To see the other types of publications on this topic, follow the link: Security technician.
Dissertations / Theses on the topic 'Security technician'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Security technician.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Alqatawna, Ja'Far S. "Multi-stakeholder enquiry for securing e-Business environments : a socio-technical security framework." Thesis, Sheffield Hallam University, 2010. http://shura.shu.ac.uk/19255/.
Full textAbstract:
Increasing the security of e-Business is best achieved by considering the environment in which e-Business applications need to be implemented and used; this implies that e-Business should be viewed as a complex socio-technical system with three interconnected and interacting elements: stakeholders, enabling technology, and business processes. This multiple perspective has rarely been captured by previous studies of e-Business security which perceive security from a narrow, single-sided technical view. This thesis argues that the predominant technical security approaches consider neither the multifaceted nature of e-Business security nor the requirements and influences of the various stakeholders involved in its context. In Jordan e-Business adoption is still in its early stages and is gaining the attention of several parties. Therefore, the primary approach in this research is an interpretive stakeholder analysis in which notions of a socio-technical perspective are employed as required in order to develop a conceptual framework for better understanding of e-Business security in the context of Jordan. In other words, an interpretive approach has been adopted as a mean of inquiry aiming at developing a holistic understanding of e-Business security in relation to its context as well as considering all the stakeholders in the problem area. This methodological choice was influenced by three factors: the nature of the research problem, the researcher's theoretical lens, and the degree of uncertainty in the study environment. Consequently, four major stakeholders were identified and their security implications were explored. The study's findings provide rich insights into the security of e-Business by identifying and interpreting the roles, the perceptions, and the interactions of several groups of security stakeholders. The theoretical contributions include: an explanatory framework of organisational, legal, human and technical factors affecting security in e-Business environments which was developed by employing an inductive stakeholder analysis as well as the identification of several organisational aspects, such as governance, communication, power conflict, awareness, and resistance to change, and their relationships to security as well as their practical implications at individual, organisational, and national levels. Additionally, the findings provide insights into the customers' side of the security problem and explain its relationships with other stakeholders, including government, business and technology providers. This is a sound practical contribution which can help these stakeholders to design better security approaches based on a deeper understanding of customers' security requirements.
2
Ho, Sze-lok, and 何思樂. "Technical solutions for conducting investigations in digital age." Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2012. http://hub.hku.hk/bib/B48521802.
Full textAbstract:
Confidentiality has always been a concern in secret operation. In this thesis, we consider the situation of legitimate data request and transfer between investigator and database owner who provides intelligence, where the identity of the investigation subject and the records in the database are both confidential. Current practice of secret investigation solely relies on the integrity and carefulness of the involved individuals to resist data leakage, but regulations, policy, agreement, such human means cannot give a promising solution, thus a technical means is needed. As appropriate solution for this confidential data request and transfer problem cannot be found from related research, our goal is to offer a means that can help keeping the investigation secret and protecting irrelevant data at the same time.
We present a technical solution for preserving two-way confidentiality between the investigator (legitimate data requester) and the database owner (legitimate data holder), which can accommodate the concerns of both sides during the specific information request and transfer. Two schemes, Sender-Based Scheme and Receiver-Based Scheme, have been proposed to solve the problem under different conditions, and illustration of executing our schemes is given through an example situation “Investigator and Private hospital” which is an ordinary scenario during investigation. Furthermore, a practical cost reduction methodology on the schemes and sensible proposals for extensions are suggested and discussed. The direction of future work is also considered.<br>published_or_final_version<br>Computer Science<br>Master<br>Master of Philosophy
3
Li, Tong. "Holistic Security Requirements Engineering for Socio-Technical Systems." Doctoral thesis, Università degli studi di Trento, 2016. https://hdl.handle.net/11572/368938.
Full textAbstract:
Security has been a growing concern for large organizations, especially financial and gov- ernmental institutions, as security breaches in the systems they depend have repeatedly resulted in losses of billions per year, and this cost is on the rise. A primary reason for these breaches is the “socio-technical†nature of today’s systems that consist of an amal- gam of social and human actors, processes, technology and infrastructure. We refer to such systems as Socio-Technical Systems (STSs). Finding secure solutions for STSs is a difficult and error-prone task because of their heterogeneity and complexity. The thesis proposes a holistic security requirements analysis framework which catego- rizes system security concerns into three layers, including a social layer (social actors and business processes), a software layer (software applications that support the social layer) and an infrastructure layer (physical infrastructure, hardware, and devices). Within each layer, security requirements are elicited, and security mechanisms are designed to satisfy the security requirements. In particular, a cross-layer support link is defined to capture how security mechanisms deployed at one layer influence security requirements of the next layer down, allowing us to systematically and iteratively analyze security for all three layers and eventually produce holistic security solutions for the systems. To ensure the quality of the analysis of our approach and to promote practical adoption of the three-layer approach, the thesis includes two additional components. Firstly, we propose a holistic attack analysis, which takes an attacker’s perspective to explore realistic attacks that can happen to a system and thus contributes to the identification of critical security requirements. This approach consists of an attack strategy identification method which analyzes attacker’s alternative malicious intentions, and an attack strategy operationalization method which analyzes realistic attack actions that can be performed by attackers. Secondly, the thesis proposes a systematic approach for selecting and applying security patterns, which describe proven security solutions to known security problems. As such, analysts with little security knowledge can efficiently leverage reusable security knowledge to operationalize security requirements in terms of security mechanisms. This approach also allows us to systematically analyze and enforce the impact of deployed security mechanisms on system functional specifications. We have developed a prototype tool, which implements the formalized analysis methods of our three-layer framework and enables the semi-automatic application of our proposal. With the help of the tool, we apply our framework to two large-scale case studies so as to validate the efficacy of our approach.
4
Li, Tong. "Holistic Security Requirements Engineering for Socio-Technical Systems." Doctoral thesis, University of Trento, 2016. http://eprints-phd.biblio.unitn.it/1751/1/phd_thesis_tong.pdf.
Full textAbstract:
Security has been a growing concern for large organizations, especially financial and gov- ernmental institutions, as security breaches in the systems they depend have repeatedly resulted in losses of billions per year, and this cost is on the rise. A primary reason for these breaches is the “socio-technical” nature of today’s systems that consist of an amal- gam of social and human actors, processes, technology and infrastructure. We refer to such systems as Socio-Technical Systems (STSs). Finding secure solutions for STSs is a difficult and error-prone task because of their heterogeneity and complexity. The thesis proposes a holistic security requirements analysis framework which catego- rizes system security concerns into three layers, including a social layer (social actors and business processes), a software layer (software applications that support the social layer) and an infrastructure layer (physical infrastructure, hardware, and devices). Within each layer, security requirements are elicited, and security mechanisms are designed to satisfy the security requirements. In particular, a cross-layer support link is defined to capture how security mechanisms deployed at one layer influence security requirements of the next layer down, allowing us to systematically and iteratively analyze security for all three layers and eventually produce holistic security solutions for the systems. To ensure the quality of the analysis of our approach and to promote practical adoption of the three-layer approach, the thesis includes two additional components. Firstly, we propose a holistic attack analysis, which takes an attacker’s perspective to explore realistic attacks that can happen to a system and thus contributes to the identification of critical security requirements. This approach consists of an attack strategy identification method which analyzes attacker’s alternative malicious intentions, and an attack strategy operationalization method which analyzes realistic attack actions that can be performed by attackers. Secondly, the thesis proposes a systematic approach for selecting and applying security patterns, which describe proven security solutions to known security problems. As such, analysts with little security knowledge can efficiently leverage reusable security knowledge to operationalize security requirements in terms of security mechanisms. This approach also allows us to systematically analyze and enforce the impact of deployed security mechanisms on system functional specifications. We have developed a prototype tool, which implements the formalized analysis methods of our three-layer framework and enables the semi-automatic application of our proposal. With the help of the tool, we apply our framework to two large-scale case studies so as to validate the efficacy of our approach.
5
Van, Der Merwe Melani. "Energy transitions: the case of South African electric security." Doctoral thesis, University of Cape Town, 2018. http://hdl.handle.net/11427/27906.
Full textAbstract:
Modern civilizations have evolved to be highly dependent on electrical energy. The exponentially growing renewables market has signaled transitions in electricity sectors that have traditionally been dominated by fossil fuel electricity. Various theoretical debates have recently emerged surrounding the processes of socio-technical transition, focusing on the pathways of transition, the levers for radical change and path-dependencies within these systems. The Multi-Level Perspective on Socio-technical Transitions is one such theory. This perspective views socio-technical change as a factor of interdependent shifts between three analytical levels observed within the system: the socio-technical regime, the socio-technical niche and the landscape. In accordance with this theory, radical change is generally observed as originating at niche level. Irregularities within the dominant regime and landscape pressures allow for niche innovations to break through into the dominant regime in processes of socio-technical transition. Toward understanding actor influences on energy transitions, considerable attention has been paid to actor's impact on governance processes through: patterns of consumption, the shaping of legislation and technical innovations, by socio-technical transitions theories. However less attention has been paid to the ways in which actors in renewable electricity markets are: forming networks toward the establishment of new regimes and governing processes at niche level, and consequently how actor governance has impacted the established perceptions and available pathways for realizing electric security. This thesis, builds on the Multi-Level Perspective, through an exploration of how actors govern socio-technical systems at niche level, paying careful attention to the modalities of power giving and power taking that allow for the development of networks of people and things toward the stabilization of novel socio-technical practices, innovations and developmental trajectories. It does this through a networked analysis of how different actors with different interests cooperate to open up innovative social and technological pathways.
6
Menzel, Michael. "Model-driven security in service-oriented architectures : leveraging security patterns to transform high-level security requirements to technical policies." Phd thesis, Universität Potsdam, 2011. http://opus.kobv.de/ubp/volltexte/2012/5905/.
Full textAbstract:
Service-oriented Architectures (SOA) facilitate the provision and orchestration of business services to enable a faster adoption to changing business demands. Web Services provide a technical foundation to implement this paradigm on the basis of XML-messaging. However, the enhanced flexibility of message-based systems comes along with new threats and risks. To face these issues, a variety of security mechanisms and approaches is supported by the Web Service specifications. The usage of these security mechanisms and protocols is configured by stating security requirements in security policies. However, security policy languages for SOA are complex and difficult to create due to the expressiveness of these languages.
To facilitate and simplify the creation of security policies, this thesis presents a model-driven approach that enables the generation of complex security policies on the basis of simple security intentions. SOA architects can specify these intentions in system design models and are not required to deal with complex technical security concepts.
The approach introduced in this thesis enables the enhancement of any system design modelling languages – for example FMC or BPMN – with security modelling elements. The syntax, semantics, and notion of these elements is defined by our security modelling language SecureSOA. The metamodel of this language provides extension points to enable the integration into system design modelling languages. In particular, this thesis demonstrates the enhancement of FMC block diagrams with SecureSOA.
To enable the model-driven generation of security policies, a domain-independent policy model is introduced in this thesis. This model provides an abstraction layer for security policies. Mappings are used to perform the transformation from our model to security policy languages.
However, expert knowledge is required to generate instances of this model on the basis of simple security intentions. Appropriate security mechanisms, protocols and options must be chosen and combined to fulfil these security intentions. In this thesis, a formalised system of security patterns is used to represent this knowledge and to enable an automated transformation process. Moreover, a domain-specific language is introduced to state security patterns in an accessible way. On the basis of this language, a system of security configuration patterns is provided to transform security intentions related to data protection and identity management. The formal semantics of the security pattern language enable the verification of the transformation process introduced in this thesis and prove the correctness of the pattern application.
Finally, our SOA Security LAB is presented that demonstrates the application of our model-driven approach to facilitate a dynamic creation, configuration, and execution of secure Web Service-based composed applications.<br>Im Bereich der Enterprisearchitekturen hat das Paradigma der Service-orientierten Architektur (SOA) in den vergangenen Jahren eine große Bedeutung erlangt. Dieser Ansatz ermöglicht die Strukturierung und Umsetzung verteilter, IT-basierter Geschäftsfunktionen, um einen effizienten und flexiblen Einsatz von IT-Ressourcen zu ermöglichen. Während in der Vergangenheit fachliche Anforderungen in monolithischen Applikationen umgesetzt wurden, setzt dieser Architekturansatz auf wiederverwendbare Dienste, die spezifische Geschäftsfunktionen implementieren. Diese Dienste können dann dynamisch zur Umsetzung von Geschäftsprozessen herangezogen werden und ermöglichen eine schnelle Reaktion auf verändernde geschäftliche Rahmenbedingungen durch Anpassung der Prozesse.
Die einzelnen Dienste existieren unabhängig voneinander und sind lose über einen Nachrichtenaustausch gekoppelt. Diese Unabhängigkeit unterscheidet den SOA-Ansatz von der bisherigen Entwicklung klassischer verteilter Anwendungen. Die Verwendung unabhängiger Dienste geht aber auch mit einem größeren Gefährdungspotential einher, da eine Vielzahl von Schnittstellen bereitgestellt wird, die mittels komplexer Protokolle angesprochen werden können. Somit ist die korrekte Umsetzung von Sicherheitsmechanismen in allen Diensten und SOA-Infrastrukturkomponeten essentiell.
Kommunikationspartner müssen an jedem Kommunikationsendpunkt authentifiziert und autorisiert werden und ausgetauschte Nachrichten müssen immer geschützt werden. Solche Sicherheitsanforderungen werden in technischen Sicherheitskonfigurationen (Policydokumenten) mittels einer Policysprache kodiert und werden an die Dienste verteilt, die diese Anforderungen durchsetzen. Da Policysprachen für SOA aber durch die Vielzahl und Vielfalt an Sicherheitsmechanismen, -protokollen und -standards eine hohe Komplexität aufweisen, sind Sicherheitskonfigurationen höchst fehleranfällig und mit viel Fachwissen zu erstellen.
Um die Generierung von Sicherheitskonfigurationen in komplexen Systemen zu vereinfachen, wird in dieser Arbeit ein modellgetriebener Ansatz vorgestellt, der eine visuelle Modellierung von Sicherheitsanforderungen in Architekturmodellen ermöglicht und eine automatisierte Generierung von Sicherheitskonfigurationen auf Basis dieser Anforderungen unterstützt. Die Modellierungsebene ermöglicht eine einfache und abstrakte Darstellung von Sicherheitsanforderungen, die sich auch für Systemarchitekten erschließen, welche keine Sicherheits-experten sind. Beispielsweise können modellierte Daten einfach mit einem Schloss annotiert werden, um den Schutz dieser Daten zu fordern. Die Syntax, die Semantik und die Darstellung dieser Anforderungen werden durch die in dieser Arbeit vorgestellte Sicherheitsmodellierungssprache SecureSOA spezifiziert.
Der vorgestellte modellgetriebene Ansatz transformiert die modellierten Anforderungen auf ein domänen-unabhängiges Policymodell, das eine Abstraktionsschicht zu konkreten Policysprachen bildet. Diese Abstrak-tionsschicht vereinfacht die Generierung von Sicherheitspolicies in verschiedenen Policysprachen.
Allerdings kann diese Transformation nur erfolgen, wenn im System Expertenwissen hinterlegt ist, das die Auswahl von konkreten Sicherheitsmechanismen und -optionen bestimmt. Im Rahmen dieser Arbeit werden Entwurfsmuster für SOA-Sicherheit zur Transformation herangezogen, die dieses Wissen repräsentieren. Dazu wird ein Katalog von Entwurfsmustern eingeführt, der die Abbildung von abstrakten Sicherheitsanforderungen auf konkrete Konfigurationen ermöglicht. Diese Muster sind mittels einer Entwurfsmustersprache definiert, die in dieser Arbeit eingeführt wird. Die formale Semantik dieser Sprache ermöglicht die formale Verifikation des Transformationsprozesses, um die Korrektheit der Entwurfsmusteranwendung nachzuweisen.
Die Definition dieses Entwurfsmusterkatalogs und der darauf basierende Transformationsprozess ermöglichen die Abbildung von abstrakten Sicherheitsanforderungen auf konkrete technische Sicherheitskonfigurationen und stellen den Beitrag dieser Arbeit dar. Abschließend wird in dieser Arbeit das SOA-Security-Lab vorgestellt, das die Umsetzung dieses Ansatzes demonstriert.
7
Karokola, Geoffrey Rwezaura. "A Framework for Securing e-Government Services : The Case of Tanzania." Doctoral thesis, Stockholms universitet, Institutionen för data- och systemvetenskap, 2012. http://urn.kb.se/resolve?urn=urn:nbn:se:su:diva-80722.
Full textAbstract:
e-Government services are becoming one of the most important and efficient means by which governments (G) interact with businesses (B) and citizens (C). This has brought not only tremendous opportunities but also serious security challenges. Critical information assets are exposed to current and emerging security risks and threats. In the course of this study, it was learnt that e-government services are heavily guided and benchmarked by e-Government maturity models (eGMMs). However, the models lack built-in security services, technical as well as non-technical; leading to lack of strategic objectives alignment between e-government services and security services. Information security has an important role in mitigating security risks and threats posed to e-government services. Security improves quality of the services offered. In light of the above, the goal of this research work is to propose a framework that would facilitate government organisations to effectively offer appropriate secure e-government services. To achieve this goal, an empirical investigation was conducted in Tanzania involving six government organizations. The investigations were inter-foiled by a sequence of structural compositions resulting in a proposition of a framework for securing e-government services which integrates IT security services into eGMMs. The research work was mainly guided by a design science research approach complemented in parts by systemic-holistic and socio-technical approaches. The thesis contributes to the empirical and theoretical body of knowledge within the computer and systems sciences on securing e-government structures. It encompasses a new approach to secure e-government services incorporating security services into eGMMs. Also, it enhances the awareness, need and importance of security services to be an integral part of eGMMs to different groups such as researched organizations, academia, practitioners, policy and decision makers, stakeholders, and the community.<br><p>At the time of the doctoral defence the following paper was unpublished and had a status as follows: Paper nr. 6: In press</p>
8
Olandersson, Sandra, and Jeanette Fredsson. "Threats in Information Security : Beyond technical solutions. - Using Threat Tree Analysis." Thesis, Blekinge Tekniska Högskola, Institutionen för programvaruteknik och datavetenskap, 2001. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-3829.
Full textAbstract:
To be able to protect an organisation's resources, it is important to understand what there is to protect and what to protect it from. The first step is to try to analyse the security threats that exist against an organisation's resources to explore the risks. Threats have to be identified, for the organisation to protect its resources and find where the optimal placement against threats is. This thesis analysis whether it is possible to obtain a Threat Tree Analysis that is useful for developing an information security policy for the municipality in Ronneby, using the SS 62 77 99-1 standard. A co-operation between the technical solutions and the administrative security is necessary to achieve information security, together with ordinary common sense. True, each of these can help improve security, but none of them is a complete solution. Security is not a product - it is a process. Threat trees form the basis of understanding that process. In this thesis, we have been using a qualitative method. The analysis method is a case study at the Social Department, at the municipality in Ronneby. Through interviews it has come us to hand, that the organisation has not established an information security policy which should give the code of practice for how the work of information security will pursue within the organisation. The organisation does neither use a model for structuring threats nor a method for collecting threats against information today. Through the structure of possible threats, the personnel generates an understanding of the organisation and takes active part finding adequate threats within the Social Department. As users understand the importance of security, how to use it, and where to report suspected violations, they can do a great deal to reduce the risk to loose information. Important to remember is that the education is an ongoing process, new users need training and trained users need reminding, especially when new technologies or processes are introduced. Thus, Threat Tree Analysis is useful for continuing towards developing an information security policy according to SS 62 77 99-1 standard.<br>För att kunna skydda en organisations resurser är det viktigt att förstå vad organisationen behöver skydda och vad den ska skydda det ifrån. Det första steget är att analysera hot mot organisationens resurser för att uppskatta riskerna. Hot måste identifieras för att organisationen ska kunna skydda sina resurser och hitta den optimala placeringen av åtgärder mot hot. Denna uppsatsen undersöker om det är möjligt att skapa en hotträdsanalys som är användbar för skapandet av en informationssäkerhetspolicy för Ronneby kommun, genom att använda standarden SS 62 77 99-1. Vi betonar i uppsatsen att ett samarbete mellan existerande tekniska lösningar och administrativ säkerhet är nödvändigt för att uppnå informationssäkerhet. Visst kan var och en av dessa hjälpa till att förbättra säkerheten, men ingen av dem är ensam den kompletta lösningen. Säkerhet är inte en produkt - det är en process. Hotträd formar grunden för en förståelse av den processen. I denna uppsats har vi använt en kvalitativ metod. Analysmetoden är en fallstudie på Socialförvaltningen i Ronneby kommun. Genom intervjuer har vi fått fram att organisationen inte har etablerat en informationssäkerhetspolicy, vilken ska ge riktlinjer för hur säkerhetsarbetet ska fullföljas inom organisationen. Organisationen använder varken en modell för att identifiera hot mot information eller en metod för att strukturera hoten. Genom strukturen av möjliga hot, genererar personalen en förståelse för organisationen och tar aktivt del i att identifiera hot mot Socialförvaltningen. Detta medför att alla användare förstår hur viktigt det är med säkerhet, vart de ska rapportera misstänkta händelser och de kan göra mycket för att minska risken att förlora information. Det är viktigt att komma ihåg att utbildning är en pågående process, nya användare behöver utbildning och utbildade användare behöver vidareutbildning, speciellt när nya tekniker eller processer introduceras. Därför är hotträdsanalysen en användbar modell för arbetet mot att skapa en informationssäkerhetspolicy enligt standarden SS 62 77 99-1.<br>Sandra Olandersson Blåbärsvägen 27 372 38 RONNEBY 0457 / 12084 Jeanette Fredsson Villa Viola 372 36 RONNEBY 0457 / 26616
9
Maninjwa, Prosecutor Mvikeli. "Managing an information security policy architecture : a technical documentation perspective." Thesis, Nelson Mandela Metropolitan University, 2012. http://hdl.handle.net/10948/d1020757.
Full textAbstract:
Information and the related assets form critical business assets for most organizations. Organizations depend on their information assets to survive and to remain competitive. However, the organization’s information assets are faced with a number of internal and external threats, aimed at compromising the confidentiality, integrity and/or availability (CIA) of information assets. These threats can be of physical, technical, or operational nature. For an organization to successfully conduct its business operations, information assets should always be protected from these threats. The process of protecting information and its related assets, ensuring the CIA thereof, is referred to as information security. To be effective, information security should be viewed as critical to the overall success of the organization, and therefore be included as one of the organization’s Corporate Governance sub-functions, referred to as Information Security Governance. Information Security Governance is the strategic system for directing and controlling the organization’s information security initiatives. Directing is the process whereby management issues directives, giving a strategic direction for information security within an organization. Controlling is the process of ensuring that management directives are being adhered to within an organization. To be effective, Information Security Governance directing and controlling depend on the organization’s Information Security Policy Architecture. An Information Security Policy Architecture is a hierarchical representation of the various information security policies and related documentation that an organization has used. When directing, management directives should be issued in the form of an Information Security Policy Architecture, and controlling should ensure adherence to the Information Security Policy Architecture. However, this study noted that in both literature and organizational practices, Information Security Policy Architectures are not comprehensively addressed and adequately managed. Therefore, this study argues towards a more comprehensive Information Security Policy Architecture, and the proper management thereof.
10
Stamm, Sidney L. "Anticipating and hardening the Web against socio-technical security attacks." [Bloomington, Ind.] : Indiana University, 2009. http://gateway.proquest.com/openurl?url_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation&res_dat=xri:pqdiss&rft_dat=xri:pqdiss:3344603.
Full textAbstract:
Thesis (Ph.D.)--Indiana University, School of Informatics, Dept. of Computer Science, 2009.<br>Title from PDF t.p. (viewed on Oct. 7, 2009). Source: Dissertation Abstracts International, Volume: 70-02, Section: B, page: 1137. Adviser: Markus Jakobsson.
11
Long, Cheri Lanette. "A socio-technical perspective on information security knowledge and attitudes /." Digital version accessible at:, 1999. http://wwwlib.umi.com/cr/utexas/main.
Full text
12
Paja, Elda. "STS: a Security Requirements Engineering methodology for socio-technical Systems." Doctoral thesis, Università degli studi di Trento, 2014. https://hdl.handle.net/11572/368991.
Full textAbstract:
Today’s software systems are situated within larger socio-technical systems, wherein they interact — by exchanging data and delegating tasks — with other technical components, humans, and organisations. The components (actors) of a socio-technical system are autonomous and loosely controllable. Therefore, when interacting, they may endanger security by, for example, disclosing confidential information, breaking the integrity of others’ data, and relying on untrusted third parties, among others. The design of a secure software system cannot disregard its collocation within a socio-technical context, where security is threatened not only by technical attacks, but also by social and organisational threats. This thesis proposes a tool-supported model-driven methodology, namely STS, for conducting security requirements engineering for socio-technical systems. In STS, security requirements are specified — using the STS-ml requirements modelling language — as social contracts that constrain the social interactions and the responsibilities of the actors in the socio-technical system. A particular feature of STS-ml is that it clearly distinguishes information from its representation — in terms of documents, and separates information flow from the permissions or prohibitions actors specify to others over their interactions. This separation allows STS-ml to support a rich set of security requirements. The requirements models of STS-ml have a formal semantics which enables automated reasoning for detecting possible conflicts among security requirements as well as conflicts between security requirements and actors’ business policies — how they intend to achieve their objectives. Importantly, automated reasoning techniques are proposed to calculate the impact of social threats on actors’ information and their objectives. Modelling and reasoning capabilities are supported by STS-Tool.
The effectiveness of STS methodology in modelling, and ultimately specifying security requirements for various socio-technical systems, is validated with the help of case studies from different domains. We assess the scalability for the implementation of the conflict identification algorithms conducting a scalability study using data from one of the case studies. Finally, we report on the results from user-oriented empirical evaluations of the STS methodology, the STS-ml modelling language, and the STS-Tool. These studies have been conducted over the past three years starting from the initial proposal of the methodology, language, and tool, in order to improve them after each evaluation.
13
Paja, Elda. "STS: a Security Requirements Engineering methodology for socio-technical Systems." Doctoral thesis, University of Trento, 2014. http://eprints-phd.biblio.unitn.it/1312/1/Paja-May2014.pdf.
Full textAbstract:
Today’s software systems are situated within larger socio-technical systems, wherein they interact — by exchanging data and delegating tasks — with other technical components, humans, and organisations. The components (actors) of a socio-technical system are autonomous and loosely controllable. Therefore, when interacting, they may endanger security by, for example, disclosing confidential information, breaking the integrity of others’ data, and relying on untrusted third parties, among others. The design of a secure software system cannot disregard its collocation within a socio-technical context, where security is threatened not only by technical attacks, but also by social and organisational threats. This thesis proposes a tool-supported model-driven methodology, namely STS, for conducting security requirements engineering for socio-technical systems. In STS, security requirements are specified — using the STS-ml requirements modelling language — as social contracts that constrain the social interactions and the responsibilities of the actors in the socio-technical system. A particular feature of STS-ml is that it clearly distinguishes information from its representation — in terms of documents, and separates information flow from the permissions or prohibitions actors specify to others over their interactions. This separation allows STS-ml to support a rich set of security requirements. The requirements models of STS-ml have a formal semantics which enables automated reasoning for detecting possible conflicts among security requirements as well as conflicts between security requirements and actors’ business policies — how they intend to achieve their objectives. Importantly, automated reasoning techniques are proposed to calculate the impact of social threats on actors’ information and their objectives. Modelling and reasoning capabilities are supported by STS-Tool.
The effectiveness of STS methodology in modelling, and ultimately specifying security requirements for various socio-technical systems, is validated with the help of case studies from different domains. We assess the scalability for the implementation of the conflict identification algorithms conducting a scalability study using data from one of the case studies. Finally, we report on the results from user-oriented empirical evaluations of the STS methodology, the STS-ml modelling language, and the STS-Tool. These studies have been conducted over the past three years starting from the initial proposal of the methodology, language, and tool, in order to improve them after each evaluation.
14
Tarimo, Charles N. "ICT Security Readiness Checklist for Developing Countries : A Social-Technical Approach." Doctoral thesis, Kista : Department of Computer and Systems Sciences, Stockholm University, 2006. http://urn.kb.se/resolve?urn=urn:nbn:se:su:diva-1354.
Full text
15
Nard, Karen D. "Improving Information Systems Security Through Management Practices: A Non-technical Approach." NSUWorks, 2004. http://nsuworks.nova.edu/gscis_etd/745.
Full textAbstract:
Most organizations have acknowledged the importance of information systems security, yet in this environment of heightened awareness many organizations focus on technology and overlook the non-technical security resources available to them. This project focused on the non-technical side of security and the management practices that can be used to establish an important layer in a comprehensive security solution.
A security planning matrix was developed by drawing from the theoretical and practical body of knowledge in the information systems security field. The matrix was designed to support generally accepted security principles, standards, and legislation so that information systems management can use the product to protect information systems using non-technical controls and techniques such as people, policies, practices, training, awareness, and the organizational structure and culture.
A hybrid waterfall/spiral process model, Microsoft Solutions Framework (MSF) was used to develop the security planning matrix. Specific procedures emulated those used by the National Institute of Standards and Technology (NIST) based on their experience and expertise in developing security guidelines and other security tools. A prototype of the product was developed early in the process based on requirements abstracted from security standards, legislation, and industry best practices. The prototype was then reviewed by an expert panel to refine both product requirements and design. One round of feedback and two versions of the prototype were required before the panel approved the prototype for use in the pilot study. The pilot was performed in a real-world setting at Republic Mortgage Insurance Corporation (RMIC), where user acceptance testing, success criteria evaluation, and security performance improvement testing were all performed to evaluate and stabilize the product.
The research improved professional practice and added to the body of information systems security knowledge by identifying and demonstrating methods for defining requirements of, developing, and evaluating a product such as the security planning matrix. Results of the research also showed that the product's features and functions were acceptable to both subject matter experts and real-world users and that implementation and use of the security planning matrix could improve the level of security preparedness as evidenced by pilot study results at RMIC.
16
Peiris, Wedige. "A socio-technical security risk mitigation methodology for information systems access." Thesis, Curtin University, 2014. http://hdl.handle.net/20.500.11937/2596.
Full textAbstract:
This research developed a methodology for the assessment of socio-technical information systems access security risks, which could cause insider threat events in organisations. The methodology consists of a meta-network model of information systems access, thirteen metrics to assess different types of access security risks and a risk assessment method for information security professionals. Research also presents network and other visualisations that can be used to communicate the risks effectively to the decision makers.
17
Menzel, Michael [Verfasser], and Christoph [Akademischer Betreuer] Meinel. "Model-driven security in service-oriented architectures : leveraging security patterns to transform high-level security requirements to technical policies / Michael Menzel. Betreuer: Christoph Meinel." Potsdam : Universitätsbibliothek der Universität Potsdam, 2012. http://d-nb.info/1022242229/34.
Full text
18
Gwozd, Ryszard. "Security of information systems, what technical solutions exist and what is needed." Thesis, National Library of Canada = Bibliothèque nationale du Canada, 2001. http://www.collectionscanada.ca/obj/s4/f2/dsk3/ftp04/MQ59323.pdf.
Full text
19
Charif, Abdul Rahim. "Contextualizing Secure Information System Design: A Socio-Technical Approach." NSUWorks, 2017. http://nsuworks.nova.edu/gscis_etd/999.
Full textAbstract:
Secure Information Systems (SIS) design paradigms have evolved in generations to adapt to IS security needs. However, modern IS are still vulnerable and are far from secure. The development of an underlying IS cannot be reduced to “technological fixes” neither is the design of SIS. Technical security cannot ensure IS security. Generations of SIS design paradigms have evolved, all with their own sets of shortcomings. A SIS design paradigm must meet well-defined requirements, yet contemporary paradigms do not meet all these requirements. Current SIS design paradigms are not easily applicable to IS. They lack a comprehensive modeling support and ignore the socio-technical organizational role of IS security. This research introduced the use of action research in design science research. Design science paradigm was leveraged to introduce a meta-design artifact explaining how IS requirements including security requirements can be incorporated in the design of SIS. The introduced artifact CSIS provided design comprehensiveness to emergent and changing requirements to IS from a socio-technical perspective. The CSIS artifact meets secure system meta-design requirements. This study presented a secure IS design principle that ensures IS security.
20
Green, Benjamin. "Augmenting ICS cyber security risk assessments : assimilation of socio-technical characteristics and constructs." Thesis, Lancaster University, 2018. http://eprints.lancs.ac.uk/126782/.
Full textAbstract:
Industrial Control Systems (ICSs) are applied to the monitoring, control, and automation of operational processes. Example industries include water, electricity, gas, and discrete manufacturing, some of which can be considered critical national infrastructure. Over recent years, an increase in disclosed ICS specific vulnerabilities, and cyber attacks, have been witnessed. The potential direct and cascading impact of these presents a significant risk, with dramatically detrimental consequences from a societal perspective. Complex relationships between essential services, and loss or compromise there of, provide motivation for this thesis. Modern ICSs rely on enterprise to plant floor connectivity. Where the size, diversity, and therefore complexity of an ICS increases, operational requirements, goals, and challenges, defined by users across various sub-systems will ultimately follow. Recent trends in technology convergence may cause system operators to lose a comprehensive understanding of end-to-end requirements. This presents a risk to system security and resilience, where the most minor of changes to sensor signals, can result in operational process degradation and failure. Furthermore, sensors once solely applied for operational process use, now act as inputs supporting a diverse set of organisational requirements. If these are not fully understood, incomplete cyber security risk assessment, and inappropriate implementation of security controls, could occur. This acts as a guiding principle across all thesis chapters, with core objectives set out to better understand and improve current approaches to the assessment of cyber-induced risk. In setting thesis objectives, three prerequisite questions were laid out, leading towards three core research questions, across four phases (Discover, Define, Develop, and Deliver). Initial phases related to ascertaining how ICSs can be understood from a social and technical perspective, who is likely to target ICSs with malicious intent, and how could attacks be conducted from a practical perspective. Applying this as a foundation, based on existing literature and practical experimentation, latter phases were better able to elicit pertinent challenges in current cyber security risk assessment practices, prior to the identification of appropriate mechanisms by which challenges may be addressed. In answering each research question, a mixed approach including literature reviews, practical experimentation, and industry engagement, was applied. Taking this approach has resulted in an output with practical contributions and impact, across both academia and industry alike. This thesis provides contributions across a number of discrete areas, including; a method by which ICSs can be defined from a social and technical perspective; an understanding of relevant threat actors, including tools and techniques which could be applied in the targeting of ICSs; how ICS cyber security risk assessments are currently approached by academia and industry, including a mechanism for their review, and identification of key gaps; approaches to the inclusion of socially derived cyber security risk within an assessment, including the identification of key challenges; and an approach to aid initial phases of ICS cyber security risk assessments. More specifically, how one can obtain a joint socio-technical understanding of system characteristics and constructs, as a prerequisite to cyber security risk assessments. Additional contribution in the form of a comprehensive ICS testbed environment, was developed to support thesis objectives. This facility continues to be of high value in initial stages of future work, more specifically, in the development of tools for use during a cyber security risk assessment, and ongoing risk management/mitigation.
21
Waly, Nesren Saleh. "Organisational information security management : the impact of training and awareness : evaluating the socio-technical impact on organisational information security policy management." Thesis, University of Bradford, 2013. http://hdl.handle.net/10454/5666.
Full textAbstract:
Security breaches have attracted attention from corporations and scholars alike. The major organisations are determined to stop security breaches as they are detrimental to their success. Arguably the most common factor contributing to these breaches is employee behaviour, which suggests that changes in employee behaviour can have an impact on improving security. This research aims to study the critical factors (CFs) that impact on employee behaviours toward compliance with their organisation's information security policy. This investigation will focus on the various critical success factors based on their grouping into one of the following three major categories, namely: organisational factors, behavioural factors and training factors. Each of these categories affects a different aspect of information security and the objective is to not only understand the interaction of different factors but also to study further the aims in order to provide practical recommendations for improving organisational information security management. This study has utilised empirical research through the use of both qualitative and quantitative methodologies to inform each stage of the research. This study focused on the health, business and education sectors by empirically evaluating the obstacles and success factors that affect employee compliance to organisational security policies. In addition, this study also evaluated the affect of the socio-technical impact on organisational information security management. The final stage of the research focused on developing an effective training and awareness programme. This training programme was constructed by incorporating the techniques that were identified as enhancing employee perceptions, attitudes and motivations, in order to facilitate a better transference of skills and more sustainable and appropriate behaviours to improve organisational information security management in the workplace. The techniques utilised included: effective communication, knowledge reinforcement, pre- and post-assessment and motivational techniques.
22
Chaula, Job Asheri. "A Socio-technical Analysis of Information Systems Security Assurance : A Case Study for Effective Assurance." Doctoral thesis, Kista : Department of Computer and Systems Sciences, Stockholm University/KTH DSV, 2006. http://urn.kb.se/resolve?urn=urn:nbn:se:su:diva-1350.
Full text
23
Drake, Paul David. "Communicative action in information security systems : an application of social theory in a technical domain." Thesis, University of Hull, 2005. http://hydra.hull.ac.uk/resources/hull:5623.
Full textAbstract:
This thesis is about grounding an increasingly common practice in an established theory where no explicit theory currently exists. The common practice that is the subject of this study is information security. It is commonly held that information security means maintaining the confidentiality, integrity (accuracy) and availability of information. It seems that a whole industry has built up with tools, techniques and consultants to help organisations achieve a successful information security practice. There is even a British Standard containing around 130 controls, and a management system to guide organisations and practitioners. In the absence of many alternatives this British Standard has grown into something of a requirement for organisations who are concerned about the security of their information. The British Standard was developed almost entirely through the collaboration of some powerful blue-chip organisations. These organisations compared their practices and found some key areas of commonality. These common areas became the foundation of many information security practices today. Although there has been considerable evolutionary change the fundamentals, and not least the principles of confidentiality, integrity and availability, remain largely the same. It is argued in this thesis that the absence of a theoretical grounding has left the domain as weak and unable to cope with the rapidly developing area of information security. It is also argued that there was far too little consideration of human issues when the standard was devised and that situation has worsened recently with greater reliance on information security driven by more threats of increasing complexity, and more restrictive controls being implemented to counteract those threats. This thesis aims to pull human issues into the domain of information security: a domain which is currently dominated by non-social and practical paradigms. The key contribution of this thesis is therefore to provide a new model around which information security practices can be evaluated. This new model has a strong and established theoretical basis. The theory selected to underpin the new model is in the broad domain of critical social theory.
24
Mwakalinga, Jeffy. "A Framework for Adaptive Information Security Systems : A Holistic Investigation." Doctoral thesis, KTH, Kommunikationssystem, CoS, 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-33805.
Full textAbstract:
This research proposes a framework for adaptive information security systems that considers both the technical and social aspects of information systems security. Initial development of information systems security focused on computer technology and communication protocols. Researchers and designers did not consider culture, traditions, ethics, and other social issues of the people using the systems when designing and developing information security systems. They also seemed to ignore environments where these systems run and concentrated only on securing parts of the information systems. Furthermore, they did not pay adequate attention to the enemies of information systemsand the need for adaption to a changing enviroment. The consequences of this lack of attentions to a number of important factors have given us the information security systems that we have today, which appear to be systemically insecure. To approach this systemic insecurity problem the research was divided into mini studies that were based on the Systemic-Holistic paradigm, Immune System concepts, and Socio-Technical System theory. Applying the holistic research process the author started first by exploring adaptation systems. After exploring these systems, the focus of the research was to understand the systems and features required for making information security systems learn to adapt to the changing environments. Designing and testing the adaptive framework were the next steps. The acquired knowledge from this research was structured into domains in accordance to ontological principles and relationship between domains was studied. These domains were then integrated with the security value-based chain concept, which include deterrence, prevention, detection, response, and recovery functions to create a framework for adaptive information security systems. The results of the mini studies were reported in a number of papers, which were published in proceedings of international conferences and a journal. For this work, 12 of the thesis papers are included. A framework for adaptive information security system was created. Trials to apply and validate the framework were performed using three methods. The first method was a panel validation, which showed that the framework could be used for providing adaptive security measures and structuring security work. The second method mapped the framework to the security standards, which showed that the framework was aligned with the major information systems security standards. The third and last validation method was to map the framework with reported ICT crimes cases. The results indicated that most crimes appear to occur because the security systems in place lacked deterrence security measures and had weak prevention, detection, and response security measures. The adaptive information security systems framework was also applied to a number of areas including a secure e-learning, social networks, and telemedicine systems. It is concluded in this thesis that this adaptive information security system framework can be applied to minimize a number of systemic insecurity problems and warrants more applied research and practical implementations.<br>Q 20110608
25
Goode, Jodi. "Comparing Training Methodologies on Employee’s Cybersecurity Countermeasures Awareness and Skills in Traditional vs. Socio-Technical Programs." Diss., NSUWorks, 2018. https://nsuworks.nova.edu/gscis_etd/1045.
Full textAbstract:
Organizations, which have established an effective technical layer of security, continue to experience difficulties triggered by cyber threats. Ultimately, the cybersecurity posture of an organization depends on appropriate actions taken by employees whose naive cybersecurity practices have been found to represent 72% to 95% of cybersecurity threats and vulnerabilities to organizations. However, employees cannot be held responsible for cybersecurity practices if they are not provided the education and training to acquire skills, which allow for identification of security threats along with the proper course of action to mitigate such threats. In addition, awareness of the importance of cybersecurity, the responsibility of protecting organizational data, as well as of emerging cybersecurity threats is quickly becoming essential as the threat landscape increases in sophistication at an alarming rate. Security education, training, and awareness (SETA) programs can be used to empower employees, who are often cited as the weakest link in information systems (IS) security due to limited knowledge and lacking skillsets. Quality SETA programs not only focus on raising employee awareness of responsibilities in relation to their organizations’ information assets but also train on the consequences of abuse while providing the necessary skills to help fulfill these requirements.
The main goal of this research study was to empirically assess if there are any significant differences on employees’ cybersecurity countermeasures awareness (CCA) and cybersecurity skills (CyS) based on the use of two SETA program types (typical & socio-technical) and two SETA delivery methods (face-to-face & online). This study included a mixed method approach combining an expert panel, developmental research, and quantitative data collection. A panel of subject matter experts (SMEs) reviewed the proposed SETA program topics and measurement criteria for CCA per the Delphi methodology. The SMEs’ responses were incorporated into the development of two SETA program types with integrated vignette-based assessment of CCA and CyS, which were delivered via two methods. Vignette-based assessment provided a nonintrusive way of measurement in a pre- and post-assessment format. Once the programs had been reviewed by the SMEs to ensure validity and reliability, per the Delphi methodology, randomly assigned participants were asked to complete the pre-assessment, the SETA program, and then the post-assessment providing for the qualitative phase of the study. Data collected was analyzed using analysis of variance (ANOVA) and analysis of covariance (ANCOVA) to address the proposed research hypothesis. Recommendations for SETA program type and delivery method as a result of data analysis are provided.
26
Takacs, Gergely. "Integration of CTI into security management." Thesis, Luleå tekniska universitet, Institutionen för system- och rymdteknik, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-74246.
Full textAbstract:
Current thesis is a documentative approach to sum up experiences of a practical projectof implementing Cyber Threat Intelligence into an existing information securitymanagement system and delivering best practices using action design researchmethodology. The project itself was delivered to a multinational energy provider in 2017.The aim of the CTI-implementation was to improve the information security posture ofthe customer. The author, as participant of the delivery team presents an extensive reviewof the current literature on CTI and puts the need for threat intelligence into context. Theauthor claims that traditional security management is not able to keep up with currentcybersecurity threats which makes a new approach required. The thesis gives an insightof an actually working and continuously developed CTI-service and offers possible bestpractices for InfoSec professionals, adds theoretical knowledge to the body of knowledgeand opens up new research areas for researchers.
27
Jacobsen, Katja Lindskov. "Rethinking the 'bio' of biopolitical security through humanitarian experimentation : the making of bodily boundaries and technical authority." Thesis, Lancaster University, 2011. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.660116.
Full textAbstract:
This thesis advances Michel Foucault's argument that biopolitical security is constitutive of the forms of life that it defmes as worthy of protection and the forms of life that it defines as threatening. By exploring this constitutive process from the perspective of Science and Technology Studies (STS) I advance Foucault's argument to think beyond the 'bio' of biopower thought of as synonymous with the biological by showing how, for example, 'the digital' is being constituted as a new type of political body open to penetration by the sovereign imagination. To make this argument I examine three instances of humanitarian experimentation (where recipients of humanitarian assistance become test subjects) and approach these practices as biopolitical interventions constitutive of bodily boundaries and epistemological authority. Specifically, I examine experiments with vaccine candidates, unapproved genetically modified organisms, and unproven iris recognition technology. My analysis of these cases illustrates the relevance of STS for International Relations (IR) and security studies by demonstrating how bodily boundaries and techno-scientific authority are co-constituted in the context of humanitarian experimentation. Crucially, importing STS- insights into IR enables me to trace an expansion in the aspects of human existence constituted as open to biopower's penetration and authoritative division and to demonstrate how this expansion finds no limitation at the border of the biological body. The thesis contributes to the deepening understanding created by critical literature on humanitarianism by illustrating how biopolitics and STS illuminate important aspects of contemporary security practices - notably the production of the very 'bio' of biopolitical security and the authority called upon to divide, rank, and act upon the thus constituted body. The thesis not only challenges biopower's demarcation of safe/unsafe bodies and the 'evidence' in which this demarcation is anchored, it also has implications for how we think about humanitarianism and the kind of body that it claims to deliver protection to.
28
Lundberg, Johan. "Dynamic Risk Management in Information Security : A socio-technical approach to mitigate cyber threats in the financial sector." Thesis, Örebro universitet, Handelshögskolan vid Örebro Universitet, 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:oru:diva-87359.
Full textAbstract:
In the last decade, a new wave of socio-technical cyber threats has emerged that is targeting both the technical and social vulnerabilities of organizations and requires fast and efficient threat mitigations. Yet, it is still common that financial organizations rely on yearly reviewed risk management methodologies that are slow and static to mitigate the ever-changing cyber threats. The purpose of this research is to explore the field of Dynamic Risk Management in Information Security from a socio-technical perspective in order to mitigate both types of threats faster and dynamically to better suit the connected world we live in today. In this study, the Design Science Research methodology was utilized to create a Dynamic Information Security Risk Management model based on functionality requirements collected through interviews with professionals in the financial sector and structured literature studies. Finally, the constructed dynamic model was then evaluated in terms of its functionality and usability. The results of the evaluation showed that the finalized dynamic risk management model has great potential to mitigate both social and technical cyber threats in a dynamic fashion.<br>Under senaste decenniet har en ny våg av sociotekniska cyberhot uppkommit som är riktade både mot de sociala och tekniska sårbarheterna hos organisationer. Dessa hot kräver snabba och effektiva hotreduceringar, dock är det fortfarande vanligt att finansiella organisationer förlitar sig på årligen granskade riskhanteringsmetoder som både är långsamma och statiska för att mildra de ständigt föränderliga cyberhoten. Syftet med denna forskning är att undersöka området för dynamisk riskhantering inom informationssäkerhet ur ett sociotekniskt perspektiv, med målsättningen att snabbare och dynamiskt kunna mildra bägge typerna av hot för att bättre passa dagens uppkopplade värld. I studien användes Design Science Research för att skapa en dynamisk riskhanteringsmodell med syfte att hantera sociotekniska cyberhot mot informationssäkerheten. Riskhanteringsmodellen är baserad på funktionskrav insamlade genom intervjuer med yrkesverksamma inom finanssektorn, samt strukturerade litteraturstudier. Avslutningsvis utvärderades den konstruerade dynamiska modellen avseende dess funktionalitet och användbarhet. Resultaten av utvärderingen påvisade att den slutgiltiga dynamiska riskhanteringsmodellen har en stor potential att mitigera både sociala och tekniska cyberhot på ett dynamiskt sätt.
29
van, Deursen Hazelhoff Roelfze Nicole. "HI-Risk : a socio-technical method for the identification and monitoring of healthcare information security risks in the information society." Thesis, Edinburgh Napier University, 2014. http://researchrepository.napier.ac.uk/Output/6921.
Full textAbstract:
This thesis describes the development of the HI-risk method to assess socio-technical information security risks. The method is based on the concept that related organisations experience similar risks and could benefit from sharing knowledge in order to take effective security measures. The aim of the method is to predict future risks by combining knowledge of past information security incidents with forecasts made by experts. HI-risks articulates the view that information security risk analysis should include human, environmental, and societal factors, and that collaboration amongst disciplines, organisations and experts is essential to improve security risk intelligence in today's information society. The HI-risk method provides the opportunity for participating organisations to register their incidents centrally. From this register, an analysis of the incident scenarios leads to the visualisation of the most frequent scenario trees. These scenarios are presented to experts in the field. The experts express their opinions about the expected frequency of occurrence for the future. Their expectation is based on their experience, their knowledge of existing countermeasures, and their insight into new potential threats. The combination of incident and expert knowledge forms a risk map. The map is the main deliverable of the HI-risk method, and organisations could use it to monitor their information security risks. The HI-risk method was designed by following the rigorous process of design science research. The empirical methods used included qualitative and quantitative techniques, such as an analysis of historical security incident data from healthcare organisations, expert elicitation through a Delphi study, and a successful test of the risk forecast in a case organisation. The research focused on healthcare, but has potential to be further developed as a knowledge-based system or expert system, applicable to any industry. That system could be used as a tool for management to benchmark themselves against other organisations, to make security investment decisions, to learn from past incidents and to provide input for policy makers.
30
Nakakeeto, Gertrude. "The Impact of Technical Measures on Agricultural Trade: A Case of Uganda, Senegal, and Mali."Improving Food Security through Agricultural Trade"." Thesis, Virginia Tech, 2011. http://hdl.handle.net/10919/34887.
Full textAbstract:
This thesis estimates the impact of non-tariff measures (NTMs) notified by the importing countries on agricultural trade. The non-tariff measures constitute the technical measures notified under the SPS and TBT agreements and the non-technical measures to trade. Two approaches are used; the inventory approach and the econometric approach which makes use of the gravity model. The inventory results suggest that African countries face more restrictions on their exports than what they impose on their imports. Also, Uganda, Senegal and Mali are among the top twenty most affected importers.
The empirical results suggest that the impact of the overall group on non-tariff measures is ambiguous but when measures are disaggregated into technical and non-technical measures, the results show that the technical measures promote agricultural trade and that the non-technical measures restrict trade. Also, imports of industrialized nations from fellow industrialized nations are promoted by the technical measures but are restricted by non-technical measures, while those from non-industrialized countries are affected negatively by both technical and non-technical measures. Out of the five regions considered, Africa faces the largest negative impact by both technical and non-technical measures.<br>Master of Science
31
Emilsson, Daniel. "Småföretags arbetssätt med informationssäkerhet : En kvalitativ studie av utvalda företag." Thesis, Högskolan i Skövde, Institutionen för informationsteknologi, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:his:diva-17362.
Full textAbstract:
Företag lagrar konstant mer information i systemen. I kombination med att mängden hot mot användandet av IT inom företagens verksamheter årligen ökar, höjs kraven på arbetet rörande informationssäkerhet. Risken att företag drabbas av IT-relaterade hot är lika sannolik oavsett storlek. En avgörande skillnad mellan företag är budgetstorlek och resurstillgångar. Företag med 10-49 anställda benämns som småföretag enligt den definition EU‐kommissionen satt upp för företag inom Europeiska Unionen. Småföretag har sannolikt avsatt mindre pengar i budgeten för informationssäkerhetsarbete än stora företag. Småföretagens informationssäkerhetsarbete studeras inte lika frekvent som stora företags, trots att småföretag ihop med medelstora och mikroföretag utgör 99 % av den totala mängden i Europa. Kombinationen av skral budget och stor andel företag utgör en intressant grund i att klargöra hur småföretag arbetar med att uppnå informationssäkerhet. Studien är kvalitativ och saknar befintlig initial teori om informationssäkerhet. Studien analyserar insamlad empiri i form av kvalitativa intervjuer med respondenter från småföretag ihop med litteratur för att uppnå resultat och dra slutsatser för att besvara rapportens frågeställningar. Resultatet visar att småföretagens syn på informationssäkerhet främst är teknikorienterat. Flertalet tekniska åtgärder appliceras för att skydda småföretagen mot hot. Resultatet visar också att ett systematiskt arbete med informationssäkerhet ofta saknas och att den administrativa säkerheten med policys, regelverk och rutiner många gånger är obefintlig.<br>Companies constantly store more information in their systems. In combination with the fact that the amount of threats to the use of IT within the companies' businesses annually increases, the demands on the work concerning information security are increased. The risk that companies suffer from IT-related threats is just as big regardless of size. A crucial difference between companies is budget size and resources. Companies with 10-49 employees are referred to as small businesses according to the definition the EU Commission set up for companies in the European Union. Small businesses have probably allocated less money in the budget for information security work than large companies. Small business information security work is not being studied as frequently as large companies, although small businesses together with medium and micro enterprises make up 99% of the total amount of companies in Europe. The combination of a small budget and the largest share of the companies is an interesting basis for investigating how small businesses relate to information security. The study is qualitative and lacks an existing initial theory of information security. The study analyzes collected empirical data in the form of qualitative interviews with respondents from small companies together with literature to achieve results and draw conclusions to answer the report's questions. The result shows that the small companies' view of information security is primarily technology-oriented. Most technical measures are applied to protect small businesses against threats. The result also shows that systematic work on information security is often lacking and that the administrative security with policies, regulations, and routines is often non-existent
32
Morgner, Philipp [Verfasser], Zinaida [Akademischer Betreuer] Benenson, Felix [Gutachter] Freiling, and Christina [Gutachter] Pöpper. "Security and Privacy in the Internet of Things: Technical and Economic Perspectives / Philipp Morgner ; Gutachter: Felix Freiling, Christina Pöpper ; Betreuer: Zinaida Benenson." Erlangen : Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU), 2019. http://d-nb.info/1189424843/34.
Full text
33
Hallett, Austin P. "Finding Profitability of Technical Trading Rules in Emerging Market Exchange Traded Funds." Scholarship @ Claremont, 2012. http://scholarship.claremont.edu/cmc_theses/375.
Full textAbstract:
This thesis further investigates the effectiveness of 15 variable moving average strategies that mimic the trading rules used in the study by Brock, Lakonishok, and LeBaron (1992). Instead of applying these strategies to developed markets, unique characteristics of emerging markets offer opportunity to investors that warrant further research. Before transaction costs, all 15 variable moving average strategies outperform the naïve benchmark strategy of buying and holding different emerging market ETF's over the volatile period of 858 trading days. However, the variable moving averages perform poorly in the "bubble" market cycle. In fact, sell signals become more unprofitable than buy signals are profitable. Furthermore, variations of 4 of 5 variable moving average strategies demonstrate significant prospects of returning consistent abnormal returns after adjusting for transaction costs and risk.
34
Dibba, Lamin [Verfasser], and Manfred [Akademischer Betreuer] Zeller. "Impact evaluation of improved rice varieties and farmer training on food security and technical efficiency in The Gambia / Lamin Dibba. Betreuer: Manfred Zeller." Hohenheim : Kommunikations-, Informations- und Medienzentrum der Universität Hohenheim, 2016. http://d-nb.info/1100055436/34.
Full text
35
Ribas, Carlos Eduardo. "Sistema de gestão de segurança da informação em organizações da área da saúde." Universidade de São Paulo, 2010. http://www.teses.usp.br/teses/disponiveis/5/5160/tde-27092010-145036/.
Full textAbstract:
INTRODUÇÃO: Este estudo descreve o processo de implantação de um sistema de gestão de segurança da informação em uma organização de saúde, visando assegurar a confidencialidade, a integridade e a disponibilidade das informações. MÉTODOS: Utilizou-se a norma ISO 27001 para o desenvolvimento do projeto e o seu anexo A, através de uma nova metodologia, para avaliar a organização. Um questionário foi elaborado para avaliar a percepção dos funcionários com a segurança da informação e também para checar itens relacionados ao escopo do projeto. Avaliamos a segurança da informação no início e ao término do estudo. A análise estatística foi realizada com o teste do qui-quadrado com correção de Yates. O resultado foi considerado significante para P < 0,05. RESULTADOS: Houve resultado significativo na pontuação obtida pela organização, no total de controles implementados e no total de controles não implementados. Não houve resultados significativos com o questionário. CONCLUSÃO: O uso do SGSI trouxe benefícios para a organização com melhoras significativas no nível de conformidade com a norma de referência, além da redução dos riscos aos ativos da organização por meio da implementação de controles<br>INTRODUCTION: This study describes the implementations process of an Information Security Management System in a healthcare organization in order to assure the confidentiality, integrity and availability of the information. METHODS: We used the ISO 27001 standard for development of the project and its \"Annex A\", through a new methodology, to assess the organization. A questionnaire was designed to estimate the perception of staff with information security and also to check items related to project scope. We evaluated the information security at the beginning and at the end of the study. Statistical analysis was performed with the chi-square test with Yates correction. The result was considered significant for P < 0,05. RESULTS: The organization obtained significant improves on the score, on the number of implemented controls and on the number of not implemented controls, but there were no significant results with the questionnaire. CONCLUSION: The use of ISMS brought benefits to the organization with expressive improvements in the level of compliance with the standard\'s reference, besides the reduction of risks in the organization\'s assets through the implementation of controls
36
Depuru, Soma Shekara. "Modeling, Detection, and Prevention of Electricity Theft for Enhanced Performance and Security of Power Grid." University of Toledo / OhioLINK, 2012. http://rave.ohiolink.edu/etdc/view?acc_num=toledo1341522225.
Full text
37
Al, Smadi Duha. "Information Sharing and Storage Behavior via Cloud Computing: Security and Privacy in Research and Practice and Users' Trust." Thesis, University of North Texas, 2019. https://digital.library.unt.edu/ark:/67531/metadc1505164/.
Full textAbstract:
This research contributes to the cloud computing (CC) literature and information science research by addressing the reality of information sharing and storage behavior (ISSB) of the users' personal information via CC. Gathering information about usage also allows this research to address the paradox between the research and practice. Additionally, this research explores the concept of trust and its role in the behavioral change relative to CC. The findings help reconcile the paradox between the two realms.
Essay1 develops and tests cloud computing usage model (CCUM) that assesses ISSB. This model considers the main adoption determinants and the main drawbacks of CC. The study measures the main concerns of users found in the literature, perceived security and perceived privacy. The findings prove surprising on these concerns. Using multiple regression to analyze 129 valid survey responses, the results find that CC users are less concerned about the major issues of security and privacy and will use the technology based on peer usage. Essay 2 examines why users ignore the technology issues and elect to replace the traditional mechanisms for handling their personal information. The results of an interview-based study conducted on 11 normal users and 11 IT professionals clarify their perceptions about CC and examine its readiness to handle their information from an end-user perspective. Essay 3 explores the CC literature to identify the major factors associated with the users' trust beliefs. The research conducted in this essay groups these factors into three categories. The posited and tested model examines the effect of perceived trust on ISSB. A structural equation modeling approach is used to analyze 1228 valid responses and tests the developed cloud computing trust model. The results provide multiple implications for CC researchers, managers, and service providers.
38
Kane, Ousmane. "Development of Agriculture value chains as an asset for the sustainable development and food security: the case of the improvement of agricultural technical and vocational education in Senegal." Diss., Virginia Tech, 2021. http://hdl.handle.net/10919/104451.
Full textAbstract:
The growth of a country depends on the improvement of its human resources. The TVET (Technical and Vocational Education and Training) system intends primarily to advance personal support and resources. Throughout education, people can build their knowledge, understanding, and skills to find a job. The TVET in Agriculture (ATVET) curriculum plays an essential role in designing interventions to deliver quality education, helping people increase productivity in the various agriculture sectors of economic activities, value chains, and associated occupations. The purpose of this research is to investigate what is necessisary to improve the agriculture technical and vocational education programs in Senegal by focusing on pedagogy and teaching strategies. Participants represented different ranges of teaching experience from five to more than ten years. The lead researcher interviewed two school directors and ten ATVET teachers. The interviews were semi-structured and were last from 30 minutes to one hour in Diourbel and Thies, Senegal. The researchers developed an interview protocol regarding the ATVET programs, implementation issues, and job market trends. The results showed that participants had various years of professional experience in the ATVET system and academic levels. All participants are well experienced and knowledgeable about working in strenuous physical and instructional conditions. The lack of infrastructure, equipment, and class facilities appears in the findings as significant problems. The deterioration of the resources such as human, material, financial and organizational influences the expected teaching outcomes because of insufficient and inadequate teaching and learning methods. Thereby, all authorities must consider the requirements and expectations of the the competency-based (CBA) program within the sustainability of the infrastructure, the learning environment, and the efficiency of maintenance to improve the technical context to guarantee practical and efficient administration of technological, environmental, and human resources.<br>Doctor of Philosophy<br>The growth of a country depends on the improvement of its human resources. The Vocational Training system (TVET) aims to strengthen human resources. Through education, people can build their expertise, comprehension, and abilities to find a job. The TVET in Agriculture performs a fundamental function in designing interventions to deliver concerning training, making people boost productivity in agriculture sectors of economic activities, value chains, and associated occupations. The purpose of this research is to investigate what is needed to improve agriculture vocational and technical education programs in Senegal by focusing on pedagogy and teaching strategies to address the new and growing competency demands of the different value-chains within the agriculture system. Participants in this study were the teachers and administrators in the current ATVET programs. The lead researcher interviewed two school directors and ten ATVET teachers in Diourbel and Thies, Senegal. The researchers developed an interview protocol regarding the ATVET programs, implementation issues, and job market trends. The results showed that participants are well experienced and knowledgeable about working in strenuous physical and instructional conditions. The availability and quality of material resources such as teaching materials and class sizes pose problems in teacher satisfaction in the classroom to boost learning outcomes. Thus, the didactic equipment also remains insufficient and poorly diversified, which testifies the limited pedagogical approaches used in these structures. The deterioration of the ATVET resources such as human, material, financial and organizational influences the expected teaching outcomes because of insufficient and inadequate teaching and learning methods. Thereby, all authorities must consider the requirements and expectations of sustainability of the infrastructure, the learning environment, and the efficiency of maintenance to improve the technical context.
39
Klaar, Jonathan, and Allen Masak. "Webbläsares inbyggda lösenordshanterare : Faktorer som påverkar privatpersoners användning/ickeanvändning av webbläsares inbyggda lösenordshanterare." Thesis, Jönköping University, JTH, Avdelningen för datateknik och informatik, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:hj:diva-53217.
Full textAbstract:
Kunskap om lösenord och deras säkerhet är idag något som förbises av den gemene datoranvändaren. Lösenordshanterare kan både hjälpa och skydda vid hanteringen av lösenord. De flesta webbläsare idag har inbyggda funktioner för lösenordshantering. Utifrån existerande litteratur kunde det identifieras att det behövs data kring vilka faktorer som påverkar webbläsares användare att använda respektive inte använda dessa inbyggda lösenordshanterare. Syftet med rapporten är att presentera en analys av faktorer som påverkar varför privatpersoner väljer att använda respektive inte använda webbläsares inbyggda lösenordshanterare. Resultatet presenteras med hjälp av kvalitativa semi-strukturerade intervjuer där 33 respondenter deltagit och besvarat frågor kring deras hantering av lösenord och användning av webbläsares inbyggda lösenordshanterare. Resultat från intervjuer visade att faktorer som var av betydande roll för ickeanvändande respondenter var starkt kopplade till datorvana och hur ofta respondenter använde datorn. De faktorer som spelade störst roll för användare av verktyget var enkelhet och tidseffektivitet. Icke-användare tenderade att ha en behovsbrist gällande verktyget, mestadels på grund av deras avsaknad av datoranvändning. Faktorer som påverkar användare och icke-användare visade sig stämma överens med tidigare forskning. Dessutom sammanfattades att antalet respondenter som var användare av lösenordshanterare var betydligt högre än vad som tidigare hävdats i litteratur. Majoriteten av respondenterna (79%) var användare av lösenordshanterare, vilket motsäger tidigare studier som utförts där endast 23% använder sig av lösenordshanterare.<br>Knowledge of passwords and their security is today something that is overlooked by the everyday computer user. Password managers can both help and protect when managing passwords. Most web browsers today have built-in password management features. Based on existing literature, it could be identified that there is a need for knowledge concerning which factors influence web browser users to use or not use their built-in password managers. The purpose of the report is to present an analysis of factors that affect why private individuals choose to use or not use browsers built-in password managers. The results are presented with the help of qualitative semi-structured interviews in which 33 respondents participated and answered questions about their handling of passwords and the use of web browsers built-in password managers. Results from the interviews showed that factors that were significant for non-user respondents were strongly linked to computer skills and how often respondents used the computer. The factors that played the biggest role for users of the tool were simplicity and time efficiency. Non-users tended to have a lack of need for the tool, mostly because of their lack of computer usage. Factors affecting users and non-users were found to be consistent with previous research. In addition, it was concluded that the number of respondents who were users of password managers was significantly higher than previously claimed in the literature. The majority of respondents (79%) were users of password managers, which contradicts previous studies conducted where only 23% use password managers.
40
Shade, Molly. "The Burner Project: Privacy and Social Control in a Networked World." Thesis, University of North Texas, 2015. https://digital.library.unt.edu/ark:/67531/metadc801891/.
Full textAbstract:
As mobile phones become increasingly ubiquitous in today’s world, academic and public audiences alike are curious about the interaction between mobile technologies and social norms. To investigate this phenomenon, I examined how individuals use technology to actively manage their communication behaviors. Through a three-month research project on usage patterns of Burner, a mobile application, this thesis explores the relationships among technology, culture, and privacy. Burner is a service that equips individuals with the means to create, maintain, and/or dissolve social ties by providing temporary, disposable numbers to customers. The application offers a way to communicate without relying on a user’s personal phone number. In other words, Burner acts as a “privacy layer” for mobile phones. It also provides a valuable platform to examine how customers use the application as a strategy for communication management. This thesis represents a marriage of practice and theory: (1) As an applied enterprise, the project was constructed as a customer needs assessment intending to examine how the service was situated in the lives of its users. The findings have successfully been applied to my client’s company strategy and have led to a more informed customer approach. (2) As an academic endeavor, this research contributes to existing scholarship in anthropology, computer-mediated communication, privacy, and design. The results provide rich fodder for discussions about the impact of mobile communication and services.
41
Shackelford, Philip Clayton. "Fighting for Air: Cold War Reorganization and the U.S. Air Force Security Service, 1945-1952." Kent State University / OhioLINK, 2016. http://rave.ohiolink.edu/etdc/view?acc_num=kent1461432022.
Full text
42
Konečný, Pavel. "Fyzická bezpečnost v průmyslovém podniku." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2017. http://www.nusl.cz/ntk/nusl-318618.
Full textAbstract:
The diploma thesis focuses on physical security solutions in an organization acting in a metallurgy segment. The analytical part identifies the weaknesses in individual areas of physical security according to ČSN/ISO 27 000 regulation. The practical part is divided into individual chapters bringing suggestions for corrections, modernization and modifications of the system. The theoretical part deals mainly with clarification of the terminology and proceses used in the practical part. I see the benefit of my work in the practical suggestions for the changes. If they are implemented correctly, the physical security of the organization will be of high quality.
43
Тимошенко, Є. М. "Технічний захист інформації на підприємстві". Thesis, Чернігів, 2021. http://ir.stu.cn.ua/123456789/24855.
Full textAbstract:
Тимошенко, Є. М. Технічний захист інформації на підприємстві : випускна кваліфікаційна робота : 125 "Кібербезпека" / Є. М. Тимошенко ; керівник роботи М. А. Синенко ; НУ "Чернігівська політехніка", кафедра кібербезпеки та математичного моделювання . – Чернігів, 2021. – 88 с.<br>Мета роботи: розробити технічну систему захисту інформації на типовому підприємстві що підвищить рівень її захисту.
Об’єкт дослідження: Технічний захист інформації на підприємстві.
Предмет дослідження: системи технічного захисту інформації.
Методи дослідження: В процесі дослідження був застосований комплекс методів, до якого входять діалектичний метод пізнання, статистичний метод, методи аналізу і синтезу. Використання цих методів дозволило провести аналіз особливостей сучасних систем технічного захисту інформації, їх недоліків та способів їх усунення та розробити систему технічного захисту підприємства.
Результати та новизна: розроблена система технічного захисту типового підприємства яка б включала в себе заходи щодо технічного захисту інформації, систему контролю та управління доступом та технічну систему відеоспостереження.<br>Purpose: to develop a technical system of information protection at a typical enterprise that will increase the level of its protection.
Object of research: Technical protection of information at the enterprise.
Subject of research: information security systems.
Research methods: In the process of research a set of methods was used, which includes the dialectical method of cognition, statistical method, methods of analysis and synthesis. The use of these methods allowed to analyze the features of modern systems of technical protection of information, their shortcomings and ways to eliminate them and to develop a system of technical protection of the enterprise.
Results and novelty: a system of technical protection of a typical enterprise was developed, which would include measures for technical protection of information, access control and management system and technical system of video surveillance.
44
Сович, Вікторія Іванівна. "Оцінювання ризиків складних організаційно-технічних систем за вимогами ДСТУ ISO 31010". Магістерська робота, Київський національний університет технологій та дизайну, 2021. https://er.knutd.edu.ua/handle/123456789/19547.
Full textAbstract:
Дипломна магістерська робота присвячена питанням щодо оцінювання ризиків та безпеки складних організаційно-технічних систем з урахуванням чинної нормативно-правової документації, зокрема міжнародних стандартів ДСТУ ISO 31010. В роботі проаналізовано терміни щодо визначення поняття ризик і запропоновано трактувати "ризик" як результат невизначеності завдань, які охоплюють події, що можуть відбутися, а можуть не відбутися та привести до несприятливих ситуацій або наслідків. Доведено, що рівень невизначеності обумовлюється неясністю чи неточністю інформації щодо ризику, джерел, подій та наслідків. Система нормування ризиків повинна базуватися на єдності методологічних підходів та уніфікації методів нормування. В роботі запропоновано методи аналізу ризику поділити на детерміновані, ймовірнісно-статистичні, комбіновані та ті, що застосовуються в умовах невизначеності нестохастичної природи. Складна організаційно-технічна система являє собою ієрархічний людино-машинний комплекс, який в процесі функціонування реалізує його властивості щодо досягнення мети для якої його було створено. Для оцінювання безпеки СОТС розроблена схема, яка враховує перелік властивостей та числові значення, які отримані шляхом вимірювання, випробування підрахунку. Такий підхід дозволяє з достатнім ступенем достовірності організувати безпеку СОТС. Для валідації ймовірнисного аналізу ризику розроблено загальну схему, яка включає в себе такі складові: планування аналізу, моделювання аварій (небезпеки), підрахунок наслідків аварії, документування, ідентифікацію небезпеки, підрахунок ймовірності аварії, підрахунок ризику, заходи щодо зниження рівня ризику. Для прийняття рішень щодо зменшення ризиків запропоновано застосовувати низку міжнародних стандартів, зокрема ISO 9001, ISO 31000, ISO 37120, ДСТУ ISO/IEC 25000 тощо. Для оцінювання ідентифікації ризиків розроблено покроковий алгоритм, в основу якого покладено вимоги ДСТУ ISO 31010.<br>The paper analyzes the terms for defining the concept of risk and proposes to interpret "risk" as a result of uncertainty of tasks that cover events that may or may not occur and lead to adverse situations or consequences. It is proven that the level of uncertainty is due to ambiguity or inaccuracy of information about risk, sources, events and consequences. The risk rationing system should be based on the unity of methodological approaches and unification of rationing methods. The paper proposes methods of risk analysis to be divided into deterministic, probabilistic-statistical, combined and those used in conditions of uncertainty of non-stochastic nature. A complex organizational and technical system is a hierarchical human-machine complex, which in the process of functioning realizes its properties to achieve the purpose for which it was created. To assess the safety of the WTO, a scheme has been developed that takes into account the list of properties and numerical values obtained by measuring and testing the calculation. This approach allows you to organize the security of the SOTS with a sufficient degree of reliability. To validate probabilistic risk analysis, a general scheme has been developed, which includes the following components: analysis planning, accident modeling (hazards), accident consequence calculation, documentation, hazard identification, accident probability calculation, risk calculation, risk reduction measures. It is proposed to apply a number of international standards, in particular ISO 9001, ISO 31000, ISO 37120, DSTU ISO / IEC 25000, etc., to make decisions on risk reduction. To assess the identification of risks developed a step-by-step algorithm based on the requirements of DSTU ISO 31010.
45
Muzeau, Jean-Pierre. "Modele de l'influence d'imperfections sur la securite des structures metalliques en comportement non lineaire : comparaison de reglements internationaux." Clermont-Ferrand 2, 1987. http://www.theses.fr/1987CLF2E378.
Full textAbstract:
Developpement d'un modele elasto-plastique geometriquement non lineaire, permettant d'evaluer les efforts internes et les deplacements d'une structure aussi pour les grandes deformations (rotules plastiques, instabilite). Comparaison de l'influence sur un indice conventionnel de la securite de divers types d'imperfections, avec application au cas d'un poteau bi-articule susceptible de flamber et au cas d'un portique a deux etages; etude de l'homogeneite des regles europeennes, britanniques et francaises en particulier, canadiennes et americaines
46
Shackelford, Philip Clayton. "On the Wings of the Wind: The United States Air Force Security Service and Its Impact on Signals Intelligence in the Cold War." Kent State University Honors College / OhioLINK, 2014. http://rave.ohiolink.edu/etdc/view?acc_num=ksuhonors1399284818.
Full text
47
Lachenal, Perrine. "Self-défense féminine dans le Caire en révolution : Techniques du genre et jeux de violence." Thesis, Aix-Marseille, 2015. http://www.theses.fr/2015AIXM3005.
Full textAbstract:
Depuis 2011, la révolution égyptienne et ses contrecoups ont suscité au Caire l’émergence d’un véritable marché de la sécurité. Cette thèse est le fruit d'une enquête ethnographique, menée en observation participante, relative à différentes pratiques de défense ayant émergé dans ce cadre. Les cours de self-défense (difā‘a ‘an al-nafs), dont le succès ne cesse de se confirmer dans les quartiers socialement favorisés de la ville du Caire, se trouvent au coeur de cette recherche. Ils y sont envisagés non seulement comme révélateurs, mais aussi comme producteurs d’une culture matérielle et motrice « révolutionnaire », où les bouleversements politiques du moment s’incarnent dans leur dimension émotionnelle, sexuée, sociale et morale. Ces cours réunissent des femmes – mais aussi parfois des hommes – venant faire l’acquisition de techniques de combat afin de se préparer à affronter une agression. La figure du « jeu », permettant d’englober dans l’analyse les différents niveaux de sens des expériences, constitue l’outil théorique avec lequel les interactions observées sont envisagées. La pratique étudiée permet d’appréhender à la fois les transformations des représentations et des pratiques liées à la violence, ainsi que les recompositions des rapports sociaux de classe et de sexe dans la société égyptienne contemporaine. En rendant apparentes la dimension technique du rapport au pouvoir des individus ainsi que les modalités – socialement et sexuellement situées – de production des catégories « légitime » et « illégitime » dans l’énonciation de la violence, la self-défense s’impose comme un objet d’étude privilégié pour participer à une anthropologie de la révolution égyptienne<br>This thesis is the result of an ethnographic study conducted between 2011 and 2012, primarily through participant observation, on certain defense practices that have emerged in recent years in Egypt and contributed to a "revolutionary" security market. Self-defense classes (difā‘a ‘an al-nafs), the popularity of which has continued to grow since 2011 in socially affluent districts of Cairo, are at the heart of this research. The dissertation conceives of self-defense trainings as not only revealing but also producing "revolutionary" physical and technical repertoires in which the emotional, gendered, social and moral dimensions of the period's political upheavals are embodied. Women – but sometimes also men – come to the self-defense classes to acquire combat skills such as throwing kicks and punches, learning to face aggressors using specific objects and bodily techniques. The notion of "play" is used as a theoretical tool for drawing together and analyzing the different levels of meaning of the paradoxical experiences observed in these classes. The ethnography allows for a better understanding of the evolution of urban sociability, the transformation of representations and uses of violence, and the reconfiguration of gender and class relations in contemporary Egyptian society. By making visible the technical dimension of how individuals deal with power and the socially and sexually situated modalities by which categories such as "legitimacy" and "illegitimacy" are produced with respect to violence, self-defense constitutes an valuable vantage point from which to contribute to an anthropology of the Egyptian revolution
48
Сідлецький, Є. В. "Комплексна система захисту інформації автоматизованої системи 3 класу системи електронного документообігу центру надання адміністративних послуг". Thesis, Чернігів, 2021. http://ir.stu.cn.ua/123456789/24977.
Full textAbstract:
Сідлецький, Є. В. Комплексна система захисту інформації автоматизованої системи 3 класу системи електронного документообігу центру надання адміністративних послуг : випускна кваліфікаційна робота : 123 "Комп’ютерна інженерія" / Є. В. Сідлецький ; керівник роботи А. І. Роговенко ; НУ "Чернігівська політехніка", кафедра інформаційних і комп’ютерних систем. – Чернігів, 2021. – 83 с.<br>Методи дослідження: аналіз структури, інформаційних ресурсів, режиму конфіденційності, системи захисту сутності конфіденційної діяльності установи.
Результати та новизна: було створено систему комплексну систему захисту інформації автоматизованої системи 3 класу системи електронного документообігу центру надання адміністративних послуг. Розроблено основи захисту інформації, а саме: проведенно обстеження середовища функціонування; сутність конфіденційної діяльності, організація роботи персоналу, кадрова політика; визначено загрози інформаційній безпеці, основні вимоги, принципи та концептуальних положень комплексної системи захисту інформації; розроблено політику інформаційної безпеки, організовано службу безпеки, розроблено інструкції користувачу та адміністратору.
Галузь застосування: система розроблена для центру надання адміністративних послуг для впровадження системи електронного документообігу.
49
Penteado, Marco Antonio de Barros. "Uma avaliação estatística da análise gráfica no mercado de ações brasileiro à luz da teoria dos mercados eficientes e das finanças comportamentais." Universidade de São Paulo, 2003. http://www.teses.usp.br/teses/disponiveis/12/12139/tde-03032009-103053/.
Full textAbstract:
Partindo dos conceitos estabelecidos pela Hipótese dos Mercados Eficientes (HME), a qual questiona a validade da Análise Gráfica, e considerando as críticas feitas à HME pelos defensores das assim chamadas Finanças Comportamentais, e outros, este estudo procurou detectar a existência de uma relação entre os sinais gráficos observados no dia-a-dia do mercado de ações brasileiro e as tendências que lhes sucedem, durante um período de 8 anos, para um número de papéis. Os resultados obtidos neste trabalho evidenciam a existência de tal relação, sugerindo a validade da utilização da Análise Gráfica como instrumento para a previsão de preços no mercado de ações brasileiro, no período considerado.<br>Based on the principles established by the Efficient Market Hypothesis (EMH), which argues that the Technical Analysis is of no value in order to predict future prices of securities, and considering the criticism to the EMH by the advocates of the so called Behavioral Finance, and others, this work tried to detect the existence of a relationship between the graphic signals observed day by day in the Brazilian stock market and the trends which happen after these signals, within a period of 8 years, for a number of securities. The results obtained from this study offer evidence of the existence of such relationship, suggesting the validity of the Technical Analysis as an instrument to predict security prices in the Brazilian stock market within that period.
50
Котляров, В. О. "Удосконалення нормативного забезпечення виготовлення упаковки для кормів домашніх тварин. Розробка технічних умов". Master's thesis, Сумський державний університет, 2018. http://essuir.sumdu.edu.ua/handle/123456789/72540.
Full textAbstract:
Кваліфікаційна робота магістра становить 108 сторінок, в тому числі один малюнок, чотири таблиці, бібліографії з 99 джерела на п'яти сторінках.
Мета роботи полягає в нормативному забезпеченні випуску продукції ТОВ «Гуала Кложерс Україна» - плівка багатошарова на основі поліетилену шляхом розробки технічних умов.
Для досягнення поставленої мети вирішені наступні приватні задачі.
1. Дослідити ринок виробництва кормів для домашніх тварин.
2. Дослідити вимог до упаковки товарів.
3. Розробка технічних умов на упаковку для кормів.
Об’єктом дослідження є упаковка для кормів, що виготовляється на ТОВ «Гуала Кложерс Україна».
Предметом дослідження є нормативне забезпечення виробництва упаковки для кормів, яка виготовляється на ТОВ «Гуала Кложерс Україна».
Наукова новизна роботи. В роботі отримало подальший застосування методів стандартизації та технічного регулювання в частині використання для розробки нормативного забезпечення випуску плівки багатошарової на основі поліетилену, виробленої на ТОВ «Гуала Кложерс Україна».
Практична значення отриманих результатів. В роботі розроблено проект технічних умов «Плівка багатошарова на основі поліетилену» ТУ У 25.2-14022407-008: 201_ для упаковки кормів для домашінх тварин, виробленої на ТОВ «Гуала Кложерс Україна».<br>Квалификационная работа магистра составляет 108 страниц, в том числе один рисунок, четыре таблицы, библиографии из 99 источника на пяти страницах.
Цель работы состоит в нормативном обеспечении выпуска продукции ООО «Гуала Кложерс Украина» - пленка многослойная на основе полиэтилена путем разработки технических условий.
Для достижения поставленной цели решены следующие частные задачи.
1. Исследовать рынок производства кормов для домашних животных.
2. Исследовать требований к упаковке товаров.
3. Разработка технических условий на упаковку для кормов.
Объектом исследования является упаковка для кормов, изготавливаемая на ООО «Гуала Кложерс Украина».
Предметом исследования являются нормативное обеспечение производства упаковки для кормов, которая изготавливается на ООО «Гуала Кложерс Украина».
Научная новизна работы. В работе получило дальнейшее применение методов стандартизации и технического регулирования в части использования для разработки нормативного обеспечения выпуска пленки многослойной на основе полиэтилена, производимой на ООО «Гуала Кложерс Украина».
Практическая значение полученных результатов. В работе разработан проект технических условий «Пленка многослойная на основе полиэтилена» ТУ У 25.2-14022407-008:201_ для упаковки кормов для домашинх животных, производимой на ООО «Гуала Кложерс Украина».<br>The master's qualification work is 108 pages, including one drawing, four tables, bibliographies from 99 sources on five pages.
The purpose of the work is to ensure the regulatory output of LLC Guala Klogers Ukraine - a multilayer film based on polyethylene through the development of technical conditions.
To achieve this goal solved the following particular problems.
1. Investigate the pet food market.
2. Investigate the requirements for the packaging of goods.
3. Development of packaging specifications for feed.
The object of the study is the packaging for feed, manufactured by LLC "Guala Klogers Ukraine".
The subject of the research is the regulatory support for the production of packaging for feed, which is manufactured at Guala Klozhers Ukraine LLC.
Scientific novelty of the work. The work has received further application of methods of standardization and technical regulation in terms of use for the development of regulatory support for the production of multilayer films based on polyethylene produced by LLC Guala Klogers Ukraine.
The practical significance of the results. A draft technical specification “Multilayer film based on polyethylene” was developed in accordance with TU U 25.2-14022407-008: 201_ for the packaging of feed for domestic animals produced by Guala Klogers Ukraine LLC.