To see the other types of publications on this topic, follow the link: Security and efficiency of information system.
Dissertations / Theses on the topic 'Security and efficiency of information system'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Security and efficiency of information system.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Vránová, Nikola. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2012. http://www.nusl.cz/ntk/nusl-223423.
Full textAbstract:
This thesis focuses on the analysis of current information system of the selected points to its possible shortcomings and errors. Information obtained from the analyzes will lead to appropriate solutions to problems. The aim of the current system is customized to meet the needs of its users, so that the information system should be flexible, intuitive and clear
2
Parolek, Pavel. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2012. http://www.nusl.cz/ntk/nusl-223500.
Full textAbstract:
My thesis focuses on information system analysis of local municipalities, specifically on Břeclav Municipal Office information system. My thesis evaulates the information system's efficiency, identifies its weak points and suggests measures eliminating these weak points.
3
Urban, Petr. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2012. http://www.nusl.cz/ntk/nusl-223610.
Full textAbstract:
This thesis is focused on the information systems; it describes the available innovations applied on the established information systems. It describes the methods that are suitable for testing the effectiveness of the information systems. The practical part includes the current state of the chosen information system of a company, further it tests the effectiveness of the information system and finally it evaluates the received information and recommends the possible changes that would lead to the higher effectiveness of the work of the information system.
4
Kůgel, Roman. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2012. http://www.nusl.cz/ntk/nusl-223433.
Full textAbstract:
This master thesis is aimed at information systems and a correct method of their selection. The theoretical part introduces the dilemma within information systems especially description types of the systems and their examination and selection. An own solution consists of information strategy determination and the selection of convenient information system.
5
Cherynová, Nikol. "Posouzení informačního systému společnosti a návrh změn." Master's thesis, Vysoké učení technické v Brně. Ústav soudního inženýrství, 2019. http://www.nusl.cz/ntk/nusl-402607.
Full textAbstract:
The diploma thesis „Assessment of a Company's Information System and Proposal for Modifications” deals with the issue of security and efficiency of the information system. The thesis is divided into three parts. The first theoretical part explains the basic concepts that are subsequently used in the thesis. The second part contains analytical starting points and introduction of the company, its analysis and analysis of the information system. This information is the basis for the last proposal part, where its content is to increase the security of the company's information system. Part of the proposal also includes an economic assessment, where benefits and costs are described. The work is elaborated in order to achieve the assigned goal of the thesis.
6
Karlsson, Daniel. "Modelling and Analysis of Swedish Heavy Industry Supply Chain Data Management to Improve Efficiency and Security." Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-291230.
Full textAbstract:
Product certificates are sent throughout the supply chain of Swedish heavy industry in order to show provenance and physical characteristics of objects such as screws. The data management of the certificates has been, and still is, a very manual process. The process requires extensive work in order to maintain a correct record of the certificates. In particular, tracing causes of errors and establishing compliance takes a long time and effort. The company Chaintraced is developing an application to automate the process by acting as a third party to digitalize and manage the certificates. Introducing a third party into a business-to-business process requires that data integrity is preserved and that information reaches its expected destination. Recent research has indicated that distributed ledger technologies showpromise to fulfill these requirements. In particular, blockchain-based systems offer immutability and traceability of data, and can reduce the trust needed between different parties by relying on cryptographic primitives and consensus mechanisms. This thesis investigates the application of distributed ledger technology to further automate the Swedish heavy industry supply chain and reduce the trust needed in a third party managing the certificates. Requirements for an industrial strength system is set up and several distributed ledger technology solutions are considered to fit the use case of Swedish heavy industry. A proof of concept based on the findings is implemented, tested and compared with a centralized database to explore its possible usage in the supply chain with regard to feasibility, immutability, traceability and security. The investigation resulted in a prototype based on Hyperledger Fabric to store product certificates. The solution provides certain guarantees to immutability and security while being developed with feasibility for deployment in mind. The proposed solution is shown to be slow compared to a centralized solution but scales linearly with number of certificates and is considered within bounds for the use case. The results also show that the proposed solution is more trustworthy than a centralized solution, but that adopting blockchain technology is an extensive task. In particular, trustworthiness and guarantees provided by the solution is highly dependent on the feasibility aspect and the investigation concludes that adoption of blockchain technology within the Swedish heavy industry must take this into consideration.Hanteringen av produktcertifikat inom den svenska tungindustrin är en mycket manuell process vilket resulterar i att ett enormt arbete krävs för att upprätthålla en korrekt hantering av certifikaten. Att spåra orsaken till fel och att kontrollera efterlevnaden av krav inom industrin tar lång tid. Chaintraced har utvecklat en applikation som automatiserar hanteringen av certifikaten genom digitalisering och att som tredje part lagra informationen. Att introducera en tredje part i affärsverksamheter kräver att integriteten av datan bibehålls och att information anländer till korrekt mottagare. Ny forskning har visat att distribuerade liggare har möjligheten att uppfylla dessa krav. Framförallt gällande blockkedjetekniken med dess många egenskaper och garantier som företag letar efter, så som oföränderlig och spårbar data. Blockkedjetekniken reducerar också förtroendet som behövs för parter inom nätverket genom att förlita sig på kryptografi och konsensus mekanismer. Den här rapporten utreder användningen av distribuerade liggare för att ytterliggare automatisera den svenska tungindustrins leveranskedja och minska tilliten som krävs för en tredje part som hanterar certifikaten. Krav ställs upp för ett system och flertalet distribuerade databastekniker undersöks för att passa in i fallet angående den svenska tungindustrin. En prototyp är utvecklad baserad på kraven, prototypen är testad och jämförd med en central databas för att undersöka hur implementationen står sig vad gäller genomförbarhet, oföränderlighet, spårbarhet och säkerhet. Undersökningen resulterade i en prototyp baserad på Hyperledger Fabric. Prototypen lagrar produktcertifikaten och ger vissa garantier till oföränderligbarhet samt säkerhet. Möjligheten för aktörer i kedjan att använda prototypen hade stor inverkan på hur systemet utvecklades. Prototypen visar sig vara långsammare än en centraliserad lösning men mätningarna kan anses vara inom kraven för ett system inom tungindustrins leveranskedja. Skalbarheten av lösningen är beroende av kraven på säkerhet men är linjär i antalet certifikat som skickas och lagras. Resultaten visar också att den föreslagna lösningen inger mer tillit än en centraliserad lösning men att introducera blockkedjetekniken är en komplex process. Trovärdighet och garantier som ges av lösningen är till stor del beroende av komplexiteten vilket rapporten kommer fram till är det viktigaste för svensk tungindustri att ha i åtanke vid eventuell antagande av blockkedjeteknik.
7
Malá, Eva. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2013. http://www.nusl.cz/ntk/nusl-223882.
Full textAbstract:
This thesis deals with the assessment of information systems of the selected company and proposals for amendments of it. The content of the first part is the explanation of basic terms used in this field. The thesis also analyzes the current status of the infor-mation system and the assessment of its efficiency. Based on the evaluation of the anal-ysis the individual solutions for improving the current state of the information system of the company in terms of balance and efficiency are proposed.
8
Igbonagwam, Okey Azu. "The Role of Security Clearance, Users' Involvement, and Computer Self-Efficacy in the Efficiency of Requirements-Gathering Process: An Information-Systems Case Study in the U.S. Military." NSUWorks, 2008. http://nsuworks.nova.edu/gscis_etd/184.
Full textAbstract:
The central research problem of this study was the challenges that occur with the United States Joint Warfighters Center's (JWFC) implementation of information systems (IS) requirements-gathering process. Thus, this study investigated the contribution of perceived security clearance (PSC), developer perceived user involvement (DPUI), and computer self-efficacy (CSE) to efficiency of the perceived requirements-gathering process (PERGP). Due to the perceived efficiency of IS development, the U.S. Department of Defense statutory document called the Joint Capability Integration and Development System (JCIDS), mandated that as an IS development requirement, the rapid development of IS was needed to sustain U.S. warfighters. As a result, the central aim of this study was to look at several variables that may predict the efficiency to the IS requirements-gathering process at JWFC. The central research question behind this study was: What are the contributions of PSC, DPUI, and CSE to the PERGP at the JWFC?
This study proposed a theoretical model, and two statistical methods were used to formulate models and test predictive power: Multiple Linear Regression (MLR) and Ordinal Logistic Regression (OLR). The sample size of this study included 61 IS developers from JWFC. The results of this study indicated a strong reliability for the measures of all variables (PSC, DPUI, CSE, and PERGP). Moreover, results of both models developed indicated that DPUI is a significant contributor to PEGRP, while CSE was demonstrated to be significant contributor to PEGRP only via the OLR model providing the indication that the relationships among the measured variables was non-linear. Additionally, results demonstrated that DPUI was the most significant contributor to PEGRP in both models, while PSC had little or no contribution to the dependent variable, PEGRP.
This study also identified two key implications for practice and research. The first impaction of this study is the investigation of unique factors such as PSC and PEGRP in the context of military-based IS development within DOD organizations. Results of this study can help managers in government organizations that are faced with security clearance issues to identify contributors in the early phase of IS development that could possibly hinder PEGRP. The second implication of this study is the non-significant results related to PSC in this investigation. For researchers, such results may need future validation in other governmental and military-based organization. Moreover, such results may indicate to managers in government organizations that are faced with security clearance issues that security clearance, at least as indicated by the results of this study, has no major hindering on the PEGRP. These results maybe profound in their implications and, as such, needed additional validations.
9
Kouřil, Martin. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2011. http://www.nusl.cz/ntk/nusl-223283.
Full textAbstract:
This master thesis is aimed at information systems and a correct method of their selection. The theoretical part introduces the dilemma within information systems, ERP systems, their examination and selection. Fisrtly there are some analyses of the existing system operating in company and after that follows own solution which consists of information strategy determination and the selection of convenient information system.
10
Černín, Ondřej. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2017. http://www.nusl.cz/ntk/nusl-318316.
Full textAbstract:
The master thesis is focused on the assessment of the company information system and the proposal for changes. Primarily, the thesis focuses on adding new module Wages and Human Resources to existing information system. As the second part of the implemented change, proposals are presented in the work to improve the current situation in the field of information security.
11
Matis, Peter. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2016. http://www.nusl.cz/ntk/nusl-241436.
Full textAbstract:
The diploma thesis analyzes the current situation of the information system in the company iPARTNER, s.r.o. from various perspectives and, based on the findings, recommends a suitable solution for improving the current state of the information system. The recommended changes should bring value especially by speeding up and simplifying recording and reporting of services provided by the company, improving communication among team members and raising employee awareness of the importance of IS security.
12
Kubala, Michal. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2013. http://www.nusl.cz/ntk/nusl-223817.
Full textAbstract:
This Master's thesis deals with appraising information system of a company and suggesting its changes. In theoretical part are described basic issues and terms related to information systems. In analytic part is the information system assessed by methods for detecting actual situation. Proposal part is based on the analytic part and its main objective is to design changes to improve current situation with subsequent economic evaluation.
13
Floriano, Sanchez Sergio. "A Self-organized Wireless Sensor Network (WSN) for a Home-event Managed System : Design of a cost efficient 6LoWPAN-USB Gateway with RFID security." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2015. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-186384.
Full textAbstract:
Wireless Sensor Networks (WSN) have existed for many years in industry applications for different purposes but their use has not been fully extended to the global consumers. Sensor networks have lately resulted to be greatly helpful to people in everyday life, specially in home automation applications for monitoring events, security, and control of devices and different elements in the house by using actuators. One of the main barriers to overcome in order to increase their popularity and achieve an worldwide deployment are costs and integration within other networks. This Thesis investigates the most appropriate choices to avoid those impediments from a hardware and software design perspective, trying to find a cost-efficient solution for the implementation of a simple and scalable wireless sensor network. The present work studies the elements that form part of a constrained network and focuses on the design by analysing several network protocol alternatives, radio transmission mechanisms, different hardware devices and software implementations. Once an optimal solution is found, the construction of a gateway board that starts and coordinates a sensor network will be the main target of this document including the development of an application that manages the sensors. The network is designed to be compliant with the TCP/IP stack by means of 6LoWPAN, an adaptation layer protocol used for comprising IPv6 headers over IEEE 802.15.4 radio links in constrained networks. In addition, a small implementation of CoAP (Constrained Application Protocol) is developed that allows interoperability with the sensor nodes on the application layer, similarly as HTTP does in IP networks. The controller device (gateway) acts as a client for the remote sensor devices (nodes) that behave as servers in the CoAP application. The gateway exchange data and is managed from outside the WSN through a USB interface that can be connected to a computer. Security mechanisms are also considered by providing packet encryption and a method for identification of nodes. The authorization of new nodes entering the network is performed by an RFID reader connected to the gateway. An RFID tag is attached to the sensor nodes with authentication information stored in it. The gateway reads that information through the RFID modules and handle it internally to give access to that node. As a result of this, it is proven from the conclusions of the study the implementation of the gateway that inexpensive, self-managed, scalable WSNs provided with a robust security mechanism can be achieved and easily deployed . The work presented in this document is part of a larger project that also includes the design of sensor boards and the acquisition and analysis of sensor data. These works are mentioned and referenced in the related parts in this text.Trådlösa sensornätverk har funnits i många år inom industrin för olika ändamål, men dess användning har inte helt och hållet nått ut till de globala konsumenterna. Sensornätverk har på senare tid visat sig vara mycket hjälpfulla för människor i deras vardagsliv, och särskilt automatiseringsapplikationer för säkerhet, övervakning och kontroll av apparater och olika delar i huset, genom användning av manöverdon. Ett av de huvudsakliga hindren att ta sig förbi för att kunna öka dess popularitet och skapa en världsomfattande spridning är kostnader, integration inom andra nätverk och en enkel hantering. I den här avhandlingen undersöks vilka som är de lämpligaste alternativen för att undvika hinder ur ett hårdvaru- och mjukvarudesigns-perspektiv, genom att försöka hitta kostnadseffektiva lösningar för implementering av ett trådlöst sensornätverk. Arbetet undersöker de beståndsdelar vilka ett begränsat nätverk består av, samt fokuserar på designen genom att analysera flera olika nätverksprotokollsalternativ, radiosändningsmekanismer, olika hårdvaror och implementering av mjukvara. När väl den optimala lösningen hittats, kommer huvudmålet för detta dokument att vara en gateways konstruktion, vilken sätter igång och koordinerar ett sensornätverk, samt utvecklingen av en applikation som sköter sensorerna. Nätverket är designat för att vara medgörligt med TCP/IP-stacken med hjälp via 6LoWPAN, ett anpassat lagerprotokoll vilket används för att komprimera IPv6-headern i begränsade nätverk över IEEE 802.15.4 radionätverk. Dessutom har en liten implementering av CoAP (Constrained Application Protocol) utvecklats vilket tillåter interoperabilitet med sensornoderna i applikationslagret, liknande HTTP i IP-nätverk. Gatewayen fungerar som en klient för sensornoderna, vilka beter sig som servrar i CoAP-applikationen. Gatewayen utbyter data och styrs utifrån det trådlösa sensornätverket genom ett USB-interface som kan kopplas till datorn. Säkerhetskonstruktioner tas också i akt genom att tillhandahålla kryptering och en metod för att identifiera noder. Behörighet för nya noder i nätverket utförs av en RFID-läsare som är kopplad till gatewayen. En RFID-bricka bifogas sensornoderna med lagrad verifieringsinformation. Porten läser den informationen genom RFID-moduler och hanterar den internt för att ge behörighet till noden. I och med detta är det bevisat, med den implementerade gatewayen och slutsatser från studien, att mycket effektiva, billiga och hanterbara trådlösa sensornätverk med kraftiga säkerhetskonstruktioner kan uppnås och enkelt distribueras. Arbetet som presenteras i det här dokumentet är en del av ett större projekt som också inkluderar uppbyggnaden av sensornoderna samt anskaffning och analys av sensordata. Dessa arbeten nämns och refereras till i de berörda delarna av texten.
14
Coetzee, Dirk Badenhorst. "The development of an efficient and secure product entitlement system for Pay-TV in modern attack scenarios." Thesis, Stellenbosch : Stellenbosch University, 2013. http://hdl.handle.net/10019.1/80292.
Full textAbstract:
Thesis (MScEng)--Stellenbosch University, 2013.ENGLISH ABSTRACT: A secure product entitlement system allows one party, such as a pay-TV operator, to broadcast the same collection of information to several receiving parties while only allowing a certain subset of the receiving parties to access the information. This system must still be secure in the scenario where all receiving parties who are not allowed access to the information, pool their resources in an attempt to gain access to the information. Such a product entitlement system must also be bandwidth e cient since it can be deployed in networks where bandwidth is at a premium. The foundations of modern encryption techniques is reviewed and a survey of existing techniques, used to secure content in broadcast environments, is studied. From this collection of techniques two were identi ed as bandwidth e cient and are discussed in more detail before being implemented. An attempt is then made to design a new secure bandwidth e cient encryption scheme for protecting content in a broadcast environment. Several iterations of the design is detailed, including the security aw which makes each design insecure. The nal design was implemented and compared in several metrics to the two previously selected bandwidth e cient schemes. A framework to test the correctness of the schemes over a network is also designed and implemented. Possible future avenues of research are identi ed with regards to creating a secure broadcast encryption scheme and improving the software solution in which to use such a scheme.
AFRIKAANSE OPSOMMING: 'n Veilige produk-aanspraak-stelsel stel een party, soos byvoorbeeld 'n betaal-TV-operateur, in staat om dieselfde versameling inligting na verskeie partye uit te saai, terwyl slegs 'n bepaalde deelversameling van die ontvangende partye toegelaat sal word om toegang tot die inligting te bekom. Hierdie stelsel moet steeds die inligting beskerm in die geval waar al die ontvangende partye wat toegang geweier word, hul hulpbronne saamsmee in 'n poging om toegang te verkry. So 'n produk-aanspraak-stelsel moet ook bandwydte doeltre end benut, aangesien dit gebruik kan word in netwerke waar bandwydte baie duur is. Die fondamente van die moderne enkripsietegnieke word hersien. 'n Opname van bestaande tegnieke wat gebruik word om inligting te beskerm in 'n uitsaai omgewing word bestudeer. Uit hierdie versameling tegnieke word twee geïdenti seer as tegnieke wat bandwydte doeltre end benut en word meer volledig bespreek voordat dit geïmplementeer word. 'n Poging word dan aangewend om 'n nuwe veilige bandwydte doeltre ende enkripsietegniek te ontwerp vir die beskerming van inligting wat uitgesaai word. Verskeie iterasies van die ontwerp word uiteengesit, met 'n bespreking van die sekuriteitsfout wat elke ontwerp onveilig maak. Die nale ontwerp is geïmplementeer en aan die hand van verskeie maatstawwe vergelyk met die twee bandwydte doeltre ende tegnieke, wat voorheen gekies is. 'n Raamwerk om die korrektheid van die tegnieke oor 'n netwerk te toets, is ook ontwerp en geïmplementeer. Moontlike toekomstige rigtings van navorsing word geïdenti seer met betrekking tot die skep van 'n veilige uitsaai enkripsietegniek en die verbetering van die sagtewareoplossing wat so 'n tegniek gebruik.
15
Neuwirth, Bernard. "Problematika hodnocení optimality a vyváženosti podnikových IS." Doctoral thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2009. http://www.nusl.cz/ntk/nusl-233719.
Full textAbstract:
This doctoral thesis deals with the aspects of evaluation of balance and optimality of corporate information systems. The initiative for this specialization was given by the increasing importance that is being laid on the perception of information systems from the point of view of a business company. More and more resources are being invested in the domain of information systems, but afterwards, it is not always ascertained that the information system is such a system, one could characterize as balanced and optimal for the company today as well as in the future. Often this is because there does not exist for the company an available and easily applicable methodic how to evaluate the system. As one of the main starting points of this doctoral thesis I have chosen the methodic HOS8 that was published 5 years ago on our faculty. The newly proposed methodic HOS2009 is trying to clear up the weak points of the original HOS8 methodic that were discovered during its practical use. This is done mainly by using the information feedback from the applicants of the methodic. Within the scope of this thesis the factors influencing the level of the particular areas of the system and the influence of these areas on its general balance are being examined. With regard to the evaluation of the balance and optimality of the information system, in this thesis the problematic of determination of a balanced and optimal state of information system for a company nowadays as well in the future are being examined. As a part of the methods output the thesis presents also charts representing the general state of the system, the imbalance of the particular parts of the IS and the relationship between the areas of hardware and software. Based on the evaluation of the current state and its comparison to the balanced optimal state for the present day as well for the future, the new possible directions and strategies of further development of the IS in the company are being proposed. I see the best exploitation of the methodic HOS2009 in the company in the support of managerial decisions with impact on: the discovery of potentially problems within the scope of IS of the company, the design of a possible course of development useful for their solution, but also the usage of the methodic as a simple control mechanism.
16
Kalužík, Jakub. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2012. http://www.nusl.cz/ntk/nusl-223428.
Full textAbstract:
This thesis deals with assessment of the company information system and proposal for its changes. The basis of part called Theoretical basis of thesis deals with terms related with information systems which are mainly: used technology and analysis, characteristics of information systems, current trends and brief characteristics of the company. The next part draws from theoretical findings of previous section and deals with analysis of the solved issues. The following part is devoted to proposal for solution connected with project evaluation and also with the brief cost calculation.
17
Dominik, Jan. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2012. http://www.nusl.cz/ntk/nusl-223616.
Full textAbstract:
Information systems form an inseparable part of all business entities nowadays. They differ only in their size and complexity. Therefore each company should have its information system whose setting is adequate and maximally effective. The aim of this paper is to analyse the information system of NET4GAS, s.r.o., identify its weaknesses and propose changes to enhance it in order to increase the company efficiency.
18
Trinh, Ngoc Minh. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2021. http://www.nusl.cz/ntk/nusl-444570.
Full textAbstract:
The thesis‘ topic is “Assessment of the company's information system and proposal of changes.” The thesis deals with the information system of Brno-based company Sneakergallery s.r.o., that sells clothing, footwear and offers commission sales services. The thesis is concluded by a proposal of changes for the insufficiencies pointed out in the analysis, improving the functionality of the company’s information system.
19
Yucel, Okan. "Information System Security." Master's thesis, METU, 2003. http://etd.lib.metu.edu.tr/upload/4/1260303/index.pdf.
Full textAbstract:
This thesis analyzes the physical, communicational, and organizational
dimensions of information system security process by taking the four-layer approach,
which is composed of the policy, model, architecture, and mechanisms into account.
Within this scope, according to the results of the security analysis of information
systems in METU Informatics Institute, the policy, model, architecture, and
mechanisms necessary to prepare a new security process were proposed. As a
subcomponent of this proposed security process, the network security of the IS100
course was partially established, and the generated results were evaluated.
20
Subbiah, Arun. "Efficient Proactive Security for Sensitive Data Storage." Diss., Georgia Institute of Technology, 2007. http://hdl.handle.net/1853/19719.
Full textAbstract:
Fault tolerant and secure distributed data storage systems typically require that only up to a threshold of storage nodes can ever be compromised or fail. In proactively-secure systems, this
requirement is modified to hold only in a time interval (also called epoch), resulting in increased security. An attacker or adversary
could compromise distinct sets of nodes in any two time intervals. This attack model is also called the mobile adversary model. Proactively-secure systems require all nodes to "refresh" themselves periodically to a clean state to maintain the availability, integrity, and confidentiality properties of the data storage service.
This dissertation investigates the design of a proactively-secure distributed data storage system. Data can be stored at storage servers using encoding schemes called secret sharing, or encryption-with-replication. The primary challenge is that the protocols that the servers run periodically to maintain integrity and confidentiality must scale with large amounts of stored data. Determining how much data can be proactively-secured in practical settings is an important objective of this dissertation.
The protocol for maintain the confidentiality of stored data is developed in the context of data storage using secret sharing. We propose a new technique called the GridSharing framework that uses a combination of XOR secret sharing and replication for storing data efficiently. We experimentally show that the algorithm can secure several hundred GBs of data.
We give distributed protocols run periodically by the servers for maintaining the integrity of replicated data under the mobile adversary model.
This protocol is integrated into a document repository to make it proactively-secure. The proactively-secure document repository is implemented and evaluated on the Emulab cluster (http://www.emulab.net). The experimental evaluation shows that several 100 GBs of data
can be proactively-secured.
This dissertation also includes work on fault and intrusion detection - a necessary component in any secure system. We give a novel Byzantine-fault detection algorithm for quorum systems, and experimentally evaluate its performance using simulations and by deploying it in the AgileFS distributed file system.
21
Crémilleux, Damien. "Visualization for information system security monitoring." Thesis, CentraleSupélec, 2019. http://www.theses.fr/2019CSUP0013.
Full textAbstract:
Le centre opérationnel de sécurité, SOC, est un élément central pour la sécurité des systèmes d’information. Danscette thèse, nous nous intéressons à ses limites et proposons un nouveau processus et deux outils visuels pour yrépondre. Nos contributions permettent à la fois une meilleure collaboration entre les analystes travaillant ausein des SOCs, ainsi que de faciliter visuellement le triage des événements de sécurité au sein des systèmesd’informationsA security operations center, SOC, is a key element for the security of information systems. In this thesis, weexhibited the limitations of SOCs and proposed a process associated with two tools to answer them. Ourcontributions enable a better collaboration between the security analysts working in SOCs and facilitate securityevents triage thanks to visualization
22
Mahmood, Ashrafullah Khalid. "Information Security Management of Healthcare System." Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-4353.
Full textAbstract:
Information security has significant role in Healthcare organizations. The Electronic Health Record (EHR) with patient’s information is considered as very sensitive in Healthcare organization. Sensitive information of patients in healthcare has to be managed such that it is safe and secure from unauthorized access. The high-level quality care to patients is possible if healthcare management system is able to provide right information in right time to right place. Availability and accessibility are significant aspects of information security, where applicable information needs to be available and accessible for user within the healthcare organization as well as across organizational borders. At the same time, it is essentials to protect the patient security from unauthorized access and maintain the appropriate level in health care regarding information security. The aim of this thesis is to explore current management of information security in terms of Electronic Health Records (EHR) and how these are protected from possible security threats and risks in healthcare, when the sensitive information has to be communicated among different actors in healthcare as well as across borders. The Blekinge health care system was investigated through case study with conduction of several interviews to discover possible issues, concerning security threats to management of healthcare. The theoretical work was the framework and support for possible solutions of identified security risks and threats in Blekinge healthcare. At the end after mapping, the whole process possible guidelines and suggestions were recommended for healthcare in order to prevent the sensitive information from unauthorized access and maintain information security. The management of technical and administrative bodies was explored for security problems. It has main role to healthcare and in general, whole business is the responsibility of this management to manage the sensitive information of patients. Consequently, Blekinge healthcare was investigated for possible issues and some possible guidelines and suggestions in order to improve the current information security with prevention of necessary risks to healthcare sensitive information.muqadas@gmail.com
23
Kostrhoun, Ivo. "Posouzení informačního systému firmy a návrh změn." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2012. http://www.nusl.cz/ntk/nusl-223435.
Full textAbstract:
This thesis is about information system assessment in Wistron company. There is assessed for which reason the system is utilized, what the weaknesses of system or implementation are and these are followed by the relevant proposals for improving the problematic areas. The theoretical part deals with information systems in general, process methodologies and company and information systems assessments methodologies. Then followed by project management and information strategies. The practical part proposes new information strategy and implementation of company information system.
24
Zhang, Kaijin ZHANG. "Efficiency and security in data-driven applications." Case Western Reserve University School of Graduate Studies / OhioLINK, 2018. http://rave.ohiolink.edu/etdc/view?acc_num=case1522443817978176.
Full text
25
He, Ying. "Generic security templates for information system security arguments : mapping security arguments within healthcare systems." Thesis, University of Glasgow, 2014. http://theses.gla.ac.uk/5773/.
Full textAbstract:
Industry reports indicate that the number of security incidents happened in healthcare organisation is increasing. Lessons learned (i.e. the causes of a security incident and the recommendations intended to avoid any recurrence) from those security incidents should ideally inform information security management systems (ISMS). The sharing of the lessons learned is an essential activity in the “follow-up” phase of security incident response lifecycle, which has long been addressed but not given enough attention in academic and industry. This dissertation proposes a novel approach, the Generic Security Template (GST), aiming to feed back the lessons learned from real world security incidents to the ISMS. It adapts graphical Goal Structuring Notations (GSN), to present the lessons learned in a structured manner through mapping them to the security requirements of the ISMS. The suitability of the GST has been confirmed by demonstrating that instances of the GST can be produced from real world security incidents of different countries based on in-depth analysis of case studies. The usability of the GST has been evaluated using a series of empirical studies. The GST is empirically evaluated in terms of its given effectiveness in assisting the communication of the lessons learned from security incidents as compared to the traditional text based approach alone. The results show that the GST can help to improve the accuracy and reduce the mental efforts in assisting the identification of the lessons learned from security incidents and the results are statistically significant. The GST is further evaluated to determine whether users can apply the GST to structure insights derived from a specific security incident. The results show that students with a computer science background can create an instance of the GST. The acceptability of the GST is assessed in a healthcare organisation. Strengths and weaknesses are identified and the GST has been adjusted to fit into organisational needs. The GST is then further tested to examine its capability to feed back the security lessons to the ISMS. The results show that, by using the GST, lessons identified from security incidents from one healthcare organisation in a specific country can be transferred to another and can indeed inform the improvements of the ISMS. In summary, the GST provides a unified way to feed back the lessons learned to the ISMS. It fosters an environment where different stakeholders can speak the same language while exchanging the lessons learned from the security incidents around the world.
26
Erkan, Ahmet. "An Automated Tool For Information Security Management System." Master's thesis, METU, 2006. http://etd.lib.metu.edu.tr/upload/12607783/index.pdf.
Full textAbstract:
This thesis focuses on automation of processes of Information Security
Management System. In accordance with two International Standards, ISO/IEC
27001:2005 and ISO/IEC 17799:2005, to automate the activities required for a
documented ISMS as much as possible helps organizations. Some of the well
known tools in this scope are analyzed and a comparative study on them including
&ldquoInfoSec Toolkit&rdquo
, which is developed for this purpose in the thesis scope, is given. &ldquo
InfoSec Toolkit&rdquo
is based on ISO/IEC 27001:2005 and ISO 17799:2005. Five basic integrated modules constituting the &ldquo
InfoSec Toolkit&rdquo
are &ldquo
Gap Analysis Module&rdquo
, &ldquo
Risk Module&rdquo
, &ldquo
Policy Management Module&rdquo
, &ldquo
Monitoring Module&rdquo
and &ldquo
Query and Reporting Module&rdquo
. In addition a research framework is proposed in order to assess the public and private organizations&rsquo
information security situation in Turkey.
27
Coles-Kemp, Elizabeth. "The anatomy of an information security management system." Thesis, King's College London (University of London), 2008. https://kclpure.kcl.ac.uk/portal/en/theses/the-anatomy-of-an-information-security-management-system(08ef0714-a5aa-4b6e-b322-8a174da6a2b9).html.
Full textAbstract:
This thesis explores the different types of information security management decision making that take place within an organisation. It identifies how the construction of an information security management system (ISMS) alters in order to respond to different organisational variations, identifies the resource implications of making these alterations, and describes how the process of embedding an ISMS into the operational fabric of an organisation changes the way in which information security is managed. This thesis responds to the following "real world" problem: quantifying the type of resource needed to develop and maintain an ISMS is difficult because little is known about how ISMS are structured and how they respond to organisational variations. Documentation only considers ISMS in terms of its response to information security risk. As a result, not only is it difficult to quantify the resource required to manage information security, but it is also difficult to measure and compare the effectiveness of ISMS. This real world problem is paralleled by the following academic problem: ISMS theory is largely based on the views of practitioners and has not been augmented by systematic objective organisational research. In addition, existing information security management research shows that there are clear synergies with organisational sociology, organisation theory and cybernetics but these synergies have not been extensively reviewed. As a result, there is no specific academic platform from which to develop a theory of ISMS design. In response to these real-world and academic problems, this research contributes to the development of organisation theory relevant to information security management and is based on systematic organisational investigation. As a conclusion to this research, a theory of ISMS design is developed that has synergy with theories of organisational sociology, organisation theory and cybernetics but that also shows clear characteristics of its own.
28
Scully, Michael N. B. "Network and system security in an information age." Honors in the Major Thesis, University of Central Florida, 2000. http://digital.library.ucf.edu/cdm/ref/collection/ETH/id/204.
Full textAbstract:
This item is only available in print in the UCF Libraries. If this is your Honors Thesis, you can help us make it available online for use by researchers around the world by following the instructions on the distribution consent form at http://library.ucf.edu/Systems/DigitalInitiatives/DigitalCollections/InternetDistributionConsentAgreementForm.pdf You may also contact the project coordinator, Kerri Bottorff, at kerri.bottorff@ucf.edu for more information.Bachelors
Business Administration
Management Information Systems
29
Alqurashi, Ezzat. "The viable system model for information security governance." Thesis, University of Southampton, 2015. https://eprints.soton.ac.uk/388392/.
Full textAbstract:
Information security governance (ISG) has emerged as a new information security (IS) discipline and is considered one of the critical areas of research for enhancing the viability of organisations. This research proposes a viable system model (VSM) for ISG (VSMISG) and investigates its effects. The investigation involves studying the effects of the VSMISG in small, medium and large organisations facing low, medium and high security threat intensity over different time scales. This study also analyses the costs and benefits of changing from the baseline ISG model to the VSMISG. From reviewing the literature, the VSM was identified and redefined for the context of ISG. A preliminary study was conducted to confirm the appropriateness of the VSM for ISG. This employed a questionnaire survey of eleven highly experienced IS experts and the inter-rater agreement among them was analysed. The time taken by the governance level of IS to identify strategic security crises (SSC) that affect organisations’ viability was used for the investigation in the baseline ISG model and the VSMISG. Conceptual models were designed and simulation models developed using the discrete-event simulation approach for representing the baseline ISG model and the VSMISG. The IS incident management guidance embodied in the international standard BS ISO/IEC 27035 was adopted to represent the IS operations part in the baseline ISG model and the VSMISG. The chi-square and autocorrelation tests were used to test the random number generator of the Simul8 simulation software. This research presents a VSM for ISG whose components are rated as ‘important’ and ‘very important’ and there was fair agreement among the experts on this rating. Using the VSMISG in small, medium, and large organisation leads to swifter identification of SSC than under the baseline ISG model, enhancing organisations’ viability. Small organisations take the longest time to identify SSC, especially when the security threat intensity is high, while large organisations take the least time in all cases. The benefits of changing from the baseline ISG to the VSMISG outweigh the costs, and they are expected to be seen from early in the first year of implementation. The VSM for ISG proves its vital role in enhancing viability at all organisation sizes. Decision makers in small organisations need to increase the number of IS staff to cut the time taken to identify SSC in order to enhance their viability. Implementing the VSMISG saves organisations a tremendous amount of money.
30
Andersson, Rikard. "A Method for Assessment of System Security." Thesis, Linköping University, Department of Electrical Engineering, 2005. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-4386.
Full textAbstract:
With the increasing use of extensive IT systems for sensitive or safety-critical applications, the matter of IT security is becoming more important. In order to be able to make sensible decisions about security there is a need for measures and metrics for computer security. There currently exist no established methods to assess the security of information systems.
This thesis presents a method for assessing the security of computer systems. The basis of the method is that security relevant characteristics of components are modelled by a set of security features and connections between components are modelled by special functions that capture the relations between the security features of the components. These modelled components and relations are used to assess the security of each component in the context of the system and the resulting system dependent security values are used to assess the overall security of the system as a whole.
A software tool that implements the method has been developed and used to demonstrate the method. The examples studied show that the method delivers reasonable results, but the exact interpretation of the results is not clear, due to the lack of security metrics.
31
Pattabiraman, Prashanth. "Energy Efficiency of Streaming over Mobile Ad-hoc Networks." Thesis, Norwegian University of Science and Technology, Department of Telematics, 2010. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-10911.
Full textAbstract:
Hand held mobile devices are widely used today primarily due to their rich functionality and the ease of portability. However, the battery life of these devices is very limited and deploying resource hungry applications such as streaming on these mobile devices is a challenging task. It is extremely important to maximize the efficient use of the contained resources on these devices especially when they participate in a mobile ad hoc network. The optimization can occur in any layer of the OSI stack, however, this thesis work focuses only on the routing protocols used in the network layer. In this thesis work we have been able to evaluate the Energy Efficiency of the four most widely used MANET routing protocols (AODV, OLSR, DSDV and DSR) in terms of their energy consumption and performance. The initial phase of the work was carried out using the Network Simulator 2(NS2) tool and later the observations were done on a real world MANET testbed. The influence of several external factors on the performance and energy consumption are also taken into consideration while performing the simulations and experiments. The results obtained from our observations provide both qualitative and quantitative analysis of the routing protocols. Furthermore, it also highlights how the behaviour of the protocols are sometimes highly unpredictable, yielding results that we may not expect.
32
Sharma, Dhirendra S. M. Massachusetts Institute of Technology. "Enterprise Information Security Management Framework [EISMF]." Thesis, Massachusetts Institute of Technology, 2011. http://hdl.handle.net/1721.1/67568.
Full textAbstract:
Thesis (S.M. in Engineering and Management)--Massachusetts Institute of Technology, Engineering Systems Division, System Design and Management Program, 2011.Cataloged from PDF version of thesis.
Includes bibliographical references (p. 124-130).
There are several technological solutions available in the market to help organizations with information security breach detection and prevention such as intrusion detection and prevention systems, antivirus software, firewalls, and spam filters. There is no doubt in the fact that significant progress has been made in the technological side of information security. However, when we study causes of information security breaches, we find that a significant number are caused by non-technical reasons such as social engineering, theft of computing device or portable hard drive, human behavior, and human error. This leads us to conclude that information security should not be viewed through technology perspective only. Instead, a more holistic approach is required. This thesis provides a systems approach towards information security management and include technological, management and social aspects. This thesis starts with introduction especially background and motivation of the author, followed by literature research. Next, Enterprise Information Security Management Framework is presented leading to estimation of an organization's information security management maturity-level. Finally, conclusion and potential future work are presented.
by Dhirendra Sharma.
S.M.in Engineering and Management
33
Stevenson, James V. "An Enterprise Information System for the Naval Security Group." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 1998. http://handle.dtic.mil/100.2/ADA343496.
Full text
34
Farahmand, Fariborz. "Developing a Risk Management System for Information Systems Security Incidents." Diss., Georgia Institute of Technology, 2004. http://hdl.handle.net/1853/7600.
Full textAbstract:
The Internet and information systems have enabled businesses to reduce costs, attain
greater market reach, and develop closer business partnerships along with improved
customer relationships. However, using the Internet has led to new risks and concerns.
This research provides a management perspective on the issues confronting CIOs and IT
managers. It outlines the current state of the art of information security, the important
issues confronting managers, security enforcement measure/techniques, and potential
threats and attacks. It develops a model for classification of threats and control measures.
It also develops a scheme for probabilistic evaluation of the impact of security threats
with some illustrative examples. It involves validation of information assets and
probabilities of success of attacks on those assets in organizations and evaluates the
expected damages of these attacks. The research outlines some suggested control
measures and presents some cost models for quantifying damages from these attacks and
compares the tangible and intangible costs of these attacks. This research also develops a
risk management system for information systems security incidents in five stages: 1-
Resource and application value analysis, 2- Vulnerability and risk analysis, 3-
Computation of losses due to threats and benefits of control measures, 4- Selection of
control measures, and 5- Implementation of alternatives. The outcome of this research
should help decision makers to select the appropriate control measure(s) to minimize
damage or loss due to security incidents. Finally, some recommendations for future work
are provided to improve the management of security in organizations.
35
Zhang, Xiang. "Efficiency in Emergency medical service system : An analysis on information flow." Thesis, Växjö University, School of Mathematics and Systems Engineering, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:vxu:diva-1620.
Full textAbstract:
In an information system which includes plenty of information services, we are always seeking a solution to enhance efficiency and reusability. Emergency medical service system is a classic information system using application integration in which the requirement of information flow transmissions is extremely necessary. We should always ensure this system is running in best condition with highest efficiency and reusability since the efficiency in the system directly affects human life.
The aim of this thesis is to analysis emergency medical system in both qualitative and quantitative ways. Another aim of this thesis is to suggest a method to judge the information flow through the analysis for the system efficiency and the correlations between information flow traffic and system applications.
The result is that system is a main platform integrated five information services. Each of them provides different unattached functions while they are all based on unified information resources. The system efficiency can be judged by a method called Performance Evaluation, the correlation can be judged by multi-factorial analysis of variance method.
36
Meng, Huan. "Security Architecture and Services for The Bitcoin System." Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-177022.
Full textAbstract:
Bitcoin is a digital currency which is based on P2P network and open source software. It is avirtual currency without any control by any centralized organization. New Bitcoins are issuedby lots of specified algorithms. The whole Bitcoin network utilizes the distributed database toverify and record all the transactions through the nodes in the P2P network in which thedouble spending is prevented. No person or organization is able to control Bitcoin based on adecentralized P2P network and algorithm. The cryptographic functions of Bitcoin are designedto allow only the real Bitcoin owner to pay and transfer, and ensure the anonymity andmarketability.The purpose of this thesis is to analyze the security architecture and services for the Bitcoin system and describe of all the features and infrastructures of the whole Bitcoin network. A whole establishment demo including wallet client, mining server with GUI and mining client is implemented. Further improvement will be suggested and recommended for the system
37
Keighren, Gavin. "Restricting information flow in security APIs via typing." Thesis, University of Edinburgh, 2014. http://hdl.handle.net/1842/8963.
Full textAbstract:
Security APIs are designed to enable the storage and processing of confidential data without that data becoming known to individuals who are not permitted to obtain it, and are central to the operation of Automated Teller Machines (ATM) networks, Electronic Point of Sale (EPOS) terminals, set-top boxes for subscription-based TV, pre-payment utility meters, and electronic ticketing for an increasing number of public transport systems (e.g., Oyster in London). However, since the early 2000s, it has become clear that many of the security APIs in widespread use contain subtle flaws which allow malicious individuals to subvert the security restrictions and obtain confidential data that should be protected. In this thesis, we attempt to address this problem by presenting a type system in which specific security properties are guaranteed to be enforced by security APIs that are well-typed. Since type-checking is a form of static analysis, it does not suffer from the scalability issues associated with approaches that simulate interactions between a security API and one or more malicious individuals. We also show how our type system can be used to model an existing security API and provide the same guarantees of security that the API authors proved it upholds. This result follows directly from producing a well-typed implementation of the API, and demonstrates how our type system provides security guarantees without requiring additional API-specific proofs.
38
Abdelhafez, Amr Abdelhafez Mohamed Alanwar [Verfasser], Matthias [Akademischer Betreuer] Althoff, Matthias [Gutachter] Althoff, and Joao P. [Gutachter] Hespanha. "Localization of Cyber-Physical Systems: Privacy, Security and Efficiency / Amr Abdelhafez Mohamed Alanwar Abdelhafez ; Gutachter: Matthias Althoff, Joao P. Hespanha ; Betreuer: Matthias Althoff." München : Universitätsbibliothek der TU München, 2020. http://d-nb.info/120883178X/34.
Full text
39
Fogla, Prahlad. "Improving the Efficiency and Robustness of Intrusion Detection Systems." Diss., Georgia Institute of Technology, 2007. http://hdl.handle.net/1853/19772.
Full textAbstract:
With the increase in the complexity of computer systems, existing security measures are not enough to prevent attacks. Intrusion detection systems have become an integral part of computer security to detect attempted intrusions. Intrusion detection systems need to be fast in order to detect intrusions in real time. Furthermore, intrusion detection systems need to be robust against the attacks which are disguised to evade them.
We improve the runtime complexity and space requirements of a host-based anomaly detection system that uses q-gram matching. q-gram matching is often used for approximate substring matching problems in a wide range of application areas, including intrusion detection. During the text pre-processing phase, we store all the q-grams present in the text in a tree. We use a tree redundancy pruning algorithm to reduce the size of the tree without losing any information. We also use suffix links for fast linear-time q-gram search during query matching. We compare our work with the Rabin-Karp based hash-table technique, commonly used for multiple q-gram matching.
To analyze the robustness of network anomaly detection systems, we develop a new class of polymorphic attacks called polymorphic blending attacks, that can effectively evade payload-based network anomaly IDSs by carefully matching the statistics of the mutated attack instances to the normal profile. Using PAYL anomaly detection system for our case study, we show that these attacks are practically feasible. We develop a formal framework which is used to analyze polymorphic blending attacks for several network anomaly detection systems. We show that generating an optimal polymorphic blending attack is NP-hard for these anomaly detection systems. However, we can generate polymorphic blending attacks using the proposed approximation algorithms. The framework can also be used to improve the robustness of an intrusion detector. We suggest some possible countermeasures one can take to improve the robustness of an intrusion detection system against polymorphic blending attacks.
40
Al, Mayahi Ibrahim Humaid. "Development of a comprehensive information security system for UAE e-Government." Thesis, Bangor University, 2016. https://research.bangor.ac.uk/portal/en/theses/development-of-a-comprehensive-information-security-system-for-uae-egovernment(190cd7ed-2d1d-4805-963a-5f6d1dc46971).html.
Full textAbstract:
The UAE has a vision of delivering unified e-Government services across numerous departments of seven emirates. The primary goal is to bring all aspects of the government information services online for every citizens and business by completely replacing the existing paper-based bureaucracy. This creates significant risks and information security challenges which the UAE e-Government is seeking to address. This thesis makes a comprehensive review of the UAE e-Government’s information security posture. An analysis of the current strengths and weaknesses of the e-Government was carried out, SWOT analysis was employed and based on the results, a TOWS matrix was constructed facilitating the development of new e-Government strategies to mitigate external threats. To implement an Information Security Management System (ISMS) across the e-Government departments, a framework was developed based on a multi-layered approach that is used to structure the information security program. It considers three factors; technology, operations and people (employees), to increase the effectiveness of information security system. To implement the framework, several international standards were evaluated and subsequently the ISO 27001 standard was used as a benchmark for achieving a secure e-Government. A Gap Analysis was carried out to evaluate the current state of the security culture within the e-Government against the standard and a Risk Assessment was carried out to demonstrate the existing risks faced by e-Government services. A comprehensive series of penetration tests were commissioned on e-Government network infrastructure. Having made interventions to improve the security of physical information technologies and organisational operations, a comprehensive questionnaire was developed to obtain quantitative evaluation of the security culture within the organisation. Subsequently, a training programme was devised and developed for the employees to demonstrably improve the security culture as measured by this approach. Finally, the findings, in conjunction with a consultation with security heads within the UAE e-Government, are used to construct a single comprehensive information security policy that can be rolled out to all e-Government departments within the seven emirates.
41
Tyali, Sinovuyo. "An integrated management system for quality and information security in healthcare." Thesis, Nelson Mandela Metropolitan University, 2012. http://hdl.handle.net/10948/d1006670.
Full textAbstract:
Health service organizations are increasingly required to deliver quality healthcare services without increasing costs. The adoption of health information technologies can assist these organizations to deliver a quality service; however, this again exposes the health information to threats. The protection of personal health information is critical to ensure the privacy of patients in the care of health service organizations. Therefore both quality and information security are of importance in healthcare. Organisations commonly use management system standards to assist them to improve a particular function (e.g. quality or security) through structured organizational processes to establish, maintain and optimise a management system for the particular function. In the healthcare sector, the ISO 9001, ISO 9004 and IWA 1 standards may be used for the purpose of improving quality management through the establishment of a quality management system. Similarly, the ISO 27001 and ISO 27799 standards may be used to improve information security management through the establishment of an information security management system. However, the concurrent implementation of multiple standards brings confusion and complexity within organisations. A possible solution to the confusion is to introduce an integrated management system that addresses the requirements of multiple management systems. In this research, various standards relevant to the establishment of management systems for quality and security are studied. Additionally, literature on integrated management systems is reviewed to determine a possible approach to establishing an IMS for quality and information security in healthcare. It will be shown that the quality management and information security management standards contain commonalities that an integration approach can be based on. A detailed investigation of these commonalities is done in order to present the final proposal of the IMSQS, the Integrated Management System for Quality and Information Security in healthcare.
42
Minh, Doan Quang, and 段光明. "Implementing and Improving Efficiency of Information Security System at National Economics University, Vietnam." Thesis, 2007. http://ndltd.ncl.edu.tw/handle/72544955090332371998.
Full textAbstract:
碩士樹德科技大學
資訊管理研究所
95
This thesis demonstrates a model of procedures and consideration of applying ISO 17799 to the implementation of information security system at National Economics University, Vietnam (NEU). We also apply Balanced Scorecard to ensure that the strategy of implementation can be achieved. The thesis not only describes the importance of proper information protection, gives examples of threats that can cause risk of major looses, as well as safeguards and controls that can reduce the risk of information system incidents, but also emphasizes the need for applying Balanced Scorecard to improve efficiency of information security system. The main part of this thesis presents guidelines for implementing information security system in general as well as at NEU based on recommendations of ISO 17799. This thesis also presents steps for Balanced Scorecard building and implementation at NEU. From this thesis we found that Balanced Scorecard can improve efficiency of information security system at NEU. The model can be applied to most of industries that implement information security system for business administrations.
43
Tsai, Wen-Jian, and 蔡文健. "Security Architecture of Information System." Thesis, 1997. http://ndltd.ncl.edu.tw/handle/40244757640392254501.
Full textAbstract:
碩士國立臺灣大學
資訊管理學系
85
With the growth of Internet and Intranets, and the emerging of Java and other Internet technologies, network computing promises to play a key role in the evolving corporate computing environment. Although organizations will benefit from this paradigm shift, they will face many difficulties and problems when dealing with security concerns. To tackle this problem, we propose a security architecture for the design and development of information systems in this study.There are two layers in the proposed security architecture. The first (bottom) layer provides Message Secrecy and Authentication Service, which helps isolate information systems from threats arisen from the communication network. The communication security requirements are secrecy (or confidentiality), integrity, authentication, and non-repudiation. The most important technology that helps fulfill these requirements is cryptography through the combinations of message encryption and decryption, timestamps and massage authentication codes.For the purpose of resources management and protection, the second (top) layer provides Distributed Access Control Service. Since users and resources could be in different locations in a distributed system, a good mechanism that provides powerful, flexible, and uniform access control is desirable. A Permission model for distributed access control is proposed for this purpose. The Permission model has following features:1. The Permission model integrates other access control models, including Access Matrix Model, Role- based Access control Model, and Proxy-based Authorization Model, into a uniform model suitable for a distributed environment.2. To determine whether a user can use a resource, the permission model makes the decision based on what permissions the user possesses rather than the user''s identity.3. Authorization decisions and resources control are two separate functions. Authorization managers are responsible for deciding what resources users can use, whereas resources managers give resources to authorized users.4. Authorization information need not be centralized; it is kept by individual authorization managers, allowing decentralized decision making with better scaleability.The Permission model allows the specification of negative authorization and authorization constraints, making it possible to state an organization''s security policy with ease and accuracy.
44
Sun, Jean-huan, and 孫震寰. "Information Security Risk Assessment of Bancassurance Information System." Thesis, 2009. http://ndltd.ncl.edu.tw/handle/53053857178291666972.
Full textAbstract:
碩士銘傳大學
風險管理與保險學系碩士在職專班
97
Information technology has been a key role in organizations and enterprises of nowadays to bring better operation efficiencies. As the internet is making accessing to information easier, it is also exposing the enterprises to higher risks. The report from III is indicating that information security is crucial to the operation of financial institutions. The Bancassurance in Taiwan now have become a significant selling channel for insurance products in last decade. Admirably, the banks and its subsidiaries like China Trust Insurance Brokers Co., overwhelmed all the insurance companies in premium commission income since 2004. Bancassurance, and its information security are therefore becoming worthwhile topics for related research. This article brings an extensive evaluation over 46 bancassurance agencies. The survey introduced the process developed by Taiwan’s Ministry of Economic Affairs for assessing the security level of information systems in SME. This article intends to discover the major elements that a comprehensive security strategy should be taking care of in its development process. The interactions of these elements are also explored. Both the methodologies of quantitative (with frequency and damage estimation) and descriptive (for risk perception) are used in the survey. A summary is developed for how to strategize the information security policy with evaluation results. The survey indicates the network security brings the most problems to the overall information security, while the government regulation brings the least. The survey also finds higher the damage that a problem causes, more the awareness from the administrator of it. The survey shows the MIS managers and staffs have insufficient knowledge with information security. They very often under-estimate the probability and damage of network security problems, and over-estimate the influences from other elements. For the Information security strategy of Taiwan’s bancassurance enterprises, this article suggests ‘prevention’ policy to deal with problems in computer security, business application systems and network security, ‘prevention’ and ‘transferring’ policy for problems of staff security and outsource management, and ‘acceptance’ policy for requirement of regulations. It is highly recommended to reinforce the knowledge level of MIS crews and the general management. Risk perception is a convenient tool to determine the comprehensiveness of information security of an enterprise. It plays key role both in the policy making of risk management, and also in the process for related communication within the enterprise.
45
Venter, Diederik Petrus. "Infosure: an information security management system." Thesis, 2008. http://hdl.handle.net/10210/520.
Full textAbstract:
Information constitutes one of an organisation’s most valuable assets. It provides the modern organisation with a competitive edge and in some cases, is a requirement merely to survive. An organisation has to protect its information but due to the distributed, networked environment of today, faces a difficult challenge; it has to implement a system of information security management. Software applications can provide significant assistance in managing information security. They can be used to provide for centralised feedback of information security related activities as well as for centralised configuration activities. Such an application can be used in enforcing compliance to the organisation’s information security policy document. Currently there are a number of software products that provide this function in varying measures. In this research the major players in this space were examined to identify the features commonly found in these systems, and where they were lacking in terms of affordability, flexibility and scalability. A framework for an information security management application was defined based on these features and requirements and incorporating the idea of being affordable, but still flexible and extendable. This shifted the focus from attempting to provide a comprehensive list of interfaces and measurements into general information security related activities, to focusing on providing a generic tool that could be customised to handle any information fed back to it. The measurements could then be custom-developed as per the needs of the organisation. This formed the basis on which the prototype information security management application (InfoSure) was developed.Prof. S.H. Solms
46
Peng, Cheng Jun, and 彭成鈞. "A healthcare information system with strengthened security." Thesis, 2009. http://ndltd.ncl.edu.tw/handle/10241896630944711096.
Full textAbstract:
碩士長庚大學
資訊管理學研究所
97
As a society of aging demographics comes, information and communication technologies applied to public healthcare are emerging. However, one issue of wireless networks and the internet is the relatively weak security. It is important to pay attention to the issue of protecting the privacy of personal data. This study proposes a healthcare system that satisfies the needs and enhances data security. The design aims to construct a healthcare system for satisfying both convenience and safety. The investigation of this thesis provides hospitals with an understanding on the benefits of this system. The investigation of this thesis further provides the general public with an understanding on the convenience and safety of the system. The system maintains the privacy of medical information and advocates immediate and sufficient healthcare.
47
ling, cheng kui, and 鄭桂凌. "ZigBee Information System for wireless home security." Thesis, 2007. http://ndltd.ncl.edu.tw/handle/83278071727485255557.
Full textAbstract:
碩士亞洲大學
資訊工程學系碩士班
95
ZigBee is one of application of wireless personal area network technology. The current protocol is IEEE 802.15.4, that is a Low-rate, Wireless Personal Area Network (LR-WPAN) structure. It has a number of specific features such us low rate, short distance, low power, structure simple, low cost, and small size. The research is to employ the advanced wireless transmission technology of ZigBee to transmit signal as well as to monitor and control the platform that whether will be activated or not. Should the events of fire alarm be trigged, carbon monoxide and fall occurs. In order to prevent the further damages in case of fire alarm, carbon monoxide and fall, ZigBee will be built as one of economic Home Safety Information System. The sensors that we adapted can be adjusted to meet the requirements of environment changes. With respect to transmit signals, we apply a current most challenge wireless technology to serve not only small group of researchers or new product seekers but all who want to know the convinence of and to acquire the wireless technology. The research in to advocate the low cast ZigBee technology. It’s ultimate goal is to reduce the cost of a ZigBee chip to one US dollar. It will no longer belong to the wealth people but to all who get used to the high price of 3C product, Therefore the ZigBee will then be easily accepted by the people who love and so does the whole world.
48
YAO, WEI-CHIEH, and 姚維杰. "IoT Service System Information Security Analysis Platform." Thesis, 2019. http://ndltd.ncl.edu.tw/handle/q27sn9.
Full textAbstract:
碩士崑山科技大學
資訊工程研究所
107
With the investment of developers and the industry, the Internet of Things has gradually developed applications. It plays a very important role in life management, environmental monitoring, car networking, home security and smart cities. The Internet of Things uses various things through the Internet. Linked to make it easier for people to access information and use more convenient services, and the information security of the Internet of Things is also closely followed. If the IoT system is attacked by information security, the attacker can not only peep into the user's habits. , location, personal data and images, and even the transmission of fake data may make the system make a wrong decision. Therefore, an information security detection platform for the Internet of Things service system will be developed. The detection platform is presented by the web interface, providing easy operation for non- information related background users and easy to interpret. The detection content is divided into three parts. First, the first part is on the Internet of Things service system. The IoT service system enables service scanning, which allows users to know whether the service system has additional information to open the communication and cause potential risks. The collected data can also provide the second part of analyzing SSL (Transport Layer Security Agreement Transport Layer) Security) credentials. The purpose of analyzing the SSL certificate is to check whether the IoT service system provides SSL encryption for verification. SSL is also called secure communication protocol. The network packet transmission can be encrypted through SSL, so that the transmitted content cannot be obtained even if it is intercepted. SSL encryption, the user's personal information, account number, password and credit card information will be easily intercepted during the transmission process. The third part is to do a weak point scan on the IoT service system, and provide information to the user service system about potential risks and repair methods.
49
Chou, Shin-I., and 周世益. "System Security Evaluating-based on Vulnerability Information." Thesis, 2008. http://ndltd.ncl.edu.tw/handle/24596483513137570117.
Full textAbstract:
碩士國防大學中正理工學院
資訊科學研究所
96
According to National Vulnerability Database, the statistics show that there are seventeen new vulnerabilities published per day. These vulnerabilities found in the operation systems and applications software may be exploited with those unknown attack methods. Users, therefore, have to maintain the latest information of vulnerabilities in order to prevent the systems from being attacked. The vulnerability information can also be used to evaluate the security of the software environments in the cases of constructing new systems via examining operation systems and applications. Our evaluation system can help the users propose the solutions against those potential threats. The information of the security vulnerabilities can be obtained by using our system to analyze the cases of the software combo on new host. Besides, our evaluation also provides other, such as the potential attack methods, the types of the vulnerabilities and the integrated evaluating results. With these, users can evaluate the different combos of the host software selection via comparing the advantages and disadvantages of the combos for choosing the most suitable one. Our evaluation system has another function to evaluate these constructed hosts. The generated evaluation reports can help users understand the vulnerabilities on and the potential risks to their hosts. With referring the information, users can adjust the security configurations of their hosts, deploy some network-security devices for the high risk hosts, and establish the more secure defense strategy. The main purpose of our research is in evaluating the security of the information systems for constructing and constructed hosts. Our evaluation system is based on the CVSS in NVD database and CVE database. The text mining techniques are also introduced for analyzing the host vulnerabilities leading to the potential risk scenarios. The evaluation results can help users in establishing the security policies in using systems, modifying the configurations of the systems, determining the patching orders of the critical vulnerabilities, selecting the suitable combo of new host, deploying the network security devices to improve the security of the information systems and reduce the risks of being attacked in the intranet or via internet.
50
Lei, Cheng-Chiu, and 雷誠久. "Information Security Management System for the Hospital." Thesis, 2007. http://ndltd.ncl.edu.tw/handle/3fyzjb.
Full textAbstract:
碩士國立東華大學
資訊工程學系
95
Digitalization jeopardizes information security wherever it is applied, and hospitals are not an exception. The information they possess is very personal, while the trust between the patient and the hospital is one basic factor for quality care. Therefore hospital information security and privacy are major issues that cannot be ignored. This research uses case study methods to observe and understand the information security management system of our research subject. We used a four point scoring survey that was developed on the basis of “ISO/IEC 27001”to develop models that could verify their information security management systems. Our research subject was the first hospital under the jurisdiction of the Department of Health and the first in Taiwan to receive an ISO/IEC 27001:2005 certificate. Therefore, their information security management is very good and can be viewed as a standard for others to follow. We have come up with some extremely constructive suggestions via our extensive research. These suggestions and experience will be presented to our hospital, provided to future researchers, and serve as reference for those that wish to use such a system.