Segui questo link per vedere altri tipi di pubblicazioni sul tema: Security threats.
Tesi sul tema "Security threats"
Cita una fonte nei formati APA, MLA, Chicago, Harvard e in molti altri stili
Vedi i top-50 saggi (tesi di laurea o di dottorato) per l'attività di ricerca sul tema "Security threats".
Accanto a ogni fonte nell'elenco di riferimenti c'è un pulsante "Aggiungi alla bibliografia". Premilo e genereremo automaticamente la citazione bibliografica dell'opera scelta nello stile citazionale di cui hai bisogno: APA, MLA, Harvard, Chicago, Vancouver ecc.
Puoi anche scaricare il testo completo della pubblicazione scientifica nel formato .pdf e leggere online l'abstract (il sommario) dell'opera se è presente nei metadati.
Vedi le tesi di molte aree scientifiche e compila una bibliografia corretta.
1
Olandersson, Sandra, e Jeanette Fredsson. "Threats in Information Security : Beyond technical solutions. - Using Threat Tree Analysis". Thesis, Blekinge Tekniska Högskola, Institutionen för programvaruteknik och datavetenskap, 2001. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-3829.
Testo completoAbstract (sommario):
To be able to protect an organisation's resources, it is important to understand what there is to protect and what to protect it from. The first step is to try to analyse the security threats that exist against an organisation's resources to explore the risks. Threats have to be identified, for the organisation to protect its resources and find where the optimal placement against threats is. This thesis analysis whether it is possible to obtain a Threat Tree Analysis that is useful for developing an information security policy for the municipality in Ronneby, using the SS 62 77 99-1 standard. A co-operation between the technical solutions and the administrative security is necessary to achieve information security, together with ordinary common sense. True, each of these can help improve security, but none of them is a complete solution. Security is not a product - it is a process. Threat trees form the basis of understanding that process. In this thesis, we have been using a qualitative method. The analysis method is a case study at the Social Department, at the municipality in Ronneby. Through interviews it has come us to hand, that the organisation has not established an information security policy which should give the code of practice for how the work of information security will pursue within the organisation. The organisation does neither use a model for structuring threats nor a method for collecting threats against information today. Through the structure of possible threats, the personnel generates an understanding of the organisation and takes active part finding adequate threats within the Social Department. As users understand the importance of security, how to use it, and where to report suspected violations, they can do a great deal to reduce the risk to loose information. Important to remember is that the education is an ongoing process, new users need training and trained users need reminding, especially when new technologies or processes are introduced. Thus, Threat Tree Analysis is useful for continuing towards developing an information security policy according to SS 62 77 99-1 standard.För att kunna skydda en organisations resurser är det viktigt att förstå vad organisationen behöver skydda och vad den ska skydda det ifrån. Det första steget är att analysera hot mot organisationens resurser för att uppskatta riskerna. Hot måste identifieras för att organisationen ska kunna skydda sina resurser och hitta den optimala placeringen av åtgärder mot hot. Denna uppsatsen undersöker om det är möjligt att skapa en hotträdsanalys som är användbar för skapandet av en informationssäkerhetspolicy för Ronneby kommun, genom att använda standarden SS 62 77 99-1. Vi betonar i uppsatsen att ett samarbete mellan existerande tekniska lösningar och administrativ säkerhet är nödvändigt för att uppnå informationssäkerhet. Visst kan var och en av dessa hjälpa till att förbättra säkerheten, men ingen av dem är ensam den kompletta lösningen. Säkerhet är inte en produkt - det är en process. Hotträd formar grunden för en förståelse av den processen. I denna uppsats har vi använt en kvalitativ metod. Analysmetoden är en fallstudie på Socialförvaltningen i Ronneby kommun. Genom intervjuer har vi fått fram att organisationen inte har etablerat en informationssäkerhetspolicy, vilken ska ge riktlinjer för hur säkerhetsarbetet ska fullföljas inom organisationen. Organisationen använder varken en modell för att identifiera hot mot information eller en metod för att strukturera hoten. Genom strukturen av möjliga hot, genererar personalen en förståelse för organisationen och tar aktivt del i att identifiera hot mot Socialförvaltningen. Detta medför att alla användare förstår hur viktigt det är med säkerhet, vart de ska rapportera misstänkta händelser och de kan göra mycket för att minska risken att förlora information. Det är viktigt att komma ihåg att utbildning är en pågående process, nya användare behöver utbildning och utbildade användare behöver vidareutbildning, speciellt när nya tekniker eller processer introduceras. Därför är hotträdsanalysen en användbar modell för arbetet mot att skapa en informationssäkerhetspolicy enligt standarden SS 62 77 99-1.
Sandra Olandersson Blåbärsvägen 27 372 38 RONNEBY 0457 / 12084 Jeanette Fredsson Villa Viola 372 36 RONNEBY 0457 / 26616
2
Mahmood, Faisal. "SIP Security Threats and Countermeasures". Thesis, Högskolan i Halmstad, Sektionen för Informationsvetenskap, Data– och Elektroteknik (IDE), 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-18126.
Testo completoAbstract (sommario):
With the emergence of multimedia applications and the upcoming age of Voice over IP (VoIP), Voice setup and resources control protocols such as SIP and H.323 over the Internet are becoming increasingly attractive applications. In the last few years as a real competitor in traditional telephony services (PSTN), SIP has gained much attention when compared with H.323. SIP works at presentation and application layer thus it mainly faces security issue at these layers. The objective of this thesis is to describe the most relevant SIP related security issues and then present security mechanisms that can be deployed to overcome the SIP security related issues. This project work demonstrates the tasks necessary to enhance the SIP security both inside and outside of the network. It is divided into three main parts, where the first part describes the SIP architecture, for example, the SIP rivals, SIP components and how a SIP system works. The second part is about some vulnerability issues of concern to SIP, study of the proposed security mechanism and also analysis on how possible threats to the SIP system such as call hijacking, message tempering and DoS attack, affect the SIP based VoIP system. The third and final part describes different steps that have been taken to avoid SIP attacks, by implementing some of the proposed security mechanisms. In order to test the SIP security, a SIP model is designed, which based on security mechanisms such as firewall, IPSec, DMZ and SIP-TLS. The results are conducted into two different scenarios. In the 1st scenario, the SIP system is tested before implementing the security measurements. In this case, the insecure system was vulnerable to several SIP attacks such as call hijacking, DOS and message tampering. In the 2nd scenario, the system is tested after the implementation of the proposed security mechanisms, where by the system now is only accessible to the authorized users and services. The tested results are also compared and discussed at the end.
3
Safdar, Naveed. "Internal security threats to Pakistan". Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2004. http://library.nps.navy.mil/uhtbin/hyperion/04Dec%5FSafdar.pdf.
Testo completoAbstract (sommario):
Thesis (M.A. in Security Studies (Security Building in Post-Conflict Environments))--Naval Postgraduate School, Dec. 2004.Thesis advisor(s): Robert E. Looney, Feroz Hassan Khan. Includes bibliographical references. Also available online.
4
Xu, Zhang. "Understanding Security Threats in Cloud". W&M ScholarWorks, 2016. https://scholarworks.wm.edu/etd/1477067957.
Testo completoAbstract (sommario):
As cloud computing has become a trend in the computing world, understanding its security concerns becomes essential for improving service quality and expanding business scale. This dissertation studies the security issues in a public cloud from three aspects. First, we investigate a new threat called power attack in the cloud. Second, we perform a systematical measurement on the public cloud to understand how cloud vendors react to existing security threats. Finally, we propose a novel technique to perform data reduction on audit data to improve system capacity, and hence helping to enhance security in cloud. In the power attack, we exploit various attack vectors in platform as a service (PaaS), infrastructure as a service (IaaS), and software as a service (SaaS) cloud environments. to demonstrate the feasibility of launching a power attack, we conduct series of testbed based experiments and data-center-level simulations. Moreover, we give a detailed analysis on how different power management methods could affect a power attack and how to mitigate such an attack. Our experimental results and analysis show that power attacks will pose a serious threat to modern data centers and should be taken into account while deploying new high-density servers and power management techniques. In the measurement study, we mainly investigate how cloud vendors have reacted to the co-residence threat inside the cloud, in terms of Virtual Machine (VM) placement, network management, and Virtual Private Cloud (VPC). Specifically, through intensive measurement probing, we first profile the dynamic environment of cloud instances inside the cloud. Then using real experiments, we quantify the impacts of VM placement and network management upon co-residence, respectively. Moreover, we explore VPC, which is a defensive service of Amazon EC2 for security enhancement, from the routing perspective. Advanced Persistent Threat (APT) is a serious cyber-threat, cloud vendors are seeking solutions to ``connect the suspicious dots'' across multiple activities. This requires ubiquitous system auditing for long period of time, which in turn causes overwhelmingly large amount of system audit logs. We propose a new approach that exploits the dependency among system events to reduce the number of log entries while still supporting high quality forensics analysis. In particular, we first propose an aggregation algorithm that preserves the event dependency in data reduction to ensure high quality of forensic analysis. Then we propose an aggressive reduction algorithm and exploit domain knowledge for further data reduction. We conduct a comprehensive evaluation on real world auditing systems using more than one-month log traces to validate the efficacy of our approach.
5
Cramer, Jane Kellett 1964. "National security panics : overestimating threats to national security". Thesis, Massachusetts Institute of Technology, 2002. http://hdl.handle.net/1721.1/8312.
Testo completoAbstract (sommario):
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Political Science, 2002.Includes bibliographical references (p. 415-427).
Three times in this century the US public has panicked with fear because of exaggerations of external threats to the nation. These panics peaked in 1950,1960, and 1980. Why did the U.S. markedly exaggerate the Soviet threat at these times? These periods of widespread public fear were "defining moments" when the US created confrontational and militarized containment policies. These panics ratcheted up the arms race tremendously between the US and the Soviet Union, and arguably these panics led to unnecessary confrontations and crises. In this study I test leading explanations of these cases--eight hypotheses drawn from three different perspectives. The Rational Perspective argues insufficient information and uncertainty about present and future capabilities and intentions causes overestimations. The Psychological Perspective argues cognitive errors could cause these overestimations (attribution theory and schema theory/analogical reasoning, tested here). The Domestic Politics Perspective argues oversell, logrolling, electoral politics and/or militarism causes public overestimations. Domestic Politics best explains the national misperceptions examined. In each case, the sources of the specific misperceptions examined were clearly rooted in domestic politics (1950: oversell and militarism; 1960 and 1980: electoral politics and militarism.) Uncertainty about the threat was found to be a significant contributing factor in 1950 (but not the source/elites did not unintentionally overestimate when the misperceptions first formed).
(cont.) Uncertainty was found to be a significant "permissive condition" for the misperceptions of 1960-but uncertainty was highest just after Sputnik in 1957, and sharply decreased by 1960, yet public fear increased and peaked in 1960. There was no significant uncertainty in the 1980 panic--uncertainty is not a necessary condition for panic. Psychological hypotheses were not detected playing a role in causing these panics. Leaders private deliberations were examined and did not exhibit the patterns of reasoning predicted by these theories (e.g. leaders were aware of provoking the threat). National misperceptions guide policy and shape many leaders' beliefs through "blowback" and psychological post hoc rationaliztion. These large, important misperceptions are rooted in domestic politics, while international relations scholars focus on psychological and rational reasons for misperceptions. The study of misperceptions in international relations needs to be re-oriented.
by Jane Kellett Cramer.
Ph.D.
6
Wullenweber, Emily Rose Stephens John D. "Biofuels the security threats of a security solution /". Chapel Hill, N.C. : University of North Carolina at Chapel Hill, 2008. http://dc.lib.unc.edu/u?/etd,2123.
Testo completoAbstract (sommario):
Thesis (M.A.)--University of North Carolina at Chapel Hill, 2008.Title from electronic title page (viewed Feb. 17, 2009). "... in partial fulfillment of the requirements for the degree of Master of Arts in the Department of Political Science, Concentration TransAtlantic Studies." Discipline: Political Science; Department/School: Political Science.
7
Byman, G. (Gabriel). "Connected devices:security threats vs. implemented security". Bachelor's thesis, University of Oulu, 2017. http://urn.fi/URN:NBN:fi:oulu-201704111464.
Testo completoAbstract (sommario):
The aim of this thesis was to research connected devices security threats in comparison to mitigating security solutions. Furthermore, a focused case study of a real world connected devices, an Activity Tracker, was selected to explore and analyze its implemented security solutions. In order to give a wider perspective of connected devices an analysis of connected device categorization was investigated along with other impacting factor. From the viewpoint of security threats and solutions the connected devices categorizations were abstracted to consumer, business, and government market sectors. A key factor, which additionally plays a role in a connected device selected and implemented security solution, is the selling price point. Security principles and threat identification methods were introduced as a foundation from which security threats can be defined. The security principles of confidentiality, authentication, integrity, availability, and non-repudiation are examined. While attack trees and threat modeling, in particular STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege), is introduced for threat identification. The introduction of security solutions starts with a connected devices ecosystem breakdown into the overarching elements of security. Then the enablers of security are established as secure boot, identification, authentication, secure communicators, data security, intrusion prevention, security monitoring, secure updates and secure hardware. The case study considers the relevant security threats of the Activity Tracker and its ecosystem. Followed by selected security feature tests of the Activity Tracker and its Bluetooth communication channel to a mobile phone. The results show that implemented security often is unable to address all security threats. However, the connected device manufactures may balance the possible threat risks to the cost of implementing a security solution by gauging the threat to be acceptable in relationship to its impactTämän opinnäytetyön tavoitteena oli selvittää verkottuneiden laitteiden turvallisuusuhkia ja verrata niitä saatavilla oleviin turvallisuusratkaisuihin. Olemassa olevista kytketyistä laitteista valittiin tarkasteluun yhden valmistajan aktiivisuusmittari, jonka turvallisuusratkaisut tutkittiin ja analysoitiin. Verkottuneet laitteet luokiteltiin vaikuttavan tekijän mukaan, jotta saatiin laajempi näkemys laitteista. Verkottuneiden laitteiden luokittelu jaoteltiin turvallisuusuhkien ja -ratkaisujen näkökulmasta kuluttajien, yritysten ja valtion markkinasektoreihin. Keskeinen tekijä valitun laitteen tietoturvaratkaisuun on laitteen myyntihinta. Tietoturvallisuuden ja tietoturvauhkien määrittelymetodit muodostavat perustan, josta turvallisuusuhkat voidaan määritellä. Tietoturvauhkia voitiin määritellä käyttämällä tietoturvan periaatteita ja uhkien tunnistamisen menetelmiä. Valitusta laitteesta tutkitaan tietoturvaperiaatteet luottamuksellisuuden, todennuksen, eheyden, saatavuuden ja kiistämättömyyden osalta. Uhan tunnistaminen otetaan käyttöön säännöllisessä STRIDEssa (Spoofing = väärentäminen, Tampering = manipulointi, Repudiation = torjuminen, Information Disclosure = tiedon julkistaminen, Denial of Service = palvelun esto ja Elevation of Privilege = käyttöoikeuksien luvaton laajentaminen). Tietoturvaratkaisujen johdanto alkaa luokittelemalla verkottuneiden laitteiden ekosysteemit kattavasti turvallisuuteen liittyviin tekijöihin. Turvallisuuden mahdollistavat suojattu käynnistys, tunnistaminen, todentaminen, suojatut yhteydet, tietoturva, tunkeutumisen esto, turvallisuuden seuranta, turvallisuuspäivitykset sekä suojattu laitteisto. Tutkimus käsittelee aktiivisuusmittarin ja sen ekosysteemin merkityksellisiä tietoturvauhkia. Valitut turvallisuusominaisuudet aktiivisuusmittarin ja älypuhelimen välisestä bluetooth-yhteydestä testattiin. Tulokset osoittavat, että käytetty turvallisuusratkaisu ei usein pysty käsittelemään kaikkia turvallisuusuhkia. Kuitenkin verkottuneiden laitteiden valmistajat voivat tasapainoilla mahdollisten uhkiin liittyvien riskien ja käytetyn turvallisuusratkaisun kustannusten välillä suhteuttamalla uhkan riskit ja vaikutukset
8
Biswas, Kamanashis, e Md Liakat Ali. "Security Threats in Mobile Ad Hoc Network". Thesis, Blekinge Tekniska Högskola, Avdelningen för för interaktion och systemdesign, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-5926.
Testo completoAbstract (sommario):
Mobile Ad Hoc Network (MANET) is a collection of communication devices or nodes that wish to communicate without any fixed infrastructure and pre-determined organization of available links. The nodes in MANET themselves are responsible for dynamically discovering other nodes to communicate. Although the ongoing trend is to adopt ad hoc networks for commercial uses due to their certain unique properties, the main challenge is the vulnerability to security attacks. A number of challenges like open peer-to-peer network architecture, stringent resource constraints, shared wireless medium, dynamic network topology etc. are posed in MANET. As MANET is quickly spreading for the property of its capability in forming temporary network without the aid of any established infrastructure or centralized administration, security challenges has become a primary concern to provide secure communication. In this thesis, we identify the existent security threats an ad hoc network faces, the security services required to be achieved and the countermeasures for attacks in each layer. To accomplish our goal, we have done literature survey in gathering information related to various types of attacks and solutions, as well as we have made comparative study to address the threats in different layers. Finally, we have identified the challenges and proposed solutions to overcome them. In our study, we have found that necessity of secure routing protocol is still a burning question. There is no general algorithm that suits well against the most commonly known attacks such as wormhole, rushing attack etc. In conclusion, we focus on the findings and future works which may be interesting for the researchers like robust key management, trust based systems, data security in different layer etc. However, in short, we can say that the complete security solution requires the prevention, detection and reaction mechanisms applied in MANET.
9
Zakharov, I. "Threats to information security of the enterprise". Thesis, Видавництво СумДУ, 2009. http://essuir.sumdu.edu.ua/handle/123456789/7954.
Testo completoAbstract (sommario):
Inalienable part of the new economy is information technologies (IT) introduction and application in the all spheres of human activity.
The permanent improvement of present information-communication technologies (ICT) and their application expansion are the part of strategic decisions and operative tasks for enterprises. But enterprises must spare enough attention for all aspects of the ICT-use, in order to know about the threats information safety in time. Insufficient attention to this problem often creates barriers for the effective development of the whole business and information infrastructure work in particular.
When you are citing the document, use the following link http://essuir.sumdu.edu.ua/handle/123456789/7954
10
Gong, Xuwei. "Security Threats and Countermeasures for Connected Vehicles". Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-259494.
Testo completoAbstract (sommario):
With the rapid development of connected vehicles, automotive security has become one of the most important topics. To study how to protect the security of vehicle communication, we analyze potential threats for connected vehicles and discuss countermeasures to mitigate these threats. In this thesis, we examine 25 services that connected vehicles can provide. Entities, connections, and message flows in these services are investigated and synthesized into a vehicle network structure. The 25 services are divided into six use cases including: infotainment service, remote monitoring, device control, Vehicle-toeverything (V2X), diagnostics service, and in-vehicle Intrusion Detection System (IDS). We establish communication models for these use cases and analyze the potential threats based on Confidentiality, Integrity and Availability (CIA) criteria. We discuss possible countermeasures that can mitigate these threats based on existing network security techniques. Each alternative countermeasure’s advantages and limitations are presented. To filter possible attacks, we investigate and design firewalls in four components of a vehicle: Dedicated Short-Range Communications (DSRC) module, gateway, Telematic Control Unit (TCU), and Human-Machine Interface (HMI). We also simulate a firewall for an HMI application by building a communication model in Python.Med den snabba utvecklingen av anslutna fordon har bilsäkerhet blivit ett av de viktigaste ämnena. För att studera hur man skyddar säkerheten för fordonskommunikation analyserar vi potentiella hot mot anslutna fordon och diskuterar motåtgärder för att mildra dessa hot. I denna avhandling undersöker vi 25 tjänster som anslutna fordon kan tillhandahålla. Entiteter, anslutningar och meddelandeflöden i dessa tjänster undersöks och syntetiseras i en fordonsnätverksstruktur. De 25 tjänsterna är indelade i sex användarvägar, inklusive: infotainment service, fjärrövervakning, enhetskontroll, Fordon-tillallt (V2X), diagnostikservice och IDS-system (Intrusion Detection System). Vi etablerar kommunikationsmodeller för dessa användningsfall och analyserar de potentiella hot som baseras på CIA-kriterier (Confidentiality, Integrity and Availability). Vi diskuterar eventuella motåtgärder som kan mildra dessa hot baserat på befintliga nätverkssäkerhetstekniker. Varje alternativ motåtgärds fördelar och begränsningar presenteras. För att filtrera eventuella attacker undersöker vi och utformar brandväggar i fyra delar av ett fordon: Dedicated Short-Range Communications (DSRC) -modul, gateway, Telematic Control Unit (TCU) och Human Machine Interface (HMI). Vi simulerar också en brandvägg för en HMI-applikation genom att bygga en kommunikationsmodell i Python.
11
Frauenstein, Edwin Donald. "A framework to mitigate phishing threats". Thesis, Nelson Mandela Metropolitan University, 2013. http://hdl.handle.net/10948/d1021208.
Testo completoAbstract (sommario):
We live today in the information age with users being able to access and share information freely by using both personal computers and their handheld devices. This, in turn, has been made possible by the Internet. However, this poses security risks as attempts are made to use this same environment in order to compromise the confidentiality, integrity and availability of information. Accordingly, there is an urgent need for users and organisations to protect their information resources from agents posing a security threat. Organisations typically spend large amounts of money as well as dedicating resources to improve their technological defences against general security threats. However, the agents posing these threats are adopting social engineering techniques in order to bypass the technical measures which organisations are putting in place. These social engineering techniques are often effective because they target human behaviour, something which the majority of researchers believe is a far easier alternative than hacking information systems. As such, phishing effectively makes use of a combination of social engineering techniques which involve crafty technical emails and website designs which gain the trust of their victims. Within an organisational context, there are a number of areas which phishers exploit. These areas include human factors, organisational aspects and technological controls. Ironically, these same areas serve simultaneously as security measures against phishing attacks. However, each of these three areas mentioned above are characterised by gaps which arise as a result of human involvement. As a result, the current approach to mitigating phishing threats comprises a single-layer defence model only. However, this study proposes a holistic model which integrates each of these three areas by strengthening the human element in each of these areas by means of a security awareness, training and education programme.
12
Lambe, Erik. "Information Security Culture and Threat Perception : Comprehension and awareness of latent threats in organisational settings concerned with information security". Thesis, Uppsala universitet, Statsvetenskapliga institutionen, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-352263.
Testo completoAbstract (sommario):
A new challenge for organisations in the 21st century is how they should ensure information security in a time and environment where the widespread use of Information Communication Technologies (ICTs), such as smartphones, means that information has been made vulnerable in numerous new ways. Recent research on information security has focused on information security culture and how to successfully communicate security standards within an organisation. This study aims to examine how latent threats to information security are conceptualised and examined within an organisation in which information security is important. Since threats posed by ICTs are said to be latent, this study wishes to explore in what ways an inclusion of threat conceptualisation can have in understanding what constitutes an efficacious information security culture when the intention is to ensure information security. The study focuses on the Swedish armed forces, and compare how threats to information security posed by interaction with private ICTs are communicated in information security policies and how they are conceptualised by the members of the organisation. Through interviews conducted with service members, the findings of this study indicate that it is possible to successfully communicate the contents of information security policies without mandating the members of the organisation to read the sources themselves. Furthermore, the study identified a feature of information security culture, in this paper called supererogatory vigilance to threats to information security, which might be of interest for future studies in this area, since it offers adaptive protection to new threats to information security that goes beyond what the established sources protects against.
13
Bailey, Daniel A. "Communicating homeland security threats government and public efforts". Thesis, Monterey, California. Naval Postgraduate School, 2010. http://hdl.handle.net/10945/5040.
Testo completoAbstract (sommario):
Approved for public release; distribution is unlimitedThe Department of Homeland Security (DHS) is widely criticized for poor performance, and much of its problem stems from its poor performance in public communications. DHS has not been able to earn the respect of the public and local officials, and that means that many Americans are not paying attention to important threat warnings and security based exercises. This ultimately means our homeland security is suffering and American citizens remain vulnerable to future terror attacks. This research project considers the public communication efforts of the Department of Homeland Security (DHS) by analyzing how both the Homeland Security Advisory System (HSAS) and National Exercise Program (NEP) continually fall short of effectively communicating security threats and warnings to the American public. By looking at two of its highest profile projects, HSAS and NEP, we see that the problems are largely the result of DHS taking too much of a top-down, federal approach. This thesis will argue that the highly centralized management and execution of both the HSAS and NEP fail to convey the importance of federal efforts to local levels of government and American citizens. This thesis will be a comparative case study of these two programs. I find that both programs are useful and necessary, but both can be improved by decentralizing the national exercise framework and communication efforts to local level officials who can better tailor information and response efforts pertinent to their communities. As the most important component of disaster relief and response, local level officials, who are typically overshadowed by national level personnel, can more effectively utilize federal exercise money and communicate threats the American public than DHS personnel can.
14
Suvor, John. "Diversity Visa Lottery: Threats to U.S. National Security". ScholarWorks, 2015. http://scholarworks.waldenu.edu/dissertations/1302.
Testo completoAbstract (sommario):
The diversity visa (DV) lottery was created as part of a larger immigration bill in 1990 in order to diversify an immigrant pool that has favored Asian and Hispanic immigrants since the passage of the Immigration and Nationality Act of 1965. Traditional research on the national security ramifications of immigration policy has focused on highly publicized issues, such as illegal immigration and asylum and amnesty programs, to the exclusion of the risks of fraud and terrorism inherent in the DV lottery. The purpose of this qualitative single case study was to explore the national security vulnerabilities of the DV lottery. Open-ended interviews were conducted with a snowball sample of 10 foreign service officers who adjudicate lottery visas for U.S. immigration from nations designated as state sponsors of terror. Guided by the framework of systems theory and the theory of constraints, content analysis was employed to reveal patterns and themes in the data. The findings were consonant with the framework, revealing the barriers and vulnerabilities of the DV lottery. Other findings showed both that the DV lottery has a negative impact on U.S. national security and fraud remains a serious concern, and yet there was no consensus on the scope and origin of potential terrorist threats. Recommendations include increasing collaboration and integration among agencies implementing the DV lottery, developing information-sharing agreements with other countries, and taking measures to eliminate fraud. The implications for social change include informing the public, immigration agencies, academics, and policy makers about the vulnerability of the DV lottery to fraud and misrepresentation; enhancing the debate about balancing immigration policies and national security; and possibly ending the DV lottery.
15
Tesfay, Kibrom Gebregziabher. "Threats to and alternatives for financing Social Security". Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2003. http://library.nps.navy.mil/uhtbin/hyperion-image/03Dec%5FTesfay.pdf.
Testo completo
16
Inci, Mehmet Sinan. "Micro-architectural Threats to Modern Computing Systems". Digital WPI, 2019. https://digitalcommons.wpi.edu/etd-dissertations/528.
Testo completoAbstract (sommario):
With the abundance of cheap computing power and high-speed internet, cloud and mobile computing replaced traditional computers. As computing models evolved, newer CPUs were fitted with additional cores and larger caches to accommodate run multiple processes concurrently. In direct relation to these changes, shared hardware resources emerged and became a source of side-channel leakage. Although side-channel attacks have been known for a long time, these changes made them practical on shared hardware systems. In addition to side-channels, concurrent execution also opened the door to practical quality of service attacks (QoS). The goal of this dissertation is to identify side-channel leakages and architectural bottlenecks on modern computing systems and introduce exploits. To that end, we introduce side-channel attacks on cloud systems to recover sensitive information such as code execution, software identity as well as cryptographic secrets. Moreover, we introduce a hard to detect QoS attack that can cause over 90+\% slowdown. We demonstrate our attack by designing an Android app that causes degradation via memory bus locking. While practical and quite powerful, mounting side-channel attacks is akin to listening on a private conversation in a crowded train station. Significant manual labor is required to de-noise and synchronizes the leakage trace and extract features. With this motivation, we apply machine learning (ML) to automate and scale the data analysis. We show that classical machine learning methods, as well as more complicated convolutional neural networks (CNN), can be trained to extract useful information from side-channel leakage trace. Finally, we propose the DeepCloak framework as a countermeasure against side-channel attacks. We argue that by exploiting adversarial learning (AL), an inherent weakness of ML, as a defensive tool against side-channel attacks, we can cloak side-channel trace of a process. With DeepCloak, we show that it is possible to trick highly accurate (99+\% accuracy) CNN classifiers. Moreover, we investigate defenses against AL to determine if an attacker can protect itself from DeepCloak by applying adversarial re-training and defensive distillation. We show that even in the presence of an intelligent adversary that employs such techniques, DeepCloak still succeeds.
17
Malec, Mieczyslaw. "Security perception : within and beyond the traditional approach /". Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2003. http://library.nps.navy.mil/uhtbin/hyperion-image/03Jun%5FMalec.pdf.
Testo completoAbstract (sommario):
Thesis (M.A. in National Security Affairs)--Naval Postgraduate School, June 2003.Thesis advisor(s): Jeffrey Knopf, Boris Keyser. Includes bibliographical references (p. 69-73). Also available online.
18
Moore, Alan G. "Southwest Hispanic community - the absence of homeland security threats". Thesis, Monterey, California. Naval Postgraduate School, 2012. http://hdl.handle.net/10945/27874.
Testo completoAbstract (sommario):
CHDS State/LocalThreats of terrorism and insurgency along the Southwest border are typically supported by anecdotal evidence rather than objective assessments of such threats, which limit the ability to appropriately address issues related to homeland security, such as immigration enforcement and border security. This thesis provides an objective assessment of the potential for terrorist and insurgent threats to emanate from within the Southwest Hispanic Community by reviewing the status of and pressures upon the community using Social Identity Theory and Resource Mobilization Theory. Data indicates that Hispanics in the Southwest typically experience greater disparities in sociocultural, economic, and political conditions due to regional ethnic concentration. External and internal pressures, represented by immigration policy and mandates for language usage, also have greater impact upon the community. Social Identity Theory provides a means for understanding why social movement form, while Resource Mobilization Theory provides insight into how movements are created. The potential for radicalization is also examined to determine if violent movements can develop from otherwise nonviolent movements or communities. Despite disparities and significant pressure, the conclusion is that there are no current homeland security threats of terrorism or insurgency and the adoption of omnicultural policies can further reduce what limited potential may exist.
19
Elder, James R. "Interactive visualisation for the discovery of cyber security threats". Thesis, University of Surrey, 2017. http://epubs.surrey.ac.uk/842460/.
Testo completoAbstract (sommario):
Cyber security threat detection is the process of identifying anomalous and frequent patterns within related datasets. This is currently a highly labour intensive task using signatures created from previous knowledge and manual exploration, limiting the identification of novel attacks. This thesis proposes a visual analytics solution, combining data mining and visualisation methodologies, in order to overcome these limitations. The first contribution is an anomaly detection algorithm, entitled Discovering Anomalous Terms Using Mining (DATUM), combining frequent itemset mining with a variation of Term Frequency Inverse Document Frequency (TFIDF). By modifying the TFIDF algorithm to consider feature distribution and integrating with the Find Frequent Pattern Outlier Factor (FindFPOF) anomalous record detection algorithm, anomalous patterns are automatically discovered. The results show that DATUM reduces both the number of false positives without loss of anomaly detection accuracy and the sensitivity of the FindFPOF algorithm to its initialisation parameters. The second contribution is a tool entitled Interactive Visual Analytics for Cyber Security (IVACS), combining interval based frequent itemset mining to automatically identify frequent patterns without the use of signatures. Furthermore, interactive, cross-linked visualisations present the temporal evolution of these patterns from varying perspectives, optimised for different discovery tasks. IVACS has been validated through user testing, to provide automated discovery of novel attacks and a reduction in labour for the user. The final contribution is Force Directed Aggregated Parallel Coordinates (FDAPC), for the automation of cluster identification and visual clutter reduction. FDAPC models the inter-axis line segments as springs connected to axis ticks as nodes, applying a Hooke's law algorithm in order to optimise node locations through minimisation of the total system energy. Multiple case studies demonstrate that FDAPC automatically uncovers patterns within large datasets and usability testing has shown benefits to an analyst when compared to classical parallel coordinates.
20
Gao, Xing. "Investigating Emerging Security Threats in Clouds and Data Centers". W&M ScholarWorks, 2018. https://scholarworks.wm.edu/etd/1550153840.
Testo completoAbstract (sommario):
Data centers have been growing rapidly in recent years to meet the surging demand of cloud services. However, the expanding scale of a data center also brings new security threats. This dissertation studies emerging security issues in clouds and data centers from different aspects, including low-level cooling infrastructures and different virtualization techniques such as container and virtual machine (VM). We first unveil a new vulnerability called reduced cooling redundancy that might be exploited to launch thermal attacks, resulting in severely worsened thermal conditions in a data center. Such a vulnerability is caused by the wide adoption of aggressive cooling energy saving policies. We conduct thermal measurements and uncover effective thermal attack vectors at the server, rack, and data center levels. We also present damage assessments of thermal attacks. Our results demonstrate that thermal attacks can negatively impact the thermal conditions and reliability of victim servers, significantly raise the cooling cost, and even lead to cooling failures. Finally, we propose effective defenses to mitigate thermal attacks. We then perform a systematic study to understand the security implications of the information leakage in multi-tenancy container cloud services. Due to the incomplete implementation of system resource isolation mechanisms in the Linux kernel, a spectrum of system-wide host information is exposed to the containers, including host-system state information and individual process execution information. By exploiting such leaked host information, malicious adversaries can easily launch advanced attacks that can seriously affect the reliability of cloud services. Additionally, we discuss the root causes of the containers' information leakage and propose a two-stage defense approach. The experimental results show that our defense is effective and incurs trivial performance overhead. Finally, we investigate security issues in the existing VM live migration approaches, especially the post-copy approach. While the entire live migration process relies upon reliable TCP connectivity for the transfer of the VM state, we demonstrate that the loss of TCP reliability leads to VM live migration failure. By intentionally aborting the TCP connection, attackers can cause unrecoverable memory inconsistency for post-copy, significantly increase service downtime, and degrade the running VM's performance. From the offensive side, we present detailed techniques to reset the migration connection under heavy networking traffic. From the defensive side, we also propose effective protection to secure the live migration procedure.
21
Webb, Kenneth G. "Managing asymmetric threats to national security - terrorist information operations". Thesis, Edith Cowan University, Research Online, Perth, Western Australia, 2007. https://ro.ecu.edu.au/theses/284.
Testo completoAbstract (sommario):
To determine an appropriate methodological approach for managing asymmetric threats to national security, this study investigates factors affecting Australia's national security from the information operations of terrorist groups and their use of such to conduct Information warfare. This is because personal observations and discussion with those operating In the national security arena alert to the need for research into this area. The reasoning examined provides the merit and purpose for conducting the research, and support from a myriad of parties allows it happen. This research's fundamental concept is the social constructs of meaning from interview participants using a constructivist ontology, interpretlvlst epistemology and qualitative approach paradigm. Selection of the constructivist ontology occurs due to the research aim and for understanding the perceptions of interview participants. The interpretivist approach gives the framework for interpreting meaning of the perceptions in an appropriate context and a qualitative approach using soft systems methodology allows this to happen.
22
Reichling, Peter, P. G. Pererva e T. V. Romanchik. "Determination of the essence of the economic security of the country". Thesis, Національний технічний університет "Харківський політехнічний інститут", 2018. http://repository.kpi.kharkov.ua/handle/KhPI-Press/39581.
Testo completoAbstract (sommario):
The study of existing approaches to the definition of the state’s economic security has allowed us to suggest that the state’s economic security is a state of the state’s economy, for which sustainable and scientifically based methods have been created to neutralize the negative impact of internal and external threats, the necessary conditions are created for the state’s sustainable socio-economic development economic interests and improving the welfare of citizens.
23
Mabanga, Silingile Portia. "South Africa's official external threat perceptions : 1994-2012". Diss., University of Pretoria, 2013. http://hdl.handle.net/2263/43680.
Testo completoAbstract (sommario):
The aim of this study is to analyse and critically assess the nature, scope and basis of South Africa‟s official external threat perception as it developed during the period from 1994 to 2012. Accordingly, the assessment allows for the identification of shortcomings in the current national security policy on external security threats, based on the alignment of external threat perceptions with the Government Programme of Action. Essentially what had to be determined is whether perceived official threats correspond with the actual situation. Accordingly, the main research question of the study is: What is the nature, scope and basis of the post-1994 official external threat perception of South Africa? The research problem generated four subsidiary questions: When does a security issue become a national threat? What types of threat are there? How does the South African government perceive these threats? And whose security is threatened?
In responding to the main research questions, the study‟s findings note a change in perceptions during the post-Cold War era as to what constituted threats to security. The focus shifted from traditional to non-traditional threats to national security, because most current threats are non-military and transnational in nature. The analysis of South Africa‟s official external threat perception is informed by the changed views of Government towards what are considered the main threats to national security. The study concludes with key findings in response to the stated problem and with specific recommendations. The study confirmed that the nature of threats and security debates post-1994 have changed constantly with the expansion of the security agenda beyond state and military security. The official viewpoint is that South Africa at present is not faced with any military threats. Emphasis is currently placed on human beings as the main object of security. Most identified threats are transnational in nature and these relate to the illegal flow of immigrants, terrorism, organised
crime, climate change (linked to food and water security), regional instability and other socio-economic threats. These threats are being perceived and articulated by Government through policy announcements and public speeches, also validated in the critical analysis of various scholars.
The concept of non-traditional threats still lacks a commonly accepted definition; hence the study proposes the need for South Africa to define and outline non-military security threats in a comprehensive manner, preferably through the development of a South African External Threat Perception Framework. Developing such a framework will assist security agencies (such as analysts) and other stakeholders in providing advice and guidance to Government in identifying external security threats. This initiative could eliminate the abuse of power by various stakeholders in securitising any issue as a threat to national security, and instead divert those resources to other Government services. Provision should also be made in the form of policy initiatives on the role of military force and other agencies in addressing non-military security threats. Thus, the development of key elements of an integrated national security strategy in order to address external security issues and threats is essential.Dissertation (MSecurity Studies)--University of Pretoria, 2013.
gm2015
Political Sciences
MSecurity Studies
Unrestricted
24
Ashby, Paul. "NAFTA-land security : the Mérida Initiative, transnational threats, and U.S. security projection in Mexico". Thesis, University of Kent, 2015. https://kar.kent.ac.uk/48367/.
Testo completoAbstract (sommario):
This thesis explores recent U.S. bilateral aid to Mexico through the Mérida Initiative (MI), a $2.3 billion assistance commitment on the part of the United States (U.S.) officially justified as helping Mexico build its capacity to take on violent drug cartels and thereby improve security in both countries. There has been a good amount of engaging work on the MI. However this extant literature has not undertaken detailed policy analysis of the aid programme, leading to conclusions that it is a fresh approach to the Mexican counternarcotics (CN) challenge, or that CN is a ‘fig leaf’ for the U.S. to pursue other ‘real’ goals. This is a core gap in the literature this project seeks to fill. Through policy analysis, I make an empirically supported argument that Mérida is a component of a far more ambitious policy agenda to regionalise security with Mexico more generally. This involves stabilising Mexico itself, not least in response to serious drug-related violence. However the U.S. also aims to improve its own security by giving greater ‘depth’ to its borders, and seeks protect the political economy of the North American Free Trade Agreement (NAFTA) from variegated security threats. In this way, recent U.S. policy in Mexico is both derivative of its wider grand strategic traditions in stabilising key political economies in line with its interests, and representative of some distinct developments stemming from the deeply integrated U.S.-Mexican economy as part of NAFTA. To assure U.S. interests accrued to it through the increasingly holistic North American economy, the U.S. has used the MI as the main vehicle in the construction of a nascent ‘NAFTA-land Security’ framework.
25
Catrantzos, Nicholas. "No dark corners defending against insider threats to critical infrastructure /". Thesis, Monterey, California : Naval Postgraduate School, 2009. http://edocs.nps.edu/npspubs/scholarly/theses/2009/Sep/09Sep%5FCatrantzos.pdf.
Testo completoAbstract (sommario):
Thesis (M.A. in Security Studies (Homeland Security and Defense))--Naval Postgraduate School, September 2009.Thesis Advisor(s): Tucker, David. "September 2009." Description based on title screen as viewed on November 03, 2009. Author(s) subject terms: Critical infrastructure protection, insider threat, trust betrayers, infiltrators, disgruntled insiders, Defensible Space, Fixing Broken Windows, employee engagement, No Dark Corners. Includes bibliographical references (p. 85-88). Also available in print.
26
Musayev, Namig. "Analysis of Security Threats for Offshore Oil&Gas Installations". Master's thesis, Alma Mater Studiorum - Università di Bologna, 2020.
Cerca il testo completoAbstract (sommario):
Offshore oil & gas operations are a key part of the supply of energy in many countries. Worldwide, about a third of the oil is produced offshore and, in Europe, more than 80% of the current oil and gas production takes place offshore. In spite of their location, which makes them inherently more difficult to reach, offshore oil and gas installations are susceptible to security-threatening external agents. The attractiveness is linked to the high amount of hazardous substances handled, the socio-political location of the target installations, and the possibility of obtaining proprietary information important for the business. Besides the direct outcomes of an attack in terms of casualties and loss of production, the potential for the release of large quantities of hazardous materials as a result of an intentional attack, defines scenarios of damage to people, environment and assets comparable to the outcomes of major accidents originating from safety-related causes. In the present study, in order to gain insights on the issue, a database of 2222 security-related events was developed and analysed. Itemized categories used to classify the events by industrial sector, security threats, attack modes, and final scenarios triggered by the intentional attacks, were defined and correlations among them were investigated using descriptive statistics and Multi Correspondence Analysis (MCA). A subset of 99 events strictly related to offshore oil & gas production operations was further analysed, allowing the development of fishbone diagrams showing attack patterns performed by the attackers, as well as bow-tie diagrams displaying the role of security barriers and the physical scenarios triggered by such attacks. Overall, the results point out the concreteness of security-related events in the offshore oil & gas industry and provide baseline information useful for the application of techniques addressing the management of security risks in industrial installations.
27
Jaziri, Stenberg Jasmin. "Realism and new threats : an analysis of Israel's security policy". Thesis, Linnéuniversitetet, Institutionen för samhällsvetenskaper, SV, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-21341.
Testo completoAbstract (sommario):
This essay takes a look at Israel's security policy and the definition of threat as a major factor in building up the security policies. This essay brings up also the problems of having a realist way of acting towards a more constructivist problem, as it is in this case. To understand better the constructivist context an analysis of Israel's security policy and a research of its roots are made as well as how Palestine Liberation Organization (PLO), Hamas and Hezbollah are seen as threats to the Israeli state security. The aim is to look at the problem and at the basis of the foundation of both the organizations and Israel. From there, the conclusion takes its essence. In fact. what come forward are the social structures that created the infrastructures and this phenomenon is the root of the problem and not just the balance of power, which tends to come from a more bipolar problem thinking. This means that this problem might be easier to please with a more constructivist way of thinking and of looking at the problem to be able to think of solving it.
28
Walton, James Calder. "British intelligence and threats to national security, c.1941-1951". Thesis, University of Cambridge, 2007. https://www.repository.cam.ac.uk/handle/1810/226671.
Testo completoAbstract (sommario):
This dissertation studies the way that Britain's intelligence services changed priorities from the Second World War to the early Cold War. It stretches from the point when the Soviet Union entered the Second World War as Britain's ally in 1941, to the moment a decade later in 1951, when the Cold War had set in and Moscow was the bitter enemy of the west. Using recently declassified Security Service (MIS) records, it examines how Britain's intelligence services met the massive transition from World War to Cold War. It reveals a variety of subjects previously undocumented in the secondary historical literature, such as MIS's concerns after the Second World War with terrorism emanating from the Middle East. The dissertation is an attempt to rescue intelligence from historical obscurity and place it in its justified position: as a central component in the process of political decision-making in Britain. As well as offering new historical insights, it provides useful lessons for governments and intelligence agencies at the start of the twenty-first century. The dissertation shows that many of the issues facing intelligence agencies at the start of the twenty-first century were, in fact, faced by the British intelligence community half a century ago.
29
Stieper, Erica Marie. "The Discursive Construction of National Security Threats from 2001-2018". Thesis, Virginia Tech, 2018. http://hdl.handle.net/10919/83827.
Testo completoAbstract (sommario):
This thesis seeks to explain the discursive construction of national security threats facing the United States from 2001-2018. The driving argument is that the nation's perception of threats and conceptualization of itself are vulnerable to Presidential rhetoric. Presidents convey threats through rhetorical frameworks, a simplified means to present a manipulated perception of reality to a wider audience, which intentionally provoke reactions from the nation to garner consensus towards executive decision-making. Presidents apply frames from prior administrations as well as new frames to define adverse states, organizations, groups of people, etc., and to justify disciplinary practices, military action, or policy implementation against threats. Primarily, they portray threats as the binary opposite of the American national identity to reinforce the country's legitimacy in national security decision-making. This discourse influences how the public internalizes major issues facing the nation and triggers emotions that can either unite or divide the national identity. This research maps variation among the rhetorical frameworks and strategies of President George W. Bush, President Barack Obama, and President Donald J. Trump to evaluate: how national security threats are constructed, how the nation interprets threats, and the resulting social and political effects.Master of Arts
30
Heppelmann, Andrew R. "The implication of emerging security threats on civil-military relations /". (Requires Adobe Acrobat Reader), 2001. http://stinet.dtic.mil/str/tr4%5Ffields.html.
Testo completo
31
Klykova, Ekaterina. "Security in International Relations: International cooperation to prevent non-states threats". Master's thesis, Vysoká škola ekonomická v Praze, 2012. http://www.nusl.cz/ntk/nusl-197216.
Testo completoAbstract (sommario):
Thesis is focusing on the analysis of the situation in Syria in the period since 2011 till present times. First part will present main theoretical thoughts on the international security such as Realist school, Liberalist school, Human and Collective security concepts and the most modern theoretical school of security- Copenhagen school. That was done in case to have a clear notion of the international security development and to chose the one theory which will reflect the best the situation in Syria. In the practical part I analyzing the actions and inter actions of the main international security actors, such as United Nations plus important actors in the region of the Middle East -- Arab League, and of course Syrian government and opposition. Also I will try to apply Copenhagen school of Security on the Syrian situation and to find out if that theory is good or not for that kind of analysis. After browsing actions taken by actors and opposition in the conclusion I found out that nowadays international security system cannot be called very successful and that Copenhagen school of Security its good explanatory theory but it pretty useless in case of conflict resolution.
32
Quesinberry, Malora. "An Analysis of Faculty and Staff's Identification of Malware Threats". Digital Commons @ East Tennessee State University, 2016. https://dc.etsu.edu/etd/3088.
Testo completoAbstract (sommario):
This document presents findings related to faculty and staff member’s ability to identify malware threats. This study involved discovering the most common incidents of malware threats to higher education systems. From this research, eight categories of malware were identified to be the most common threats to higher education systems. This document also describes the impact of malware intrusions on higher education systems to emphasis the importance of recognizing malware threats. Faculty and staff members at a midsize southeastern university were presented with realistic scenarios to determine the ability to identify malware threats. The results indicate malware categories such as virus, Trojan, browser hijacker, adware, and ransomware were identifiable by faculty and staff. Additionally, the findings demonstrate malware threats in the worm, spyware, and rootkit categories were difficult for faculty and staff members to identify. A recommendation for educating faculty and staff members to better identify malware threats in the less identified categories was proposed to help mitigate future malware intrusions. Future recommendations include investigating new types of malware risks and students’ awareness, or recognition of malware threats and solutions for mitigating these risks.
33
Jones, Andrew. "Threats to information systems and effective countermeasures". Thesis, University of South Wales, 2004. https://pure.southwales.ac.uk/en/studentthesis/threats-to-information-systems-and-effective-countermeasures(2ffda7b3-38d8-48a3-90da-386ee85f10bf).html.
Testo completoAbstract (sommario):
This thesis supports the hypothesis that the measurement of the potency of threat agents to information systems is a crucial element in the accurate calculation of the risks to which systems are subject and the subsequent management of those risks. It describes a series of papers that were published as the result of research that has been carried out into a range of information security issues. The research evolved over the period from 1995 from the underlying drive to identify means of proving improved protection for government and military information systems. Once the initial research was completed, further work was undertaken to resolve issues identified in completed research and also to address newly identified security issues. This document describes the relationship between the papers that were produced from the individual areas of research and address a range of related topics. This document examines the sources of threats to information systems and methods that can be employed to improve the process of managing and treating the risk that they create. It also addresses issues relating to areas of information security that have not been clearly understood and a provides a number of countermeasures that can be implemented to protect information systems in government, the commercial sector and in private use and a framework for the forensic investigation of incidents. As a result of this research, a clearer understanding has been gained of methods that can be implemented to improve the security of information systems at all levels and a threat methodology has been developed that is now taught in a number of countries and which has now been adopted by the UK Government for further development to meet their specific needs. The contribution to knowledge has been the development of advice on the security of information systems, a taxonomy for the investigation of incidents and a method for the measurement of threat.
34
Schmidlin, Marco. "Swiss Armed Forces XXI - the answer to current or future threats". Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2004. http://library.nps.navy.mil/uhtbin/hyperion/04Jun%5FSchmidlin.pdf.
Testo completoAbstract (sommario):
Thesis (M.A. in Security Studies (Defense Decision Making and Planning))--Naval Postgraduate School, June 2004.Thesis advisor(s): Donald Abenheim. Includes bibliographical references (p. 107-115). Also available online.
35
Saltstone, Scot. "The legal dimensions of combatting threats to the security of Canada". Thesis, University of Ottawa (Canada), 1989. http://hdl.handle.net/10393/5778.
Testo completo
36
Verhun, A. M., Julia Bondarchuk e A. S. Linichenko. "Influence of risks, dangers and threats on the enterprise financial security". Thesis, ЦФЕНД, 2018. https://er.knutd.edu.ua/handle/123456789/10530.
Testo completo
37
Larrimore, Nancy Page. "Risk Management Strategies to Prevent and Mitigate Emerging Operational Security Threats". ScholarWorks, 2018. https://scholarworks.waldenu.edu/dissertations/4866.
Testo completoAbstract (sommario):
Dependence on technology brings security compromises that have become a global threat that costs businesses millions of dollars. More than 7.6 million South Carolinians incurred effects from the 162 security breaches reported in 2011-2015. The purpose of this multiple case study was to explore the risk management strategies small business leaders use to prevent and mitigate operational security threats that produce financial losses. The population for this study consisted of 6 business leaders in South Carolina who have demonstrated successful experience in preventing and mitigating operational security threats. Transformational leadership theory provided the conceptual framework for exploring the overreaching research question. Data collection consisted of semistructured interviews with each participant and the collection of company documents that pertained to security procedures, audits, and reviews. Conducting semistructured interviews allowed participants to provide details of real-life experiences. Recorded interviews and transcriptions were analyzed through Moustakas's modified van Kaam method of analysis to identify emerging topics. The 4 themes that emerged were: (a) operational security training and awareness, (b) operational security culture and behavioral effects, (c) operational security policy and compliance, and (d) operational security challenges and risk management. By developing strategies and processes that reflect these themes, small business leaders can reduce financial losses to improve profitability and reduce unemployment, achieving social changes that can benefit society as a whole.
38
Duan, Ren. "Machine Learning in Defensive IT Security: Early Detection of Novel Threats". Thesis, KTH, Skolan för elektroteknik och datavetenskap (EECS), 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-266122.
Testo completoAbstract (sommario):
The rapid development of technology leads to a rise in cybercrime, hence cybersecurityis of unprecedented significance, especially for businesses. Defensiveand forensic IT security is a rather niche field in IT security but it issurely going to grow. It focuses on preventing attacks by good design standardsand the education of persons. The typical reaction time of a computerattack currently lies in the order of hours, due to the reason that this field stillrelies on intensive manual work of skilled experts. In this thesis, we combineddefensive IT security with the most flourishing field in the present time: ArtificialIntelligence and Machine Learning. We investigate the possibility ofusing Machine Learning for filtering out the obvious normal data and focusingthe attention of the experts onto important things where experience reallymatters. The nature of this problem is anomaly detection, therefore, we selectand test several algorithms which perform well in detecting anomalies, includingTerm Frequency-Inverse Document Frequency, K-Means, K-NearestNeighbours, Isolation Forest, and Autoencoders, and apply them on the Http(KDDCUP99) dataset and our own network connection dataset collected usingCarbon Black Response. Carbon Black Response is an industry-leadingincident response and threat hunting solution. The results show that IsolationForest and K-Nearest Neighbours are the best traditional Machine Learningmethods for the two datasets respectively, meanwhile, as a deep learningmethod, Autoencoders did quite well in differentiating normal and maliciousevents for both datasets.Den snabba och ständigt ökande teknologiska utvecklingen har lett till att enökning inom IT relaterade brott där företag och organisationer ofta blir drabbademed nästintill oförutsägbara konsekvenser. Defensiv IT-säkerhet och forensik,där fokus ligger på att upptäcka, stoppa och mitigera attacker genom olikatekniker, utbildning och design. Trots att organisationer idag ofta spenderarstora delar av sin budget på defensiv säkerhet så mäts ändå tiden det tar att agerapå attacker och intrång ofta minst i timmar då arbetet innebär stora mängdermanuellt arbete för områdets experter. Större angrepp kan ta veckor eller månaderatt utreda. I det här arbetet kombineras defensiv IT-säkerhet med någraav de mest omtalade områdena i dagsläget: Artificiell intelligens och maskininlärning.Vi undersöker möjligheten att använda dessa tekniker för att filtreraut det uppenbart normala datat och fokusera på det avvikande och vesentliga såatt områdets experter kan lägga tid där det verkligen behövs. Problemets kärnaligger i att kunna detektera avvikelser. Därav grundas arbetet i att utvärderaolika algoritmer för att upptäcka anomalier för att se hur dessa preseterar motvarandra. Vi kommer använda oss av tekniker som Term Frequency-InverseDocument Frequency, K-Means, K-Nearest Neighbours, Isolation Forest, ochAutoencoders mot två olika dataset. Det första datasetet är baserat på HTTPtrafik (KDDCUP99) medan det andra bygger på insamling av data från riktigaklienter via ett verktyg som heter Carbon Black Response som är ett ledandeverktyg för att utför storskaliga undersökningar och söka efter angripare. Resultatetav arbetet visar att Isolation Forest och K-Nearest Neighbours är förrespektive dataset men också att Autoencoders, som är en metod för Deep Learning,presterar goda resultat för att identifiera elakartade aktiviteter för bådadataseten.
39
Arenas, Miguel Tames. "Social Engineering and Internal Threats in Organizations". Thesis, Blekinge Tekniska Högskola, Avdelningen för programvarusystem, 2008. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-6075.
Testo completoAbstract (sommario):
Organizations are taking computer security more seriously every day, investing huge amounts of money in creating stronger defenses including firewalls, anti-virus software, biometrics and identity access badges. These measures have made the business world more effective at blocking threats from the outside, and made it increasingly difficult for hackers or viruses to penetrate systems. But there are still threats that put organizations at risk , this threats are not necessary from external attackers, in this paper we will analyze what are the internal threats in organizations, why are we vulnerable and the best methods to protect our organizations from inside threats.
40
Clementson, Christian. "Client-side threats and a honeyclient-based defense mechanism, Honeyscout". Thesis, Department of Electrical Engineering, 2009. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-20104.
Testo completoAbstract (sommario):
Client-side computers connected to the Internet today are exposed to a lot malicious activity. Browsing the web can easily result in malware infection even if the user only visits well known and trusted sites. Attackers use website vulnerabilities and ad-networks to expose their malicious code to a large user base. The continuing trend of the attackers seems to be botnet construction that collects large amounts of data which could be a serious threat to company secrets and personal integrity. Meanwhile security researches are using a technology known as honeypots/honeyclients to find and analyze new malware. This thesis takes the concept of honeyclients and combines it with a proxy and database software to construct a new kind of real time defense mechanism usable in live environments. The concept is given the name Honeyscout and it analyzes any content before it reaches the user by using visited sites as a starting point for further crawling, blacklisting any malicious content found. A proof-of-concept honeyscout has been developed using the honeyclient Monkey-Spider by Ali Ikinci as a base. Results from the evaluation shows that the concept has potential as an effective and user-friendly defense technology. There are however large needs to further optimize and speed up the crawling process.
41
Elmrabit, Nebrase. "A multiple-perspective approach for insider-threat risk prediction in cyber-security". Thesis, Loughborough University, 2018. https://dspace.lboro.ac.uk/2134/36243.
Testo completoAbstract (sommario):
Currently governments and research communities are concentrating on insider threat matters more than ever, the main reason for this is that the effect of a malicious insider threat is greater than before. Moreover, leaks and the selling of the mass data have become easier, with the use of the dark web. Malicious insiders can leak confidential data while remaining anonymous. Our approach describes the information gained by looking into insider security threats from the multiple perspective concepts that is based on an integrated three-dimensional approach. The three dimensions are human issue, technology factor, and organisation aspect that forms one risk prediction solution. In the first part of this thesis, we give an overview of the various basic characteristics of insider cyber-security threats. We also consider current approaches and controls of mitigating the level of such threats by broadly classifying them in two categories: a) technical mitigation approaches, and b) non-technical mitigation approaches. We review case studies of insider crimes to understand how authorised users could harm their organisations by dividing these cases into seven groups based on insider threat categories as follows: a) insider IT sabotage, b) insider IT fraud, c) insider theft of intellectual property, d) insider social engineering, e) unintentional insider threat incident, f) insider in cloud computing, and g) insider national security. In the second part of this thesis, we present a novel approach to predict malicious insider threats before the breach takes place. A prediction model was first developed based on the outcomes of the research literature which highlighted main prediction factors with the insider indicator variables. Then Bayesian network statistical methods were used to implement and test the proposed model by using dummy data. A survey was conducted to collect real data from a single organisation. Then a risk level and prediction for each authorised user within the organisation were analysed and measured. Dynamic Bayesian network model was also proposed in this thesis to predict insider threats for a period of time, based on data collected and analysed on different time scales by adding time series factors to the previous model. Results of the verification test comparing the output of 61 cases from the education sector prediction model show a good consistence. The correlation was generally around R-squared =0.87 which indicates an acceptable fit in this area of research. From the result we expected that the approach will be a useful tool for security experts. It provides organisations with an insider threat risk assessment to each authorised user and also organisations can discover their weakness area that needs attention in dealing with insider threat. Moreover, we expect the model to be useful to the researcher's community as the basis for understanding and future research.
42
Fediushyn, O. I., O. O. Yatsiuk e H. O. Rusanov. "Virtual environment for training auditors with information security". Thesis, ВА ЗС АР; НТУ "ХПІ"; НАУ, ДП "ПДПРОНДІАВІАПРОМ"; УмЖ, 2021. https://openarchive.nure.ua/handle/document/15754.
Testo completoAbstract (sommario):
The goal of the study is to create a laboratory infrastructure that allows instructors to quickly create virtualized environments for simulating various cyber threats. The testing environment for this demo consists of Windows 10, Ubuntu 16.4, Kali linux and OSSIM. Completed attacks together with potential moves are gathered and put into various attack tree diagrams for analysis so as to find out the most effective attacks against each host.
43
Ahmad, Nadeem, e M. Kashif Habib. "Analysis of Network Security Threats and Vulnerabilities by Development & Implementation of a Security Network Monitoring Solution". Thesis, Blekinge Tekniska Högskola, Sektionen för datavetenskap och kommunikation, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-5327.
Testo completoAbstract (sommario):
Communication of confidential data over the internet is becoming more frequent every day. Individuals and organizations are sending their confidential data electronically. It is also common that hackers target these networks. In current times, protecting the data, software and hardware from viruses is, now more than ever, a need and not just a concern. What you need to know about networks these days? How security is implemented to ensure a network? How is security managed? In this paper we will try to address the above questions and give an idea of where we are now standing with the security of the network.Konfidentiella uppgifter via Internet blir vanligare varje dag. Personer och organisationer skickar sina konfidentiella uppgifter elektroniskt. Det är också vanligt att hackare mot dessa nät. I dagens tider, skydd av data, programvara och hårdvara från virus är, nu mer än någonsin ett behov och inte bara en oro. Vad du behöver veta om nätverk i dessa dagar? Hur säkerheten genomförs för att säkerställa ett nätverk? Hur säkerheten hanteras? I denna skrift kommer vi att försöka ta itu med dessa frågor och ge en uppfattning om var vi nu står med säkerheten för nätet.
44
Lombardo, Gary. "Predicting the Adoption of Big Data Security Analytics for Detecting Insider Threats". Thesis, Capella University, 2018. http://pqdtopen.proquest.com/#viewpdf?dispub=10751570.
Testo completoAbstract (sommario):
Increasingly, organizations are at risk of data breaches due to corporate insider threats. Insiders, in fact, are the biggest threat to corporate data assets and are evading traditional cybersecurity countermeasures. The volume of big data makes insider threat detection more difficult. Conversely big data security analytics (BDSA) enables the detection of anomalous behavior patterns within large datasets in real time, offering organizations potentially a more effective cybersecurity countermeasure for detecting insider threats. However, there was a gap in the literature about what was known about information technology (IT) professionals’ behavioral intentions (BIs) to adopt BDSA. The overarching management question of this study was whether IT professionals’ BIs to adopt BDSA were influenced by perceived usefulness (PU) and perceived ease of use (PEOU). This management question led to the investigation of three research questions: The first was if there was a statistically significant relationship between PU and an IT professional’s BI to adopt BDSA. The second was if there was a statistically significant relationship between PEOU and an IT professional’s BI to adopt BDSA. And, the third was does an IT professional’s PEOU of BDSA influence the PU of BDSA. The study used a quantitative, nonexperimental, research design with the technology acceptance model (TAM) as the theoretical framework. Participants included 110 IT professionals with five or more years of experience in the IT field. A Fast Form Approach to Measuring Technology Acceptance and Other Constructs was used to collect data. The instrument had 12 items that used (a) semantic differential scales that ranged in value from -4 to +4 and (b) bipolar labels to measure the two independent variables, PU and PEOU. Multiple linear regression was used to measure the significance of the relationship between PU and BI, and PEOU and BI. Also measured was the moderating effect of the independent variable, PEOU, on the dependent variable, PU. Finally, multivariate adaptive regression splines (MARS) measured the predictive power of the TAM. The findings of this study indicate a statistically significant relationship between PU and an IT professional’s BI to adopt BDSA and a statistically significant relationship between PEOU and PU. However, there was no statistically significant relationship between PEOU and an IT professional’s BI to adopt BDSA. The MARS analysis indicated the TAM had strong predictive power. The practical implications of this study inform IT practitioners on the importance of technology usefulness. In the case of BDSA, the computational outcome must be reliable and provide value. Also, given the challenges of developing and effectively using BDSA, addressing the issue of ease of use may be important for IT practitioners to adopt and use BDSA. Moreover, as an IT practitioner gains experience with BDSA, the ability to extract value from big data influences PEOU and strengthens its relationship with PU.
45
Ezeokafor, Edwin. "The securitization processes and West African security : regime-led neo-patrimonial threats?" Thesis, University of Dundee, 2015. https://discovery.dundee.ac.uk/en/studentTheses/9738c1a6-03b1-4b1c-84bb-ec3e2b2c54d9.
Testo completoAbstract (sommario):
This thesis explores the interface between the processes of securitizing threats in West African states and their neo-patrimonial statehood. It analyses the securitization processes among the West African elites which arise from their political culture of patronage politics. The securitization-neo-patrimonialism nexus should be understood to encompass every instance of threat perception and construction of same as existential threat to security and economic interests of securitizing actors at national government, sub-regional and extra-African levels. This research builds on the classical literature of securitization and neo-patrimonialism, as well as subsequent works which focused on various elements of these concepts. Methodologically, this work utilises a case study approach, semi-structured interviews, and documentary analysis and builds on an extensive journey through the region. It examines in detail the two cases of Liberia and Sierra Leone in order to explain the securitization-neo-patrimonialism dynamics of West Africa. The thesis has made vital contributions to the literature in two major areas. The thesis argues that: a) there is absence of an institutionalised and securitization framework in the West African states; b) what is defined as a security threat is a function of the narrow threat perception of the neo-patrimonial states’ leaders at national, sub-regional and transnational levels. Thus, theoretically, the thesis introduces a new securitization-neo-patrimonialism framework for West Africa’s security analysis, a framework based on a synthesis of the concepts of securitization and neo-patrimonialism. Empirically and analytically, the thesis suggests the three-level analytical approach for the analysis of West African security.
46
Adams, Tamara Kaye. "Potential threats to Spanish security implications for the United States and NATO /". Thesis, Monterey, California : Naval Postgraduate School, 1990. http://handle.dtic.mil/100.2/ADA242517.
Testo completoAbstract (sommario):
Thesis (M.A. in National Security Affairs)--Naval Postgraduate School, December 1990.Thesis Advisor(s): laTeti, Frank M. Second Reader: Bruneau, Thomas C. "December 1990." Description based on title screen as viewed on March 28, 2010. DTIC Descriptor(s): USSR, Europe, United States, organizations, threats, security, internal, external, Spain, death, terrorism, democracy, internal friction, unemployment, elections, Gibraltar, NATO DTIC Identifier(s): National security, terrorism, Spain, history, ethnic groups, Basque nationalism, Eta (Euzkadi Ta Azkatasuna), United States, NATO, theses. Author(s) subject terms: Spain, separatist movements, ETA, Basque, NATO, New Europe, Gilbraltar, Ce8ta, Melila, security issues, Spain-foreign relations. Includes bibliographical references (p. 153-162). Also available in print.
47
Okoye, Stella Ifeyinwa. "Strategies to Minimize the Effects of Information Security Threats on Business Performance". Thesis, Walden University, 2017. http://pqdtopen.proquest.com/#viewpdf?dispub=10606454.
Testo completoAbstract (sommario):
Business leaders in Nigeria are concerned about the high rates of business failure and economic loss from security incidents and may not understand strategies for reducing the effects of information security threats on business performance. Guided by general systems theory and transformational leadership theory, the focus of this exploratory multiple case study was to explore the strategies small and medium-sized enterprise (SME) leaders use to minimize the effects of information security threats on business performance. Semistructured interviews were conducted with 5 SME leaders who worked in SME firms that support oil and gas industry sector in Port Harcourt, Nigeria, had a minimum of 2 years experience in a leadership role, and had demonstrable strategies for minimizing the effects of information security threats in a SME. The thematic analysis of the interview transcripts revealed 10 strategies for reducing the effects of information security threats: network security, physical security, strong password policy, antivirus protection and software update, information security policy, security education training and awareness, network security monitoring and audit, intrusion detection, data backup, and people management. The findings may contribute to social change by providing SME leaders with more insight about strategies to minimize the effects of information security threats on business performance. The improved business performance can increase the flow of funds into the local economy and allow community leaders to provide social services to residents.
48
Shridevi, Rajesh Jayashankara. "Emerging Security Threats in Modern Digital Computing Systems: A Power Management Perspective". DigitalCommons@USU, 2019. https://digitalcommons.usu.edu/etd/7483.
Testo completoAbstract (sommario):
Design of computing systems — from pocket-sized smart phones to massive cloud based data-centers — have one common daunting challenge : minimizing the power consumption. In this effort, power management sector is undergoing a rapid and profound transformation to promote clean and energy proportional computing. At the hardware end of system design, there is proliferation of specialized, feature rich and complex power management hardware components. Similarly, in the software design layer complex power management suites are growing rapidly. Concurrent to this development, there has been an upsurge in the integration of third-party components to counter the pressures of shorter time-to-market. These trends collectively raise serious concerns about trust and security of power management solutions.
In recent times, problems such as overheating, performance degradation and poor battery life, have dogged the mobile devices market, including the infamous recall of Samsung Note 7. Power outage in the data-center of a major airline left innumerable passengers stranded, with thousands of canceled flights costing over 100 million dollars. This research examines whether such events of unintentional reliability failure, can be replicated using targeted attacks by exploiting the security loopholes in the complex power management infrastructure of a computing system.
At its core, this research answers an imminent research question: How can system designers ensure secure and reliable operation of third-party power management units? Specifically, this work investigates possible attack vectors, and novel non-invasive detection and defense mechanisms to safeguard system against malicious power attacks. By a joint exploration of the threat model and techniques to seamlessly detect and protect against power attacks, this project can have a lasting impact, by enabling the design of secure and cost-effective next generation hardware platforms.
49
Jenkins, Jeffrey Lyne. "Alleviating Insider Threats: Mitigation Strategies and Detection Techniques". Diss., The University of Arizona, 2013. http://hdl.handle.net/10150/297023.
Testo completoAbstract (sommario):
Insider threats--trusted members of an organization who compromise security--are considered the greatest security threat to organizations. Because of ignorance, negligence, or malicious intent, insider threats may cause security breaches resulting in substantial damages to organizations and even society. This research helps alleviate the insider threat through developing mitigation strategies and detection techniques in three studies. Study 1 examines how security controls--specifically depth-of-authentication and training recency--alleviate non-malicious insider threats through encouraging secure behavior (i.e., compliance with an organization's security policy). I found that `simpler is better' when implementing security controls, the effects of training diminish rapidly, and intentions are poor predictors of actual secure behavior. Extending Study 1's finding on training recency, Study 2 explains how different types of training alleviate non-malicious insider threat activities. I found that just-in-time reminders are more effective than traditional training programs in improving secure behavior, and again that intentions are not an adequate predictor of actual secure behavior. Both Study 1 and Study 2 introduce effective mitigation strategies for alleviating the non-malicious insider threat; however, they have limited utility when an insider threat has malicious intention, or deliberate intentions to damage the organization. To address this limitation, Study 3 conducts research to develop a tool for detecting malicious insider threats. The tool monitors mouse movements during an insider threat screening survey to detect when respondents are being deceptive. I found that mouse movements are diagnostic of deception. Future research directions are discussed to integrate and extend the findings presented in this dissertation to develop a behavioral information security framework for alleviating both the non-malicious and malicious insider threats in organizations.
50
Zahedi, Saed. "Virtualization Security Threat Forensic and Environment Safeguarding". Thesis, Linnéuniversitetet, Institutionen för datavetenskap (DV), 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-32144.
Testo completoAbstract (sommario):
The advent of virtualization technologies has evolved the IT infrastructure and organizations are migrating to virtual platforms. Virtualization is also the foundation for cloud platform services. Virtualization is known to provide more security into the infrastructure apart from agility and flexibility. However security aspects of virtualization are often overlooked. Various attacks to the virtualization hypervisor and its administration component are desirable for adversaries. The threats to virtualization must be rigorously scrutinized to realize common breaches and knowing what is more attractive for attackers. In this thesis a current state of perimeter and operational threats along with taxonomy of virtualization security threats is provided. The common attacks based on vulnerability database are investigated. A distribution of the virtualization software vulnerabilities, mapped to the taxonomy is visualized. The famous industry best practices and standards are introduced and key features of each one are presented for safeguarding the virtualization environments. A discussion of other possible approaches to investigate the severity of threats based on automatic systems is presented.