To see the other types of publications on this topic, follow the link: Cybersecurity.
Dissertations / Theses on the topic 'Cybersecurity'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Cybersecurity.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Poluzzi, Lorenzo. "IA & Cybersecurity." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2020.
Find full textAbstract:
L'integrazione tra Intelligenza Artificiale e Cybersecurity nasce per migliorare l'efficienza, la crescita e la possibilità di rendere sicuro un sistema col minore sforzo, perchè si creino già sistemi di protezione "intelligenti" in grado quindi di essere autonomi nel scovare nuovi attacchi e aggiornarsi, analizzare centinaia e centinaia di dati, traffico e prendere delle decisioni.
Analizzerò separatamente diversi concetti di Cybersecurity, I.A. e come sia possibile integrare quest'ultima al fine di innalzare i livelli di sicurezza; si mostrerà anche un esempio pratico di un software (Attack Prophecy) che analizza il traffico della rete e tramite I.A. allerta l'utente e prende decisioni.
Lo scopo di questo elaborato è di mettere in relazione Attack Prophecy con un altro Web Application Firewall (WAF) open source tra i più conosciuti chiamato ModSecurity che non integra al suo interno nessun meccanismo di Intelligenza Artificiale, così da avere un confronto tra i due Software e creare resoconto tra i benefici della Cybersecurity classica adoperata senza I.A. e la Cybersecurity impiegata tramite I.A. .
2
Howard, David J. "Development of the Cybersecurity Attitudes Scale and Modeling Cybersecurity Behavior and its Antecedents." Scholar Commons, 2018. https://scholarcommons.usf.edu/etd/7306.
Full textAbstract:
As organizations have become more reliant on computers and technology to operate in a globalized world, they have also become more vulnerable to cyberattacks on their networks. The expense to organizations from cyberattacks now exceeds $400 billion USD annually. These costs highlight the need for behavioral research in the cyber domain. The first phase of this research developed an instrument to measure workers’ cybersecurity attitudes. An iterative process resulted in a scale with good psychometric properties - The Cybersecurity Attitudes Scale. The scale measures two factors: cyber policy adherence attitudes and perceived vulnerability to a cyberattack. The second phase of this research used the theory of planned behavior as a theoretical framework to model the relationship between personality facets, policy adherence attitudes, perceived vulnerability, locus of control, cybersecurity climate, and cybersecurity behaviors. While the hypothesized model had poor fit for the data, there was a strong relationship between cybersecurity attitudes (i.e. policy adherence attitudes and perceived vulnerability) and dutifulness, altruism, compliance, cybersecurity climate, and cybersecurity behavior. This research provides practical value to academic researchers and organizations by providing a scale to measure cybersecurity attitudes and to help organizations better understand the nature of the antecedents that lead to cybersecurity attitudes and behavior.
3
Lingelbach, Kembley Kay. "Perceptions of Female Cybersecurity Professionals Toward Factors that Encourage Females to the Cybersecurity Field." Diss., NSUWorks, 2018. https://nsuworks.nova.edu/gscis_etd/1056.
Full textAbstract:
Despite multiple national, educational, and industry initiatives, women continue to be underrepresented in the cybersecurity field. Only 11% of cybersecurity professionals, globally, are female. This contributes to the growing overall shortage of workers in the field. This research addressed the significant underrepresentation of females in the cybersecurity workforce. There are many practitioner and industry studies that suggest self-efficacy, discrimination and organizational culture play important roles in the low rate of women in the cybersecurity field. A limited number of scholarly studies identify causal factors; however, there is not a general consensus or framework to explain the problem thoroughly. Moreover, there exists a significant gap in theoretical framework utilizing qualitative methods to demystify the complex factors of engaging females to pursue the cybersecurity field.
This study utilized a grounded theory approach to interview twelve female cybersecurity professionals to discover their perceptions of the cybersecurity field. The participants revealed strategies that could encourage females to pursue the cybersecurity field. Data analysis included a data coding process and a constant comparative method of interview transcripts. This study identified four factors of engagement and one unexpected co-factor that are perceived to have an impact on decisions to pursue the cybersecurity field. The four factors identified were awareness, support, intrinsic and extrinsic values. The interesting find of the cybersecurity mindset profile factor that is perceived to enhance the success of career trajectory warrants additional research to discover the impacts on decision to pursue the cybersecurity field.
This findings of this research gives women a voice in recommending strategies to encourage other females to pursue the cybersecurity field. The findings also aid in demystifying the complexity of the factors by organizing and categorizing them in a logical sense in order to present a theoretical model to encourage females into the field of cybersecurity. Moreover, this study provides holistic insight to academicians and practitioners in developing future cybersecurity professionals. Additionally, it adds to the body of knowledge by answering the call for that additional qualitative approaches in methodology by bringing data richness and to generate new theoretical frameworks in cybersecurity research.
4
Nilsen, Richard. "Measuring Cybersecurity Competency: An Exploratory Investigation of the Cybersecurity Knowledge, Skills, and Abilities Necessary for Organizational Network Access Privileges." NSUWorks, 2017. http://nsuworks.nova.edu/gscis_etd/1017.
Full textAbstract:
Organizational information system users (OISU) that are victimized by cyber threats are contributing to major financial and information losses for individuals, businesses, and governments. Moreover, it has been argued that cybersecurity competency is critical for advancing economic prosperity and maintaining national security. The fact remains that technical cybersecurity controls may be rendered useless due to a lack of cybersecurity competency of OISUs. All OISUs, from accountants to cybersecurity forensics experts, can place organizational assets at risk. However, that risk is increased when OISUs do not have the cybersecurity competency necessary for operating an information system (IS). The main goal of this research study was to propose and validate, using subject matter experts (SME), a reliable hands-on prototype assessment tool for measuring the cybersecurity competency of an OISU. To perform this assessment, SMEs validated the critical knowledge, skills, and abilities (KSA) that comprise the cybersecurity competency of OISUs. Primarily using the Delphi approach, this study implemented four phases of data collection using cybersecurity SMEs for proposing and validating OISU: KSAs, KSA measures, KSA measure weights, and cybersecurity competency threshold. A fifth phase of data collection occurred measuring the cybersecurity competency of 54 participants. Phase 1 of this study performed five semi-structured SME interviews before using the Delphi method and anonymous online surveys of 30 cybersecurity SMEs to validate OISU cybersecurity KSAs found in literature and United States government (USG) documents. The results of Phase 1 proposed and validated three OISU cybersecurity abilities, 23 OISU cybersecurity knowledge units (KU), and 22 OISU cybersecurity skill areas (SA). In Phase 2, two rounds of the Delphi method with anonymous online surveys of 15 SMEs were used to propose and validate OISU cybersecurity KSA measures. The results of Phase 2 proposed and validated 90 KSA measures for 47 knowledge topics (KT) and 43 skill tasks (ST). In Phase 3, using the Delphi method with anonymous online surveys, a group of 15 SMEs were used to propose and validate OISU cybersecurity KSA weights. The results of Phase 3 proposed and validated the weights for four knowledge categories (KC) and four skill categories (SC). When Phase 3 was completed, the MyCyberKSAsTM prototype assessment tool was developed using the results of Phases 1-3, and Phase 4 was initiated. In Phase 4, using the Delphi method with anonymous online surveys, a group of 15 SMEs were used to propose and validate an OISU cybersecurity competency threshold (index score) of 80%, which was then integrated into the MyCyberKSAsTM prototype tool. Before initiating Phase 5, the MyCyberKSAsTM prototype tool was fully tested by 10 independent testers to verify the accuracy of data recording by the tool. After testing of the MyCyberKSAsTM prototype tool was completed, Phase 5 of this study was initiated. Phase 5 of this study measured the cybersecurity competency of 54 OISUs using the MyCyberKSAsTM prototype tool. Upon completion of Phase 5, data analysis of the cybersecurity competency results of the 54 OISUs was conducted. Data analysis was conducted in Phase 5 by computing levels of dispersion and one-way analysis of variance (ANOVA). The results of the ANOVA data analysis from Phase 5 revealed that annual cybersecurity training and job function are significant, showing differences in OISU cybersecurity competency. Additionally, ANOVA data analysis from Phase 5 showed that age, cybersecurity certification, gender, and time with company were not significant thus showing no difference in OISU cybersecurity competency. The results of this research study were validated by SMEs as well as the MyCyberKSAsTM prototype tool; and proved that the tool is capable of assessing the cybersecurity competency of an OISU. The ability for organizations to measure the cybersecurity competency of OISUs is critical to lowering risks that could be exploited by cyber threats. Moreover, the ability for organizations to continually measure the cybersecurity competency of OISUs is critical for assessing workforce susceptibility to emerging cyber threats. Furthermore, the ability for organizations to measure the cybersecurity competency of OISUs allows organizations to identify specific weaknesses of OISUs that may require additional training or supervision, thus lowering risks of being exploited by cyber threats.
5
Reid, Rayne. "Guidelines for cybersecurity education campaigns." Thesis, Nelson Mandela University, 2017. http://hdl.handle.net/10948/14091.
Full textAbstract:
In our technology- and information-infused world, cyberspace is an integral part of modern-day society. As the number of active cyberspace users increases, so too does the chances of a cyber threat finding a vulnerable target increase. All cyber users who are exposed to cyber risks need to be educated about cyber security. Human beings play a key role in the implementation and governing of an entire cybersecurity and cybersafety solution. The effectiveness of any cybersecurity and cybersafety solutions in a societal or individual context is dependent on the human beings involved in the process. If these human beings are either unaware or not knowledgeable about their roles in the security solution they become the weak link in these cybersecurity solutions. It is essential that all users be educated to combat any threats. Children are a particularly vulnerable subgroup within society. They are digital natives and make use of ICT, and online services with increasing frequency, but this does not mean they are knowledgeable about or behaving securely in their cyber activities. Children will be exposed to cyberspace throughout their lifetimes. Therefore, cybersecurity and cybersafety should be taught to children as a life-skill. There is a lack of well-known, comprehensive cybersecurity and cybersafety educational campaigns which target school children. Most existing information security and cybersecurity education campaigns limit their scope. Literature reports mainly on education campaigns focused on primary businesses, government agencies and tertiary education institutions. Additionally, most guidance for the design and implementation of security and safety campaigns: are for an organisational context, only target organisational users, and mostly provide high-level design recommendations. This thesis addressed the lack of guidance for designing and implementing cybersecurity and cybersafety educational campaigns suited to school learners as a target audience. The thesis aimed to offer guidance for designing and implementing education campaigns that educate school learners about cybersecurity and cybersafety. This was done through the implementation of an action research process over a five-year period. The action research process involved cybersecurity and cybersafety educational interventions at multiple schools. A total of 18 actionable guidelines were derived from this research to guide the design and implementation of cybersecurity and cybersafety education campaigns which aim to educate school children.
6
Tagert, Adam C. "Cybersecurity Challenges in Developing Nations." Research Showcase @ CMU, 2010. http://repository.cmu.edu/dissertations/22.
Full textAbstract:
This thesis examines the guidance that is being given to developing nations that are rapidly deploying information and communication technologies. It studied the African countries of Rwanda and Tunisia to draw lessons of the situation and potential methods of improving the situation. The thesis found that developing nations are often recommended to implement a conglomeration of existing rules and regulations found in other countries especially in European countries and in the United States. Developing countries are also recommended to create national CERTs, organizations of cybersecurity experts to coordinate a nation to respond to cyber incidents. The proposed rules and regulations are largely irrelevant for developing nations and the proposed missions of a CERT do not match the needs of those countries. In promoting better guidance, the thesis identifies and discusses several challenges. It finds policy makers in developing nations are aware of the cyber threat, and that the cyber threat is different and often smaller in less ICT developed nations even if they are using similar equipment and software. To help craft better recommendations, the thesis identifies the benefits of ICT especially in agriculture, education and government. These benefits are analyzed to determine whether they would be protected by current guidance and the analysis determines that protecting ICT use in government should be the priority. In crafting future guidance the challenges are that nations have differences in ICT architecture and ICT use, and developing nations have fewer resources but also they have different resources to use. Another such difference is the common lack of a private cybersecurity sector and different expectations of government. This thesis concludes with discussing unexpected results. The first is Rwandan policy makers desire good enough security and have a higher risk tolerance concerning cyber threats than is found in more developed nations. In addition, open source software can be a potential way to reduce the cost of cyberspace defense and this thesis makes an initial investigation. The lesson of the thesis is that cybersecurity strategy is not a one size fits all and so it must be customized for each country.
7
Falco, Gregory J. "Cybersecurity for urban critical infrastructure." Thesis, Massachusetts Institute of Technology, 2018. http://hdl.handle.net/1721.1/118226.
Full textAbstract:
Thesis: Ph. D., Massachusetts Institute of Technology, Department of Urban Studies and Planning, 2018.Cataloged from PDF version of thesis.
Includes bibliographical references (pages 110-116).
Our cities are under attack. Urban critical infrastructure which includes the electric grid, water networks, transportation systems and public health and safety services are constantly being targeted by cyberattacks. Urban critical infrastructure has been increasingly connected to the internet for the purpose of operational convenience and efficiency as part of the growing Industrial Internet of Things (HoT). Unfortunately, when deciding to connect these systems, their cybersecurity was not taken seriously. A hacker can monitor, access and change these systems at their discretion because of the infrastructure's lack of security. This is not only a matter of potential inconvenience. Digital manipulation of these devices can have devastating physical consequences. This dissertation describes three steps cities should take to prepare for cyberattacks and defend themselves accordingly. First, cities must understand how an attacker might compromise its critical infrastructure. In the first chapter, I describe and demonstrate a methodology for enumerating attack vectors across a citys CCTV security system. The attack methodology uses established cybersecurity typologies to develop an attack ruleset for an Al planner that was programmed to perform attack generation. With this, cities can automatically determine all possible approaches hackers can take to compromise their critical infrastructure. Second, cities need to prioritize their cyber risks. There are hundreds of attack permutations for a given system and thousands for a city. In the second chapter, I develop a risk model for urban critical infrastructure. The model helps prioritize vulnerabilities that are frequently exploited for HoT Supervisory Control and Data Acquisition (SCADA) systems. Finally, cities need tools to defend themselves. In the third chapter, I present a nontechnical approach to defending against attacks called cyber negotiation. Cyber negotiation is one of several non-technical cyberdefense tools I call Defensive Social Engineering, where victims can use social engineering against the hacker. Cyber negotiation involves using a negotiation framework to defend against attacks with steps urban critical infrastructure operators can take before, during and after an attack. This study combines computer science and urban planning (Urban Science) to provide a starting point for cities to prepare for and protect themselves against cyberattacks.
by Gregory J. Falco.
Ph. D.
8
Pierce, Adam O. "Exploring the Cybersecurity Hiring Gap." ScholarWorks, 2016. https://scholarworks.waldenu.edu/dissertations/3198.
Full textAbstract:
Cybersecurity is one of the fastest growing segments of information technology. The Commonwealth of Virginia has 30,000 cyber-related jobs open because of the lack of skilled candidates. The study is necessary because some business managers lack strategies for hiring cybersecurity professionals for U.S. Department of Defense (DoD) contracts. The purpose of this case study was to explore strategies business managers in DoD contracting companies used to fill cybersecurity positions. The conceptual framework used for this study was the organizational learning theory. A purposeful sample of 8 successful business managers with cybersecurity responsibilities working for U.S. DoD contracting companies that successfully hired cybersecurity professionals in Hampton Roads, VA participated in the study. Data collection included semistructured interviews and a review of job postings from the companies represented by the participants. Coding, content, and thematic analysis were the methods used to analyze data. Within-methods triangulation was used to add accuracy to the analysis. At the conclusion of the data analysis, two main themes emerged: maintaining contractual requirements and a strong recruiting process. Contractual requirements guided how hiring managers hired cybersecurity personnel and executed the contract. A strong hiring process added efficiency to the hiring process. The findings of the study may contribute to positive social change by encouraging the recruitment and retention of cybersecurity professionals. Skilled cybersecurity professionals may safeguard businesses and society from Internet crime, thereby encouraging the safe exchange and containment of data.
9
Taiola, Matteo. "Cybersecurity in impianti dell'industria di processo." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2021.
Find full textAbstract:
Nel corso degli ultimi decenni, i processi industriali hanno subito una sempre maggiore automatizzazione e una crescente connessione con reti esterne.
Nell’industria di processo, dove il livello di automazione è sempre stato elevato, l’innovazione tecnologica ha richiesto sempre una maggiore interconnessione tra i sistemi di produzione e sistemi esterni di gestione.
La connessione dei sistemi ha portato a una crescita economica, ottimizzazione dei processi e un aumento della velocità di produzione, dovuti alla gestione dei controlli del processo e dei dati di funzionamento; ciò però, ha portato anche a esporre l’azienda a rischi per la sicurezza da attacchi informatici.
Le minacce alla sicurezza sui sistemi di controllo automatizzato industriale stanno diventando una preoccupazione crescente per tutti gli impianti industriali, in particolare per quelli in cui grandi quantità di sostanze pericolose sono immagazzinate o manipolate.
Lo scopo di questa tesi è verificare l’applicabilità e l’efficacia di due metodologie proposte per l’identificazione degli scenari che possono avere luogo in seguito alla manipolazione dannosa (eseguita da remoto o in seguito ad accesso fisico nella sala controllo) del sistema di controllo e sicurezza di un impianto di processo: PHAROS (Process Hazard Analysis of Remote manipulations through the cOntrol System) e POROS (Process Operability analysis of Remote manipulations through the cOntrol System).
PHAROS permette d’ identificare gli eventi pericolosi originati dalle apparecchiature di processo, che possono essere innescati attraverso una manipolazione malevola dei BPCS e del SIS; mentre POROS mira all'individuazione dei top event che possono portare all'arresto dell'impianto e alla conseguente interruzione della produttività per un certo periodo di tempo, causata da una manipolazione malevola.
10
Schluderberg, Larry E. "Addressing the cybersecurity Malicious Insider threat." Thesis, Utica College, 2015. http://pqdtopen.proquest.com/#viewpdf?dispub=1571095.
Full textAbstract:
Malicious Insider threats consist of employees, contractors, or business partners who either have current authorized access, or have had authorized access to an organization's critical information and have intentionally misused that access in a manner that compromised the organization. Although incidents initiated by malicious insiders are fewer in number than those initiated by external threats, insider incidents are more costly on average because the threat is already trusted by the organization and often has privileged access to the organization's most sensitive information. In spite of the damage they cause there are indications that the seriousness of insider incidents are underappreciated as threats by management. The purpose of this research was to investigate who constitutes MI threats, why and how they initiate attacks, the extent to which MI activity can be modeled or predicted, and to suggest some risk mitigation strategies. The results reveal that addressing the Malicious Insider threat is much more than just a technical issue. Dealing effectively with the threat involves managing the dynamic interaction between employees, their work environment and work associates, the systems with which they interact, and organizational policies and procedures. Techniques for detecting and mitigating the threat are available and can be effectively applied. Some of the procedural and technical methods include definition of, follow through, and consistent application of corporate, and dealing with adverse events indigenous to the business environment. Other methods include conduct of a comprehensive Malicious Insider risk assessment, selective monitoring of employees in response to behavioral precursors, minimizing unknown access paths, control of the organization's production software baseline, and effective use of peer reporting.
Keywords: Cybersecurity, Professor Paul Pantani, CERT, insider, threat, IDS, SIEMS. FIM, RBAC, ABAC, behavioral, peer, precursors, access, authentication, predictive, analytics, system, dynamics, demographics.
11
Gomez, Cesar A. "Cybersecurity of unmanned aircraft systems (UAS)." Thesis, Utica College, 2015. http://pqdtopen.proquest.com/#viewpdf?dispub=1605296.
Full textAbstract:
The purpose of this research was to investigate the cybersecurity controls needed to protect Unmanned Aircraft Systems (UAS) to ensure the safe integration of this technology into the National Airspace System (NAS) and society. This research presents the current vulnerabilities present in UAS technology today along with proposed countermeasures, a description of national and international rules, standards, and activities pertaining to UAS and cybersecurity, and a minimum set of safety operational requirements which are recommended to be implemented by manufacturers of small UAS and mandated by governing agencies. UAS attacks are defined in three categories: hardware attack, wireless attack, and sensor spoofing. The future influx of small and hobby oriented UAS should consider a minimum set of regulated cyber safety standards right out of the box, such as Geofencing technology and isolated auto safety measures. The commonality between national and international cyber related activities point to several operational requirements, hardware limitations, and heightened UAS vulnerabilities. These include type of radio frequency spectrum that is used during operation, methods for detect and avoid, safety measures, lost link procedures, and corrupted data communications.
12
Ash, Sarah L. "Cybersecurity of wireless implantable medical devices." Thesis, Utica College, 2016. http://pqdtopen.proquest.com/#viewpdf?dispub=10109631.
Full textAbstract:
Wireless implantable medical devices are used to improve and prolong the lives of persons with critical medical conditions. The World Society of Arrhythmias reported that 133,262 defibrillators had been implanted in the United States in 2009 (NBC News, 2012). With the convenience of wireless technology comes the possibility of wireless implantable medical devices being accessed by unauthorized persons with malicious intents. Each year, the Food and Drug Agency (FDA) collects information on medical device failures and has found a substantial increase in the numbers of failures each year (Sametinger, Rozenblit, Lysecky, & Ott, 2015). Mark Goodman, founder of the Future Crimes Institute, wrote an article regarding wireless implantable medical devices (2015). According to Goodman, approximately 300,000 Americans are implanted with wireless implantable medical devices including, but not limited to, cardiac pacemakers and defibrillators, cochlear implants, neurostimulators, and insulin pumps. In upwards of 2.5 million people depend on wireless implantable medical devices to control potential life-threatening diseases and complications. It was projected in a 2012 study completed by the Freedonia Group that the need for wireless implantable medical devices would increase 7.7 percent annually, creating a 52 billion dollar business by 2015 (Goodman, 2015). This capstone project will examine the current cybersecurity risks associated with wireless implantable medical devices. The research will identify potential security threats, current security measures, and consumers’ responsibilities and risks once they acquire the wireless implantable medical devices. Keywords: Cybersecurity, Professor Christopher M. Riddell, critical medical conditions, FDA, medical device failures, risk assessment, wireless networks.
13
Kuznietsova, Tetiania, and Andrii Chyrkov. "State and perspectives of aircraft cybersecurity." Thesis, National aviation university, 2021. https://er.nau.edu.ua/handle/NAU/50678.
Full textAbstract:
During the latest events in the aviation world, where experts in the
field of cybersecurity (example) opened the possibility of gaining access
to the aircraft's on-board systems, industry experts (and not only)
thought about it. And we are doing quite a lot. There are many existing
guides that contain recommendations and practices, for example:
«Software Considerations in Airborne Systems and Equipment
Certification» contains recommendations for evaluating security and
assuring software quality. There is a separation of access, because all
systems are somehow connected to each other through the on-board
network (take at least maintenance to determine failures):
The FAA continues to consider the aircraft guidelines acceptable for
software certification, although they acknowledge that the guidelines do
not fully cover all areas of software development and life cycle
processes, and can sometimes be misinterpreted.
14
Mattina, Brendan Casey. "MARCS: Mobile Augmented Reality for Cybersecurity." Thesis, Virginia Tech, 2017. http://hdl.handle.net/10919/78220.
Full textAbstract:
Network analysts have long used two-dimensional security visualizations to make sense of network data. As networks grow larger and more complex, two-dimensional visualizations become more convoluted, potentially compromising user situational awareness of cyber threats. To combat this problem, augmented reality (AR) can be employed to visualize data within a cyber-physical context to restore user perception and improve comprehension; thereby, enhancing cyber situational awareness. Multiple generations of prototypes, known collectively as Mobile Augmented Reality for Cyber Security, or MARCS, were developed to study the impact of AR on cyber situational awareness. First generation prototypes were subjected to a formative pilot study of 44 participants, to generate user-centric performance data and feedback, which motivated the design and development of second generation prototypes and provided initial insight into the potentially beneficial impact of AR on cyber situational awareness. Second generation prototypes were subjected to a summative secondary study by 50 participants, to compare the impact of AR and non-AR visualizations on cyber situational awareness. Results of the secondary study suggest that employing AR to visualize cyber threats in a cyber-physical context collectively improves user threat perception and comprehension, indicating that, in some cases, AR security visualizations improve user cyber situational awareness over non-AR security visualizations.Master of Science
15
Siltanen, Ella. "Whose Responsibility is Cybersecurity? : A Comparative Qualitative Content Analysis of Discourses in the EU’s Cybersecurity Strategies 2013-2020." Thesis, Malmö universitet, Institutionen för globala politiska studier (GPS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:mau:diva-45956.
Full textAbstract:
Cybersecurity is an increasingly important topic to all actors from the private individuals to international institutions. The borderless nature of the internet has however made it more difficult for nation states to take care of their own security and institutions like the EU are also coping with the difficulties of defending themselves from attacks that can affect practically any part of the system and cause wide-spread damage. The EU has tried to address these issues by publishing strategies to improve the cybersecurity of the Union and its Member States. This thesis studies the discourse that is used by the Union in its strategies from 2013 and 2020. This is done to determine how the EU portrays each level, the national, institutional, or private and how responsible they are for the cybersecurity in the Union and to see how this discourse has changed in the previous few years. The theoretical framework of the thesis consists of neofunctionalism and historical institutionalism which are used to explain the direction of the development of the EU’s discourse. The study is conducted using critical discourse analysis and qualitative content analysis. The findings of the analysis suggest that there is noticeable shift to the EU taking more responsibility and actions to ensure its cybersecurity. Similarly it seems remarkable how the importance of the private sector seems to have diminished in the newer discourse.
16
Camporesi, Mirko. "Securopoly: un gioco per l'insegnamento della Cybersecurity." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2017. http://amslaurea.unibo.it/13274/.
Full textAbstract:
All'interno della tesi sono presentati vari argomenti legati al mondo della sicurezza informatica e del suo insegnamento. Lo scopo di questo lavoro è presentare la tecnica della gamification e la sua applicazione nel panorama della cybersecurity moderna. Inoltre, viene proposto un gioco di società chiamato Securopoly che implementa le nozioni descritte e che è basato fortemente sul Framework Nazionale per la cybersecurity, un documento che pone gli standard che ogni organizzazione e ogni azienda dovrebbero soddisfare per essere all'avanguardia nel tentativo di difendersi da attacchi informatici.
17
Chung, Kristie (Kristie J. ). "Applying systems thinking to healthcare data cybersecurity." Thesis, Massachusetts Institute of Technology, 2015. http://hdl.handle.net/1721.1/105307.
Full textAbstract:
Thesis: S.M. in Engineering and Management, Massachusetts Institute of Technology, Engineering Systems Division, 2015.Cataloged from PDF version of thesis.
Includes bibliographical references (pages 85-90).
Since the HITECH Act of 2009, adoption of Electronic Health Record (EHR) systems in US healthcare organizations has increased significantly. Along with the rapid increase in usage of EHR, cybercrimes are on the rise as well. Two recent cybercrime cases from early 2015, the Anthem and Premera breaches, are examples of the alarming increase of cybercrimes in this domain. Although modem Information Technology (IT) systems have evolved to become very complex and dynamic, cybersecurity strategies have remained static. Cyber attackers are now adopting more adaptive, sophisticated tactics, yet the cybersecurity counter tactics have proven to be inadequate and ineffective. The objective of this thesis is to analyze the recent Anthem security breach to assess the vulnerabilities of Anthem's data systems using current cybersecurity frameworks and guidelines and the Systems-Theoretic Accident Model and Process (STAMP) method. The STAMP analysis revealed Anthem's cybersecurity strategy needs to be reassessed and redesigned from a systems perspective using a holistic approach. Unless our society and government understand cybersecurity from a sociotechnical perspective, we will never be equipped to protect valuable information and will always lose this battle.
by Kristie Chung.
S.M. in Engineering and Management
18
M, Kunyk A. "CYBERSECURITY POLICY IN THE REPUBLIC OF POLAND." Thesis, Юриспруденція в сучасному інформаційному просторі: [Матеріали ІХ Міжнародної науково-практичної конференції, м. Київ, Національний авіаційний університет, 1 березня 2019 р.] Том 1. – Тернопіль: Вектор, 2019. – 394 с, 2019. http://er.nau.edu.ua/handle/NAU/38074.
Full text
19
Karpova. "THE MAIN ASPECTS OF MAINTAINING EFFECTIVE CYBERSECURITY." Thesis, Київ 2018, 2018. http://er.nau.edu.ua/handle/NAU/33747.
Full text
20
Shirazi, Patrick. "Identifying Challenges in Cybersecurity Data Visualization Dashboards." Thesis, Luleå tekniska universitet, Institutionen för system- och rymdteknik, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-80412.
Full textAbstract:
Nowadays, a massive amount of cybersecurity data-objects, such as security events, logs,messages, are flowing through different cybersecurity systems. With the enormous fastdevelopment of different cloud environments, big data, IoT, and so on, these amounts of data areincreasingly revolutionary. One of the challenges for different security actors, such as securityadmins, cybersecurity analysis, and network technicians, is how to utilize this amount of data inorder to reach meaningful insights, so they can be used further in diagnosis, validation, forensicand decision-making purposes. In order to make useful and get meaningful insights from this data, we need to have efficientdashboards that simplify the data and provide a human-understandable presentation of data. Currently, there are plenty of SIEM and visualization dashboard tools that are using a variety ofreport generator engines to generate charts and diagrams. Although there have been manyadvances in recent years due to utilizing AI and big data, security professionals are still facingsome challenges in using the visualization dashboards. During recent years, many research studies have been performed to discover and address thesetypes of challenges. However, due to the rapid change in the way of working in many companies(e.g. digital transformation, agile way of working, etc.) and besides utilizing cloud environments,that are providing almost everything as a service, it is needed to discover what challenges are stillthere and whether they are still experiencing the same challenges or new ones have emerged. Following a qualitative method and utilizing the Delphi technique with two rounds of interviews,the results show that although the technical and tool-specific concerns really matter, the mostsignificant challenges are due to the business architecture and the way of working.
21
Johnson, Tanner West. "Evaluating an Educational Cybersecurity Playable Case Study." BYU ScholarsArchive, 2018. https://scholarsarchive.byu.edu/etd/7592.
Full textAbstract:
The realities of cyberattacks have become more and more prevalent in the world today. Due to the growing number of these attacks, the need for highly trained individuals has also increased. Because of a shortage of qualified candidates for these positions, there is an increasing need for cybersecurity education within high schools and universities. In this thesis, I discuss the development and evaluation of Cybermatics, an educational simulation, or playable case study, designed to help students learn and develop skills within the cybersecurity discipline.
This playable case study was designed to allow students to gain an understanding of the field of cybersecurity and give them a taste of what a day in the life of a cybersecurity professional might be. It focuses on being an authentic experience so that students feel immersed within the simulation while completing their tasks, instead of regarding it as merely another assignment. We ran a pilot test of this playable case study in a university-level, introductory Information Technology class of 51 students. We found that Cybermatics increased the selfreported likelihood of over 70% of participants to pursue a career in a cybersecurity field. It also helped students understand the importance of leadership and ethics to a cybersecurity professional. We also found that the simulation helped students feel more confident about their ability to complete cybersecurity-related tasks.
22
Ahmed, Jaleel. "Empirical Analysis of a Cybersecurity Scoring System." Scholar Commons, 2019. https://scholarcommons.usf.edu/etd/7722.
Full textAbstract:
In the field of cybersecurity, the top-level management make use of metrics to decide if the organization is doing well to protect itself from cyber attacks or is in tatters leaving itself susceptible against the vast threats looming around. Not only that but metrics are even used to measure the performance of the security team. The aim of this thesis is to show how economics is closely related to cybersecurity and how metrics play an important role in policy making of an organization. Furthermore, I scrutinize one of the leading security score providers for the way they detect botnet infection. Botnet infection is a part of compromised system group in their score card categories that amounts to 55\% of the total security score. So, it becomes essential for the security score providers to have the right method of grading a company since it will have an impact on how they use their resources to protect itself from outside threat and the insurance premium they pay to cover any successful cyber attacks. I have found out that the data on which the botnet infection vector is graded has false positives. I shed light on security analyst and security team on a whole in their role in making decisions according to the security score. It is even the duty of the security team to work ethically, that is, the aim should not be to improve the security score rather the aim should be to protect the organization from outside attacks and if it happens to increase the security rating then be it so.
23
CARDAIOLI, MATTEO. "Human Interactions in Cybersecurity: Threats and Opportunities." Doctoral thesis, Università degli studi di Padova, 2022. http://hdl.handle.net/11577/3453659.
Full textAbstract:
Over the years, many cybersecurity breaches have been attributed to human error, considering human factors as one of the weakest links in the security chain. In fact, human factors are exploited by cybercriminals, causing significant losses of money and reputation to organizations. According to Verizon’s 2021 Data Breach Investigations, 85% of breaches involved a human element, while 61% involved stolen or compromised credentials, causing an average breach cost of more than $3 million. To prevent cyberattacks, organizations focus on training employees and developing new policies, while also trying to maintain a balance between the complexity of security systems and their usability. However, the unpredictability of human behavior, the fast evolution of the digital world, and the increasing availability of technological resources for cybercriminals pose new and evolving cybersecurity challenges in anticipating both cyber threats in new environments and the rise of new threats in systems considered secure to date. On the other hand, the complexity and uniqueness of human behavior give new opportunities for designing new solutions to mitigate threats, improving the security of organizations and users.
In this thesis, we investigate human interactions and cybersecurity, focusing on two ain aspects: (i) developing new attacks, based on human interaction, against existing and consolidated authentication methods (i.e., PIN pads), and (ii) proposing new methods leveraging human behavior in multiple contexts to enhance the security of users and organizations. The first part of this thesis demonstrates the effectiveness of three attacks against the security of PIN-based authentication systems, focusing on Automated Teller Machines (ATMs) PIN pads. ATMs have become an indispensable part of the banking ecosystem such that according to the European Central Bank, in 2019 only in Europe, more than 11 billion withdrawal and deposit transactions were made. In particular, we show how ATM PIN pads are exposed to security threats related to human factors even if users have policy-compliant behaviors. We analyze different attack scenarios depending on the sources of information available to the attacker (e.g., video, audio, thermal, typing style). The results show that in the worst-case scenario for the victim, our attacks can reconstruct up to 94% of the 5-digit PINs typed within three attempts.
In the second part of this thesis, we show how the variability and unpredictability of human behavior can be exploited to increase the security of systems and users. We develop new human-based approaches focusing on three different contexts: (i) new methods for bot detection in social networks (i.e., Twitter) relying on the stylistic consistency of posts over time, (ii) a new framework for identifying fake and genuine expressions from videos, and (iii) a new de-authentication method based on the detection of physically blurred faces. Results demonstrate the efficacy of the proposed approaches, achieving an F1-score up to 98% in human-bot detection, an accuracy up to 90% in fake sadness detection, and accuracy in de-authenticating users up to 100% under 3 seconds of grace period.
This thesis highlights the need for more effort in designing security solutions that focus on human factors, showing the direction for further investigation in analyzing human interactions in cybersecurity.
24
CARDAIOLI, MATTEO. "Interazioni Umane in Cybersecurity: Minacce e Opportunità." Doctoral thesis, Università degli studi di Padova, 2022. http://hdl.handle.net/11577/3454618.
Full textAbstract:
Nel corso degli anni, molte violazioni della sicurezza informatica sono state attribuite all'errore umano, considerando i fattori umani come uno degli anelli più deboli della catena della sicurezza. Nella pratica, i fattori umani vengono sfruttati dai criminali informatici, causando significative perdite di denaro e di reputazione alle organizzazioni. Secondo il Data Breach Investigations report 2021 di Verizon, l'85% delle violazioni ha coinvolto un elemento umano, mentre il 61% ha coinvolto credenziali rubate o compromesse, causando un costo medio di violazione di più di 3 milioni di dollari.
Per prevenire i cyberattacchi, le organizzazioni si concentrano sulla formazione dei dipendenti e sullo sviluppo di nuove policy, cercando anche di mantenere un equilibrio tra la complessità dei sistemi di sicurezza e la loro usabilità. Tuttavia, l'imprevedibilità del comportamento umano, la rapida evoluzione del mondo digitale e la crescente disponibilità di risorse tecnologiche per i criminali informatici pongono nuove sfide sia nell'anticipare le minacce informatiche in nuovi ambienti, sia per l’insorgere di nuove minacce nei sistemi considerati sicuri fino ad oggi.
D'altra parte, la complessità e l'unicità del comportamento umano aprono possibilità per la progettazione di nuove soluzioni per mitigare le minacce, migliorando la sicurezza delle organizzazioni e degli utenti.
In questa tesi, indaghiamo le interazioni umane e la sicurezza informatica, concentrandoci su due aspetti principali: (i) lo sviluppo di nuovi attacchi, basati sull'interazione umana, contro metodi di autenticazione esistenti e consolidati (PIN pad), e (ii) la proposta di nuovi metodi che sfruttano il comportamento umano in diversi contesti per migliorare la sicurezza degli utenti e delle organizzazioni.
La prima parte di questa tesi, dimostra l'efficacia di tre attacchi contro la sicurezza dei sistemi di autenticazione basati sul PIN, concentrandosi sui PIN pad degli Automated Teller Machines (ATM). Gli ATM sono diventati una parte indispensabile dell'ecosistema bancario tanto che, secondo la Banca Centrale Europea, nel 2019 solo in Europa sono state effettuate più di 11 miliardi di operazioni di prelievo e deposito.
In particolare, mostriamo come i PIN pad degli ATM siano esposti a minacce di sicurezza legate a fattori umani anche se gli utenti hanno comportamenti conformi alle policy. Analizziamo diversi scenari di attacco a seconda delle fonti di informazione disponibili per l'attaccante (ad esempio, video, audio, termico, stile di digitazione). I risultati mostrano che nello scenario peggiore per la vittima, i nostri attacchi possono ricostruire fino al 94% dei PIN a 5 cifre digitati entro tre tentativi.
Nella seconda parte di questa tesi, mostriamo come la variabilità e l'imprevedibilità del comportamento umano possano essere sfruttate per aumentare la sicurezza dei sistemi e degli utenti.
Sviluppiamo nuovi approcci human-based concentrandoci su tre diversi contesti: (i) nuovi metodi per il rilevamento dei bot nei social network (ad esempio, Twitter) basati sulla coerenza stilistica dei post nel tempo, (ii) un nuovo framework per identificare espressioni false e genuine dai video, e (iii) un nuovo metodo di de-autenticazione basato sul rilevamento di volti fisicamente sfocati. I risultati dimostrano l'efficacia degli approcci proposti, raggiungendo un F1-score fino al 98% nella classificazione dell'uomo-bot, un'accuratezza fino al 90% nell'individuazione della tristezza fasulla, e un'accuratezza nella de-autenticazione degli utenti fino al 100% sotto 3 secondi di periodo di grazia.
Questa tesi evidenzia la necessità di maggiori sforzi nella progettazione di soluzioni di sicurezza che si concentrino sui fattori umani, mostrando la direzione per ulteriori indagini nell'analisi delle interazioni umane nella cybersecurity.Over the years, many cybersecurity breaches have been attributed to human error, considering human factors as one of the weakest links in the security chain. In fact, human factors are exploited by cybercriminals, causing significant losses of money and reputation to organizations. According to Verizon's 2021 Data Breach Investigations, 85% of breaches involved a human element, while 61% involved stolen or compromised credentials, causing an average breach cost of more than $3 million. To prevent cyberattacks, organizations focus on training employees and developing new policies, while also trying to maintain a balance between the complexity of security systems and their usability. However, the unpredictability of human behavior, the fast evolution of the digital world, and the increasing availability of technological resources for cybercriminals pose new and evolving cybersecurity challenges in anticipating both cyber threats in new environments and the rise of new threats in systems considered secure to date. On the other hand, the complexity and uniqueness of human behavior give new opportunities for designing new solutions to mitigate threats, improving the security of organizations and users. In this thesis, we investigate human interactions and cybersecurity, focusing on two main aspects: (i) developing new attacks, based on human interaction, against existing and consolidated authentication methods (i.e., PIN pads), and (ii) proposing new methods leveraging human behavior in multiple contexts to enhance the security of users and organizations. The first part of this thesis demonstrates the effectiveness of three attacks against the security of PIN-based authentication systems, focusing on Automated Teller Machines (ATMs) PIN pads. ATMs have become an indispensable part of the banking ecosystem such that according to the European Central Bank, in 2019 only in Europe, more than 11 billion withdrawal and deposit transactions were made. In particular, we show how ATM PIN pads are exposed to security threats related to human factors even if users have policy-compliant behaviors. We analyze different attack scenarios depending on the sources of information available to the attacker (e.g., video, audio, thermal, typing style). The results show that in the worst-case scenario for the victim, our attacks can reconstruct up to 94% of the 5-digit PINs typed within three attempts. In the second part of this thesis, we show how the variability and unpredictability of human behavior can be exploited to increase the security of systems and users. We develop new human-based approaches focusing on three different contexts: (i) new methods for bot detection in social networks (i.e., Twitter) relying on the stylistic consistency of posts over time, (ii) a new framework for identifying fake and genuine expressions from videos, and (iii) a new de-authentication method based on the detection of physically blurred faces. Results demonstrate the efficacy of the proposed approaches, achieving an F1-score up to 98% in human-bot detection, an accuracy up to 90% in fake sadness detection, and accuracy in de-authenticating users up to 100% under 3 seconds of grace period. This thesis highlights the need for more effort in designing security solutions that focus on human factors, showing the direction for further investigation in analyzing human interactions in cybersecurity.
25
Murray, Glenn Kristian. "Managing cybersecurity risk for critical infrastructure: A framework to secure critical infrastructure." Thesis, Edith Cowan University, Research Online, Perth, Western Australia, 2024. https://ro.ecu.edu.au/theses/2864.
Full textAbstract:
As cyber threats continue to evolve, the protection of critical infrastructure has become a paramount concern, particularly considering the devastating potential these threats hold. The 2024 cyberattack on Change Healthcare, which resulted in significant financial losses for UnitedHealth, $870 million in the first quarter alone and up to $1.6 billion for the year, highlights the urgent need for effective cybersecurity measures to safeguard essential services. This thesis investigates the cybersecurity maturity of Australian critical infrastructure healthcare and, food and grocery sectors., focusing on key areas such as governance, risk management, protective measures, detection capabilities, response and recovery protocols, compliance and assurance, and employee training and awareness.
This research employs a qualitative approach, using two rounds of semi-structured interviews with cybersecurity professionals, board members, and directors to gather in-depth insights into the current state of cybersecurity within these organisations. Thematic analysis conducted with Leximancer software identifies critical gaps in cybersecurity practices, particularly within the public sector, revealing systemic vulnerabilities that could be exploited by malicious actors.
A major contribution of this thesis is the development of the Cyber Security Maturity Model (CSMM), a framework designed to enhance the cybersecurity practices of critical infrastructure sectors. The CSMM suggests guidelines for policymakers, administrators, and cybersecurity professionals, enabling them to strengthen their organisations' defences and improve overall resilience against cyber threats.
The findings of this research confirm the need for comprehensive training programs, strategic planning, and better resource allocation to enhance cybersecurity resilience. This thesis offers a structured approach to addressing these challenges, contributing to the ongoing efforts to secure Australia's critical infrastructure. The insights and recommendations presented in this study contribute to the development of more robust cybersecurity strategies, ensuring the continued protection of essential services in an increasingly hostile cyber environment.
26
Rajasooriya, Sasith Maduranga. "Cybersecurity: Probabilistic Behavior of Vulnerability and Life Cycle." Scholar Commons, 2017. http://scholarcommons.usf.edu/etd/6933.
Full textAbstract:
Analysis on Vulnerabilities and Vulnerability Life Cycle is at the core of Cybersecurity related studies. Vulnerability Life Cycle discussed by S. Frei and studies by several other scholars have noted the importance of this approach. Application of Statistical Methodologies in Cybersecurity related studies call for a greater deal of new information. Using currently available data from National Vulnerability Database this study develops and presents a set of useful Statistical tools to be applied in Cybersecurity related decision making processes.
In the present study, the concept of Vulnerability Space is defined as a probability space. Relevant theoretical analyses are conducted and observations in the vulnerability space in aspects of events and states are discussed.
Transforming IT related cybersecurity issues into analytical formation so that abstract and conceptual knowledge from Mathematics and Statistics can be applied is a challenge. However, to overcome rising threats from Cyber-attacks such an integration of analytical foundation to understand the issues and develop strategies is essential. In the present study we apply well known Markov approach in a new approach of Vulnerability Life Cycle to develop useful analytical methods to assess the Risk associated with a vulnerability. We also presents, a new Risk Index integrating the results obtained and details from the Common Vulnerability Scoring System (CVSS).
In addition, a comprehensive study on the Vulnerability Space is presented discussing the likelihood of probable events in the probability sub-spaces of vulnerabilities.
Finally, an Extended Vulnerability Life Cycle model is presented and discussed in relation to States and Events in the Vulnerability Space that lays down a strong foundation for any future vulnerability related analytical research efforts.
27
Rodrigo, Hansapani Sarasepa. "Bayesian Artificial Neural Networks in Health and Cybersecurity." Scholar Commons, 2017. http://scholarcommons.usf.edu/etd/6940.
Full textAbstract:
Being in the era of Big data, the applicability and importance of data-driven models like artificial neural network (ANN) in the modern statistics have increased substantially. In this dissertation, our main goal is to contribute to the development and the expansion of these ANN models by incorporating Bayesian learning techniques. We have demonstrated the applicability of these Bayesian ANN models in interdisciplinary research including health and cybersecurity.
Breast cancer is one of the leading causes of deaths among females. Early and accurate diagnosis is a critical component which decides the survival of the patients. Including the well known ``Gail Model", numerous efforts are being made to quantify the risk of diagnosing malignant breast cancer. However, these models impose some limitations on their use of risk prediction. In this dissertation, we have developed a diagnosis model using ANN to identify the potential breast cancer patients with their demographic factors and the previous mammogram results. While developing the model, we applied the Bayesian regularization techniques (evidence procedure), along with the automatic relevance determination (ARD) prior, to minimize the network over-fitting. The optimal Bayesian network has 81\% overall accuracy in correctly classifying the actual status of breast cancer patients, 59\% sensitivity in accurately detecting the malignancy and 83\% specificity in correctly detecting non-malignancy. The area under the receiver operating characteristic curve (0.7940) shows that this is a moderate classification model.
We then present a new Bayesian ANN model for developing a nonlinear Poisson regression model which can be used for count data modeling. Here, we have summarized all the important steps involved in developing the ANN model, including the forward-propagation, backward-propagation and the error gradient calculations of the newly developed network. As a part of this, we have introduced a new activation function into the output layer of the ANN and error minimizing criterion, using count data. Moreover, we have expanded our model to incorporate the Bayesian learning techniques. The performance our model is tested using simulation data.
In addition to that, a piecewise constant hazard model is developed by extending the above nonlinear Poisson regression model under the Bayesian setting. This model can be utilized over the other conventional methods for accurate survival time prediction. With this, we were able to significantly improve the prediction accuracies. We captured the uncertainties of our predictions by incorporating the error bars which could not achieve with a linear Poisson model due to the overdispersion in the data. We also have proposed a new hybrid learning technique, and we evaluated the performance of those techniques with a varying number of hidden nodes and data size.
Finally, we demonstrate the suitability of Bayesian ANN models for time series forecasting by using an online training algorithm. We have developed a vulnerability forecast model for the Linux operating system by using this approach.
28
Kaijankoski, Eric A. "Cybersecurity information sharing between public–private sector agencies." Thesis, Monterey, California: Naval Postgraduate School, 2015. http://hdl.handle.net/10945/45204.
Full textAbstract:
Approved for public release; distribution is unlimitedGovernment agencies, businesses, and individuals alike have become more dependent on technology, and the desire and need for interconnectedness has led to increasing network vulnerability affecting both government and private sectors. Recognizing both government and private sector agencies individually lack the capabilities to defend against cyber threats, President Obama has called for a more robust and resilient cybersecurity alliance that encourages information-sharing partnerships with private sector owners and operators in charge of protecting U.S. critical infrastructure. Despite the recent drive for cyber legislation and policies, government agencies and private companies have seemed reluctant to share information related to cyber-attacks and threats with one another. To discover the deeper underlying issues that inhibit public-private cooperation, and to evaluate the effectiveness of public-private partnerships (PPPs) to advance cyber information sharing, this thesis examines the banking and finance sector of U.S. critical infrastructure sector. In doing so, it identifies reasons why information-sharing problems exist between government agencies and private companies; investigates how PPPs satisfy national cybersecurity needs; and, in turn, reveals issues for policymakers to consider when shaping policies that encourage an open dialog between the public and private sector.
29
Coria, Jose Calderon. "Curriculum modules in support of tabletop cybersecurity games." Thesis, Monterey, California: Naval Postgraduate School, 2013. http://hdl.handle.net/10945/37604.
Full textAbstract:
Approved for public release; distribution is unlimitedThe number of bachelor degrees in computer science has continued to decline over the past decade. These trends similarly affect cyber security sub-discipline of computer science. The non-digital computer security board game [d0x3d!] aims to teach cyber security concepts to a young, non-CS audience, to increase interest in the subject, and have a positive effect on computer science education. We develop curriculum modules in the form of lesson plans to complement this game. This demonstrates how the game can be used in an academic setting to scaffold instruction that introduces security concepts to K-12 audiences, more formally.
30
GARZA, ADRIANA BEATRIZ. "AN ANALYSIS OF THE ETHICS BEHIND CYBERSECURITY MANAGEMENT." Thesis, The University of Arizona, 2016. http://hdl.handle.net/10150/618707.
Full textAbstract:
This paper will explore cyber breaches, and the ethics behind a company’s decisionmaking
when it comes to cyber security. At a time when cyber attacks and breaches against wellknown,
and reputable companies were at an all-time high, an interest to study different cyber
breaches and a company’s reaction to the cyber breach began to develop. In order to analyze the
various cyber attacks that had taken place in recent years, a case study was completed,
examining three different companies in North America that had gone through a cyber attack –
Target, Ashley Madison, and Liverpool. Additionally, research of the different types of cyber
attacks and the various tactics companies utilize to avoid a cyber attack was conducted. The
research was guided by the question of whether Target, Ashley Madison, and Liverpool were
ethical in their response that followed their respective cyber breaches. Thus, this paper will
discuss the many facets of cyber security most relevant to companies, in addition to an ethical
analysis of each company’s actions following their respective cyber breach.
31
Zeng, Kui. "Exploring cybersecurity requirements in the defense acquisition process." Thesis, Capitol Technology University, 2016. http://pqdtopen.proquest.com/#viewpdf?dispub=10165487.
Full textAbstract:
The federal government is devoted to an open, safe, free, and dependable cyberspace that empowers innovation, enriches business, develops the economy, enhances security, fosters education, upholds democracy, and defends freedom. Despite many advantages— federal and Department of Defense cybersecurity policies and standards, the best military power equipped with the most innovative technologies in the world, and the best military and civilian workforces ready to perform any mission—the defense cyberspace is vulnerable to a variety of threats. This study explores cybersecurity requirements in the defense acquisition process. The literature review exposes cybersecurity challenges that the government faces in the federal acquisition process, and the researcher examines cybersecurity requirements in defense acquisition documents. The study reveals that cybersecurity is not at a level of importance equal to that of cost, technical, and performance in the current defense acquisition process. The study discloses the defense acquisition guidance does not reflect the change of cybersecurity requirements, and the defense acquisition processes are deficient, ineffective, and inadequate to describe and consider cybersecurity requirements, weakening the government’s overall efforts to implement cybersecurity framework into the defense acquisition system. The study recommends defense organizations elevate the importance of cybersecurity during the acquisition process, to help the government’s overall efforts to develop, build, and operate in an open, secure, interoperable, and reliable cyberspace.
32
Padlipsky, Sarah. "Using Offline Activities to Enhance Online Cybersecurity Education." DigitalCommons@CalPoly, 2018. https://digitalcommons.calpoly.edu/theses/1956.
Full textAbstract:
Since the beginning of the 21st century, the United States has experienced the impact of a technological revolution. One effect of this technological revolution is the creation of entirely new careers related to the field of technology, including cybersecurity. Continued growth in the cybersecurity industry means a greater number of jobs will be created, adding to the existing number of jobs that are challenging an under-educated and under-trained workforce. The goal of this thesis is to increase the effectiveness of cybersecurity education. This thesis studies whether an online course in cybersecurity can be enhanced by offline, in-person activities that mirror traditional classroom methods. To validate the research, two groups of high school students participated in an online course with only one group participating in offline activities. The results showed that the group that participated in both the online and offline portions of the course had a higher percentage of student retention, a more positive mindset towards cybersecurity, and an improved performance in the course.
33
Uwakweh, Ozioma I. F. "Cybersecurity in the Retail Industry: Third Party Implications." University of Cincinnati / OhioLINK, 2020. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1595848539891614.
Full text
34
Hanson, Eric Gerald. "A network of nations why effective cybersecurity requires /." Connect to Electronic Thesis (CONTENTdm), 2009. http://worldcat.org/oclc/476725684/viewonline.
Full text
35
Deshpande, Pranita. "Assessment Of Two Pedagogical Tools For Cybersecurity Education." ScholarWorks@UNO, 2018. https://scholarworks.uno.edu/td/2557.
Full textAbstract:
Cybersecurity is an important strategic areas of computer science, and a difficult discipline to teach effectively. To enhance and provide effective teaching and meaningful learning, we develop and assess two pedagogical tools: Peer instruction, and Concept Maps. Peer instruction teaching methodology has shown promising results in core computer science courses by reducing failure rates and improving student retention in computer science major. Concept maps are well-known technique for improving student-learning experience in class. This thesis document presents the results of implementing and evaluating the peer instruction in a semester-long cybersecurity course, i.e., introduction to computer security. Development and evaluation of concept maps for two cybersecurity courses: SCADA security systems, and digital forensics. We assess the quality of the concept maps using two well-defined techniques: Waterloo rubric, and topological scoring. Results clearly shows that overall concept maps are of high-quality and there is significant improvement in student learning gain during group-discussion.
36
Smith, Willarvis. "A Comprehensive Cybersecurity Defense Framework for Large Organizations." Diss., NSUWorks, 2019. https://nsuworks.nova.edu/gscis_etd/1083.
Full textAbstract:
There is a growing need to understand and identify overarching organizational requirements for cybersecurity defense in large organizations. Applying proper cybersecurity defense will ensure that the right capabilities are fielded at the right locations to safeguard critical assets while minimizing duplication of effort and taking advantage of efficiencies. Exercising cybersecurity defense without an understanding of comprehensive foundational requirements instills an ad hoc and in many cases conservative approach to network security. Organizations must be synchronized across federal and civil agencies to achieve adequate cybersecurity defense. Understanding what constitutes comprehensive cybersecurity defense will ensure organizations are better protected and more efficient.
This work, represented through design science research, developed a model to understand comprehensive cybersecurity defense, addressing the lack of standard requirements in large organizations. A systemic literature review and content analysis were conducted to form seven criteria statements for understanding comprehensive cybersecurity defense. The seven criteria statements were then validated by a panel of expert cyber defenders utilizing the Delphi consensus process. Based on the approved criteria, the team of cyber defenders facilitated the development of a Comprehensive Cybersecurity Defense Framework prototype for understanding cybersecurity defense. Through the Delphi process, the team of cyber defense experts ensured the framework matched the seven criteria statements. An additional and separate panel of stakeholders conducted the Delphi consensus process to ensure a non-biased evaluation of the framework.
The comprehensive cybersecurity defense framework is developed through the data collected from two distinct and separate Delphi panels. The framework maps risk management, behavioral, and defense in depth frameworks with cyber defense roles to offer a comprehensive approach to cyber defense in large companies, agencies, or organizations. By defining the cyber defense tasks, what those tasks are trying to achieve and where best to accomplish those tasks on the network, a comprehensive approach is reached.
37
Boutwell, Mark. "Exploring Industry Cybersecurity Strategy in Protecting Critical Infrastructure." ScholarWorks, 2019. https://scholarworks.waldenu.edu/dissertations/7965.
Full textAbstract:
Successful attacks on critical infrastructure have increased in occurrence and sophistication. Many cybersecurity strategies incorporate conventional best practices but often do not consider organizational circumstances and nonstandard critical infrastructure protection needs. The purpose of this qualitative multiple case study was to explore cybersecurity strategies used by information technology (IT) managers and compliance officers to mitigate cyber threats to critical infrastructure. The population for this study comprised IT managers and compliance officers of 4 case organizations in the Pacific Northwest United States. The routine activity theory developed by criminologist Cohen and Felson in 1979 was used as the conceptual framework. Data collection consisted of interviews with 2 IT managers, 3 compliance officers, and 25 documents related to cybersecurity and associated policy governance. A software tool was used in a thematic analysis approach against the data collected from the interviews and documentation. Data triangulation revealed 4 major themes: a robust workforce training program is crucial, make infrastructure resiliency a priority, importance of security awareness, and importance of organizational leadership support and investment. This study revealed key strategies that may help improve cybersecurity strategies used by IT and compliance professionals, which can mitigate successful attacks against critical infrastructure. The study findings will contribute to positive social change through an exploration and contextual analysis of cybersecurity strategy with situational awareness of IT practices to enhance cyber threat mitigation and inform business processes.
38
Melis, Andrea <1989>. "Cybersecurity issues in software architectures for innovative services." Doctoral thesis, Alma Mater Studiorum - Università di Bologna, 2020. http://amsdottorato.unibo.it/9303/1/Thesis_Final.pdf.
Full textAbstract:
The recent advances in data center development have been at the basis of the widespread
success of the cloud computing paradigm, which is at the basis of models for software based applications and services, which is the "Everything as a Service" (XaaS) model. According to the XaaS model, service of any kind are deployed on demand
as cloud based applications, with a great degree of flexibility and a limited need for investments in dedicated hardware and or software components. This approach opens up a lot of opportunities, for instance providing access to complex and widely
distributed applications, whose cost and complexity represented in the past a significant entry barrier, also to small or emerging businesses. Unfortunately, networking is now embedded in every service and application, raising several cybersecurity issues related to corruption and leakage of data, unauthorized access, etc. However, new service-oriented architectures are emerging in this context, the so-called services enabler architecture. The aim of these architectures is not only to expose and give the resources to these types of services, but it is also to validate them. The validation includes numerous aspects, from the legal to the infrastructural ones e.g., but above all the cybersecurity threats. A solid threat analysis of the aforementioned architecture is therefore necessary, and this is the main goal of this thesis. This work investigate the security threats of the emerging service enabler architectures, providing proof of concepts for these issues and the solutions too, based on several use-cases implemented in real world scenarios.
39
Merlo, Nicole <1995>. "Cybersecurity: una sfida per il mondo di oggi." Master's Degree Thesis, Università Ca' Foscari Venezia, 2019. http://hdl.handle.net/10579/15362.
Full textAbstract:
Nel corso dell'elaborato verrà analizzato quello che è il contesto in cui il tema della cybersecurity va ad inserirsi, esplorando problematiche e opportunità che le nuove tecnologie digitali hanno scaturito nel mondo economico e sociale.
40
Choi, Min Suk. "Assessing the Role of User Computer Self-Efficacy, Cybersecurity Countermeasures Awareness, and Cybersecurity Skills toward Computer Misuse Intention at Government Agencies." NSUWorks, 2013. http://nsuworks.nova.edu/gscis_etd/119.
Full textAbstract:
Cybersecurity threats and vulnerabilities are causing substantial financial losses for governments and organizations all over the world. Cybersecurity criminals are stealing more than one billion dollars from banks every year by exploiting vulnerabilities caused by bank users' computer misuse. Cybersecurity breaches are threatening the common welfare of citizens since more and more terrorists are using cyberterrorism to target critical infrastructures (e.g., transportation, telecommunications, power, nuclear plants, water supply, banking) to coerce the targeted government and its people to accomplish their political objectives. Cyberwar is another major concern that nations around the world are struggling to get ready to fight. It has been found that intentional and unintentional users' misuse of information systems (IS) resources represents about 50% to 75% of cybersecurity threats and vulnerabilities to organizations. Computer Crime and Security Survey revealed that nearly 60% of security breaches occurred from inside the organization by users.
Computer users are one of the weakest links in the information systems security chain, because users seem to have very limited or no knowledge of user computer self-efficacy (CSE), cybersecurity countermeasures awareness (CCA), and cybersecurity skills (CS). Users' CSE, CCA, and CS play an important role in users' computer misuse intention (CMI). CMI can be categorized as unauthorized access, use, disruption, modification, disclosure, inspection, recording, or destruction of information system data. This dissertation used a survey to empirically assess users' CSE, CCA, CS, and computer misuse intention (CMI) at government agencies. This study used Partial Least Square (PLS) technique to measure the fit of a theoretical model that includes seven independent latent variables (CSE, UAS-P, UAS-T, UAC-M, CCS, CIS, & CAS) and their influences on the dependent variable CMI. Also, PLS was used to examine if the six control variables (age, gender, job function, education level, length of working in the organization, & military status such as veteran) had any significant impact on CMI.
This study included data collected from 185 employees of a local and state transportation agency from a large metropolitan in the northeastern United States. Participants received an email invitation to take the Web-based survey. PLS was used to test the four research hypotheses. The results of the PLS model showed that UAC-M and CIS were significant contributors (p
41
Nieminen, Linda. "Why is human trafficking excluded from the EU’s cybersecurity? : An explorative study about cybersecurity and human trafficking in the European Union." Thesis, Försvarshögskolan, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:fhs:diva-9698.
Full textAbstract:
Combatting human trafficking is one of the top priorities in the European Union and Europol. Nonetheless, Europe is one of worlds’ leading regions for most trafficked human beings. Human trafficking is often connected to organised crime such as drug trafficking, cybercrime and child pornography and occurs across borders. 21st century’s digital age has broadly shifted human trafficking from the real-life to the cyberspace. However, human trafficking is not mentioned in any EU cybersecurity policies. This thesis aims to explore, using a feminist security approach, why human trafficking is overlooked in the European Union cybersecurity. By conducting an interpretive content analysis and using the method of deconstruction, I investigated the silences of human trafficking and gender. Leaning on feminist theories of securitisation, hegemonic masculinity and poststructural feminism, three significant assumptions were identified. The first assumption was that human trafficking is overlooked in the EU cybersecurity because of the non-human referent object of security. The second was that it is overlooked because of hegemonic masculinity. And lastly, because the issue is seen as private and therefore do not belong to cybersecurity. By analysing EU cybersecurity policies, I identified that the EU cybersecurity is dominated by norms of hegemonic masculinity and gendered social hierarchies. In the EU cybersecurity, threats related to non-human objects are constructed and gain hegemony over human rights and social policies. This study has raised important questions about the nature of cybersecurity in the EU, and greater efforts are needed to ensure women’s security in the cyberspace. These results suggest that if the EU aims to combat human trafficking wholehearted, it needs to start with acknowledging human trafficking as a threat in the cyberspace.
42
Catota, Quintana Frankie. "Cybersecurity Capabilities in a Critical Infrastructure Sector of a Developing Nation." Research Showcase @ CMU, 2016. http://repository.cmu.edu/dissertations/697.
Full textAbstract:
When information technology is incorporated into the operations of financial critical infrastructure, it brings with it a range of cyber risks, and mitigating them requires that firms and regulators develop capabilities to foster protection. The sophistication of cyber threats to the financial sector has been growing rapidly. Developed nations have worked hard to improve their knowledge of these threats and establish strategies to respond accordingly. However, in developing nations, both the understanding of the risks posed by cyber threats and the ability to address those risks have been slower to evolve. Developing the needed cybersecurity capabilities in developing countries encounter challenges that need to be identified and addressed. In order to begin to do that, this thesis reports on three studies conducted in the context of Ecuador. The first study identifies and assesses incident experiences, challenges, barriers, and desired actions reported by financial security managers with the objective of identifying strategies to enhance incident response capabilities. The second study begins with the security incidents reported by the Ecuadorian financial stakeholders during the first study and assesses the potential effectiveness of the government policy that is intended to address IT risk in the financial sector. The third study explores the challenges that universities face in order to provide cybersecurity instruction to protect critical infrastructure and explores potential strategies to advance cybersecurity education at the university level. In support of this work we collected data from national practitioners involved in responding to security incidents and in developing cybersecurity skills. Sixty-one in-depth, semi-structured interviews across five cities were conducted (95% in person, the rest by telephone) with respondents who had good knowledge in the subjects. Respondents come mainly from: the financial sector (CISOs, risk and IT managers, security chiefs, security officers, authorities); telecommunications sector, especially ISPs (managers, directors, engineers, authorities); and academia (deans, directors, professors). We transcribed all the interviews, coded them and conducted qualitative text analysis. This research finds that (1) the financial sector is already facing risks driven by outsiders and insiders that lead to fraud and operational errors and failures. The main barriers to improving protection are small team size, network visibility, inadequate internal coordination, technology updating, lack of training, and lack of awareness. The sector has little community support to respond to incidents, and the national legal framework has not supported appropriate prosecution of cyber criminals; (2) the national IT risk management policy has reasonably covered most countermeasures related to reported security incidents. There are however, several areas of gap, one of the most important is network security, which can enable sophisticated malware attacks; (3) today the level of cybersecurity education is mostly elementary in Ecuador. Academic interviewees at only four of the thirteen universities studied expressed confidence that they can provide students with reasonable preparation. Ecuador needs to design a national cybersecurity plan that prioritizes protection for critical infrastructure and should support strategies that allow the country to enhance cybersecurity capabilities. Properly designed these initiatives should allow the nation to develop a core structure to confront current and emergent cyber challenges in the financial sector and other critical national operations, and build the human resources necessary to continue that effort.
43
Tontini, Gian Carlo Raffaele. "Cybersecurity e dispositivi medici: fasi di sviluppo e governance." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2017. http://amslaurea.unibo.it/14616/.
Full textAbstract:
Sicurezza informatica, cybersecurity sono tematiche entrate a far parte di prepotenza dell'ambito sanitario. Questa crescente attenzione è giustificabile dal fatto che le moderne tecnologie informatiche hanno e continueranno ad avere un forte impatto sulla cura della salute dell'individuo.
44
Pertierra, Arrojo Marcos (Marcos A. ). "Investigating coevolutionary algorithms For expensive fitness evaluations in cybersecurity." Thesis, Massachusetts Institute of Technology, 2018. http://hdl.handle.net/1721.1/120388.
Full textAbstract:
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2018.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.
Cataloged from student-submitted PDF version of thesis.
Includes bibliographical references (pages 75-76).
Coevolutionary algorithms require evaluating fitness of solutions against adversaries, and vice versa, in order to select high quality individuals to generate offspring and evolve the population. However, some problems require computationally expensive fitness evaluations, which makes it hard to generate solutions in a feasible amount of time. In this thesis, we devise coevolutionary algorithms and methods that achieve good results with fewer fitness evaluations, and we present methods for selecting a solution to deploy after running experiments with multiple coevolutionary algorithms. Comparing our new algorithms presented with baselines, we found that MEULockstepCoev performs relatively well, especially for attackers.
by Marcos Pertierra Arrojo.
M. Eng.
45
Galán, Carlos Manuel, and Cordero Carlos Galán. "Public cybersecurity as guarantee of the exercise of rights." Derecho & Sociedad, 2017. http://repositorio.pucp.edu.pe/index/handle/123456789/117704.
Full textAbstract:
The development of fundamental human rights contained in the texts of the Universal Declarations and the Constitutions of democratic states requires that information systems that support its exercise are permanently operational. However, this need is constantly violated by many cyberattacks that, in the heart of the matter, seek to undermine the free exercise of such rights. It is in this environment where public cybersecurity, understood as the set of legal regulations, methods, procedures and tools, finds its reason for being and is configured as the only appropriate means of ensuring social coexistence in accordance with the principles of the Rule of Law.
46
Kedrowitsch, Alexander Lee. "Deceptive Environments for Cybersecurity Defense on Low-power Devices." Thesis, Virginia Tech, 2017. http://hdl.handle.net/10919/86164.
Full textAbstract:
The ever-evolving nature of botnets have made constant malware collection an absolute necessity for security researchers in order to analyze and investigate the latest, nefarious means by which bots exploit their targets and operate in concert with each other and their bot master.
In that effort of on-going data collection, honeypots have established themselves as a curious and useful tool for deception-based security. Low-powered devices, such as the Raspberry Pi, have found a natural home with some categories of honeypots and are being embraced by the honeypot community. Due to the low cost of these devices, new techniques are being explored to employ multiple honeypots within a network to act as sensors, collecting activity reports and captured malicious binaries to back-end servers for later analysis and network threat assessments. While these techniques are just beginning to gain their stride within the security community, they are held back due to the minimal amount of deception a traditional honeypot on a low-powered device is capable of delivering.
This thesis seeks to make a preliminary investigation into the viability of using Linux containers to greatly expand the deception possible on low-powered devices by providing isolation and containment of full system images with minimal resource overhead. It is argued that employing Linux containers on low-powered device honeypots enables an entire category of honeypots previously unavailable on such hardware platforms. In addition to granting previously unavailable interaction with honeypots on Raspberry Pis, the use of Linux containers grants unique advantages that have not previously been explored by security researchers, such as the ability to defeat many types of virtual environment and monitoring tool detection methods.Master of Science
47
Hoskins, Brittany Noel. "The Rhetoric of Commoditized Vulnerabilities: Ethical Discourses in Cybersecurity." Thesis, Virginia Tech, 2015. http://hdl.handle.net/10919/52943.
Full textAbstract:
The field of cybersecurity is relatively uncharted by rhetoricians and sociologists but nevertheless laden with terminological assumptions, violent metaphors, and ethical conflicts. This study explores the discourse surrounding the morally contentious practice of hackers selling software vulnerabilities to third parties instead of disclosing them to the affected technology companies. Drawing on grounded theory, I utilize a combination of quantitative word-level analysis and qualitative coding to assess how notions of right and wrong on this topic are framed by three groups: 1) the hackers themselves, 2) technology companies, and 3) reporters. The results show that the most commonly constructed argument was based on a "greater good" ethic, in which rhetors argue for reducing risk to "us all" or to innocent computer users. Additionally, the technology companies and hackers assiduously build their ethos to increase their trustworthiness in the public mind. Ultimately, studying this unexplored area of "gray hat hacking" has important implications for policymakers creating new cybersecurity legislation, reporters attempting to accurately frame the debate, and information technology professionals whose livelihoods are affected by evolving social norms.Master of Arts
48
Johnson, William. "Development of Peer Instruction Material for a Cybersecurity Curriculum." ScholarWorks@UNO, 2017. http://scholarworks.uno.edu/td/2367.
Full textAbstract:
Cybersecurity classes focus on building practical skills alongside the development of the open mindset that is essential to tackle the dynamic cybersecurity landscape. Unfortunately, traditional lecture-style teaching is insufficient for this task. Peer instruction is a non-traditional, active learning approach that has proven to be effective in computer science courses. The challenge in adopting peer instruction is the development of conceptual questions. This thesis presents a methodology for developing peer instruction questions for cybersecurity courses, consisting of four stages: concept identification, concept trigger, question presentation, and development. The thesis analyzes 279 questions developed over two years for three cybersecurity courses: introduction to computer security, network penetration testing, and introduction to computer forensics. Additionally, it discusses examples of peer instruction questions in terms of the methodology. Finally, it summarizes the usage of a workshop for testing a selection of peer instruction questions as well as gathering data outside of normal courses.
49
Cheung, Kam Fung. "A Three Stage Approach to Cybersecurity Management for Logistics." Thesis, The University of Sydney, 2021. https://hdl.handle.net/2123/24945.
Full textAbstract:
The logistics industry is benefiting from the fast-growing cyberspace, but is also increasing its exposure to cyberattacks. Interest in cybersecurity in logistics and supply chain management has grown, but this has not been matched by academic research. This thesis aims to develop a methodology to enhance cybersecurity in an interdependent digital logistics network.
The methodology proposed in this thesis consists of three stages: The precautionary planning stage, the real-time recovery planning stage and the aftermath recovery planning stage. In the precautionary planning stage, this study proposes a novel demon game model against a quantal response (QR) adversary to protect critical assets considering the defending budget and the asset dependency, where the QR adversary can define an attack strategy with biases. Each asset in the solution is represented by its security level indicating its desirability for being protected. Due to the non-convexity of the model, this study proposes a Method of Successive Average heuristic with randomised initial conditions (MSAR) to obtain a promising solution. The efficacy of the proposed heuristic is verified using a hypothetical network after consulting a cybersecurity expert.
Although precautionary strategies are implemented to protect critical assets in a cyber network, a high-level adversary can still penetrate the network and launch attacks inside the organisation. Thus, real-time recovery plays an important role in facing real-time cyberattacks. In the real-time recovery planning stage, this study proposes a novel max-min integer programming model subject to a budget constraint to improve network connectivity of a compromised digital logistics network via maximising algebraic connectivity. Due to the NP-hardness of the model, an optimal solution may not be found in a short time. Thus, several heuristic algorithms, including greedy algorithms, tabu search, and relaxed semidefinite programming (SDP) with rounding, are proposed to find promising solutions. Verification of these heuristic algorithms is achieved by applying them, firstly to a hypothetical network, then to a large scale-free network which mimics a digital logistics network.
When attacks have ceased, recovery measures are initiated to recover the damaged network to its normal state. To speed up the pace of full recovery, resilience plays an important role in recovery. The more resilient the network, the quicker it returns to its normal state after an attack. In the aftermath planning stage, this study proposes a novel max-min mixed integer programming model to improve backbone network resilience by maximising the largest eigenvalue of the associated asymmetric weighted adjacency matrix. Due to the NP-hard nature of the problem, this study proposes an algorithm called LAW (Link Asymmetric Weights) to output a resilient network design. Compared with the enumeration algorithm, the numerical experiments demonstrate the superiority of the proposed algorithm in terms of computation time and solution quality.
In addition, this thesis provides some managerial insights to enhance cybersecurity in logistics management. For example, regular training could improve staff awareness of cyberattacks that could lower the risk of being attacked. Also, the proposed tabu search could help decision makers maintain the compromised network at an acceptable functional state. Last but not least, the proposed LAW algorithm could help a focal organisation identify important new links to improve backbone network resilience when building close relationships with its (potential) third-party service providers.
The proposed methodology is believed to be the first for logistics and supply chains so can potentially serve as a blueprint for other industries, like e-commerce, and governments. It could also be used to mitigate the impacts of other types of risks in logistics systems, smart grids and so on.
50
Choejey, Pema. "Cybersecurity challenges and practices: A case study of Bhutan." Thesis, Choejey, Pema (2018) Cybersecurity challenges and practices: A case study of Bhutan. PhD thesis, Murdoch University, 2018. https://researchrepository.murdoch.edu.au/id/eprint/42353/.
Full textAbstract:
Bhutan is an emerging country with transitioning economy with a vision to become an ICT knowledge-based information society. Many government organizations, businesses and individuals are adopting the Internet for day to day operations and activities. With increasing dependency on information systems, networks, and the Internet; securing and protecting Bhutan’s cyberspace from malicious attackers and cyber criminals is a serious concern.
Few scholarly studies related to cybersecurity have been conducted in developing countries. No scholarly and empirical research has been conducted in Bhutan to understand how the government is addressing and managing cybersecurity. This has resulted in a critical knowledge gap that must be addressed urgently through empirical research to guide government policy makers, security professionals and practitioners to develop and implement cybersecurity program. This thesis investigates the development and implementation of cybersecurity policies and practices in government organizations in Bhutan.
A sequential mixed methods research design was employed to collect primary data on cybersecurity risks, effectiveness of cybersecurity policies and practices, and perceptions of cybersecurity in government organizations. The research also used secondary data sources such as government reports, print and social media, to validate the results of the research study.
The findings suggest that government organizations in Bhutan are vulnerable to cybersecurity risks, such as malware and hacking, and that they lack adequate knowledge and awareness of cybersecurity, cybersecurity policies and procedures, technical controls, and incident response capabilities. Furthermore, the evidence suggests that the use of pirated software and expired security products in many government organizations is rampant and offsets the effectiveness of technical measures.
Based on the research findings and analysis, a government cybersecurity framework is proposed, highlighting the key areas necessary for improving cybersecurity in government organizations. It is hoped that the outcomes and findings of this research will benefit other ICT emerging countries.