Dissertations / Theses on the topic 'Information security projects'
To see the other types of publications on this topic, follow the link: Information security projects.
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 33 dissertations / theses for your research on the topic 'Information security projects.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Tshabalala, Obediant. "Critical success factors of information security projects." Thesis, Nelson Mandela Metropolitan University, 2016. http://hdl.handle.net/10948/10397.
Full textAbstract:
The research shows the critical success factors when implementing information security projects. Many Information security projects in the past have not been successful because these factors were not identified and emphasised effectively. By identifying these factors the research basically presents a model by which information security projects can be executed with guaranteed success. The factors identified during the study cover the following streams: top management commitment as a factor of success; accountability as a factor of success; responsibility as a factor of success; awareness as a factor of success and an information security policy as a factor of success. For the empirical study, a physical questionnaire was administrated to a pool of experts in project management and information security. The study consisted of 60 participants who were verified to have minimum requirements core for questionnaire completion. The questionnaire requested for biological information of the participants and their perceived relations (based on their experience) between project success versus accountability, information security project success versus responsibilities, information security project success versus training & awareness, information security project success versus top management commitment and information security project success versus information security policy. The participants’ responses were structured according to a Likert-type scale. Participants had to indicate the extent to which they agreed with each of the statements in the questionnaire. The responses obtained from the survey were presented and analysed. The researcher observed in this study that information security projects are so specific that critical success factors need to be emphasised from project inception. With the identified critical success factors, the researcher recommends that a project methodology be structured to include these factors so that there is a standard in running information security projects successfully. The researcher also identified that amongst the critical success factors identified, there are some that need to be emphasised more than the others due to their level of importance in such projects.
2
Basson, Delton Jade. "Managing infrastructure risks in information communication technology outsourced projects : a case study at Transnet, South Africa." Thesis, Cape Peninsula University of Technology, 2017. http://hdl.handle.net/20.500.11838/2535.
Full textAbstract:
Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2017.The balance between the dependency on Information and Communications Technology (ICT) and reducing costs has led to an increase in ICT outsourcing in many organisations. ICT outsourcing has benefits, but organisations have limited knowledge on information security and risks when outsourcing these functions. A lack of information security knowledge or a poor organisational risk culture carries the risk of project failure and security breaches. It is unclear how to manage information risks through the usage of ICT infrastructure risk management when outsourcing ICT projects, and this exposes organisations to ICT security risks. The aim of the study is to explore how a selected transport organisation can manage information risks through the usage of infrastructure risk management when outsourcing ICT projects. Two primary research questions are posed namely, “what information risks does the ICT department manage when outsourcing ICT projects?”, and “how can the ICT department protect their information through the usage of infrastructure risk management against ICT security threats when outsourcing ICT?” To answer these two questions, a study was conducted at a transport organisation in South Africa. A subjective ontological and interpretivist epistemological stance has been adopted and an inductive research approach was followed. The research strategy was a case study. Data for this study was gathered through interviews (17 in total) using semi-structured questionnaires. Data collected were transcribed, summarised, and categorised to provide a clear understanding of the data. For this study, forty findings and eight themes were identified. The themes are ICT outsourcing, information risks, costs, ICT vendor dependency, vendor access and management, risk management, user awareness, and frameworks. Guidelines are proposed, comprising six primary components. The results point to gaps that need to be addressed to ensure that information is protected when outsourcing ICT projects. Measures need to be put in place and communication has to be improved among operating divisions. The findings lead to questions such as, ““how does business create an ICT security culture to ensure that information is protected at all times”, and “does vendor access management really get the necessary attention it requires?” Further studies on human behaviour towards ICT security is needed to ensure the protection of organisations against security risks.
3
Wells, William Ward. "Information security program development." CSUSB ScholarWorks, 2004. https://scholarworks.lib.csusb.edu/etd-project/2585.
Full text
4
Ma, Chunyan. "Mathematical security models for multi-agent distributed systems." CSUSB ScholarWorks, 2004. https://scholarworks.lib.csusb.edu/etd-project/2568.
Full textAbstract:
This thesis presents the developed taxonomy of the security threats in agent-based distributed systems. Based on this taxonomy, a set of theories is developed to facilitate analyzng the security threats of the mobile-agent systems. We propose the idea of using the developed security risk graph to model the system's vulnerabilties.
5
Andersson, Mari-Louise. "Securing an ERP Implementation." Thesis, Växjö University, School of Mathematics and Systems Engineering, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:vxu:diva-1882.
Full textAbstract:
An implementation project of an ERP system results in large changes. Organizations
that face an ERP implementation project have several risks to
consider in order to avoid problems that cause failures. The purpose of
this research is to extend existing models and create a method for implementation
of ERP systems. The method has then been employed to an
ongoing project at the department of Procurement and Supply at Ericsson
Mobile Platforms in Lund. Objectives for the research are to consider
which implementation strategy can be used and how an organization can
minimize risks.
The research approach and methodology is influenced by the qualitative
research method since it was necessary to gather qualitative facts instead
of quantitative facts. Included is also a case study due to the research is
executed within Ericsson Mobile Platforms in Lund.
There are two main opposite implementation strategies, Big Bang and
Step-by-Step. The choice of implementation strategy depends on number
of factors like the size of the organizations, complexity and resources.
A method of ERP implementation has been put forward as a result of the
integrated models. The method includes an overall model and a check list.
Risk identification is a problem that many implementation project faces, a
way to solve this is to make a careful risk analysis, a risk matirx with several
identified risks are putted forward throughout this study.
6
Martinez, Antonio. "Information management and the biological warfare threat." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2002. http://sirsi.nps.navy.mil/uhtbin/hyperion-image/02Mar%5FMartinez.pdf.
Full text
7
Lachheb, Tawfik. "A secure client/server java application programming interface." CSUSB ScholarWorks, 2004. https://scholarworks.lib.csusb.edu/etd-project/2561.
Full textAbstract:
The purpose of this project is to develop a generic Java Application Programming Interface (API) that would be used to provide security and user privacy to functions such as data transfer, key management, digital signature, etc.
8
Stocking, Galen Asher Thomas. "The threat of cyberterrorism: Contemporary consequences and prescriptions." CSUSB ScholarWorks, 2004. https://scholarworks.lib.csusb.edu/etd-project/2590.
Full textAbstract:
This study researches the varying threats that emanate from terrorists who carry their activity into the online arena. It examines several elements of this threat, including virtual to virtual attacks and threats to critical infrastructure that can be traced to online sources. It then reports on the methods that terrorists employ in using information technology such as the internet for propaganda and other communication purposes. It discusses how the United States government has responded to these problems, and concludes with recommendations for best practices.
9
Prati, Marco. "ROP Gadgets hiding techniques in Open Source Projects." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2012. http://amslaurea.unibo.it/4682/.
Full textAbstract:
Today there are many techniques that allows to exploit vulnerabilities of an application; there are also many techniques that are designed to stop these exploit attacks. This thesis wants to highlight how a specific type of attack, based on a technique called Return Oriented Programming (ROP), can be easily applied to binaries with particular characteristics. A new method that allows the injection of "useful" code in an Open Source projects without arousing suspicions is presented; this is possible because of the harmless aspects of the injected code.
This useful code facilitate a ROP attack against an executable that contains vulnerable bugs. The injection process can be visualized in environment where an user can contribute with own code to a particular Open Source project. This thesis also highlights how current software protections are not correctly applied to Open Source project, thus enabling the proposed approach.
10
Reis, David W. "An Examination of an Information Security Framework Implementation Based on Agile Values to Achieve Health Insurance Portability and Accountability Act Security Rule Compliance in an Academic Medical Center: The Thomas Jefferson University Case Study." NSUWorks, 2012. http://nsuworks.nova.edu/gscis_etd/286.
Full textAbstract:
Agile project management is most often examined in relation to software development, while information security frameworks are often examined with respect to certain risk management capabilities rather than in terms of successful implementation approaches. This dissertation extended the study of both Agile project management and information security frameworks by examining the efficacy of implementing a security framework using a nontraditional project management approach. Such an investigation is significant because of the high rate of failed IT projects, gaps in the current security framework implementation literature, and increased regulatory pressure on Health Insurance Portability and Accountability (HIPAA)-covered entities to become compliant with the HIPAA Security Rule.
HIPAA-covered entities have struggled to achieve HIPAA compliance since the Act's enforcement date. Specifically, academic medical centers have struggled to achieve and authoritatively document their compliance with the HIPAA Security Rule. To aid HIPAA-covered entities in confirming and documenting their HIPAA Security Rule compliance, the HITRUST Alliance has published the Common Security Framework. Thomas Jefferson University selected the Common Security Framework to help them assess and document their HIPAA Security Rule compliance. However, there is a documented gap in the literature on successful methods for implementing information security-related projects, particularly HIPAA compliance.
In this single-case case study, the author examined the implementation of an Information Security Framework based on Agile values. Specifically examined were the values of (a) individuals and interactions over processes and tools; (b) working software over comprehensive documentation; (c) customer collaboration over contract negotiation; and (d) responding to change over following a plan. The results of this investigation indicated that an information security framework implementation based on Agile values is a viable approach for successfully implementing the Common Security Framework at an academic medical center.
11
Chen, Tang-Li. "Designing secure, JAVA based online registration systems to meet peak load performance targets." CSUSB ScholarWorks, 2004. https://scholarworks.lib.csusb.edu/etd-project/2767.
Full textAbstract:
This project "Designing Secure, Java Based Online Registration Systems to Meet Peak Load Performance Targets" is a simulation of a Web-based exposition management system plus a performance testing procedure to examine this web application.
12
Chinpanich, Vorapong. "Helpdesk Support Alert System." CSUSB ScholarWorks, 2004. https://scholarworks.lib.csusb.edu/etd-project/2674.
Full textAbstract:
The goal of this project was to implement the Helpdesk Support Alert System in the Data Center Services (DCS) of California State University, San Bernardino's (CSUSB's) Information Resource and Technology Division (IRT). DCS is responsible for ensuring uninterrupted operation of all CSUSB administrative computing systems. These responsibilities include user support, system maintenance, and system security. The DCS helpdesk cannot be staffed 24 hours a day; this application is designed to alert DCS technicians of emergencies when they are away from the helpdesk. The Helpdesk Support Alert System sends out an automated emergency alert in the form of a short text message to technicians' mobile phones. Technicians respond back to their main office by using the Wireless Application Protocol (WAP) capability of their mobile phones.
13
Macdonell, James Patrick. "MiniCA: A web-based certificate authority." CSUSB ScholarWorks, 2007. https://scholarworks.lib.csusb.edu/etd-project/3256.
Full textAbstract:
The MiniCA project is proposed and developed to address growing demand for inexpensive access to security features such as privacy, strong authentication, and digital signatures. These features are integral to public-key encryption technologies. The audience for whom the software project is intended includes, technical staff requiring certificates for use in SSL applications (i.e. a secure web-site) at California State University, San Bernardino.
14
Hsiao, Chih-Wen, David Turner, and Keith Ross. "A secure lightweight currency service provider." CSUSB ScholarWorks, 2004. https://scholarworks.lib.csusb.edu/etd-project/2594.
Full textAbstract:
The main purpose of this project is to build a bank system that offers a friendly and simple interface to let users easily manage their lightweight currencies. The Lightweight Currency Protocol (LCP) was originally proposed to solve the problem of fairness in resource cooperatives. However, there are other possible applications of the protocol, including the control of spam and as a general purpose medium of exchange for low value transactions. This project investigates the implementation issues of the LCP, and also investigates LCP bank services to provide human interface to currency operations.
15
Patton, George Allen. "Supporting and Securing Personal Mobile Devices Within an Existing Information Technology Environment." ScholarWorks, 2014. https://scholarworks.waldenu.edu/dissertations/124.
Full textAbstract:
Personal mobile devices are becoming integrated into the daily operations of business. Managers are realizing that employees who are allowed to use personal mobile devices to access corporate information systems may reduce costs as users buy their own devices. The problem was that managers have a limited understanding of the need to secure or support personal mobile devices. The purpose of this survey study was to examine the relationship between employees' desire to use personal mobile devices and corporation needs for security and support. Hypotheses were tested by examining the relationships between the requirement to support and secure personal mobile devices as the independent variables and the desire to use personal mobile devices as the dependent variable. The theoretical framework for the study included the IT product life-cycle management theory, IT security-management theory, and IT strategic-management theory. Survey data were collected from a convenience sample of 108 employees at the study-site organization from an estimated population of 170. Basic linear regression analyses performed found a correlation coefficient of 0.905 indicating the variables are highly correlated. This finding indicates that if personal mobile devices are given access to corporate information systems, then support and security will be necessary for successful operations. If the relationship between internal factors and operational success is clearly documented, organizations may be able to use the data to justify incorporating personal mobile devices within their own corporate information system to reduce costs, improve productivity, and increase employee satisfaction, thereby making a positive contribution to society.
16
Hvězda, Ondřej. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2017. http://www.nusl.cz/ntk/nusl-316713.
Full textAbstract:
The thesis evaluates information system used for work attendance reporting followed by proposal for improvements to work with the system more effectively. The conclusions will help to create better functionality, safety and user experience and improve work with the data. The main goal of the thesis is to create a proposal for optimalization and increase of effectivity of the system. Implementation of the proposed changes brings more efficient work when reporting worked hours for individual projects.
17
Dhir, Amit. "Online project management system." CSUSB ScholarWorks, 2005. https://scholarworks.lib.csusb.edu/etd-project/2919.
Full textAbstract:
The purpose of this project is to design and create a system that can be used by a wide variety of groups who do projects. The system created has been specifically tailored for a medium-level company that has employees in different locations and levels, and also has customers for whom they do projects.
18
Deng, Ni. "A secure, payment-based email delivery system." CSUSB ScholarWorks, 2005. https://scholarworks.lib.csusb.edu/etd-project/2909.
Full text
19
Innocenti, Federica. "Analisi e riprogettazione del processo di ict risk management: un caso applicativo in Telecom Italia." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2014. http://amslaurea.unibo.it/6708/.
Full textAbstract:
Questo lavoro di tesi muove da tematiche relative alla sicurezza IT e risulta dagli otto mesi di lavoro all’interno della funzione Technical Security di Telecom Italia Information Technology. Il compito primario di questa unità di business è ridurre il rischio informatico dei sistemi di Telecom Italia per mezzo dell’attuazione del processo di ICT Risk Management, che coinvolge l’intera organizzazione ed è stato oggetto di una riprogettazione nel corso del 2012. Per estendere tale processo a tutti i sistemi informatici, nello specifico a quelli caratterizzati da non conformità, all’inizio del 2013 è stato avviato il Programma Strutturato di Sicurezza, un aggregato di quattro progetti dalla durata triennale particolarmente articolato e complesso. La pianificazione di tale Programma ha visto coinvolto, tra gli altri, il team di cui ho fatto parte, che ha collaborato con Telecom Italia assolvendo alcune delle funzioni di supporto tipiche dei Project Management Office (PMO).
20
Pejanovic, Trivko. "Information management : best practices in broad base industries / Trivko Pejanovic." Thesis, North-West University, 2006. http://hdl.handle.net/10394/1564.
Full text
21
Solorio, Rigoberto. "A WEB-BASED TEMPERATURE MONITORING SYSTEM FOR THE COLLEGE OF ARTS AND LETTERS." CSUSB ScholarWorks, 2015. https://scholarworks.lib.csusb.edu/etd/129.
Full textAbstract:
In general, server rooms have restricted access requiring that staff possess access codes, keys, etc. Normally, only administrators are provided access to protect the physical hardware and the data stored in the servers. Servers also have firewalls to restrict outsiders from accessing them via the Internet. Servers also cost a lot of money. For this reason, server rooms also need to be protected against overheating. This will prolong the lifecycle of the units and can prevent data loss from hardware failure.
The California State University San Bernardino (CSUSB), Specifically the College of Arts and Letters server room has faced power failures that affected the Air Conditioning Unit (AC) and as a result the room became overheated for a long time, causing hardware failure to server units. This is why this project is important for the College and needs to be implemented as soon as possible.
The administrator’s old method of controlling server room temperature was by manually adjusting the temperature box inside of the server room. Now it can be controlled and monitored using remote access.
The purpose of A Web-Based Temperature Monitoring System for the College of Arts and Letters proposed in this project is to allow users to monitor the server room temperature through a website by using any computer or mobile device that has Internet access. Also, this system notifies users when the room attains a critical temperature by sending an email/text to the server room administrator.
A Web-Based Temperature Monitoring System for the College of Arts and Letters project is for the exclusive use of the College of Arts & Letters (CAL) server room. The administrator is the only person that can grant access to others by creating a proper account.
For this project three prototypes will be implemented, first to measure the current server room temperature, the second to show the temperature history of the room, and third to use the built-in search system to locate times that given temperatures were attained.
22
Berrios-Ayala, Mark. "Brave New World Reloaded: Advocating for Basic Constitutional Search Protections to Apply to Cell Phones from Eavesdropping and Tracking by Government and Corporate Entities." Honors in the Major Thesis, University of Central Florida, 2013. http://digital.library.ucf.edu/cdm/ref/collection/ETH/id/1547.
Full textAbstract:
Imagine a world where someone’s personal information is constantly compromised, where federal government entities AKA Big Brother always knows what anyone is Googling, who an individual is texting, and their emoticons on Twitter. Government entities have been doing this for years; they never cared if they were breaking the law or their moral compass of
human dignity. Every day the Federal government blatantly siphons data with programs from the original ECHELON to the new series like PRISM and Xkeyscore so they can keep their tabs on issues that are none of their business; namely, the personal lives of millions. Our allies are taking note; some are learning our bad habits, from Government Communications Headquarters’ (GCHQ) mass shadowing sharing plan to America’s Russian inspiration, SORM. Some countries are following the United States’ poster child pose of a Brave New World like order of global events. Others like Germany are showing their resolve in their disdain for the rise of tyranny. Soon, these new found surveillance troubles will test the resolve of the American Constitution and its nation’s strong love and tradition of liberty. Courts are currently at work to resolve how current concepts of liberty and privacy apply to the current conditions facing the privacy of society. It remains to be determined how liberty will be affected as well; liberty for the United States of America, for the European Union, the Russian Federation and for the people of the World in regards to the extent of privacy in today’s blurred privacy expectations.B.S.
Bachelors
Health and Public Affairs
Legal Studies
23
HUNG, YUN-RU, and 洪韻茹. "Missing Personal Information Project for Information Security Risk Assessment Anomaly Detection." Thesis, 2019. http://ndltd.ncl.edu.tw/handle/2ba464.
Full textAbstract:
碩士國立高雄科技大學
金融資訊系
107
Nowadays, enterprises and companies rely more and more on computer system. Information security and risk assessment become an important key to protect information in the organization. Utilizing information technology to enhance working efficiency can become competitive, which strengthen the importance of information security. The assessment is an effective way to improve information security. However, those data and results may be wrong due to personal negligence. For many cases, risk assessments always rely on some specific person’s experience and their own definition. Everyone has their personal recognition and tolerance to “Risk.” As a result, even people use the same way to do evaluation, the risk rating may be different because of subjective bias or evaluation error. This thesis is to establish an effective detection mechanism through machine learning. This mechanism can detect and markup those error field in personal information rapidly and accurately. It can minimize the range of abnormal information and reduce the time that inspectors execute risk assessments. Therefore, with the mechanism of machine learning, organization can not only reduce cost in human resource but enhance the accuracy and efficiency in execute detection.
24
GONG, GI-GANG, and 宮志堅. "ARIS-based information security project management and work flow design." Thesis, 2009. http://ndltd.ncl.edu.tw/handle/11942460786190969311.
Full textAbstract:
碩士開南大學
資訊管理學系
97
Along with enterprise, exterior fast information and company size growth, information utilization and dependent also unceasing increase, however many elements of certainty which produces regarding the information security administration center have actually existed. This research is for the purpose of by the project management 5 process carrying out the information safety control flow, establishes a set also to be possible to inspect the information security along with the advance in technology method. This research based on the ARIS project management core flow methodology and the ISO27001 information safety requirements item design information security project management flow and the working standard pattern, and draws up a set of information security project management flow and the working standard pattern. The permeable project management flow way, will have provided the information safety managers to carry on the control, then the effective management and assists the organization to complete the goal of the information safety control. Keywords:Information security, project management, ARIS, ISO27001, project management flow, working standard
25
Lee, Shin-Kai, and 李幸鎧. "A Study of Information Security Project-The Case of Navy." Thesis, 2010. http://ndltd.ncl.edu.tw/handle/62986609591843291507.
Full textAbstract:
碩士義守大學
管理學院碩士班
98
This project is about the correlation between director of the unit, user and the information security controller, when the Navy implement the information security control. The results are based on the samplings from afew of Naval unit. There are 394 valid samplings, and which analyzed through statistic program. The results are as follows: 1.The effect through the policy of information security is conspicuous. 2.Different positions bring about various recognition.
26
Tu, Yuan-Chih, and 杜遠志. "A Study of Collaborative Technical Support Model and Performance Index on Information Security Project Collaborated by Consultant Under Cloud Information Security Solutions." Thesis, 2015. http://ndltd.ncl.edu.tw/handle/92665577583928454344.
Full textAbstract:
碩士輔仁大學
資訊管理學系碩士在職專班
103
The cloud computing security solutions can protect the security of business operations, while maintaining the cloud information security must rely on professional and technical support. The professional and technical consultants and information security service providers offer cloud cooperation technology support for enterprise customer’s information security technical support services. This study will explore collaborative technical support model of professional and technical consultants, as well as the impact by the cloud service mode at cloud computing era. The research uses secondary data analysis methods to collect a variety of cloud information security solutions and its technical support model, and study the differences between technical support mode and cloud technology support mode. Secondly, interviews with experts to survey the relevance between consultant’s cooperative technical support and technical support requirements and technical support performance, to confirm information security collaborative technical support model and Performance indicators on information security project collaborated by consultant. The results are as follows: 1.Proposed cloud information security collaborative technical support model that is combining cloud services with traditional information security consultant to illustrate the technical support work and roles at information security project collaborated by consultant under cloud information security solutions. 2.The traditional technical support model, include (1).information security hardware device setup and configuration, (2).information security software system deployment and installation, (3).information security network infrastructure, (4).information security detection and reporting, (5).information security facility maintenance and warranty, (6).information security education, training and certification. Consultants believe that in addition to education and certification of information security, the remaining five have cloud collaborative technical support solutions to provide support service. 3.Information security technical support for enterprise under cloud information security solutions, consultants believe that still tend to choose technical consultants to support collaborative rather than selecting cloud technology support model of the cloud information security service provider. In the enterprise end, information security hardware device setup and configuration, information security software system deployment and installation, information security network infrastructure, should be supported by professional technical consultants. In addition, information security detection and reporting, information security facility maintenance and warranty, information security education, training and certification, enterprises will continue to request technical support services of consultant.
27
Chang, Hong-Jen, and 張宏仁. "Interpreting the IT Project Implementation Process:A Case Study on Information Security Software Corporation’s JSOX Implementation." Thesis, 2011. http://ndltd.ncl.edu.tw/handle/39513869705828945381.
Full textAbstract:
碩士國立臺灣大學
資訊管理學研究所
99
For a corporation to implement an IT project, in general, had been treated as a “technology” deployment. During the recent years, due to the technology has become more standardized and less additional new technology needed, the business process has become more and more impor-tant to introduce a successful project. This thesis is base on a business case of a leading security software corporation to deliver an IT JSOX compliance project which is newly announced by Japan government to enforce the pub-lic companies which are listed in Japan stock exchange market. According to the nature of this company are a technology leading corporation which might need to closely chase the fast pace technology in the world in order to sustain its leading position. Once the company needs to adopt the JSOX requirements, it introduces the necessities of standard processes and tight approval processes which somehow violate the core culture of this company. However, this is a legal requirements to comply; therefore, there is a specific project team has been formed and successfully passed auditing for 2 successive years. In order to understand how the project team has been successful to give an analysis to generate the valuable key factors for other similar corporation which might have similar type of projects to implement for refer-ences, this research using the technological frame theory model to identify the indicators by giv-ing interviewing with several key members of this project team and try to find out something in-teresting and valuable findings and suggestions. Along with the research, we shall look into how and why the JSOX compliance been formed; key compliance framework in the IT industry that are also perform the similar approach-ing; the key factors and relationship of the organization behavior and personal behavior; also the theory of technological frame’s methodology. Base on the reference theories and frameworks; try to build up the linkage between the case itself with and gathering the finding in between. Also, base on the theories described, through the semi-constructed interviewing methodology to give individual interviewing with several key members of the JSOX project team of the company to come out the basis of this research. Finally, base on the findings have been generated from this research, also my past experience on the implementation of IT projects, summarize the key factors of the success of the im-plementation of the project described and also give the additional suggestions for further imple-mentation, hope to give a full set of reference items for a company who might have the same sit-uation and needs to deploy the compliance-like IT projects. Hopefully, from the planning till full implementation life cycle, the result can help this kind of enterprise to have a better provision to the potential situation they will need to face to.
28
Chou, Hung-Ting, and 周竑廷. "A Study of Information Security Project Management with Capability Maturity Model Integration and Service Level Agreements." Thesis, 2014. http://ndltd.ncl.edu.tw/handle/71059851978389810809.
Full textAbstract:
碩士華梵大學
資訊管理學系碩士班
102
In the 21st century, people for quality and after-sales service requirements of the product after the transaction is getting more attention in the information technology industry for more attention to the overall quality and standards of service, the British Government in 1980 set out the AD an information technology industry management standards framework to both equity as a starting point, clearly defined obligations of the parties in the agreement to ensure product quality and standards. On the military engaged in the information sector after a period of time to find the administrative procedures for public sector construction project information service standards, quality management, and the contract has a sophisticated set of space, this research project to build the core of information security, in order to reduce project build failure conditions, to organize inter-unit group brainstorming discussions to identify the key causes, effects, and perform hierarchical analysis, failure mode and effects analysis by the case brought output weights, as the future of information security project to build a reference to improve military security project build quality.
29
TU, FANG-SHENG, and 涂芳聖. "A Practice Research of Computer Mediated Communication Software on Team Performance of Outsourcing Project of Information Security." Thesis, 2017. http://ndltd.ncl.edu.tw/handle/57196850656691960646.
Full textAbstract:
碩士輔仁大學
資訊管理學系碩士在職專班
105
In recent years, outsourcing has become’s a trend for enterprises to obtain information security system. On information security, it specially need to coordinate the manpower and timetable through various meetings or communication tools to accomplish the established objectives. Due to the rapid development of communication tools, various CMC software provides the instant communication and interaction between the members of the organization, and whether these can help the team to achieve the best team performance. In this research, uses instant messaging software, Email , social networking for the independent variables, on the research to influence process of communication, interaction, social network and team performance. Samples were collected from various information security management professions in Taiwan with 130 valid questionnaires retrieved. In this study, we have 3 result as fellow: 1.Instant messaging software and email all positively influence communication process, team interaction, social networks and project team of the information security project. It show that hat CMC software can improve the team performance of information security project. 2.Most of the project information security team regularly connected through e-mail to do regular progress reports, question replies and discussion. 3.The respondents agree that the mobile communication platform and Facebook are good quality communication tools, but in these two tools is not significant to influence communication process, team interaction, social networks and project team of the information security project.
30
Lung-Tai, Hung, and 洪隆泰. "A Study of Information Security Management about the Platform of Cash Flow - According to Four Banks Participating in Project C." Thesis, 2003. http://ndltd.ncl.edu.tw/handle/24668681288291038532.
Full textAbstract:
碩士國立臺北科技大學
商業自動化與管理研究所
91
Owing to low cost and internetworking of Internet, enterprises can try to reduce the complexity of network control and cost of operation by Internet, and find the benefit from this emerging market. But these enterprises have to think about something that: when we connect to Internet one day, besides enjoying the advantage of low cost, automation, and new business, we have to confront many challenges. In other words, as long as enterprises run business on line, they will face threats. At present, out government drives C plan to run on line. Regardless of any role in C Plan, they have to get all information about goods and trade by the mechanism of on-line cash flow, so we have to ensure that information can move between these inter-organizational systems smoothly and safely. Because of these banks playing an important role in C Plan pay much more attention to information security, according to interviewing some managers of these banks and collecting data relate to information security, we will research needs of information security about C plan by surveying three dimensions: modes of connection, internal security, and running business model. We hope that this research will provide powerful reference resources about information security management when any type of industry wants to run electronic commerce.
31
Tseng, Yung-Huai, and 曾詠淮. "Strategic Change and Project Management in Response to Service Innovation and Cloud Computing - A Case Study of Information Security Firm." Thesis, 2011. http://ndltd.ncl.edu.tw/handle/00541669724802833253.
Full textAbstract:
碩士國立臺灣科技大學
工業管理系
100
More organizations are growing by increasing their service level when they were challenged by growth and competition. They aim at business value by differentiation. In addition to service, here comes another hot topic - Cloud Computing technique. End users are influenced by Cloud Computing for their user experience, and some startup companies are leveraging Cloud Computing to create new business models. These companies provided new products and/or services which incorporated great user experience. How they response in this regards for their strategic change becomes an interesting research issue. Meanwhile, most of products or services are executed as project base currently. It is worthy to investigate how to leverage traditional project management (PM) for the new type of projects with new techniques such as cloud computing. The study is targeted on a world-leading Information Security Firm, and we examine a multi-phases information security project as an in-depth case study. Our research adopted the theory of PMI’s PMBoK to analyze Five Process Groups and Nine Knowledge Areas, to understand the major factors on the strategic change and project management transformation of this firm. The study has observed, interviewed, and collected all the necessary information regarding activities occurred in this project team. The study also analyzed the key factors of strategic changes and project management, and how they responded the changes of PM ecosystem. The project team continually adjusted their operational strategies, project objectives, management mindsets, and processes to fulfill the needs and aligned with their company strategy. They successfully overcome the challenges and fulfill the customer needs by adopting the advantages of Cloud Computing. The study has justified the transformation from a traditional project management style which followed by a waterfall model commonly used in the Information Security Industry to the one incorporating new emerging techniques and new services. Lastly, we propose several explanations and managerial implications regarding why and how we shall change in response to new services and technologies.
32
Silva, Pedro Miguel Lopes Martins da. "Gestão de cibersegurança em organizações financeiras." Master's thesis, 2018. http://hdl.handle.net/10071/18379.
Full textAbstract:
Pode-se dizer que a informação é o ouro da época moderna. As organizações estão cada vez
mais dependentes da informação para os seus processos de negócio e cada vez mais sentem a
necessidade de proteger esse ativo tão precioso. Contudo, são muitas e muito relevantes as
ameaças que se colocam no contexto em que as organizações desenvolvem a sua atividade e
pode-se afirmar que nunca foi tão difícil como agora proteger a informação interna das
organizações.
Neste contexto, ganha relevância o conceito de cibersegurança, em que a segurança não deve
mais ser entendida como uma preocupação quase exclusiva das TI, mas tem que ser
compreendida e encarada de uma forma global, por toda a organização. Para ser eficaz, a gestão
da cibersegurança tem que ser implementada de forma transversal na organização e tem que ser
assumida e patrocinada pela gestão de topo.
Neste sentido, é importante que os gestores olhem cada vez mais e de forma mais séria para a
gestão da cibersegurança e apliquem modelos reconhecidamente adequados de gestão e
governança da cibersegurança, que deem garantias de controlo de risco e que contemplem todas
as vertentes da organização, ao nível de processos, pessoas e tecnologias.
Este trabalho pretende dar um contributo nesse sentido. Partindo da identificação e integração
de vários modelos e guias ligados à gestão da cibersegurança, foca-se nos aspetos particulares
e específicos do setor financeiro, criando assim uma ferramenta passível de ser utilizada em
ambiente organizacional no âmbito da implementação de projetos nesta área.One can say that information is the gold of modern age. Organizations are getting increasingly more dependent on information for their business processes and consequently feel the need to protect that precious asset even more. However, the threats that are placed in the context in which organizations carry out their activities are many and very relevant and it has never been as difficult as it is now to protect their internal information. In this context, the concept of cybersecurity becomes highly relevant. Security should no longer be understood as a quasi-exclusive concern of IT, and instead, it has to be understood and addressed as a global concern throughout the organization. In order for it to be effective, cybersecurity management has to be implemented across the organization and it has to be assumed and sponsored by top management. In this regard, it is important that managers start taking cybersecurity management more and more seriously and applying well-recognized cybersecurity management and governance frameworks, in order to provide guarantees in terms of risk control and to address all aspects of the organization, at the processes, people and technologies levels. It is this work’s intent to make a contribution in this sense. Based on the identification and integration of several frameworks and guides related to cybersecurity management, it focuses on the particularities and specific aspects of the financial sector, thus creating a tool that can be used in an organizational environment for the implementation of projects in this area.
33
Abegão, Ana Margarida Roque Pereira. "Seguro social voluntário on-line." Master's thesis, 2010. http://hdl.handle.net/10071/3903.
Full textAbstract:
Os constrangimentos orçamentais, as questões relacionadas com a qualidade dos
serviços públicos, a satisfação dos cidadãos e as novas tecnologias da informação e da
comunicação impõem à Administração novas formas de funcionamento.
Partindo-se desta exigência, com o projecto que se apresenta pretende-se a
implementação de um modelo que se traduza na modernização dos serviços do seguro
social voluntário da Segurança Social, mediante a introdução das tecnologias da
informação e da comunicação. Destaca-se aqui o serviço electrónico – Seguro Social
Voluntário on-line –, acessível através do site institucional, www.seg-social.pt, a partir
do qual os cidadãos terão acesso a uma série de serviços, tais como a inscrição e
cancelamento de inscrição neste regime contributivo, a emissão de comprovativos de
inscrição e cancelamento de inscrição, assim como um simulador do montante mensal a
pagar a título de contribuições.
Deste modo, visa-se, a nível dos procedimentos internos, uma aumento da
produtividade e eficiência dos processos, melhorando-se a qualidade dos serviços
prestados e aumentando-se, por essa via, a satisfação dos cidadãos. Procura-se, ainda,
através deste modelo o tratamento dos processos com uma maior transparência, equidade
e conformidade com a Lei, valores que são associados ao serviço público.Budget constraints, issues related to the quality of public services and the citizens’ level of satisfaction with the new information and communication technologies demand and impose on the Administration new ways to operate. Starting from this demand, the present project aims to implement a model which can translate into modernizing the services composing the voluntary social service insurance of the Social Security System, through the introduction of the information and communication technologies. We want to single out one electronic service – The Voluntary on-line Social Insurance – accessible through the institutional site, www.segsocial. pt, from which the citizens will have access to a range of services such as the enrolment and the annulment of the enrolment on this contributory regime, as well as to a simulator of the monthly amount necessary to pay as contributions to this system. It is therefore our goal, within the sphere of internal procedures, to achieve an increase on the level of efficiency and productivity of the processes, by which the quality of the services offered can be improved, as well as the citizen’s level of satisfaction. It is also our objective, when proposing this model, to be able to treat processes with more transparency, equity and conformity to the law, as these are values associated with public service.