To see the other types of publications on this topic, follow the link: Data security and protection.
Dissertations / Theses on the topic 'Data security and protection'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Data security and protection.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Neophytou, Andonis. "Computer security : data control and protection." Virtual Press, 1992. http://liblink.bsu.edu/uhtbin/catkey/834504.
Full textAbstract:
Computer security is a crucial area for any organization based on electronic devices that process data. The security of the devices themselves and the data they process are the backbone of the organization. Until today there have been no completely secure systems or procedures until and a lot of research is being done in this area. It impossible for a machine or a mechanical procedure to "guess" all possible events and lead to conclusive, cohesive and comprehensive secure systems, because of: 1) the human factor, and 2) acts of nature (fire, flood etc). However, proper managerial control can alleviate the extent of the damage caused by those factors.The purpose of this study is to examine the different frameworks of computer security. Emphasis is given to data/database security and the various kinds of attacks on the data. Controls over these attacks and preventative measures will be discussed, and high level language programs will demonstrate the protection issues. The Oracle, SOL query language will be used to demonstrate these controls and prevention measures. In addition the FORTRAN high level language will be used in conjunction with SOL (Only the FORTRAN and COBOL compilers are available for embedded SOL). The C language will be used to show attacks on password files and also as an encryption/decryption program.This study was based mainly on research. An investigation of literature spanning the past decade, was examined to produce the ideas and methods of prevention and control discussed in the study.Department of Computer Science
2
Ammar, Bassem AbuBakr. "Error protection and security for data transmission." Thesis, Lancaster University, 2004. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.421640.
Full text
3
Oduyiga, Adeshola Oyesanya. "Security in Cloud Storage : A Suitable Security Algorithm for Data Protection." Thesis, Mittuniversitetet, Avdelningen för informationssystem och -teknologi, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:miun:diva-34428.
Full textAbstract:
The purpose of this thesis work was to conduct a general research on existing security techniques and come up with a considerable algorithm for data security in cloud storage. Cloud storage is an infrastructure or is a model of computer data storage in which the digital data is stored in logical pools. It unifies object storage for both developers and enterprises, from live applications data to cloud archival. It help to save valuable space on PC computers or mobile devices and provides the easy storage and access of data anywhere in the world. However, just as the benefits of cloud computing abounds, so also are the risks involved. If data are not well secured or encrypted before deployment for storage in the cloud, in case of negligence on the side of the developers, then hackers can gain unauthorized access to the data. The behavior of existing security algorithms on data were studied, the encryption and decryption process of the each algorithm on data was studied and also their weaknesses against attacks. Apart from data encryption, security policies also plays an important roll in cloud storage which was also covered in this report. The research work was conducted through the use of online publications, literature review, books, academic publications and reputable research materials. The study showed that regardless of the challenges in cloud storage, there is still a suitable algorithm for protecting data against attack in the cloud.
4
Benson, Glenn Stuart. "A formal protection model of security in distributed systems." Diss., Georgia Institute of Technology, 1989. http://hdl.handle.net/1853/12238.
Full text
5
Mai, Guangcan. "Biometric system security and privacy: data reconstruction and template protection." HKBU Institutional Repository, 2018. https://repository.hkbu.edu.hk/etd_oa/544.
Full textAbstract:
Biometric systems are being increasingly used, from daily entertainment to critical applications such as security access and identity management. It is known that biometric systems should meet the stringent requirement of low error rate. In addition, for critical applications, the security and privacy issues of biometric systems are required to be concerned. Otherwise, severe consequence such as the unauthorized access (security) or the exposure of identity-related information (privacy) can be caused. Therefore, it is imperative to study the vulnerability to potential attacks and identify the corresponding risks. Furthermore, the countermeasures should also be devised and patched on the systems. In this thesis, we study the security and privacy issues in biometric systems. We first make an attempt to reconstruct raw biometric data from biometric templates and demonstrate the security and privacy issues caused by the data reconstruction. Then, we make two attempts to protect biometric templates from being reconstructed and improve the state-of-the-art biometric template protection techniques.
6
Tyukala, Mkhululi. "Governing information security using organisational information security profiles." Thesis, Nelson Mandela Metropolitan University, 2007. http://hdl.handle.net/10948/626.
Full textAbstract:
The corporate scandals of the last few years have changed the face of information security and its governance. Information security has been elevated to the board of director level due to legislation and corporate governance regulations resulting from the scandals. Now boards of directors have corporate responsibility to ensure that the information assets of an organisation are secure. They are forced to embrace information security and make it part of business strategies. The new support from the board of directors gives information security weight and the voice from the top as well as the financial muscle that other business activities experience. However, as an area that is made up of specialist activities, information security may not easily be comprehended at board level like other business related activities. Yet the board of directors needs to provide oversight of information security. That is, put an information security programme in place to ensure that information is adequately protected. This raises a number of challenges. One of the challenges is how can information security be understood and well informed decisions about it be made at the board level? This dissertation provides a mechanism to present information at board level on how information security is implemented according to the vision of the board of directors. This mechanism is built upon well accepted and documented concepts of information security. The mechanism (termed An Organisational Information Security Profile or OISP) will assist organisations with the initialisation, monitoring, measuring, reporting and reviewing of information security programmes. Ultimately, the OISP will make it possible to know if the information security endeavours of the organisation are effective or not. If the information security programme is found to be ineffective, The OISP will facilitate the pointing out of areas that are ineffective and what caused the ineffectiveness. This dissertation also presents how the effectiveness or ineffctiveness of information security can be presented at board level using well known visualisation methods. Finally the contribution, limits and areas that need more investigation are provided.
7
Salles, Ernesto J. "The impact on quality of service when using security-enabling filters to provide for the security of run-time extensible virtual environments." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2002. http://library.nps.navy.mil/uhtbin/hyperion-image/02sep%5FSalles.pdf.
Full textAbstract:
Thesis (M.S. in Modeling, Virtual Environments and Simulation)--Naval Postgraduate School, September 2002.Thesis advisor(s): J. Bret Michael, Michael Capps, Don McGregor. Includes bibliographical references (p. 123-127). Also available online.
8
Cannon, Jennifer Elizabeth. "Strategies for Improving Data Protection to Reduce Data Loss from Cyberattacks." ScholarWorks, 2019. https://scholarworks.waldenu.edu/dissertations/7277.
Full textAbstract:
Accidental and targeted data breaches threaten sustainable business practices and personal privacy, exposing all types of businesses to increased data loss and financial impacts. This single case study was conducted in a medium-sized enterprise located in Brevard County, Florida, to explore the successful data protection strategies employed by the information system and information technology business leaders. Actor-network theory was the conceptual framework for the study with a graphical syntax to model data protection strategies. Data were collected from semistructured interviews of 3 business leaders, archival documents, and field notes. Data were analyzed using thematic, analytic, and software analysis, and methodological triangulation. Three themes materialized from the data analyses: people--inferring security personnel, network engineers, system engineers, and qualified personnel to know how to monitor data; processes--inferring the activities required to protect data from data loss; and technology--inferring scientific knowledge used by people to protect data from data loss. The findings are indicative of successful application of data protection strategies and may be modeled to assess vulnerabilities from technical and nontechnical threats impacting risk and loss of sensitive data. The implications of this study for positive social change include the potential to alter attitudes toward data protection, creating a better environment for people to live and work; reduce recovery costs resulting from Internet crimes, improving social well-being; and enhance methods for the protection of sensitive, proprietary, and personally identifiable information, which advances the privacy rights for society.
9
De, Lange Joshua. "A framework for information security management in local government." Thesis, Nelson Mandela Metropolitan University, 2017. http://hdl.handle.net/10948/7588.
Full textAbstract:
Information has become so pervasive within enterprises and everyday life, that it is almost indispensable. This is clear as information has become core to the business operations of any enterprise. Information and communication technology (ICT) systems are heavily relied upon to store, process and transmit this valuable commodity. Due to its immense value, information and related ICT resources have to be adequately protected. This protection of information is commonly referred to as information security.
10
Kane, Douglas Robert. "Web-based dissemination system for the Trusted Computing Exemlar [i.e. Exemplar] project." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2005. http://library.nps.navy.mil/uhtbin/hyperion/05Jun%5FKane.pdf.
Full textAbstract:
Thesis (M.S. in Computer Science)--Naval Postgraduate School, June 2005.Thesis Advisor(s): Cynthia E. Irvine, Thuy D. Nguyen. Includes bibliographical references (p. 127-128). Also available online.
11
Molema, Karabo Omphile. "The conflict of interest between data sharing and data privacy : a middleware approach." Thesis, Cape Peninsula University of Technology, 2016. http://hdl.handle.net/20.500.11838/2415.
Full textAbstract:
Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2016.People who are referred to as data owners in this study, use the Internet for various purposes and one of those is using online services like Gmail, Facebook, Twitter and so on. These online services are offered by organizations which are referred to as data controllers. When data owners use these service provided by data controllers they usually have to agree to the terms and conditions which gives data controllers indemnity against any privacy issues that may be raised by the data owner. Data controllers are then free to share that data with any other organizations, referred to as third parties. Though data controllers are protected from lawsuits it does not necessarily mean they are free of any act that may be considered a privacy violation by the data owner. This thesis aims to arrive at a design proposition using the design science research paradigm for a middleware extension, specifically focused on the Tomcat server which is a servlet engine running on the JVM. The design proposition proposes a client side annotation based API to be used by developers to specify classes which will carry data outside the scope of the data controller's system to a third party system, the specified classes will then have code weaved in that will communicate with a Privacy Engine component that will determine based on data owner's preferences if their data should be shared or not. The output of this study is a privacy enhancing platform that comprises of three components the client side annotation based API used by developers, an extension to Tomcat and finally a Privacy Engine.
12
Sundqvist, Erik. "Protection of Non-Volatile Data in IaaS-environments." Thesis, Linköpings universitet, Institutionen för datavetenskap, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-112954.
Full textAbstract:
Infrastructure-as-a-Service (IaaS) cloud solutions continue to experience growth, but many enterprises and organizations are of the opinion that cloud adoption has decreased security in several aspects. This thesis addresses protection of IaaS-environment non- volatile data. A risk analysis is conducted, using the CORAS method, to identify and evaluate risks, and to propose treatments to those risks considered non-acceptable. The complex and distributed nature of an IaaS deployment is investigated to identify di↵erent approaches to data protection using encryption in combination with Trusted Computing principles. Additionally, the outcome of the risk analysis is used to decide the advantages and/or drawbacks of the di↵erent approaches; encryption on the storage host, on the compute host or inside the virtual machine. As a result of this thesis, encryption on the compute host is decided to be most beneficial due to minimal needs for trust, minimal data exposure and key management aspects. At the same time, a high grade of automation can be obtained, retaining usability for cloud consumers without any specific security knowledge. A revisited risk analysis shows that both non- acceptable and acceptable risks are mitigated and partly eliminated, but leaves virtual machine security as an important topic for further research. Along with the risk analysis and treatment proposal, this thesis provides a proof-of-concept implementation using encryption and Trusted Computing on the compute host to protect block storage data in an OpenStack environment. The implementation directly follows the Domain-Based Storage Protection (DBSP) protocol, invented by Ericsson Research and SICS, for key management and attestation of involved hosts.
13
Sawyer, Darren A. "The characteristics of user-generated passwords /." Monterey, California : Naval Postgraduate School, 1990. http://handle.dtic.mil/100.2/ADA225390.
Full textAbstract:
Thesis (M.S. in Information Systems)--Naval Postgraduate School, March 1990.Thesis Advisor(s): Zviran, Moshe ; Haga, William J. "March 1990." Description based on signature page as viewed on October 21, 2009. DTIC identifier(s): Access control, passwords, computer security, identification verification. Author(s) subject terms: Passwords, computer security, user-generated passwords, informaiton system security. Includes bibliographical references (p. 98-99). Also available online.
14
Judge, Paul Q. "Security and protection architectures for large-scale content distribution." Diss., Georgia Institute of Technology, 2002. http://hdl.handle.net/1853/9217.
Full text
15
Bernabeu, Emanuel. "Methodology for a Security-Dependability Adaptive Protection Scheme based on Data Mining." Diss., Virginia Tech, 2009. http://hdl.handle.net/10919/30131.
Full textAbstract:
The power industry is currently in the process of re-inventing itself. The unbundling of the traditional monopolistic structure that gave birth to a deregulated electricity market, the mass tendency towards a greener use of energy, the new emphasis on distributed generation and alternative renewable resources, and new emerging technologies have revolutionized the century old industry.
Recent blackouts offer testimonies of the crucial role played by protection relays in a reliable power system. It is argued that embracing the paradigm shift of adaptive protection is a fundamental step towards a reliable power grid. The adaptive philosophy of protection systems acknowledges that relays may change their characteristics in order to tailor their operation to prevailing system conditions. The purpose of this dissertation is to present methodology to implement a security/dependability adaptive protection scheme. It is argued that the likelihood of hidden failures and potential cascading events can be significantly reduced by adjusting the security/dependability balance of protection systems to better suit prevailing system conditions.
The proposed methodology is based on Wide Area Measurements (WAMs) obtained with the aid of Phasor Measurement Units (PMUs). A Data Mining algorithm known as Decision Trees is used to classify the power system state and to predict the optimal security/dependability bias of a critical protection scheme.Ph. D.
16
Garcia, Arturo, Luis Calle, Carlos Raymundo, Francisco Dominguez, and Javier M. Moguerza. "Personal data protection maturity model for the micro financial sector in Peru." Institute of Electrical and Electronics Engineers Inc, 2018. http://hdl.handle.net/10757/624636.
Full textAbstract:
El texto completo de este trabajo no está disponible en el Repositorio Académico UPC por restricciones de la casa editorial donde ha sido publicado.The micro financial sector is a strategic element in the economy of developing countries since it facilitates the integration and development of all social classes and let the economic growth. In this point is the growth of data is high every day in sector like the micro financial, resulting from transactions and operations carried out with these companies on a daily basis. Appropriate management of the personal data privacy policies is therefore necessary because, otherwise, it will comply with personal data protection laws and regulations and let take quality information for decision-making and process improvement. The present study proposes a personal data protection maturity model based on international standards of privacy and information security, which also reveals personal data protection capabilities in organizations. Finally, the study proposes a diagnostic and tracing assessment tool that was carried out for five companies in the micro financial sector and the obtained results were analyzed to validate the model and to help in success of data protection initiatives.
Revisión por pares
17
Widener, Patrick M. (Patrick McCall). "Dynamic Differential Data Protection for High-Performance and Pervasive Applications." Diss., Georgia Institute of Technology, 2005. http://hdl.handle.net/1853/7239.
Full textAbstract:
Modern distributed applications are long-lived, are expected to
provide flexible and adaptive data services, and must meet the
functionality and scalability challenges posed by dynamically changing
user communities in heterogeneous execution environments. The
practical implications of these requirements are that reconfiguration
and upgrades are increasingly necessary, but opportunities to perform
such tasks offline are greatly reduced. Developers are responding to
this situation by dynamically extending or adjusting application
functionality and by tuning application performance, a typical method
being the incorporation of client- or context-specific code into
applications' execution loops.
Our work addresses a basic roadblock in deploying such solutions: the protection of key
application components and sensitive data in distributed applications.
Our approach, termed Dynamic Differential Data Protection (D3P),
provides fine-grain methods for providing component-based protection
in distributed applications. Context-sensitive, application-specific
security methods are deployed at runtime to enforce restrictions in
data access and manipulation. D3P is suitable for low- or
zero-downtime environments, since deployments are performed while
applications run. D3P is appropriate for high performance environments
and for highly scalable applications like publish/subscribe, because
it creates native codes via dynamic binary code generation. Finally,
due to its integration into middleware, D3P can run across a wide
variety of operating system and machine platforms.
This dissertation introduces D3P, using sample
applications from the high performance and pervasive computing domains
to illustrate the problems addressed by our D3P solution. It also
describes how D3P can be integrated into modern middleware. We
present experimental evaluations which demonstrate the fine-grain
nature of D3P, that is, its ability to capture individual end users'
or components' needs for data protection, and also describe the
performance implications of using D3P in data-intensive applications.
18
Alturki, Faisal. "Theory and applications of data hiding in still images." Diss., Georgia Institute of Technology, 2001. http://hdl.handle.net/1853/9231.
Full text
19
Boshoff, Ryno. "A baseline for information security knowledge for end users." Thesis, Nelson Mandela Metropolitan University, 2012. http://hdl.handle.net/10948/d1013260.
Full textAbstract:
Information plays a vast contributing role to all resources within an organisation. Organisations should recognise the importance of information and implement information security controls to protect their information as this will ensure that the organisation‟s information retains its confidentiality, integrity and availability. Information security controls, which are the means of managing information risks, rely heavily on the user‟s knowledge regarding the use of these controls for their effectiveness, and as such, users should be educated in order to maximise effectiveness of these controls. Current information security educational programmes are created without necessarily taking into account the target audience, who comprises of all employees, stakeholders, suppliers, third parties, customers or other external parties or third party that requires access to the organisation‟s information. This results in programmes that are not linguistically appropriate; or that present knowledge at an inappropriate level for the target audience. This could leave users bored or confused, without successfully changing their behaviour or improving knowledge. This dissertation identifies a baseline for information security knowledge targeted at end users. This was done by means of a Delphi Study, where a profile of “generic” end users comprised of information security topics and concepts were rated by experts from the field of information security education. This resulted in the elimination of inappropriate topics and concepts and retaining the relevant and appropriate aspects. This baseline for information security knowledge can be characterised as a minimum standard that everybody should be educated on as an introductory or refresher course. This can also serve as the foundation phase to educate end users with knowledge of the basic topics and concepts to enable them to fulfil their responsibilities in order to protect information. If needed, topics and concepts could be added to the baseline for information security knowledge for specialised target audiences (e.g. specialised End Users, ICT Staff or Top Management).
20
Fielk, Klaus W. "Cyberciege scenario illustrating integrity risks to a military like facility." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2004. http://library.nps.navy.mil/uhtbin/hyperion/04Sep%5FFielk.pdf.
Full textAbstract:
Thesis (M.S. in Computer Science)--Naval Postgraduate School, Sept. 2004.Thesis advisor(s): Cynthia E. Irvine, Paul C. Clark. Includes bibliographical references (p. 97-101). Also available online.
21
Long, Cheri Lanette. "A socio-technical perspective on information security knowledge and attitudes /." Digital version accessible at:, 1999. http://wwwlib.umi.com/cr/utexas/main.
Full text
22
Kong, Yibing. "Security and privacy model for association databases." Access electronically, 2003. http://www.library.uow.edu.au/adt-NWU/public/adt-NWU20031126.142250/index.html.
Full text
23
Yau, Cho-ki Joe. "A secure e-course copyright protection infrastructure." Click to view the E-thesis via HKUTO, 2006. http://sunzi.lib.hku.hk/hkuto/record/B37196583.
Full text
24
Ophoff, Jacobus Albertus. "WSP3: a web service model for personal privacy protection." Thesis, Port Elizabeth Technikon, 2003. http://hdl.handle.net/10948/272.
Full textAbstract:
The prevalent use of the Internet not only brings with it numerous advantages, but also some drawbacks. The biggest of these problems is the threat to the individual’s personal privacy. This privacy issue is playing a growing role with respect to technological advancements. While new service-based technologies are considerably increasing the scope of information flow, the cost is a loss of control over personal information and therefore privacy. Existing privacy protection measures might fail to provide effective privacy protection in these new environments. This dissertation focuses on the use of new technologies to improve the levels of personal privacy. In this regard the WSP3 (Web Service Model for Personal Privacy Protection) model is formulated. This model proposes a privacy protection scheme using Web Services. Having received tremendous industry backing, Web Services is a very topical technology, promising much in the evolution of the Internet. In our society privacy is highly valued and a very important issue. Protecting personal privacy in environments using new technologies is crucial for their future success. These facts, combined with the detail that the WSP3 model focusses on Web Service environments, lead to the following realizations for the model: The WSP3 model provides users with control over their personal information and allows them to express their desired level of privacy. Parties requiring access to a user’s information are explicitly defined by the user, as well as the information available to them. The WSP3 model utilizes a Web Services architecture to provide privacy protection. In addition, it integrates security techniques, such as cryptography, into the architecture as required. The WSP3 model integrates with current standards to maintain their benefits. This allows the implementation of the model in any environment supporting these base technologies. In addition, the research involves the development of a prototype according to the model. This prototype serves to present a proof-of-concept by illustrating the WSP3 model and all the technologies involved. The WSP3 model gives users control over their privacy and allows everyone to decide their own level of protection. By incorporating Web Services, the model also shows how new technologies can be used to offer solutions to existing problem areas.
25
Subbiah, Arun. "Efficient Proactive Security for Sensitive Data Storage." Diss., Georgia Institute of Technology, 2007. http://hdl.handle.net/1853/19719.
Full textAbstract:
Fault tolerant and secure distributed data storage systems typically require that only up to a threshold of storage nodes can ever be compromised or fail. In proactively-secure systems, this
requirement is modified to hold only in a time interval (also called epoch), resulting in increased security. An attacker or adversary
could compromise distinct sets of nodes in any two time intervals. This attack model is also called the mobile adversary model. Proactively-secure systems require all nodes to "refresh" themselves periodically to a clean state to maintain the availability, integrity, and confidentiality properties of the data storage service.
This dissertation investigates the design of a proactively-secure distributed data storage system. Data can be stored at storage servers using encoding schemes called secret sharing, or encryption-with-replication. The primary challenge is that the protocols that the servers run periodically to maintain integrity and confidentiality must scale with large amounts of stored data. Determining how much data can be proactively-secured in practical settings is an important objective of this dissertation.
The protocol for maintain the confidentiality of stored data is developed in the context of data storage using secret sharing. We propose a new technique called the GridSharing framework that uses a combination of XOR secret sharing and replication for storing data efficiently. We experimentally show that the algorithm can secure several hundred GBs of data.
We give distributed protocols run periodically by the servers for maintaining the integrity of replicated data under the mobile adversary model.
This protocol is integrated into a document repository to make it proactively-secure. The proactively-secure document repository is implemented and evaluated on the Emulab cluster (http://www.emulab.net). The experimental evaluation shows that several 100 GBs of data
can be proactively-secured.
This dissertation also includes work on fault and intrusion detection - a necessary component in any secure system. We give a novel Byzantine-fault detection algorithm for quorum systems, and experimentally evaluate its performance using simulations and by deploying it in the AgileFS distributed file system.
26
Lee, Andrew Wei Tien. "A framework for supporting anonymity in text-based online conversations /." Gold Coast, QLD : Bond University, 2001. http://epublications.bond.edu.au/theses/lee.
Full textAbstract:
Thesis (MSc(CompSc) -- Bond University, 2001."A thesis submitted to Bond University in fulfillment of the requirements for the degree of Masters of Science in Computer Science"-- t.p. Bibliography: leaves 124-125. Also available via the World Wide Web.
27
Buchanan, Joshua Michael. "Creating a robust form of steganography /." Electronic thesis, 2004. http://etd.wfu.edu/theses/available/etd-05092004-110852/.
Full text
28
Maninjwa, Prosecutor Mvikeli. "Managing an information security policy architecture : a technical documentation perspective." Thesis, Nelson Mandela Metropolitan University, 2012. http://hdl.handle.net/10948/d1020757.
Full textAbstract:
Information and the related assets form critical business assets for most organizations. Organizations depend on their information assets to survive and to remain competitive. However, the organization’s information assets are faced with a number of internal and external threats, aimed at compromising the confidentiality, integrity and/or availability (CIA) of information assets. These threats can be of physical, technical, or operational nature. For an organization to successfully conduct its business operations, information assets should always be protected from these threats. The process of protecting information and its related assets, ensuring the CIA thereof, is referred to as information security. To be effective, information security should be viewed as critical to the overall success of the organization, and therefore be included as one of the organization’s Corporate Governance sub-functions, referred to as Information Security Governance. Information Security Governance is the strategic system for directing and controlling the organization’s information security initiatives. Directing is the process whereby management issues directives, giving a strategic direction for information security within an organization. Controlling is the process of ensuring that management directives are being adhered to within an organization. To be effective, Information Security Governance directing and controlling depend on the organization’s Information Security Policy Architecture. An Information Security Policy Architecture is a hierarchical representation of the various information security policies and related documentation that an organization has used. When directing, management directives should be issued in the form of an Information Security Policy Architecture, and controlling should ensure adherence to the Information Security Policy Architecture. However, this study noted that in both literature and organizational practices, Information Security Policy Architectures are not comprehensively addressed and adequately managed. Therefore, this study argues towards a more comprehensive Information Security Policy Architecture, and the proper management thereof.
29
Gaadingwe, Tshepo Gaadingwe. "A critical review of the IFIP TC11 Security Conference Series." Thesis, Nelson Mandela Metropolitan University, 2007. http://hdl.handle.net/10948/507.
Full textAbstract:
Over the past few decades the field of computing has grown and evolved. In this time, information security research has experienced the same type of growth. The increase in importance and interest in information security research is reflected by the sheer number of research efforts being produced by different type of organizations around the world. One such organization is the International Federation for Information Processing (IFIP), more specifically the IFIP Technical Committee 11 (IFIP TC11). The IFIP TC11 community has had a rich history in producing high quality information security specific articles for over 20 years now. Therefore, IFIP TC11 found it necessary to reflect on this history, mainly to try and discover where it came from and where it may be going. Its 20th anniversary of its main conference presented an opportunity to begin such a study of its history. The core belief driving the study being that the future can only be realized and appreciated if the past is well understood. The main area of interest was to find out topics which may have had prevalence in the past or could be considered as "hot" topics. To achieve this, the author developed a systematic process for the study. The underpinning element being the creation of a classification scheme which was used to aid the analysis of the IFIP TC11 20 year's worth of articles. Major themes were identified and trends in the series highlighted. Further discussion and reflection on these trends were given. It was found that, not surprisingly, the series covered a wide variety of topics in the 20 years. However, it was discovered that there has been a notable move towards technically focused papers. Furthermore, topics such as business continuity had just about disappeared in the series while topics which are related to networking and cryptography continue to gain more prevalence.
30
Reid, Rayne. "A brain-compatible approach to the presentation of cyber security educational material." Thesis, Nelson Mandela Metropolitan University, 2012. http://hdl.handle.net/10948/d1019895.
Full textAbstract:
Information is an extremely important asset in modern society. It is used in most daily activities and transactions, and, thus, the importance of information is acknowledged by both organisational and private home information users. Unfortunately, as with any asset, there are often threats to this asset and, therefore, an information security solution is required to protect information against potential threats. Human beings play a major role in the implementation and governing of an entire information security process and, therefore, they have responsibilities in this regard. Thus, the effectiveness of any information security solutions in either an organisational or a private context is dependent on the human beings involved in the process. Accordingly, if these human beings are either unaware or not knowledgeable about their roles in the security solution they become the weak link in the information security solutions and, thus, it is essential that all these information users be educated in order to combat any threats to the information security. Many of the current information security education programmes and materials are not effective, possibly because the majority of these current approaches have been designed without using a sound pedagogical theory. In addition, many of these programmes also only target organisational users. This, in turn, is problematic as information security education is required by everybody, organisational and private information users alike. This dissertation addressed the lack of a pedagogical basis in the designing of information security educational courses suited to an extremely broad target audience. Accordingly, the dissertation set out to demonstrate how a pedagogy, which is broadly used and accepted for a diverse target audience of learners, could be applied to the design of the presentation of a web based, cyber security educational courses.
31
Viljoen, Melanie. "A framework towards effective control in information security governance." Thesis, Nelson Mandela Metropolitan University, 2009. http://hdl.handle.net/10948/887.
Full textAbstract:
The importance of information in business today has made the need to properly secure this asset evident. Information security has become a responsibility for all managers of an organization. To better support more efficient management of information security, timely information security management information should be made available to all managers. Smaller organizations face special challenges with regard to information security management and reporting due to limited resources (Ross, 2008). This dissertation discusses a Framework for Information Security Management Information (FISMI) that aims to improve the visibility and contribute to better management of information security throughout an organization by enabling the provision of summarized, comprehensive information security management information to all managers in an affordable manner.
32
Qiang, Hao. "E-book Security: An Analysis of Current Protection Systems." Thesis, Linköping University, Department of Electrical Engineering, 2003. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-1876.
Full textAbstract:
E-books have a wide range of application spheres from rich-media presentations to web site archiving, from writing to financial statement. They make publishing, storing and distributing of information quite simple. As a new publication technique, the main concern with e-books is the copyright infringement. To prevent e-books from free duplication and distribution, different security mechanisms are used in their publishing and distributing processes. By investigating and analyzing Digital Rights Management (DRM) and Electronic Book Exchange (EBX), this thesis presents some security issues that the e-book industry are or should be aware. Various security problems and possible solutions are highlighted by means of two case studies.
33
Volynkin, Alexander S. "Advanced methods for detection of malicious software." Diss., Online access via UMI:, 2007.
Find full text
34
Völp, Marcus. "Provable Protection of Confidential Data in Microkernel-Based Systems." Doctoral thesis, Saechsische Landesbibliothek- Staats- und Universitaetsbibliothek Dresden, 2011. http://nbn-resolving.de/urn:nbn:de:bsz:14-qucosa-66757.
Full textAbstract:
Although modern computer systems process increasing amounts of sensitive, private, and valuable information, most of today’s operating systems (OSs) fail to protect confidential data against unauthorized disclosure over covert channels. Securing the large code bases of these OSs and checking the secured code for the absence of covert channels would come at enormous costs. Microkernels significantly reduce the necessarily trusted code. However, cost-efficient,
provable confidential-data protection in microkernel-based systems is still challenging.
This thesis makes two central contributions to the provable protection of confidential data against disclosure over covert channels:
• A budget-enforcing, fixed-priority scheduler that provably eliminates covert
timing channels in open microkernel-based systems; and
• A sound control-flow-sensitive security type system for low-level operating-system code.
To prevent scheduling-related timing channels, the proposed scheduler treats possibly leaking, blocked threads as if they were runnable. When it selects such a thread, it runs a higher classified budget consumer.
A characterization of budget-consumer time as a blocking term makes it possible to reuse a large class of existing admission tests to determine whether the proposed scheduler can meet the real-time guarantees of all threads we envisage to run. Compared to contemporary information-flow-secure schedulers, significantly more real-time threads can be admitted for the proposed scheduler.
The role of the proposed security type system is to prove those system components free of security policy violating information flows that simultaneously operate on behalf of differently classified clients. In an open microkernel-based system, these are the microkernel and the necessarily trusted multilevel servers.
To reduce the complexity of the security type system, C++ operating-system code is translated into a corresponding Toy program, which in turn is complemented with calls to Toy procedures describing the side effects of interactions with the underlying hardware. Toy is a non-deterministic intermediate programming language, which I have designed specifically for this purpose. A universal lattice for shared-memory programs enables the type system to check the resulting Toy code for potentially harmful information flows, even if the security policy of the system is not known at the time of the analysis.
I demonstrate the feasibility of the proposed analysis in three case studies: a virtual-memory access, L4 inter-process communication and a secure buffer cache. In addition, I prove Osvik’s countermeasure effective against AES cache side-channel attacks. To my best knowledge, this is the first security-type-system-based proof of such a countermeasure. The ability of a security type system to tolerate temporary breaches of confidentiality in lock-protected shared-memory regions turned out to be fundamental for this proof.
35
Deysel, Natasha. "A model for information security control audit for small to mid-sized organisations." Thesis, Nelson Mandela Metropolitan University, 2009. http://hdl.handle.net/10948/940.
Full textAbstract:
Organisations are increasingly dependent on their information. Compromise to this information in terms of loss, inaccuracy or competitors gaining unauthorised access could have devastating consequences for the organisation. Therefore, information security governance has become a major concern for all organisations, large and small. Information security governance is based on a set of policies and internal controls by which organisations direct and manage their information security. An effective information security governance programme should be based on a recognised framework, such as the Control Objectives for Information and related Technology (COBIT). COBIT focuses on what control objectives must be achieved in order to effectively manage the information technology environment. It has become very clear that if a company is serious about information security governance, it needs to apply the COBIT framework that deals with information security. The problem in some medium-sized organisations is that they do not realise the importance of information security governance and are either unaware of the risks or choose to ignore these risks as they do not have the expertise or resources available to provide them with assurance that they have the right information security controls in place to protect their organisation against threats.
36
Möller, Carolin. "The evolution of data protection and privacy in the public security context : an institutional analysis of three EU data retention and access regimes." Thesis, Queen Mary, University of London, 2017. http://qmro.qmul.ac.uk/xmlui/handle/123456789/25911.
Full textAbstract:
Since nearly two decades threats to public security through events such as 9/11, the Madrid (2004) and London (2005) bombings and more recently the Paris attacks (2015) resulted in the adoption of a plethora of national and EU measures aiming at fighting terrorism and serious crime. In addition, the Snowden revelations brought the privacy and data protection implications of these public security measures into the spotlight. In this highly contentious context, three EU data retention and access measures have been introduced for the purpose of fighting serious crime and terrorism: The Data Retention Directive (DRD), the EU-US PNR Agreement and the EU-US SWIFT Agreement. All three regimes went through several revisions (SWIFT, PNR) or have been annulled (DRD) exemplifying the difficulty of determining how privacy and data protection ought to be protected in the context of public security. The trigger for this research is to understand the underlying causes of these difficulties by examining the problem from different angles. The thesis applies the theory of 'New Institutionalism' (NI) which allows both a political and legal analysis of privacy and data protection in the public security context. According to NI, 'institutions' are defined as the operational framework in which actors interact and they steer the behaviours of the latter in the policy-making cycle. By focusing on the three data retention and access regimes, the aim of this thesis is to examine how the EU 'institutional framework' shapes data protection and privacy in regard to data retention and access measures in the public security context. Answering this research question the thesis puts forward three main hypotheses: (i) privacy and data protection in the Area of Freedom, Security and Justice (AFSJ) is an institutional framework in transition where historic and new features determine how Articles 7 and 8 of the Charter of Fundamental Rights of the European Union (CFREU) are shaped; (ii) policy outcomes on Articles 7 and 8 CFREU are influenced by actors' strategic preferences pursued in the legislation-making process; and (iii) privacy and data protection are framed by the evolution of the Court of Justice of the European Union (CJEU) from a 'legal basis arbiter' to a political actor in its own right as a result of the constitutional changes brought by the Lisbon Treaty.
37
Kalibjian, Jeffrey R. "Accountable Security Architectures for Protecting Telemetry Data." International Foundation for Telemetering, 2001. http://hdl.handle.net/10150/606436.
Full textAbstract:
International Telemetering Conference Proceedings / October 22-25, 2001 / Riviera Hotel and Convention Center, Las Vegas, NevadaToday there are many security solutions available which can facilitate both protection and sharing of telemetry data. While the technologies behind these solutions are maturing [1] [2] [3], most products lack a consistent and coherent paradigm for enforcing who is able to access the secured data, what is done with it, and insuring it can be recovered if the person who secured it is disabled.
38
Yan, Chenyu. "Architectural support for improving security and performance of memory sub-systems." Diss., Atlanta, Ga. : Georgia Institute of Technology, 2008. http://hdl.handle.net/1853/26663.
Full textAbstract:
Thesis (Ph.D)--Computing, Georgia Institute of Technology, 2009.Committee Chair: Milos Prvulovic; Committee Member: Gabriel Loh; Committee Member: Hyesoon Kim; Committee Member: Umakishore Ramachandran; Committee Member: Yan Solihin. Part of the SMARTech Electronic Thesis and Dissertation Collection.
39
Kumar, Virendra. "Provable security support for kerberos (and beyond)." Diss., Georgia Institute of Technology, 2012. http://hdl.handle.net/1853/44722.
Full textAbstract:
Kerberos is a widely-deployed network authentication protocol that is being considered for standardization. Like other standard protocols, Kerberos is no exception to security flaws and weaknesses, as has been demonstrated in several prior works. Provable security guarantees go a long way in restoring users' faith, thus making a protocol an even stronger candidate for standards. In this thesis, our goal was thus to provide provable security support for Kerberos and other practical protocols. Our contributions are three-fold:
We first look at the symmetric encryption schemes employed in the current version 5 of Kerberos. Several recent results have analyzed a significant part of Kerberos v.5 using formal-methods-based approaches, which are meaningful only if the underlying encryption schemes satisfy strong cryptographic notions of privacy and authenticity. However, to our knowledge these schemes were never analyzed and proven to satisfy such notions. This thesis aims to bridge this gap. Our provable security analyses confirm that some of the encryption scheme options in Kerberos v.5 already provide privacy and authenticity, and for the remaining we suggest slight modifications for the same.
We next turn our attention to the ways in which the keys and other random strings needed in cryptographic schemes employed by practical protocols are generated. Randomness needs to be carefully generated for the provable security guarantees to hold. We propose an efficient pseudorandom generator (PRG) based on hash functions. The security of our PRG relies on exponential collision-resistance and regularity of the underlying hash function. Our PRG can be used to generate various strings, like session keys, sequence numbers, confounders, etc., which are all suggested to be generated randomly in the Kerberos v.5 specification, but no algorithms are mentioned. Each of the above strings are required to satisfy different properties, all of which are trivially satisfied by the pseudorandom strings output by a PRG.
Finally, we look at the problem of revocation associated with two relatively new types of encryption schemes: identity-based encryption (IBE) and attribute-based encryption (ABE). While these encryption schemes are relatively less efficient compared to public-key encryption schemes, they have already been used (and are very likely to be used in future, as well) in many practical protocols due to their attractive features. Any setting, public-key, identity-based, or attribute-based, must provide a means to revoke users from the system. However, unlike public-key encryption, there has been little prior work on studying the revocation mechanisms in an IBE or ABE. We propose new primitives and their efficient and provably secure instantiations, focusing on the revocation problem.
We would like to note that even though all the results presented in this thesis are motivated mainly by provable security in practice, only the first bullet above has a direct impact on a practical and widely deployed protocol Kerberos. Our PRG is the most efficient construction among theoretical PRGs, but it may still not be efficient enough to be directly usable in practical protocols. And our results and techniques for revocation in IBE and ABE have found much wider applications in information security, such as mobile social networks, cloud-based secure health records, data outsourcing systems, vehicular ad-hoc networks, etc.
40
Yau, Cho-ki Joe, and 邱祖淇. "A secure e-course copyright protection infrastructure." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2006. http://hub.hku.hk/bib/B37196583.
Full text
41
Du, Preez Riekert. "The cost of free instant messaging: an attack modelling perspective." Thesis, Nelson Mandela Metropolitan University, 2006. http://hdl.handle.net/10948/499.
Full textAbstract:
Instant Messaging (IM) has grown tremendously over the last few years. Even though IM was originally developed as a social chat system, it has found a place in many companies, where it is being used as an essential business tool. However, many businesses rely on free IM and have not implemented a secure corporate IM solution. Most free IM clients were never intended for use in the workplace and, therefore, lack strong security features and administrative control. Consequently, free IM clients can provide attackers with an entry point for malicious code in an organization’s network that can ultimately lead to a company’s information assets being compromised. Therefore, even though free IM allows for better collaboration in the workplace, it comes at a cost, as the title of this dissertation suggests. This dissertation sets out to answer the question of how free IM can facilitate an attack on a company’s information assets. To answer the research question, the dissertation defines an IM attack model that models the ways in which an information system can be attacked when free IM is used within an organization. The IM attack model was created by categorising IM threats using the STRIDE threat classification scheme. The attacks that realize the categorised threats were then modelled using attack trees as the chosen attack modelling tool. Attack trees were chosen because of their ability to model the sequence of attacker actions during an attack. The author defined an enhanced graphical notation that was adopted for the attack trees used to create the IM attack model. The enhanced attack tree notation extends traditional attack trees to allow nodes in the trees to be of different classes and, therefore, allows attack trees to convey more information. During the process of defining the IM attack model, a number of experiments were conducted where IM vulnerabilities were exploited. Thereafter, a case study was constructed to document a simulated attack on an information system that involves the exploitation of IM vulnerabilities. The case study demonstrates how an attacker’s attack path relates to the IM attack model in a practical scenario. The IM attack model provides insight into how IM can facilitate an attack on a company’s information assets. The creation of the attack model for free IM lead to several realizations. The IM attack model revealed that even though the use of free IM clients may seem harmless, such IM clients can facilitate an attack on a company’s information assets. Furthermore, certain IM vulnerabilities may not pose a great risk by themselves, but when combined with the exploitation of other vulnerabilities, a much greater threat can be realized. These realizations hold true to what French playwright Jean Anouilh once said: “What you get free costs too much”.
42
Wu, Haotian. "Information hiding for media authentication and covert communication." HKBU Institutional Repository, 2007. http://repository.hkbu.edu.hk/etd_ra/824.
Full text
43
Mayisela, Simphiwe Hector. "Data-centric security : towards a utopian model for protecting corporate data on mobile devices." Thesis, Rhodes University, 2014. http://hdl.handle.net/10962/d1011094.
Full textAbstract:
Data-centric security is significant in understanding, assessing and mitigating the various risks and impacts of sharing information outside corporate boundaries. Information generally leaves corporate boundaries through mobile devices. Mobile devices continue to evolve as multi-functional tools for everyday life, surpassing their initial intended use. This added capability and increasingly extensive use of mobile devices does not come without a degree of risk - hence the need to guard and protect information as it exists beyond the corporate boundaries and throughout its lifecycle. Literature on existing models crafted to protect data, rather than infrastructure in which the data resides, is reviewed. Technologies that organisations have implemented to adopt the data-centric model are studied. A utopian model that takes into account the shortcomings of existing technologies and deficiencies of common theories is proposed. Two sets of qualitative studies are reported; the first is a preliminary online survey to assess the ubiquity of mobile devices and extent of technology adoption towards implementation of data-centric model; and the second comprises of a focus survey and expert interviews pertaining on technologies that organisations have implemented to adopt the data-centric model. The latter study revealed insufficient data at the time of writing for the results to be statistically significant; however; indicative trends supported the assertions documented in the literature review. The question that this research answers is whether or not current technology implementations designed to mitigate risks from mobile devices, actually address business requirements. This research question, answered through these two sets qualitative studies, discovered inconsistencies between the technology implementations and business requirements. The thesis concludes by proposing a realistic model, based on the outcome of the qualitative study, which bridges the gap between the technology implementations and business requirements. Future work which could perhaps be conducted in light of the findings and the comments from this research is also considered.
44
Yeratziotis, Alexandros. "A framework to evaluate usable security in online social networking." Thesis, Nelson Mandela Metropolitan University, 2011. http://hdl.handle.net/10948/d1012933.
Full textAbstract:
It is commonly held in the literature that users find security and privacy difficult to comprehend. It is also acknowledged that most end-user applications and websites have built-in security and privacy features. Users are expected to interact with these in order to protect their personal information. However, security is generally a secondary goal for users. Considering the complexity associated with security in combination with the notion that it is not users’ primary task, it makes sense that users tend to ignore their security responsibilities. As a result, they make poor security-related decisions and, consequently, their personal information is at risk. Usable Security is the field that investigates these types of issue, focusing on the design of security and privacy features that are usable. In order to understand and appreciate the complexities that exist in the field of Usable Security, the research fields of Human-Computer Interaction and Information Security should be examined. Accordingly, the Information Security field is concerned with all aspects pertaining to the security and privacy of information, while the field of Human-Computer Interaction is concerned with the design, evaluation and implementation of interactive computing systems for human use. This research delivers a framework to evaluate Usable Security in online social networks. In this study, online social networks that are particular to the health domain were used as a case study and contributed to the development of a framework consisting of three components: a process, a validation tool and a Usable Security heuristic evaluation. There is no existing qualitative process that describes how one would develop and validate a heuristic evaluation. In this regard a heuristic evaluation is a usability inspection method that is used to evaluate the design of an interface for any usability violations in the field of Human-Computer Interaction. Therefore, firstly, a new process and a validation tool were required to be developed. Once this had been achieved, the process could then be followed to develop a new heuristic evaluation that is specific to Usable Security. In order to assess the validity of a new heuristic evaluation a validation tool is used. The development of tools that can improve the design of security and privacy features on end-user applications and websites in terms of their usability is critical, as this will ensure that the intended users experience them as usable and can utilise them effectively. The framework for evaluating Usable Security contributes to this objective in the context of online social networks.
45
Fani, Noluvuyo. "Governing information security within the context of "bring your own device" in small, medium and micro enterprises." Thesis, Nelson Mandela Metropolitan University, 2017. http://hdl.handle.net/10948/7626.
Full textAbstract:
Throughout history, information has been core to the communication, processing and storage of most tasks in the organisation, in this case in Small-Medium and Micro Enterprises (SMMEs). The implementation of these tasks relies on Information and Communication Technology (ICT). ICT is constantly evolving, and with each developed ICT, it becomes important that organisations adapt to the changing environment. Organisations need to adapt to the changing environment by incorporating innovative ICT that allows employees to perform their tasks with ease anywhere and anytime, whilst reducing the costs affiliated with the ICT. In this modern, performing tasks with ease anywhere and anytime requires that the employee is mobile whilst using the ICT. As a result, a relatively new phenomenon called “Bring Your Own Device” (BYOD) is currently infiltrating most organisations, where personally-owned mobile devices are used to access organisational information that will be used to conduct the various tasks of the organisation. The use of BYOD in organisations breeds the previously mentioned benefits such as performing organisational tasks anywhere and anytime. However, with the benefits highlighted for BYOD, organisations should be aware that there are risks to the implementation of BYOD. Therefore, the implementation of BYOD deems that organisations should implement BYOD with proper management thereof.
46
Van, Niekerk Johannes Frederick. "Fostering information security culture through intergrating theory and technology." Thesis, Nelson Mandela Metropolitan University, 2010. http://hdl.handle.net/10948/1404.
Full textAbstract:
Today information can be seen as a basic commodity that is crucial to the continuous well-being of modern organizations. Many modern organizations will be unable to do business without access to their information resources. It is therefor of vital importance for organizations to ensure that their infor- mation resources are adequately protected against both internal and external threats. This protection of information resources is known as information security and is, to a large extent, dependent on the behavior of humans in the organization. Humans, at various levels in the organization, play vital roles in the pro- cesses that secure organizational information resources. Many of the prob- lems experienced in information security can be directly contributed to the humans involved in the process. Employees, either intentionally or through negligence, often due to a lack of knowledge, can be seen as the greatest threat to information security. Addressing this human factor in information security is the primary focus of this thesis. The majority of current approaches to dealing with the human factors in information security acknowledge the need to foster an information security culture in the organization. However, very few current approaches attempt to adjust the "generic" model(s) used to define organizational culture to be specific to the needs of information security. This thesis firstly proposes, and argues, such an adapted conceptual model which aims to improve the understanding of what an information security culture is. The thesis secondly focuses on the underlying role that information security educational programs play in the fostering of an organizational information security culture. It is argued that many current information security edu- cational programs are not based on sound pedagogical theory. The use of learning taxonomies during the design of information security educational programs is proposed as a possible way to improve the pedagogical rigor of such programs. The thesis also argues in favor of the use of blended and/or e-learning approaches for the delivery of information security educational content. Finally, this thesis provides a detailed overview demonstrating how the various elements contributed by the thesis integrates into existing trans- formative change management processes for the fostering of an organizational information security culture.
47
Thomson, Kerry-Lynn. "MISSTEV : model for information security shared tacit espoused values." Thesis, Nelson Mandela Metropolitan University, 2007. http://hdl.handle.net/10948/717.
Full textAbstract:
One of the most critical assets in most organisations is information. It is often described as the lifeblood of an organisation. For this reason, it is vital that this asset is protected through sound information security practices. However, the incorrect and indifferent behaviour of employees often leads to information assets becoming vulnerable. Incorrect employee behaviour could have an extremely negative impact on the protection of information. An information security solution should be a fundamental component in most organisations. It is, however, possible for an organisation to have the most comprehensive physical and technical information security controls in place, but the operational controls, and associated employee behaviour, have not received much consideration. Therefore, the issue of employee behaviour must be addressed in an organisation to assist in ensuring the protection of information assets. The corporate culture of an organisation is largely responsible for the actions and behaviour of employees. Therefore, to address operational information security controls, the corporate culture of an organisation should be considered. To ensure the integration of information security into the corporate culture of an organisation, the protection of information should become part of the way the employees conduct their everyday tasks – from senior management, right throughout the entire organisation. Therefore, information security should become an integral component of the corporate culture of the organisation. To address the integration of information security into the corporate culture of an organisation, a model was developed which depicted the learning stages and modes of knowledge creation necessary to transform the corporate culture into one that is information security aware.
48
Gupta, Gaurav. "Robust digital watermarking of multimedia objects." Phd thesis, Australia : Macquarie University, 2008. http://hdl.handle.net/1959.14/28597.
Full textAbstract:
Thesis (PhD)--Macquarie University, Division of Information and Communication Sciences, Department of Computing, 2008.Bibliography: p. 144-153.
Introduction -- Background -- Overview of watermarking -- Natural language watermarking -- Software watermarking -- Semi-blind and reversible database watermarking -- Blind and reversible database watermarking -- Conclusion and future research -- Bibliography.
Digital watermarking has generated significant research and commercial interest in the past decade. The primary factors contributing to this surge are widespread use of the Internet with improved bandwidth and speed, regional copyright loopholes in terms of legislation; and seamless distribution of multimedia content due to peer-to-peer file-sharing applications. -- Digital watermarking addresses the issue of establishing ownership over mul-timedia content through embedding a watermark inside the object. Ideally, this watermark should be detectable and/or extractable, survive attacks such as digital reproduction and content-specific manipulations such as re-sizing in the case of images, and be invisible to the end-user so that the quality of the content is not degraded significantly. During detection or extraction, the only requirements should be the secret key and the watermarked multimedia object, and not the original un-marked object or the watermark inserted. Watermarking scheme that facilitate this requirement are categorized as blind. In recent times, reversibility of watermark has also become an important criterion. This is due to the fact that reversible watermarking schemes can provided security against secondary watermarking attacks by using backtracking algorithms to identify the rightful owner. A watermarking scheme is said to be reversible if the original unmarked object can be regenerated from the watermarked copy and the secret key.
This research covers three multimedia content types: natural language documents, software, and databases; and discusses the current watermarking scenario, challenges, and our contribution to the field. We have designed and implemented a natural language watermarking scheme that uses the redundancies in natural languages. As a result, it is robust against general attacks against text watermarks. It offers additional strength to the scheme by localizing the attack to the modified section and using error correction codes to detect the watermark. Our first contribution in software watermarking is identification and exploitation of weaknesses in branch-based software watermarking scheme proposed in [71] and the software watermarking algorithm we present is an improvised version of the existing watermarking schemes from [71]. Our scheme survives automated debugging attacks against which the current schemes are vulnerable, and is also secure against other software-specific attacks. We have proposed two database watermarking schemes that are both reversible and therefore resilient against secondary watermarking attacks. The first of these database watermarking schemes is semi-blind and requires the bits modified during the insertion algorithm to detect the watermark. The second scheme is an upgraded version that is blind and therefore does not require anything except a secret key and the watermarked relation. The watermark has a 89% probability of survival even when almost half of the data is manipulated. The watermarked data in this case is extremely useful from the users' perspective, since query results are preserved (i.e., the watermarked data gives the same results for a query as the nmarked data). -- The watermarking models we have proposed provide greater security against sophisticated attacks in different domains while providing sufficient watermark-carrying capacity at the same time. The false-positives are extremely low in all the models, thereby making accidental detection of watermark in a random object almost negligible. Reversibility has been facilitated in the later watermarking algorithms and is a solution to the secondary watermarking attacks. We shall address reversibility as a key issue in our future research, along with robustness, low false-positives and high capacity.
Mode of access: World Wide Web.
xxiv, 156 p. ill. (some col.)
49
Martins, Adele. "Information security culture." Thesis, 2008. http://hdl.handle.net/10210/292.
Full textAbstract:
The current study originated from the realisation that information security is no longer solely dependent on technology. Information security breaches are often caused by users, most of the time internal to the organisation, who compromise the technology-driven solutions. This interaction between people and the information systems is seemingly the weakest link in information security. A people-oriented approach is needed to address this problem. Incorporating the human element into information security could be done by creating an information security culture. This culture can then focus on the behaviour of users in the information technology environment. The study is therefore principally aimed at making a contribution to information security by addressing information security culture and, for this reason, culminates in the development of an information security culture model and assessment approach. While developing the model, special care was taken to incorporate the behaviour of people in the working environment and hence organisational behaviour coupled with issues concerning information security culture that need to be addressed. An information security culture assessment approach is developed consisting of a questionnaire to assess whether an organisation has an adequate level of information security culture. The assessment approach is illustrated through a case study. Below is an overview of the framework within which the research was conducted: The dissertation consists of four parts. Chapters 1 and 2 constitute Part 1: Introduction and background. Chapter 1 serves as an introduction to the research study by providing the primary motivation for the study and defining the problems and issues to be addressed. In addition, the chapter is devoted to defining a set of standard terms and concepts used throughout the study. The chapter concludes with an overview of the remaining chapters. Chapter 2 gives some background to information security culture and discusses its evolution to date. There is a new trend in information security to incorporate the human element through an information security culture. Information security is divided into two different levels. Level 1 focuses on the human aspects of information security, such as the information security culture, and level 2 incorporates the technical aspects of information security. Part 2: Information security culture model is covered in chapters 3, 4 and 5. In chapter 3, the concept of information security culture is researched. Different perspectives are examined to identify issues that need to be considered when addressing information security culture. A definition of information security culture is constructed based on organisational culture. Chapter 4 is devoted to developing a model that can be used to promote an information security culture. This model incorporates the concept of organisational behaviour as well as the issues identified in chapter 3. Chapter 5 builds upon the information security culture model and aims to identify practical tasks to address in order to implement the model. In Part 3: Assessing information security culture, chapters 6 to 10, attention is given to the assessment of an information security culture, giving management an indication of how adequately the culture is promoted through the model. Chapter 6 considers the use of available approaches such as ISO17799 to aid in promoting and assessing an information security culture. This approach is evaluated against the definition of information security culture and the information security culture model in order to determine whether it could assess information security culture in an acceptable manner. The next four chapters, namely chapters 7 to 10, are devoted to the development of an information security culture assessment approach consisting of four phases. Chapter 7 discusses phase 1. In this phase a questionnaire is developed based on the information security culture model. Chapter 8 uses the information security culture questionnaire as part of a survey in a case study. This case study illustrates phase 2 as well as what information can be obtained through the questionnaire. In chapter 9 the data obtained through the survey is analysed statistically and presented (phase 3). The level of information security culture is then discussed in chapter 10, with interpretations and recommendations to improve the culture (phase 4). Chapter 11 in Part 4: Conclusion serves as a concluding chapter in which the usefulness and limitations of the proposed model and assessment approach are highlighted. The research study culminates in a discussion of those aspects of information security culture that could bear further research.Prof. J.H.P. Eloff
50
"Data Protection over Cloud." Master's thesis, 2016. http://hdl.handle.net/2286/R.I.38668.
Full textAbstract:
abstract: Data protection has long been a point of contention and a vastly researched field. With the advent of technology and advances in Internet technologies, securing data has become much more challenging these days. Cloud services have become very popular. Given the ease of access and availability of the systems, it is not easy to not use cloud to store data. This however, pose a significant risk to data security as more of your data is available to a third party. Given the easy transmission and almost infinite storage of data, securing one's sensitive information has become a major challenge.
Cloud service providers may not be trusted completely with your data. It is not very uncommon to snoop over the data for finding interesting patterns to generate ad revenue or divulge your information to a third party, e.g. government and law enforcing agencies. For enterprises who use cloud service, it pose a risk for their intellectual property and business secrets. With more and more employees using cloud for their day to day work, business now face a risk of losing or leaking out information.
In this thesis, I have focused on ways to protect data and information over cloud- a third party not authorized to use your data, all this while still utilizing cloud services for transfer and availability of data. This research proposes an alternative to an on-premise secure infrastructure giving exibility to user for protecting the data and control over it. The project uses cryptography to protect data and create a secure architecture for secret key migration in order to decrypt the data securely for the intended recipient. It utilizes Intel's technology which gives it an added advantage over other existing solutions.Dissertation/Thesis
Masters Thesis Computer Science 2016