette solution a été validée par simulation et expérimentation sur les attaques IFA et CPA
The current architecture of the Internet has been designed to connect remote hosts. But the evolution of its usage, which is now similar to that of a global platform for content distribution undermines its original communication model. In order to bring consistency between the Internet's architecture with its use, new content-oriented network architectures have been proposed, and these are now ready to be implemented. The issues of their management, deployment, and security now arise as locks essential to lift for Internet operators. In this thesis, we propose a security monitoring plan for Named Data Networking (NDN), the most advanced architecture which also benefits from a functional implementation. In this context, we have characterized the most important NDN attacks - Interest Flooding Attack (IFA) and Content Poisoning Attack (CPA) - under real deployment conditions. These results have led to the development of micro-detector-based attack detection solutions leveraging hypothesis testing theory. The approach allows the design of an optimal (AUMP) test capable of providing a desired false alarm probability (PFA) by maximizing the detection power. We have integrated these micro-detectors into a security monitoring plan to detect abnormal changes and correlate them through a Bayesian network, which can identify events impacting security in an NDN node. This proposal has been validated by simulation and experimentation on IFA and CPA attacks

APA, Harvard, Vancouver, ISO, and other styles

More sources

Books on the topic "Information security practice tests"

Christy, S. Russell, and Chuck Easttom. CompTIA® Security+® Practice Tests. Indianapolis, Indiana: John Wiley & Sons, Inc., 2018. http://dx.doi.org/10.1002/9781119549413.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Deng, Robert, Feng Bao, Guilin Wang, Jian Shen, Mark Ryan, Weizhi Meng, and Ding Wang, eds. Information Security Practice and Experience. Cham: Springer International Publishing, 2021. http://dx.doi.org/10.1007/978-3-030-93206-0.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Akram, Raja Naeem, and Sushil Jajodia, eds. Information Security Theory and Practice. Cham: Springer International Publishing, 2015. http://dx.doi.org/10.1007/978-3-319-24018-3.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Bao, Feng, Hui Li, and Guilin Wang, eds. Information Security Practice and Experience. Berlin, Heidelberg: Springer Berlin Heidelberg, 2009. http://dx.doi.org/10.1007/978-3-642-00843-6.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Laurent, Maryline, and Thanassis Giannetsos, eds. Information Security Theory and Practice. Cham: Springer International Publishing, 2020. http://dx.doi.org/10.1007/978-3-030-41702-4.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Chen, Liqun, Yi Mu, and Willy Susilo, eds. Information Security Practice and Experience. Berlin, Heidelberg: Springer Berlin Heidelberg, 2008. http://dx.doi.org/10.1007/978-3-540-79104-1.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Kwak, Jin, Robert H. Deng, Yoojae Won, and Guilin Wang, eds. Information Security, Practice and Experience. Berlin, Heidelberg: Springer Berlin Heidelberg, 2010. http://dx.doi.org/10.1007/978-3-642-12827-1.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Deng, Robert H., and Tao Feng, eds. Information Security Practice and Experience. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013. http://dx.doi.org/10.1007/978-3-642-38033-4.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Heng, Swee-Huay, and Javier Lopez, eds. Information Security Practice and Experience. Cham: Springer International Publishing, 2019. http://dx.doi.org/10.1007/978-3-030-34339-2.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Ryan, Mark D., Ben Smyth, and Guilin Wang, eds. Information Security Practice and Experience. Berlin, Heidelberg: Springer Berlin Heidelberg, 2012. http://dx.doi.org/10.1007/978-3-642-29101-2.

Full text

APA, Harvard, Vancouver, ISO, and other styles

More sources

Book chapters on the topic "Information security practice tests"

Li, Xiehua, Shutang Yang, Jianhua Li, and Hongwen Zhu. "Security Protocol Analysis with Improved Authentication Tests." In Information Security Practice and Experience, 123–33. Berlin, Heidelberg: Springer Berlin Heidelberg, 2006. http://dx.doi.org/10.1007/11689522_12.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Park, Heejin, Sang Kil Park, Ki-Ryong Kwon, and Dong Kyue Kim. "Probabilistic Analyses on Finding Optimal Combinations of Primality Tests in Real Applications." In Information Security Practice and Experience, 74–84. Berlin, Heidelberg: Springer Berlin Heidelberg, 2005. http://dx.doi.org/10.1007/978-3-540-31979-5_7.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Zhou, Xuhua, Xuhua Ding, and Kefei Chen. "Lightweight Delegated Subset Test with Privacy Protection." In Information Security Practice and Experience, 138–51. Berlin, Heidelberg: Springer Berlin Heidelberg, 2011. http://dx.doi.org/10.1007/978-3-642-21031-0_11.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Cai, Jun, Jian-Zhen Luo, Jianliang Ruan, and Yan Liu. "Toward Fuzz Test Based on Protocol Reverse Engineering." In Information Security Practice and Experience, 892–97. Cham: Springer International Publishing, 2017. http://dx.doi.org/10.1007/978-3-319-72359-4_56.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Zhao, Hui, Yongbin Zhou, François-Xavier Standaert, and Hailong Zhang. "Systematic Construction and Comprehensive Evaluation of Kolmogorov-Smirnov Test Based Side-Channel Distinguishers." In Information Security Practice and Experience, 336–52. Berlin, Heidelberg: Springer Berlin Heidelberg, 2013. http://dx.doi.org/10.1007/978-3-642-38033-4_24.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Azad, Nasreen. "DevOps Challenges and Risk Mitigation Strategies by DevOps Professionals Teams." In Lecture Notes in Business Information Processing, 369–85. Cham: Springer Nature Switzerland, 2024. http://dx.doi.org/10.1007/978-3-031-53227-6_26.

Full text

Abstract:

AbstractDevOps is a team culture and organizational practice that eliminates inefficiencies and bottlenecks in the DevOps infrastructure. While many companies are adopting DevOps practices, it can still be risky. We conducted 26 interviews with DevOps professionals around the globe and found four major risks associated with DevOps practices: Organizational risks (Intra-organizational collaboration and communication, strategic planning), Social and cultural risks (Team Dynamics, Cultural shift), Technical risks (Integration, Build and test automation), Ethics and security breaches in DevOps environment (Ethical risks, Data collection ethics, Ethical decision making). Our research also identified several risk mitigation strategies namely continuous testing, using infrastructure as code, security audit and monitoring, disaster recovery planning, cross-functional training, proper documentation, continuous learning, continuous improvement etc. that companies can adopt for better performance and efficiency.

APA, Harvard, Vancouver, ISO, and other styles

Fan, Limin, Hua Chen, and Si Gao. "A General Method to Evaluate the Correlation of Randomness Tests." In Information Security Applications, 52–62. Cham: Springer International Publishing, 2014. http://dx.doi.org/10.1007/978-3-319-05149-9_4.

Full text

APA, Harvard, Vancouver, ISO, and other styles

de Carvalho, Luciano Gonçalves, and Marcelo Medeiros Eler. "Security Requirements and Tests for Smart Toys." In Enterprise Information Systems, 291–312. Cham: Springer International Publishing, 2018. http://dx.doi.org/10.1007/978-3-319-93375-7_14.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Kaksonen, Rauli, Kimmo Halunen, Marko Laakso, and Juha Röning. "Transparent Security Method for Automating IoT Security Assessments." In Information Security Practice and Experience, 138–53. Singapore: Springer Nature Singapore, 2023. http://dx.doi.org/10.1007/978-981-99-7032-2_9.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Mittelbach, Arno, and Marc Fischlin. "Iterated Hash Functions in Practice." In Information Security and Cryptography, 585–618. Cham: Springer International Publishing, 2021. http://dx.doi.org/10.1007/978-3-030-63287-8_15.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "Information security practice tests"

Linenberg, Amos. "Continuous on Site Monitoring of VOCs in Water Sources." In ASME 2003 9th International Conference on Radioactive Waste Management and Environmental Remediation. ASMEDC, 2003. http://dx.doi.org/10.1115/icem2003-4677.

Full text

Abstract:

Public concern over the state of the environment is at an all-time high and rightfully so! Industry practice, recent government regulations and lax enforcement have allowed frightening practices to continue for too long. Industries must, by law, monitor the level of toxins they discharge into the environment. Collecting samples and sending them to an off-site laboratory for analysis is the normal practice to comply with present regulations. This protocol is not only a time-consuming and costly exercise, but does not provide continuous information for alerting the public and the authorities of a potential disaster. A water treatment plant is obligated to test water for volatile organic compounds (VOCs) at frequencies that vary from a few times per week to once every three months. Authorities may test finished water as infrequently as once per year. This means that drinking water supplied or waste water discharged, between discrete analyses, is of unknown purity. Since September 11, 2001, an additional dimension, “water security”, has been added to the need for instantaneous analysis. Protection and preservation of water sources such as reservoirs, lakes and rivers from intentional and unintentional contamination, have become an issue, which involves homeland security. Here again, obtaining a fast and accurate response at all times is extremely important. Sentex Systems, Inc., which has specialized for several years in on site VOCs analysis, has developed a system by which online continuous analysis of VOCs in water is available. This system, which is based on the principle of in-situ purge and trap Gas Chromatography, will detect and analyze VOCs on site for most industrial and environmental applications, without the need for sample preparation, such as filtration. The system can continuously monitor process streams so that at any given time plant management knows what the VOC content is. The system, called the SituProbe, is already being used successfully in various industrial plants.

APA, Harvard, Vancouver, ISO, and other styles

Poon, Anthony, Sarah Giroux, Parfait Eloundou-Enyegue, François Guimbretière, and Nicola Dell. "Baccalauréat Practice Tests in Cameroon." In ICTD2020: Information and Communication Technologies and Development. New York, NY, USA: ACM, 2020. http://dx.doi.org/10.1145/3392561.3394646.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Mouelhi, Tejeddine, Yves Le Traon, and Benoit Baudry. "Mutation Analysis for Security Tests Qualification." In Testing: Academic and Industrial Conference Practice and Research Techniques - MUTATION (TAICPART-MUTATION 2007). IEEE, 2007. http://dx.doi.org/10.1109/taic.part.2007.21.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Full text

APA, Harvard, Vancouver, ISO, and other styles

Kozhurkina, Olesia Alekseevna. "Information security in legal activities." In International Research-to-practice conference, chair Ilia Pavlovich Mikhnev. TSNS Interaktiv Plus, 2018. http://dx.doi.org/10.21661/r-467735.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Block, Shannon, Steven Munkeby, and Samuel Sambasivam. "An Empirical Examination of the Effects of CTO Leadership on the Alignment of the Governance of Big Data and Information Security Risk Management Effectiveness." In InSITE 2021: Informing Science + IT Education Conferences. Informing Science Institute, 2021. http://dx.doi.org/10.28945/4763.

Full text

Abstract:

Aim/Purpose: Board of Directors seek to use their big data as a competitive advantage. Still, scholars note the complexities of corporate governance in practice related to information security risk management (ISRM) effectiveness. Background: While the interest in ISRM and its relationship to organizational success has grown, the scholarly literature is unclear about the effects of Chief Technology Officers (CTOs) leadership styles, the alignment of the governance of big data, and ISRM effectiveness in organizations in the West-ern United States. Methodology: The research method selected for this study was a quantitative, correlational research design. Data from 139 participant survey responses from Chief Technology Officers (CTOs) in the Western United States were analyzed using 3 regression models to test for mediation following Baron and Kenny’s methodology. Contribution: Previous scholarship has established the importance of leadership styles, big data governance, and ISRM effectiveness, but not in a combined understanding of the relationship between all three variables. The researchers’ primary objective was to contribute valuable knowledge to the practical field of computer science by empirically validating the relationships between the CTOs leadership styles, the alignment of the governance of big data, and ISRM effectiveness. Findings: The results of the first regression model between CTOs leadership styles and ISRM effectiveness were statistically significant. The second regression model results between CTOs leadership styles and the alignment of the governance of big data were not statistically significant. The results of the third regression model between CTOs leadership styles, the alignment of the governance of big data, and ISRM effectiveness were statistically significant. The alignment of the governance of big data was a significant predictor in the model. At the same time, the predictive strength of all 3 CTOs leadership styles was diminished between the first regression model and the third regression model. The regression models indicated that the alignment of the governance of big data was a partial mediator of the relationship between CTOs leadership styles and ISRM effectiveness. Recommendations for Practitioners: With big data growing at an exponential rate, this research may be useful in helping other practitioners think about how to test mediation with other interconnected variables related to the alignment of the governance of big data. Overall, the alignment of governance of big data being a partial mediator of the relationship between CTOs leadership styles and ISRM effectiveness suggests the significant role that the alignment of the governance of big data plays within an organization. Recommendations for Researchers: While this exact study has not been previously conducted with these three variables with CTOs in the Western United States, overall, these results are in agreement with the literature that information security governance does not significantly mediate the relationship between IT leadership styles and ISRM. However, some of the overall findings did vary from the literature, including the predictive relationship between transactional leadership and ISRM effectiveness. With the finding of partial mediation indicated in this study, this also suggests that the alignment of the governance of big data provides a partial intervention between CTOs leadership styles and ISRM effectiveness. Impact on Society: Big data breaches are increasing year after year, exposing sensitive information that can lead to harm to citizens. This study supports the broader scholarly consensus that to achieve ISRM effectiveness, better alignment of governance policies is essential. This research highlights the importance of higher-level governance as it relates to ISRM effectiveness, implying that ineffective governance could negatively impact both leadership and ISRM effectiveness, which could potentially cause reputational harm. Future Research: This study raised questions about CTO leadership styles, the specific governance structures involved related to the alignment of big data and ISRM effectiveness. While the research around these variables independently is mature, there is an overall lack of mediation studies as it relates to the impact of the alignment of the governance of big data. With the lack of alignment around a universal framework, evolving frameworks could be tested in future research to see if similar results are obtained. *** NOTE: This Proceedings paper was revised and published in the journal Issues in Informing Science and Information Technology, 18, 41-61. At the bottom of this page, click DOWNLOAD PDF to download the published paper. ***

APA, Harvard, Vancouver, ISO, and other styles

Gonçalves de Carvalho, Luciano, and Marcelo Medeiros Eler. "Security Tests for Smart Toys." In 20th International Conference on Enterprise Information Systems. SCITEPRESS - Science and Technology Publications, 2018. http://dx.doi.org/10.5220/0006776101110120.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Vaduva, Janalexandru, Raduemanuel Chiscariu, Ioana Culic, Iuliamaria Florea, and Razvan Rughinis. "ADREM: SYSTEM CALL BASED INTRUSION DETECTION FRAMEWORK." In eLSE 2019. Carol I National Defence University Publishing House, 2019. http://dx.doi.org/10.12753/2066-026x-19-021.

Full text

Abstract:

We are living in an era where computers govern the educational process. The market is flooded with puzzles, games, quizzes or other kinds of applications destined to help teachers explain different concepts and to enable students to practice their skills and test the knowledge. For all these systems, be them computers, server or embedded devices, the internet connection is the essential aspect. As a result, we have children and students working with devices that are exposed to the highest degree of security issues and threats. Attacks are continuously evolving, becoming more flexible, adaptable and hard to detect, and leaving children and students vulnerable to malicious software that can either collect sensitive information about them or expose them to inappropriate content. Because of this, it is only natural that security solutions became of significant importance for the tech educational industry. Computers, servers and embedded devices are exposed to the highest degree of security issues and threats since the internet became an essential need. Attacks are continuously evolving, becoming more flexible, adaptable and hard to detect. This made only natural the shift towards adaptive security oriented solutions. One of the security those solutions is represented by anomaly based intrusion detection techniques. Anomaly based intrusion detection systems build a baseline of normal behavior. For a Linux based operating system, which represents a great percent of the platforms used in education, this is accomplished by monitoring a given process or sets of processes. Any significant deviation from the baseline model is flagged as malicious activity. This paper proposes a framework for intrusion detection using system call traces captured from services running on a container. The work done is based on The Australian Defence Force Academy Linux Dataset, more well-known as ADFA-LD. The analysis is done taking into consideration the temporal allocation of the system calls. The classification module is based on supervised machine learning techniques. To test the accuracy of the framework, a case study involving a database application running under a Linux container is analyzed. The results together with the proposed framework implementation are described in details.

APA, Harvard, Vancouver, ISO, and other styles

Simms, David John. "Information Security Optimization: From Theory to Practice." In 2009 International Conference on Availability, Reliability and Security. IEEE, 2009. http://dx.doi.org/10.1109/ares.2009.106.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Mitkovskiy, Alexey, Andrey Ponomarev, and Andrey Proletarskiy. "SIEM-PLATFORM FOR RESEARCH AND EDUCATIONAL TASKS ON PROCESSING OF SECURITY INFORMATION EVENTS." In eLSE 2019. Carol I National Defence University Publishing House, 2019. http://dx.doi.org/10.12753/2066-026x-19-143.

Full text

Abstract:

Nowadays, the technology of Security Information and Event Management (SIEM) becomes one of the most important research applications for advanced security threat detection in a complex enterprise environment. The underlying principles of every SIEM system is the aggregation of security events, captured from across an enterprise network and analysis of the gathered log data in real time through set of correlation rules to provide rapid response to security incidents. This article is about applying a unique practical method of teaching undergraduate students in the field of enterprise infrastructure protection from cyberattacks. The introduction of practical methods in learning consists of a review of stages, required for an attacker to infiltrate an enterprise's network, allowing students to realize, which events need to be monitored to detect signs of possible threats on the network. The architecture and principles of the SIEM-platform are described in details. In addition, this paper discusses how an emulation testbed of virtual enterprise can serve as a platform for generating event logs from network security appliances to analyze, which sequences of events are likely indications of cyberattack. The article also discusses how students can develop and test their own correlation rules to identify threats within IT environment. The following cases can be considered as the basis for testing the correlation rules: logon success and failures, systems with disabled security services, modification of user accounts and other events. After completing this course, students acquire skills to detect and identify assets in the network, collect events using various protocols to detect suspicious activities and investigate policy violations.

APA, Harvard, Vancouver, ISO, and other styles

Reports on the topic "Information security practice tests"

Pilkevych, Ihor, Oleg Boychenko, Nadiia Lobanchykova, Tetiana Vakaliuk, and Serhiy Semerikov. Method of Assessing the Influence of Personnel Competence on Institutional Information Security. CEUR Workshop Proceedings, April 2021. http://dx.doi.org/10.31812/123456789/4374.

Full text

Abstract:

Modern types of internal threats and methods of counteracting these threats are analyzed. It is established that increasing the competence of the staff of the institution through training (education) is the most effective method of counteracting internal threats to information. A method for assessing the influence of personnel competence on institutional information security is proposed. This method takes into account violator models and information threat models that are designed for a specific institution. The method proposes to assess the competence of the staff of the institution by three components: the level of knowledge, skills, and character traits (personal qualities). It is proposed to assess the level of knowledge based on the results of test tasks of different levels of complexity. Not only the number of correct answers is taken into account, but also the complexity of test tasks. It is proposed to assess the assessment of the level of skills as the ratio of the number of correctly performed practical tasks to the total number of practical tasks. It is assumed that the number of practical tasks, their complexity is determined for each institution by the direction of activity. It is proposed to use a list of character traits for each position to assess the character traits (personal qualities) that a person must have to effectively perform the tasks assigned to him. This list should be developed in each institution. It is proposed to establish a quantitative assessment of the state of information security, defining it as restoring the amount of probability of occurrence of a threat from the relevant employee to the product of the general threat and employees of the institution. An experiment was conducted, the results of which form a particular institution show different values of the level of information security of the institution for different values of the competence of the staff of the institution. It is shown that with the increase of the level of competence of the staff of the institution the state of information security in the institution increases.

APA, Harvard, Vancouver, ISO, and other styles

Goodwin, Sarah, Yigal Attali, Geoffrey LaFlair, Yena Park, Andrew Runge, Alina von Davier, and Kevin Yancey. Duolingo English Test - Writing Construct. Duolingo, March 2023. http://dx.doi.org/10.46999/arxn5612.

Full text

Abstract:

Assessments, especially those used for high-stakes decision making, draw on evidence-based frameworks. Such frameworks inform every aspect of the testing process, from development to results reporting. The frameworks that language assessment professionals use draw on theory in language learning, assessment design, and measurement and psychometrics in order to provide underpinnings for the evaluation of language skills including speaking, writing, reading, and listening. This paper focuses on the construct, or underlying trait, of writing ability. The paper conceptualizes the writing construct for the Duolingo English Test, a digital-first assessment. “Digital-first” includes technology such as artificial intelligence (AI) and machine learning, with human expert involvement, throughout all item development, test scoring, and security processes. This work is situated in the Burstein et al. (2022) theoretical ecosystem for digital-first assessment, the first representation of its kind that incorporates design, validation/measurement, and security all situated directly in assessment practices that are digital first. The paper first provides background information about the Duolingo English Test and then defines the writing construct, including the purposes for writing. It also introduces principles underpinning the design of writing items and illustrates sample items that assess the writing construct.

APA, Harvard, Vancouver, ISO, and other styles

Carle, Steven, Mavrik Zavarin, and Andrew Tompson. Review of Cavity Radius and Chimney Height Information for Underground Nuclear Tests at Nevada National Security Site. Office of Scientific and Technical Information (OSTI), January 2021. http://dx.doi.org/10.2172/1762870.

Full text

APA, Harvard, Vancouver, ISO, and other styles

Ruiz-Vega, Mauricio, Ana Corbacho, and Martín Ardanaz. Mind the Gap: Bridging the Perception and Reality of Crime Rates with Information. Inter-American Development Bank, August 2014. http://dx.doi.org/10.18235/0011650.

Full text

Abstract:

Gains from government crime-reducing programs are not always visible to the average citizen. The media overexpose crime events, but the absence of crime rarely makes the news, increasing the risk that citizen may have inaccurate perceptions of security. Through a survey experiment carried out in Bogota, Colombia, a city that experienced a substantial reduction in homicides over the last decade, as well as a noticeable drop in robberies, this paper tests the effect that communicating objective crime trends could have on such perceptions. The results show that information improves perceptions of safety and police effectiveness, and lowers distrust in the police. However, the information treatment is not able to impact those with biased priors, and tends to weaken over time. A more active and regular engagement with citizens regarding these trends is needed to bridge the gap between perception and reality.

APA, Harvard, Vancouver, ISO, and other styles

Sergeev, Alexander, Nikolay Litusov, Ekaterina Voroshilina, Alexey Kozlov, Yulia Grigoryeva, Danila Zornikov, Vasily Petrov, et al. Electronic educational resource Microbiology, virology and immunology. SIB-Expertise, January 2024. http://dx.doi.org/10.12731/er0769.29012024.

Full text

Abstract:

"The electronic educational resource has been prepared as information support for the independent work of students, residents and graduate students mastering the main educational programs of higher professional education of the enlarged group of specialties Healthcare, developed on the basis of the Federal State Educational Standards of Higher Education and Professional Standards and providing for the formation of knowledge in microbiology and virology and immunology. The electronic educational resource provides information on the morphology, physiology, genetics, ecology of microorganisms, the basics of infectology and the epidemiology of infectious diseases. Each section is accompanied by control questions and practice tests. The manual contains extensive illustrative material that contributes to the assimilation of the issues under study. The electronic educational resource will help in the work of students, residents and graduate students both directly in practical classes and in preparation for classes, tests and exams."

APA, Harvard, Vancouver, ISO, and other styles

Dinovitzer, Aaron. PR-214-134502-R01 Weld Hydrogen Cracking Risk Management Guide. Chantilly, Virginia: Pipeline Research Council International, Inc. (PRCI), May 2019. http://dx.doi.org/10.55274/r0011591.

Full text

Abstract:

PRCI and other organizations have funded research and development programs related to weld hydrogen cracking to develop tests, define hardness limits, understand diffusible hydrogen delivery, evaluate hydrogen cracking delay time and define weldment material hydrogen cracking susceptibility. These projects have produced results that can be used in developing or approving welding procedures, and electrodes or consumables. With all of this information available, hydrogen cracking is still being observed in new construction and in-service welds. This report has assembled samples of this information to provide an outline of current practice and knowledge. From this overview, gaps in knowledge or tools have been identified to support defining the path forward and enhance our understanding of how to predict the occurrence and preclude hydrogen cracking from weldments. Some concepts, identified in this document, are demonstrated to illustrate what can be achieved in support of weld hydrogen cracking management.

APA, Harvard, Vancouver, ISO, and other styles

Macedo, Jorge, Paul Mayne, Sheng Dai, Paola Torres, Cody Arnold, Luis Vergaray, and Yumeng Zhao. Cone Penetration Testing for Illinois Subsurface Characterization and Geotechnical Design. Illinois Center for Transportation, May 2024. http://dx.doi.org/10.36501/0197-9191/24-013.

Full text

Abstract:

This project sets the stage for implementing a cone penetration testing (CPT) practice in the state of Illinois, providing recommendations for using and interpreting CPT soundings in subsurface investigations. This study also contributes to modernizing Illinois Department of Transportation (IDOT) policy to current CPT-related practices adopted in other departments of transportation, which is consistent with recommendations from the Federal Highway Administration. Toward the goals of this project, CPT soundings across the nine districts of the state of Illinois have been conducted, and available CPT data at IDOT have been evaluated. The generated data have been uniformly processed, generating a database of 156 CPTs distributed across the nine districts. The database also includes shear wave velocity profiles at 28 locations and pore pressure dissipation tests at 45 locations. In addition, information (editable and non-editable) provided by IDOT has been carefully examined. The provided information consisted of boreholes with standard penetration test (SPT) data and laboratory tests on collected Shelby tubes. This information has been used to develop SPT-CPT correlations that can be applied in the state of Illinois and to provide examples of interpreting seismic piezocone test (SCPTu) data in the context of laboratory testing. Due to the several independent, fast, and reliable measurements that can be conducted in a CPT sounding and the fact that they can be done cost-effectively, CPT soundings are increasingly being preferred for in situ testing, and their adoption at IDOT is a positive step forward and consistent with the best practices at other U.S. departments of transportation.

APA, Harvard, Vancouver, ISO, and other styles

Vilalta Perdomo, Carlos J. Determinant Factors in the Perception of Crime-Related Insecurity in Mexico. Inter-American Development Bank, March 2013. http://dx.doi.org/10.18235/0011448.

Full text

Abstract:

What determines the feeling of insecurity with respect to crime and what can be done about it? This study proposes and tests a correlational model that combines different theoretical determinants of insecurity and the fear of crime. The test was carried out both in the country as a whole and in the Mexico City Metropolitan Area. The sources of information are the National Victimization Survey and Perception on Public Security (ENVIPE) of 2011 and the Victimization Survey and Institutional Effectiveness (ENVEI) of August 2010 and January 2011. The findings suggest that actions to promote civility in neighborhoods and towns and efforts to develop a relationship of trust with the local police should be implemented in order to significantly reduce the feeling of insecurity.

APA, Harvard, Vancouver, ISO, and other styles

Zevotek, Robin, and Steve Kerber. Fire Service Summary Report: Study of the Effectiveness of Fire Service Positive Pressure Ventilation During Fire Attack in Single Family Homes Incorporating Modern Construction Practices. UL Firefighter Safety Research Institute, May 2016. http://dx.doi.org/10.54206/102376/ncck4947.

Full text

Abstract:

There is a continued tragic loss of firefighter and civilian lives, as shown by fire statistics. One significant contributing factor is the lack of understanding of fire behavior in residential structures resulting from the use of ventilation as a firefighter practice on the fire ground. The changing dynamics of residential fires as a result of the changes in home construction materials, contents, size and geometry over the past 30 years compounds our lack of understanding of the effects of ventilation on fire behavior. Positive Pressure Ventilation (PPV) fans were introduced as a technology to increase firefighter safety by controlling the ventilation. However, adequate scientific data is not available for PPV to be used without increasing the risk to firefighters. This fire research report details the experimental data from cold flow experiments, fuel load characterization experiments and full scale fire experiments. During the project it was identified that the positive pressure attack (PPA) and positive pressure ventilation (PPV) were often used interchangeably. For the purpose of this report they have been defined as PPA for when the fan is utilized prior to fire control and PPV for when the fan is used post fire control. The information from the full scale tests was reviewed with assistance from our technical panel of fire service experts to develop tactical considerations for the use of PPV fans in residential single family structures.

APA, Harvard, Vancouver, ISO, and other styles

Zevotek, Robin, and Steve Kerber. Study of the Effectiveness of Fire Service Positive Pressure Ventilation During Fire Attack in Single Family Homes Incorporating Modern Construction Practices. UL Firefighter Safety Research Institute, May 2016. http://dx.doi.org/10.54206/102376/gsph6169.

Full text

Abstract:

APA, Harvard, Vancouver, ISO, and other styles

We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

Contents

Academic literature on the topic 'Information security practice tests'

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Journal articles on the topic "Information security practice tests"

Dissertations / Theses on the topic "Information security practice tests"

Books on the topic "Information security practice tests"

Book chapters on the topic "Information security practice tests"

Conference papers on the topic "Information security practice tests"

Reports on the topic "Information security practice tests"