To see the other types of publications on this topic, follow the link: Strategic cybersecurity.
Dissertations / Theses on the topic 'Strategic cybersecurity'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 27 dissertations / theses for your research on the topic 'Strategic cybersecurity.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Cho, Yiseul. "Strategic philanthropy for cyber security : an extended cost-benefit analysis framework to study cybersecurity." Thesis, Massachusetts Institute of Technology, 2012. http://hdl.handle.net/1721.1/72880.
Full textAbstract:
Thesis (S.M. in Technology and Policy)-- Massachusetts Institute of Technology, Engineering Systems Division, Technology and Policy Program, 2012.Cataloged from PDF version of thesis.
Includes bibliographical references (p. 74-79).
The international climate of cyber security is dramatically changing and thus unpredictable. As such, agile yet sustainable solutions are needed, along with an effective and a pragmatic evaluation framework to assess and demonstrate the value and efficacy of international development collaboration. Currently, no mature frameworks are available for evaluating such non-conventional, new, and complex international activities as they exist today, and thus this study aims to provide an innovative and pragmatic approach to study cybersecurity. This study recognizes the lack of institutionalized solutions, and aims to provide a novel framework with which to evaluate emerging solutions. In particular, this study evaluates the effectiveness of international development activities and public-private partnerships as a way to improve cyber security. Guided by literature on strategic philanthropy and international development, this study develops an extended cost-benefit analysis framework and applies it to an in-depth case study of a Korean security agency, its Computer Emergency Response Team (CERT.) This newly extended framework can be used for assessing international programs and activities aimed at improving cyber security, where the costs and benefits are not restricted by traditional boundaries. Unlike conventional approaches, this study explicitly includes three additional critical aspects, which are neglected in the conventional cost benefit analysis framework: 1) synergic effect (such as public-private partnership), 2) indirect impact, and 3) shared value. An in-depth case study with field interviews and technology reviews was conducted to test the applicability of this extended framework. Based on the application to the case of the international development activities of the Korean CERT, this study presents two findings. First, private companies can benefit from participating in government-led international development programs. Second, international development activities are effective solutions to improving global and local cyber security. Repeated applications of this framework to other cases will further assess the generalizability of the framework. Cumulated evidence from evaluating the effectiveness of international development activities will also inform the development of future activities for establishing partnerships of strategic philanthropy to improve cyber security.
by Yiseul Cho.
S.M.in Technology and Policy
2
Dahlquist, Kyla N. "Strategic Protection of Vital U.S. Assets Abroad: Intellectual Property Protection in the Trans-Pacific Partnership." University of Cincinnati / OhioLINK, 2014. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1408709770.
Full text
3
Arowolo, Olatunji Mujib. "Strategic Cyber-Risk Implications of Cloud Technology Adoption in the U.S. Financial Services Sector." ScholarWorks, 2017. https://scholarworks.waldenu.edu/dissertations/4347.
Full textAbstract:
According to research, the risks of adopting new technology and the technological and organizational factors that influence adopting it are not clear. Thus, many financial institutions have hesitated to adopt cloud-computing. The purpose of this quantitative, cross-sectional study was to evaluate the cyber-risk implications of cloud-computing adoption in the U.S. financial services sector. The study examined 6 technological and organizational factors: organization size, relative advantage, compliance, security, compatibility, and complexity within the context of cyber-risk. Using a combination of diffusion of innovation theory and technology-organization-environment framework as the foundation, a predictive cybersecurity model was developed to determine the factors that influence the intent to adopt cloud-computing in this sector. A random sample of 118 IT and business leaders from the U.S. financial services sector was used. Multiple regression analysis indicated that there were significant relationships between the intent to adopt cloud-computing by the leaders of financial organizations and only 2 of the 6 independent variables: compliance risk and compatibility risk. The predictive cybersecurity model proposed in this study could help close the gaps in understanding the factors that influence decisions to adopt cloud-computing. Once the rate of cloud-computing adoption increases, this study could yield social change in operational efficiency and cost improvement for both U.S. financial organizations and their consumers.
4
Pierce, Adam O. "Exploring the Cybersecurity Hiring Gap." ScholarWorks, 2016. https://scholarworks.waldenu.edu/dissertations/3198.
Full textAbstract:
Cybersecurity is one of the fastest growing segments of information technology. The Commonwealth of Virginia has 30,000 cyber-related jobs open because of the lack of skilled candidates. The study is necessary because some business managers lack strategies for hiring cybersecurity professionals for U.S. Department of Defense (DoD) contracts. The purpose of this case study was to explore strategies business managers in DoD contracting companies used to fill cybersecurity positions. The conceptual framework used for this study was the organizational learning theory. A purposeful sample of 8 successful business managers with cybersecurity responsibilities working for U.S. DoD contracting companies that successfully hired cybersecurity professionals in Hampton Roads, VA participated in the study. Data collection included semistructured interviews and a review of job postings from the companies represented by the participants. Coding, content, and thematic analysis were the methods used to analyze data. Within-methods triangulation was used to add accuracy to the analysis. At the conclusion of the data analysis, two main themes emerged: maintaining contractual requirements and a strong recruiting process. Contractual requirements guided how hiring managers hired cybersecurity personnel and executed the contract. A strong hiring process added efficiency to the hiring process. The findings of the study may contribute to positive social change by encouraging the recruitment and retention of cybersecurity professionals. Skilled cybersecurity professionals may safeguard businesses and society from Internet crime, thereby encouraging the safe exchange and containment of data.
5
Saber, Jennifer. "Determining Small Business Cybersecurity Strategies to Prevent Data Breaches." ScholarWorks, 2016. https://scholarworks.waldenu.edu/dissertations/4991.
Full textAbstract:
Cybercrime is one of the quickest growing areas of criminality. Criminals abuse the speed, accessibility, and privacy of the Internet to commit diverse crimes involving data and identity theft that cause severe damage to victims worldwide. Many small businesses do not have the financial and technological means to protect their systems from cyberattack, making them vulnerable to data breaches. This exploratory multiple case study, grounded in systems thinking theory and routine activities theory, encompassed an investigation of cybersecurity strategies used by 5 small business leaders in Middlesex County, Massachusetts. The data collection process involved open-ended online questionnaires, semistructured face-to-face interviews, and review of company documents. Based on methodological triangulation of the data sources and inductive analysis, 3 emergent themes identified are policy, training, and technology. Key findings include having a specific goal and tactical approach when creating small business cybersecurity strategies and arming employees with cybersecurity training to increase their awareness of security compliance. Recommendations include small business use of cloud computing to remove the burden of protecting data on their own, thus making it unnecessary to house corporate servers. The study has implications for positive social change because small business leaders may apply the findings to decrease personal information leakage, resulting from data breaches, which affects the livelihood of individuals or companies if disclosure of their data occurs.
6
Siltanen, Ella. "Whose Responsibility is Cybersecurity? : A Comparative Qualitative Content Analysis of Discourses in the EU’s Cybersecurity Strategies 2013-2020." Thesis, Malmö universitet, Institutionen för globala politiska studier (GPS), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:mau:diva-45956.
Full textAbstract:
Cybersecurity is an increasingly important topic to all actors from the private individuals to international institutions. The borderless nature of the internet has however made it more difficult for nation states to take care of their own security and institutions like the EU are also coping with the difficulties of defending themselves from attacks that can affect practically any part of the system and cause wide-spread damage. The EU has tried to address these issues by publishing strategies to improve the cybersecurity of the Union and its Member States. This thesis studies the discourse that is used by the Union in its strategies from 2013 and 2020. This is done to determine how the EU portrays each level, the national, institutional, or private and how responsible they are for the cybersecurity in the Union and to see how this discourse has changed in the previous few years. The theoretical framework of the thesis consists of neofunctionalism and historical institutionalism which are used to explain the direction of the development of the EU’s discourse. The study is conducted using critical discourse analysis and qualitative content analysis. The findings of the analysis suggest that there is noticeable shift to the EU taking more responsibility and actions to ensure its cybersecurity. Similarly it seems remarkable how the importance of the private sector seems to have diminished in the newer discourse.
7
Walters, Iva. "Strategies for Recruiting Cybersecurity Professionals in the Financial Service Industry." ScholarWorks, 2017. https://scholarworks.waldenu.edu/dissertations/3964.
Full textAbstract:
The cybersecurity market is the fastest growing market in the United States; as such, leaders in financial institutions recognize their businesses are vulnerable, as money is accessible within computerized banking systems. The purpose of this multiple case study was to explore what strategies financial service leaders- use to recruit cybersecurity professionals. The conceptual framework for this study was the hierarchy of needs and stakeholder management theory. Data collection involved company archival documents and semistructured, open-ended interviews with 5 financial service leaders in the Midlands area of South Carolina who recruited skilled cybersecurity professionals to support long-term business sustainability. Coding, clustering, and theme development evolved through coding key words and actions, drawing ideas together into clusters, and evolving the prominent ideas into themes. During data analysis, the theoretical propositions underwent a sequential process, which included coding the data by hand. The use of member checking and methodological triangulation increased the trustworthiness of the study. Analysis revealed 3 themes: increased training, broadened social networking, and improved communication. Financial service leaders can use training to educate and recruit new cybersecurity professionals. Also, findings suggest the need for training to improve social networking and communicate as a team to increase profitability. The findings from this study may contribute to social change by helping business owners recruit skilled professionals to prevent or reduce cybersecurity threats.
8
Rawass, Johnny Fadel. "Cybersecurity Strategies to Protect Information Systems in Small Financial Institutions." ScholarWorks, 2019. https://scholarworks.waldenu.edu/dissertations/7183.
Full textAbstract:
Leaders of financial institutions face challenges in protecting data because of the increased use of computer networks in the commerce and governance aspects of their businesses. The purpose of this single case study was to explore the strategies that leaders of a small financial institution used to protect information systems from cyber threats. The actor-network theory was the conceptual framework for this study. Data were collected through face-to-face, semistructured interviews with 5 leaders of a small financial institution in Qatar and a review of company documents relevant to information security, cybersecurity, and risk management. Using thematic analysis and Yin's 5-step data analysis process, the 4 emergent key theme strategies were information security management, cybersecurity policy, risk management, and organizational strategy. The findings of this study indicate that leaders of financial institutions protect their information systems from cyber threats by effectively managing information security practices; developing robust cybersecurity policies; identifying, assessing, and mitigating cybersecurity risks; and implementing a holistic organizational strategy. The protection of information systems through reductions in cyber threats can improve organizational business practices. Leaders of financial institutions might use the findings of this study to affect positive social change by decreasing data breaches, safeguarding consumers' confidential information, and reducing the risks and costs of consumer identity theft.
9
Nguyen, Hai Vu. "Cybersecurity Strategies for Universities With Bring Your Own Device Programs." ScholarWorks, 2019. https://scholarworks.waldenu.edu/dissertations/7887.
Full textAbstract:
The bring your own device (BYOD) phenomenon has proliferated, making its way into different business and educational sectors and enabling multiple vectors of attack and vulnerability to protected data. The purpose of this multiple-case study was to explore the strategies information technology (IT) security professionals working in a university setting use to secure an environment to support BYOD in a university system. The study population was comprised of IT security professionals from the University of California campuses currently managing a network environment for at least 2 years where BYOD has been implemented. Protection motivation theory was the study's conceptual framework. The data collection process included interviews with 10 IT security professionals and the gathering of publicly-accessible documents retrieved from the Internet (n = 59). Data collected from the interviews and member checking were triangulated with the publicly-accessible documents to identify major themes. Thematic analysis with the aid of NVivo 12 Plus was used to identify 4 themes: the ubiquity of BYOD in higher education, accessibility strategies for mobile devices, the effectiveness of BYOD strategies that minimize risk, and IT security professionals' tasks include identifying and implementing network security strategies. The study's implications for positive social change include increasing the number of users informed about cybersecurity and comfortable with defending their networks against foreign and domestic threats to information security and privacy. These changes may mitigate and reduce the spread of malware and viruses and improve overall cybersecurity in BYOD-enabled organizations.
10
Galán, Carlos Manuel, and Cordero Carlos Galán. "Public cybersecurity as guarantee of the exercise of rights." Derecho & Sociedad, 2017. http://repositorio.pucp.edu.pe/index/handle/123456789/117704.
Full textAbstract:
The development of fundamental human rights contained in the texts of the Universal Declarations and the Constitutions of democratic states requires that information systems that support its exercise are permanently operational. However, this need is constantly violated by many cyberattacks that, in the heart of the matter, seek to undermine the free exercise of such rights. It is in this environment where public cybersecurity, understood as the set of legal regulations, methods, procedures and tools, finds its reason for being and is configured as the only appropriate means of ensuring social coexistence in accordance with the principles of the Rule of Law.
11
Kang, Johan, and Sebastian Westskytte. "Diffusion of Cybersecurity Technology - Next Generation, Powered by Artificial Intelligence." Thesis, KTH, Industriell ekonomi och organisation (Inst.), 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-246027.
Full textAbstract:
The cyber world is growing as more information is converted from analogue to digital form. While convenience has been the main driver for this change little effort has been made on securing the data. Data breaches are growing in number and each breach is growing in severity. Combined with regulatory pressure organizations are starting to realize the importance of security. The increased threat level is also driving the security market for more potent solutions and artificial intelligence (AI) have in recent years been implemented to enhance the capabilities of security technologies. The thesis aims to investigate the adoption of AI enabled cybersecurity technologies within the financial industry which is often perceived as the market leader regarding security. Using a qualitative method through a multiple case study, valuable insights were gained regarding how firms are working with security and what needs they have. To identify factors that influence the rate of diffusion of AI enabled security technologies the diffusion of innovation theory combined with the TOE framework was used in this study. The thesis has contributed to the field of innovation management by enriching an area within IT innovation management by bridging the gap between security innovation and AI innovation. The study revealed that environmental factors, such as regulations and threat landscape, are forcing organizations to take action and control both how organizations work with security but also what technological attributes are perceived as advantageous. Detection and automation are two technological attributes that the companies are looking for to fill their needs. AI solutions are already being implemented to increase detection and automation we believe that the rate of adoption for AI enabled security innovation will only continue to grow. The results and findings contribute to an expanded understanding on the factors that affect adoption of AI security innovations within the financial industry.Den digitala världen fortsätter att växa eftersom mer information omvandlas från analog till digital form. Medan bekvämlighet har varit den viktigaste drivkraften för denna förändring, så har lite ansträngning gjorts för att säkra upp den data som företagen besitter. Dataintrången växer i antal, och varje ny incident får allvarligare konsekvenser än den förra. Detta faktum kombinerat med strängare regelverk har fått företagen att inse vikten av att säkra sin miljö. Den förstärkta hotbilden driver också säkerhetsmarknaden framåt med nya lösningar, och artificiell intelligens (AI) har under de senaste åren i allt större utsträckning implementerats i säkerhetslösningar för att förstärka skyddet. Uppsatsens syfte är att undersöka spridningen av AI-säkerhetsinnovationer inom finansbranschen, som ofta uppfattas som marknadsledande när det gäller säkerhet. Med hjälp av en kvalitativ metod genom en fallstudie på tre företag erhölls värdefulla insikter om hur företagen arbetar med säkerhet och vilka behov de har. För att identifiera faktorer som påverkar spridningshastigheten för AI-säkerhetslösningar användes ”diffusion of innovation”-teorin i kombination med TOE-ramverket i denna studie. Uppsatsen har bidragit till innovation management-området genom att berika ett område inom IT-innovation genom att brygga mellan säkerhetsinnovation och AI-innovation. Studien visade att miljöfaktorer, såsom regelverk och hotbild, kontrollerar både hur organisationer arbetar med säkerhet och vilka tekniska egenskaper som uppfattas som fördelaktiga. Detektion och automatisering är två tekniska egenskaper som företagen har stora behov av. AI-lösningar implementeras redan för att öka de egenskaperna. Vi argumenterar för att, utifrån de behoven som företagen har kombinerat med miljöfaktorerna, kommer spridningstakten att öka för AI-säkerhetsinnovation.
12
Chomyšyn, Maxim. "Dopad bezpečnosti IIoT na proaktivní údržbu firemních aktiv." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2020. http://www.nusl.cz/ntk/nusl-417807.
Full textAbstract:
This work examines possible safety risks associated with the operation of IIoT technologies in industrial production. The content of this document is an analysis of used IIoT technologies, their purpose and method of implementation into production processes and the company's technology strategy. The outcome of this analysis will serve to develop possible risk scenarios and their associated impacts. Finally, I recommend possible changes that either eliminate these risks completely or at least minimize them.
13
Smith, Shirley Denise. "Strategies to Reduce the Fiscal Impact of Cyberattacks." ScholarWorks, 2019. https://scholarworks.waldenu.edu/dissertations/7510.
Full textAbstract:
A single cyberattack event involving 1 major corporation can cause severe business and social devastation. In this single case study, a major U.S. airline company was selected for exploration of the strategies information technology administrators and airline managers implemented to reduce the financial devastation that may be caused by a cyberattack. Seven participants, of whom 4 were airline managers and 3 were IT administrators, whose primary responsibility included implementation of strategies to plan for and respond to cyberattacks participated in the data collection process. This study was grounded on the general systems theory. Data collection entailed semistructured face-to-face and telephone interviews and collection and review of public documents. The data analysis process of this study involved the use of Yin's 5-step process of compiling, disassembling, reassembling, interpreting, and concluding, which provided a detailed analysis of the emerging themes. The findings produced results that identified strategies organizational managers and administrators of a U.S. airline implemented to reduce the fiscal influence of cyberattacks, such as proactive plans for education and training, active management, and an incident response plan. The findings of this study might affect social change by offering all individuals a perspective on creating effective cyberculture. An understanding of cyberculture could include the focus of a heightened understanding, whereby, to ensure the security of sensitive or privileged data and information and of key assets, thus, reducing the fiscal devastation that may be caused by cyberattacks.
14
Ulmer, Kathrin [Verfasser], and Ortwin [Akademischer Betreuer] Renn. "Cyber risks and cybersecurity : risk communication and regulation strategies in the United States and Germany / Kathrin Ulmer ; Betreuer: Ortwin Renn." Stuttgart : Universitätsbibliothek der Universität Stuttgart, 2021. http://d-nb.info/1232727911/34.
Full text
15
Isaacs, Julien(Julien Dylan). "Digital expansionism : exploring the U.S.-China technology dynamic through cybersecurity policy and international marketing strategies in the Cloud Computing Sector." Thesis, Massachusetts Institute of Technology, 2019. https://hdl.handle.net/1721.1/122125.
Full textAbstract:
Thesis: S.M. in Management Studies, Massachusetts Institute of Technology, Sloan School of Management, 2019Cataloged from PDF version of thesis.
Includes bibliographical references (pages 86-94).
The U.S. and China remain largely separated from one another in terms of technological market access, with both sides implementing policy regimes serving as official or unofficial barriers to international trade, especially evident in data-sensitive industries, such as cloud computing. The result is a very low market share for American cloud computing providers in China, and vice-versa. This paper explores the U.S.-China dynamic insofar as government policy and action are concerned, the U.S. and China markets, and private enterprise's response and strategy in the cloud computing industry, which is notable not only given its value, $278.3 billion worldwide by 2021, but also its central position in the flow of global data.' The paper arrives at a number of conclusions. Firstly, given China's techno-nationalist policy regime, U.S. cloud computing firms, and by extension, all U.S. technology companies, will face increasingly limited market share and opportunity in China. Conversely, Chinese cloud computing providers, and by extension Chinese technology products, in general, may be able to successfully garner market share in the U.S. by offering innovative products with little to no substitutes, for which Americans will potentially waive their data privacy concerns in order to access (which may lead to unintended consequences). Lastly, the U.S. and China should work together to form, articulate and implement cybersecurity and data norms, enhancing international cooperation on a government and private enterprise level, effectively removing international trade barriers and promoting and enhancing market access. Cooperation, however, remains a challenge, given the differing policy objectives of the U.S. and China.
by Julien Isaacs.
S.M. in Management Studies
S.M.inManagementStudies Massachusetts Institute of Technology, Sloan School of Management
16
Sulanová, Monika. "Strategie pro rozvoj vzdělávání v oblasti bezpečnosti ICT na vysokých školách." Master's thesis, Vysoká škola ekonomická v Praze, 2017. http://www.nusl.cz/ntk/nusl-358805.
Full textAbstract:
The thesis deals with the problems of education in ICT security experts at universities in order to design a strategy for the development of education in present degree courses that dealing with this issue. The theoretical part focuses on the definition of ICT security and to familiarize the reader with the basic concepts of information security management and management of cyber security and gives an overview of the overall development of ICT security and the current trends in this area. It also describes the current situation on the labor market in relation to ICT security and the education of professionals in this field and characterizes the existing recommendations for education in ICT security. Practical part focuses on analyzing the current education ic ICT security and on analyzing the knowledge and skills requirements of the labor market to professionals in this area. Defines the basic professional role and knowledge domains that should be covered by this role. In the analytical part they are evaluated current profiles of graduates Master's degree programs focused on this area in order to find gaps in the knowledge base of graduates based on the requirements of the labor market and the existing recommendations. The results of the analysis are input to define a strategy on education in ICT security, which gives basic recommendations on how to eliminate the shortcomings.
17
Anuebunwa, Ugonna R. "Behavioural Demand Response for Future Smart Homes: Investigation of Demand Response Strategies for Future Smart Homes that Account for Consumer Comfort, Behaviour and Cybersecurity." Thesis, University of Bradford, 2018. http://hdl.handle.net/10454/17359.
Full textAbstract:
Smart metering and precise measurement of energy consumption levels have brought more detailed information and interest on the actual load profile of a house which continues to improve consumer-retailer relationships. Participation in demand response (DR) programs is one of these relationships but studies have shown that there are considerable impacts resulting to some level of discomfort on consumers as they aim to follow a suggested load profile. This research therefore investigates the impact on consumers while participating in DR programs by evaluating various perspectives that includes:
Modelling the causes discomfort during participation in DR programs;
Evaluation of user participation capabilities in DR programs;
Identification of schedulable and non-schedulable loads and opportunities;
Application of load scheduling mechanism which caters for specific user concerns.
Investigation towards ensuring a secure and robust system design.
The key source of information that enhances this work is obtained from data on historical user behavior which can be stored within a smart controller installed in the home and optimised using genetic algorithm implemented on MATLAB. Results show that user participation in DR programs can be improved and effectively managed if the challenges facing home owners are adequately understood. This is the key contribution of this work whereby load schedules created are specifically tailored to meet the need of the users hence minimizing the impact of discomfort experienced due to participation in DR programs.
Finally as part of the test for robustness of the system design in order to prevent or minimize the impact of any event of a successful cyber-attack on the load or price profiles, this work includes means to managing any such attacks thereby mitigating the impact of such attacks on users who participate in demand response programs. Solutions to these attacks are also proffered with the aim of increasing robustness of the grid by being sufficiently proactive.
18
Okoye, Stella Ifeyinwa. "Strategies to Minimize the Effects of Information Security Threats on Business Performance." Thesis, Walden University, 2017. http://pqdtopen.proquest.com/#viewpdf?dispub=10606454.
Full textAbstract:
Business leaders in Nigeria are concerned about the high rates of business failure and economic loss from security incidents and may not understand strategies for reducing the effects of information security threats on business performance. Guided by general systems theory and transformational leadership theory, the focus of this exploratory multiple case study was to explore the strategies small and medium-sized enterprise (SME) leaders use to minimize the effects of information security threats on business performance. Semistructured interviews were conducted with 5 SME leaders who worked in SME firms that support oil and gas industry sector in Port Harcourt, Nigeria, had a minimum of 2 years experience in a leadership role, and had demonstrable strategies for minimizing the effects of information security threats in a SME. The thematic analysis of the interview transcripts revealed 10 strategies for reducing the effects of information security threats: network security, physical security, strong password policy, antivirus protection and software update, information security policy, security education training and awareness, network security monitoring and audit, intrusion detection, data backup, and people management. The findings may contribute to social change by providing SME leaders with more insight about strategies to minimize the effects of information security threats on business performance. The improved business performance can increase the flow of funds into the local economy and allow community leaders to provide social services to residents.
19
Izagirre, Mikel. "Deception strategies for web application security: application-layer approaches and a testing platform." Thesis, Luleå tekniska universitet, Institutionen för system- och rymdteknik, 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-64419.
Full textAbstract:
The popularity of the internet has made the use of web applications ubiquitous and essential to the daily lives of people, businesses and governments. Web servers and web applications are commonly used to handle tasks and data that can be critical and highly valuable, making them a very attractive target for attackers and a vector for successful attacks that are aimed at the application layer. Existing misuse and anomaly-based detection and prevention techniques fail to cope with the volume and sophistication of new attacks that are continuously appearing, which suggests that there is a need to provide new additional layers of protection. This work aims to design a new layer of defense based on deception that is employed in the context of web application-layer traffic with the purpose of detecting and preventing attacks. The proposed design is composed of five deception strategies: Deceptive Comments, Deceptive Request Parameters, Deceptive Session Cookies, Deceptive Status Codes and Deceptive JavaScript. The strategies were implemented as a software artifact and their performance evaluated in a testing environment using a custom test script, the OWASP ZAP penetration testing tool and two vulnerable web applications. Deceptive Parameter strategy obtained the best security performance results, followed by Deceptive Comments and Deceptive Status Codes. Deceptive Cookies and Deceptive JavaScript got the poorest security performance results since OWASP ZAP was unable to detect and use deceptive elements generated by these strategies. Operational performance results showed that the deception artifact could successfully be implemented and integrated with existing web applications without changing their source code and adding a low operational overhead.
20
Senate, University of Arizona Faculty. "Faculty Senate Minutes February 6, 2017." University of Arizona Faculty Senate (Tucson, AZ), 2017. http://hdl.handle.net/10150/622775.
Full text
21
Lopes, Carvalho Viana André. "NATO and Offensive Cybersecurity: A Strategic Analysis." Master's thesis, 2018. http://www.nusl.cz/ntk/nusl-387165.
Full textAbstract:
This thesis presents a strategic analysis on the possibility of use of offensive cyber capabilities by NATO in its defensive efforts. There is a vast array of academic literature regarding the strategic value of the use of offensive capabilities in cybersecurity, and NATO's cyber posture, however, there is little available regarding the relationship between both. Through the use of tools borrowed from Strategic Studies, this thesis attempts to determine whether it is possible to formulate valid cybersecurity strategies for the use of offensive cyber capabilities from the combination of known academic concepts with current NATO capabilities. The thesis also analyzes the possible implications of using such strategies as well as the underlying causes of their potential success or failure. Viana, André Lopes C. NATO and Offensive Cybersecurity: A Strategic Analysis, [number of pages]p. Master Thesis. Charles University, Faculty of Social Sciences, Institute of Political Studies. Supervisor PhDr. Vít Střítecký, M.Phil., Ph.D.
22
Onumo, Aristotle, Andrea J. Cullen, and Irfan U. Awan. "Empirical study of cultural dimensions and cybersecurity development." 2017. http://hdl.handle.net/10454/12442.
Full textAbstract:
yesThis study seeks to investigate how the development of e-government services impacts on cybersecurity. The study uses the methods of correlation and multiple regression to analyse two sets of global data, the e-government development index of the 2015 United Nations e-government survey and the 2015 Inter-national Telecommunication Union global cybersecurity develop-ment index (GCI 2015). After analysing the various contextual factors affecting e-government development , the study found that, various composite measures of e-government development are significantly correlated with cybersecurity development. The therefore study contributes to the understanding of the relation-ship between e-government and cybersecurity development. The authors developed a model to highlight this relationship and have validated the model using empirical data. This is expected to provide guidance on specific dimensions of e-government services that will stimulate the development of cybersecurity. The study provided the basis for understanding the patterns in cybersecurity development and has implication for policy makers in developing trust and confidence for the adoption e-government services.
National Information Technology Development Agency, Nigeria.
23
(5929946), James E. Lerums. "Measuring the State of Indiana's Cybersecurity." Thesis, 2019.
Find full textAbstract:
This dissertation introduces a scorecard to enable the State of Indiana to measure the cybersecurity of its public and private critical infrastructure and key resource sector organizations. The scorecard was designed to be non-threatening and understandable so that even small organizations without cybersecurity expertise can voluntarily self-asses their cybersecurity strength and weaknesses. The scorecard was also intended to enable organizations to learn, so that they may identify and self-correct their cybersecurity vulnerabilities. The scorecard provided quantifiable feedback to enable organizations to benchmark their initial status and measure their future progress.
Using the scorecard, the Indiana Executive Council for Cybersecurity launched a Pilot to measure cybersecurity of large, medium, and small organizations across eleven critical infrastructure and key resources sectors. This dissertation presents the analysis and results from scorecard data provided by the Pilot group of 56 organizations. The cybersecurity scorecard developed as part of this dissertation has been included in the Indiana Cybersecurity Strategy Plan published September 21, 2018.
24
Rajan, R., Nripendra P. Rana, N. Parameswar, S. Dhir, Sushil, and Y. K. Dwivedi. "Developing a modified total interpretive structural model (M-TISM) for organizational strategic cybersecurity management." 2021. http://hdl.handle.net/10454/18482.
Full textAbstract:
yesCybersecurity is a serious issue that many organizations face these days. Therefore, cybersecurity management is very important for any organization. Organizations should learn to deal with these cyber threats through effective management across all business functions. The main purpose of this study is to identify the factors that affect cybersecurity within an organization and analyze relationships among these factors. The modified total interpretive structural modeling (M-TISM) technique is used to build a hierarchical model and define the common interactions between the factors. This study presents the impact of collaboration, training, resources and capabilities, information flow, technology awareness, and technological infrastructure on effective cybersecurity management. In addition, the study also explains the interrelationships among the identified factors in the M-TISM model.
The full text will be available at the end of the publisher's embargo: 20th July 2022
25
Persoglia, Davide. "Between Defence and Offence: An Analysis Of The US "Cyber Strategic Culture"." Master's thesis, 2018. http://www.nusl.cz/ntk/nusl-388122.
Full textAbstract:
The present thesis deals with the US strategic approach and posture to cybersecurity from a national point of view. On such a topic much has been written already, nonetheless the present work finds a degree of originality by tackling such object of analysis shifting the focus to a ideational perspective. By drawing insights from the meta-theory of Constructivism and the rich research tradition on strategic culture, the present thesis aims at understanding what kind of norms seem to be informing/mirroring what has been labelled the US "cyber strategic culture", and if it is possible to speak of a "shift", or at least track an evolution regarding them, in a historical timeframe that runs from the early 2000s up to the present days. To pursue the stated research agenda, a methodology grounded in discourse and thematic analysis is utilised, with an analytical framework centred around two opposite "thematic normative categories" (themes) called "defensiveness" and "offensiveness", each characterised by a "story" made up by three sub-themes, delineating specific strategic behaviours. A set of official strategies, all tackling cybersecurity and published during the mentioned timeframe by both the White House and the military, form the primary sources to which such methodology is applied, with particular...
26
Jandura, Lukáš. "Možnosti zlepšení strategií pro kybernetickou bezpečnost." Master's thesis, 2016. http://www.nusl.cz/ntk/nusl-344663.
Full textAbstract:
The thesis is focused on central nodes' dynamics in cyberspace, representing its key elements. This approach is derived from the theory of networks developed by Albert-László Barabási and applied on different aspects of cyberspace, which brings different views at known events and issues and discovers relationship between central and common nodes. Cyberspace is perceived in its broadest shape as a fluid result of social constructivism influenced by behaviour of its users. Final outcomes are summarised to recommendations for a new approach to a cybersecurity strategy. Powered by TCPDF (www.tcpdf.org)
27
Magina, Matilde Rodrigues Ribeiro. "O Instituto da Defesa Nacional como Centro de Pensamento Estratégico na sensibilização pública para a Cibersegurança." Master's thesis, 2019. http://hdl.handle.net/10362/91706.
Full textAbstract:
A volatilidade do mundo em que se vive implica a constante adaptação dos conceitos de defesa e segurança, levando à criação de novas políticas que vão de encontro aos desafios que surgem.
O Instituto da Defesa Nacional como principal centro de pensamento estratégico nacional afigura-se como ator de relevo para a sensibilização e consciencialização da sociedade face às matérias em destaque.
O interesse na realização de um estágio curricular nesta entidade surgiu devido à vontade de combinar os conhecimentos teóricos obtidos no 1º ano da componente letiva de Mestrado com uma experiência de cariz prático. A escolha recaiu sobre o IDN por se considerar ser uma das principais plataformas a nível nacional em termos de investigação, trazendo assim um conjunto de experiências que seriam em muito valorizadas.
O presente relatório é o produto de sete meses de estágio, entre setembro de 2018 e março de 2019 e constituirá o elemento de avaliação para a conclusão do Mestrado em Ciência Política e Relações Internacionais. Nele apresentam-se todas as atividades participadas, contendo numa fase inicial a apresentação da instituição de estágio e dando especial destaque à área da Cibersegurança pela notoriedade que possui atualmente.The volatility of the world in which we live implies constant changes in the concepts of defense and security leading to the creation of new policies that meet the challenges that arise. The National Defense Institute as the main center for national strategic thinking appears to be a major player in its role of raising awareness in society. The interest in conducting a curricular internship in this entity arose due to the desire to combine the theoretical knowledge obtained in the 1st year of the Master's teaching component with a practical experience. The choice fell on IDN as it is considered to be one of the main national research platforms, thus bringing a set of experiences that would be highly valued. This report is the product of seven months of internship, between September 2018 and March 2019 and will be the evaluation element for the conclusion of the Masters in Political Science and International Relations. It presents all the activities participated, containing in an initial phase the presentation of the internship institution and giving special emphasis to the area of Cybersecurity due to its importance.