Página 1 dos resultados de 10122 itens digitais encontrados em 0.031 segundos

Information systems security policies: a survey in Portuguese public administration

Lopes, Isabel Maria; Sá-Soares, Filipe
Fonte: IADIS International Conference Information Systems. 2010 Publicador: IADIS International Conference Information Systems. 2010
Tipo: Conferência ou Objeto de Conferência
Português
Relevância na Pesquisa
55.98%
Information Systems Security is a relevant factor for present organizations. Among the security measures, policies assume a central role in literature. However, there is a reduced number of empirical studies about the adoption of information systems security policies. This paper contributes to mitigate this flaw by presenting the results of a survey in the adoption of Information System Security Policies in Local Public Administration in Portugal. The results are discussed in light of literature and future works are identified with the aim of enabling the adoption of security policies in Public Administration.

Projeto de estruturas de comunicação intrachip baseadas em NoC que implementam serviços de QoS e segurança.; Design of NoC-Based communication structure that implements Quality and Security services

Sepúlveda Flórez, Martha Johanna
Fonte: Biblioteca Digitais de Teses e Dissertações da USP Publicador: Biblioteca Digitais de Teses e Dissertações da USP
Tipo: Tese de Doutorado Formato: application/pdf
Publicado em 27/07/2011 Português
Relevância na Pesquisa
46.15%
Os atuais sistemas eletrônicos desenvolvidos na forma de SoCs (Sistemas-sobre-Silício) são caracterizados pelo incremento de informação crítica que é capturada, armazenada e processada. Com a introdução dos SoCs nos sistemas distribuídos que promovem o compartilhamento dos recursos, a segurança vem se transformando num requisito de projeto extremamente importante. Os atuais SoCs são alvo de ataques. O desafio consiste em projetar um SoC seguro que satisfaça os requisitos de segurança e desempenho, próprios para cada aplicação. A estrutura de comunicação está se tornando o coração do SoC. Esta possui um impacto significativo no desempenho do sistema. A inclusão de serviços de segurança na estrutura de comunicação é vantajosa devido à sua capacidade de: 1) monitorar a informação transmitida; 2) detectar violações; 3) bloquear ataques; e 4) fornecer informações para diagnóstico e ativação de mecanismos de recuperação e defesa. O presente trabalho propõe a implementação do conceito de QoSS (Qualidade do Serviço de Segurança) no projeto da estrutura de comunicação baseada em redes intrachip (NoCs, Network-on-Chip). QoSS permite a inclusão da segurança como uma dimensão de QoS (Quality-of-Sevice)...

Uma análise do DNSSEC : serviço de nomes seguro; An Analysis of DNSSEC: service security names

Carboni, Alessandro
Fonte: Universidade Federal do Rio Grande do Sul Publicador: Universidade Federal do Rio Grande do Sul
Tipo: Trabalho de Conclusão de Curso Formato: application/pdf
Português
Relevância na Pesquisa
46.08%
O objetivo do trabalho é dar uma pequena introdução ao uso de DNSSEC (Domain Name System Security Extensions) e ajudar a entender como a sua utilização pode ajudar a atenuar um dos diversos problemas de segurança que enfrentam os administradores de redes de grandes, médias e pequenas organizações. Como todo serviço de rede é suscetível a falha, a segurança com que as informações que trafegam pelos canais de comunicação entre as empresas e os clientes exigem que cada vez mais procedimentos sejam adotados, a fim de garantir a autenticidade das informações desde o seu início até o termino do processo. O que DNSSEC propõem é uma maior segurança no sistema de resolução de nomes, reduzindo o risco da manipulação dos dados e domínios forjados. Baseado na tecnologia de criptografia que emprega assinatura, o DNSSEC utiliza um sistema de chaves assimétricas em sua tecnologia de trabalho. A sua utilização vem crescendo vertiginosamente no último ano e isso leva a acreditar que poderá até mesmo ser a referência utilizada para resolução de nomes, visto que, no estágio atual, a certificação pelo nome usando o DNS (Domain Name System) é altamente insegura. A RFC 2065 (Request For Comments) é a referência para quem for aprofundar mais o assunto e leva a demais bibliografias que servem de fundamentação ao tema.; The objective is to give a short introduction to the use of DNSSEC (Domain Name System Security Extensions) and help understand how its use can help alleviate one of several security problems faced by administrators of networks of large...

Design de interação visando segurança em sistemas de computação; Interaction design aiming security in computer systems

Moura, Dionatan de Souza
Fonte: Universidade Federal do Rio Grande do Sul Publicador: Universidade Federal do Rio Grande do Sul
Tipo: Trabalho de Conclusão de Curso Formato: application/pdf
Português
Relevância na Pesquisa
46.06%
Com o alto crescimento do uso de sistemas de computação para diversos tipos de tarefas, a necessidade de segurança desses sistemas aumentou na mesma proporção. No contexto de software, segurança é a área que estuda diversas formas de proteger tais dados e informações contra o acesso não autorizado, bem como contra ações inseguras de usuários. Embora existam muitos procedimentos que podem ser realizados durante o desenvolvimento para aumentar a segurança do sistema sendo desenvolvido, uma possibilidade nem sempre levada em conta é a melhoria da interação do usuário com o sistema. Neste trabalho discutiremos por que a interação do usuário no sistema é relevante para a segurança do sistema e deve ser considerada no desenvolvimento de software de qualidade, onde segurança é um fator-chave. Este trabalho descreve os princípios de design de interação visando segurança de sistemas de computação através de fatores e critérios de usabilidade. Cada princípio é descrito e posteriormente exemplificado para um melhor entendimento. Esses princípios formam um conjunto de recomendações que visam auxiliar o processo de design de interação de sistemas com foco nos aspectos relacionados à segurança do software...

Information systems security policies : a survey in portuguese public administration

Lopes, Isabel Maria; Soares, Filipe de Sá
Fonte: IADIS Press Publicador: IADIS Press
Tipo: Conferência ou Objeto de Conferência
Publicado em //2010 Português
Relevância na Pesquisa
56.04%
Information Systems Security is a relevant factor for present organizations. Among the security measures, policies assume a central role in literature. However, there is a reduced number of empirical studies about the adoption of information systems security policies. This paper contributes to mitigate this flaw by presenting the results of a survey in the adoption of Information System Security Policies in Local Public Administration in Portugal. The results are discussed in light of literature and future works are identified with the aim of enabling the adoption of security policies in Public Administration.

Designing security into software

Zhang, Chang Tony
Fonte: Massachusetts Institute of Technology Publicador: Massachusetts Institute of Technology
Tipo: Tese de Doutorado Formato: 96 p.; 4555630 bytes; 4560535 bytes; application/pdf; application/pdf
Português
Relevância na Pesquisa
46.06%
When people talk about software security, they usually refer to security applications such as antivirus software, firewalls and intrusion detection systems. There is little emphasis on the security in the software itself. Therefore the thesis sets out to investigate if we can develop secure software in the first place. It first starts with a survey of the software security field, including the definition of software security, its current state and the research having been carried out in this aspect. Then the development processes of two products known for their security: Microsoft IIS 6.0 and Apache HTTP Web Server are examined. Although their approaches to tackle security are seemingly quite different, the analysis and comparisons identify they share a common framework to address the software security problem - designing security early into the software development lifecycle. In the end the thesis gives recommendations as to how to design security into software development process based upon the principles from the research and the actual practices from the two cases. Finally it describes other remaining open issues in this field.; by Chang Tony Zhang.; Thesis (S.M.)--Massachusetts Institute of Technology, System Design and Management Program...

Liberia Public Expenditure Review Note : Meeting the Challenges of the UNMIL Security Transition

World Bank; United Nations Mission in Liberia
Fonte: World Bank, Washington, DC Publicador: World Bank, Washington, DC
Português
Relevância na Pesquisa
46.07%
A history of poor governance culminated in nearly fifteen years (1989-2003) of brutal conflict that destroyed lives, key institutions and infrastructure, and brought the Liberian economy to a halt. The origins of the conflict were rooted in the marginalization and/or exclusion over many years of a large part of the Liberian population from political power and the economic wealth flowing from the country s substantial natural resources. The new government articulated a broad vision of a peaceful, secure, and prosperous Liberia as described in lift Liberia-the country s first poverty reduction strategy. During this period, Liberia made good progress as the economy recovered and growth was sustained, especially in the urban areas. This was supported by macroeconomic stability characterized by low inflation, essentially balanced budgets, and a significant reduction in external debt as well as significant inflows of foreign direct investment to the agriculture and mining sectors. A second democratic election took place in October 2011 with a run-off in November that led to victory for the incumbent party...

Review of Cost of Compliance with the New International Freight Transport Security Requirements : Consolidated Report of the Investigations Carried Out in Ports in the Africa, Europe and Central Asia, and Latin America and Caribbean Regions

Kruk, C. Bert; Donner, Michel Luc
Fonte: World Bank, Washington, DC Publicador: World Bank, Washington, DC
Português
Relevância na Pesquisa
46.15%
Without transport there is no economic development and, in a reciprocal conclusion, the more efficient transport is, the better is the development. Bearing in mind that more than 90 percent of the world trade in tons per year is transported by sea and against the background of increasing ship sizes (especially in the container trade) and continuously growing globalization, the requirements for adequate and secure port facilities and the resulting logistics challenges are accelerating worldwide. The International Ship and Port Facility Security Code (ISPS code) is a comprehensive set of measures to enhance the security of ships and port facilities and came into force on the July 1, 2004. The ISPS code is implemented through chapter XI-2 special measures to enhance maritime security in the International Convention for the Safety of Life at Sea (SOLAS). The code has two parts, one mandatory (part A) and one recommendatory (part B). Compliance is mandatory for the 148 contracting parties to SOLAS; detailed implementation of the code is a matter for the individual national governments. The introduction of the ISPS Code has led to many questions and misunderstandings. The code does not...

Use of Evaluation Criteria in Security Education

Nguyen, Thuy D.; Irvine, Cynthia E.
Fonte: International Conference on Information Warfare and Security (ICIW 2008), April 2008, Omaha, Nebraska, USA Publicador: International Conference on Information Warfare and Security (ICIW 2008), April 2008, Omaha, Nebraska, USA
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
46.1%
Success in information warfare will depend on resilient, reconstitutable cyber assets and the ability to assess and respond to attacks. A cornerstone of this success will be the ability of Information Assurance professionals to develop sound security requirements and determine the suitability of evaluated security products for mission-specific systems. Recognizing the pedagogical value of applying security evaluation criteria such as the Common Criteria (CC) to information security education, we recently introduced a graduate-level Computer Science course focusing on methodical security requirements engineering based on the CC. This course aims to provide students with an understanding of how security evaluation criteria can be used to specify system security objectives, derive security requirements from security objectives, establish life cycle and development processes, and provide an organizational framework for research and development. Although imperfect, the paradigmatic process of the CC provides a usable framework for in-depth study of various tasks relating to system requirements derivation and verification activities: system requirements elicitation, threat analysis, security objectives definition and security requirements expression. In-class discussions address fundamental security design principles and disciplines for information and software assurance (e.g....

Entropy and self-organization—an open system approach to the origins of homeland security threats

Dobson, Thomas Kirwan
Fonte: Monterey, California: Naval Postgraduate School Publicador: Monterey, California: Naval Postgraduate School
Tipo: Tese de Doutorado
Português
Relevância na Pesquisa
46.12%
Approved for public release; distribution is unlimited; This thesis addresses the problem that there is no coherent, unifying paradigm for understanding the origins of homeland security threats. In addition, the thesis asks if the concept of disorder as understood in the dynamics of open, dissipative systems can provide a way of understanding real-world homeland security threats. Ideas from approaches to complex systems based on the idea of dissipative systems were synthesized to create a scalable model of a living social system that imports and exports disorder (entropy) via the transfer of matter, energy, and information. Then, the idea of a dissipative system that exports disorder to its surroundings as it self-organizes was meta-theoretically applied to the processes of self-organization occurring in the world, such as technological advance, population growth, economic growth, and globalization, and can be causally linked to real-world homeland security threats. One conclusion is that, on a descriptive level, the causes of homeland security threats can be modeled as a complex, dissipative system. Another conclusion is that causes of homeland security threats and the means to counter them often lie in complex social, economic, and environmental processes that are well outside the jurisdiction of Department of Homeland Security and the homeland security enterprise...

Aging, Social Security Design, and Capital Accumulation

Dedry, Antoine; Onder, Harun; Pestieau, Pierre
Fonte: World Bank, Washington, DC Publicador: World Bank, Washington, DC
Tipo: Working Paper; Publications & Research :: Policy Research Working Paper; Publications & Research
Português
Relevância na Pesquisa
46.07%
This paper analyzes the impact of aging on capital accumulation and welfare in a country with a sizable unfunded social security system. Using a two-period overlapping generation model with endogenous retirement decisions, the paper shows that the type of aging and the type of unfunded social security system are important in understanding this impact. The analysis compares two types of demographic changes, declining fertility and increasing longevity; three types of pensions, defined contributions, defined benefits, and defined annuities; as well as mandatory and optimal retirement systems to investigate the differences in implications of aging.

National Security Council of Mongolia promoting civil-military relations

Boldbat, Khasbazaryn
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xii, 61 p. : ill. ;
Português
Relevância na Pesquisa
46.04%
Approved for public release; distribution is unlimited; Since the end of the Cold War, Mongolia has enjoyed a new security environment that offers both a genuine opportunity to determine its national security and unavoidable uncertainties that accompany all transitions to democracy. Entering the new environment, the nation faced an urgent necessity to form new policies to meet those uncertainties and establish adequate institutions to implement them. Mongolia, as most small nations with greater vulnerability, sees its security in the greater view of emphasizing its survival in all dimensions with the physical endurance of not being invaded by a military force on the one hand, and survival of its ethnical identity from being assimilated by outnumbered neighbors on the other. Such a broad definition of national security requires participation of all elements of the society in the security process, thus an adequate system able to manage such broad involvement becomes vital. Mongolia has successfully managed to establish a relatively efficient and complex system for national security management. The NSC is the only state institution responsible for the coordination of the nation's effort to ensure its security. However, despite the clear definition of the legal status of the National Security Council provided by legal acts...

The President has no clothes : the case for broader application of Red Teaming within Homeland Security

Nettles, A. Bentley.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xiv, 79 p. ;
Português
Relevância na Pesquisa
46.06%
CHDS State/Local; Approved for public release; distribution is unlimited; Missing in DHS' current gap and vulnerability analysis approach to Red Teaming is the employment of broader decision support Red Teaming-which would provide a strategic assessment tool, assisting the organization in overcoming group thinking and a lack of organizational creativity, while avoiding mirror-imaging. DHS, by broadening its use of Red Teaming, will improve its decisionmaking processes across all levels of homeland security. This research uses a selected case study identifying and challenging assumptions inherent within TSA's security system, analyzing the problem using an alternative model, and looking at the problem from different perspectives. Combined with evidence and analysis from historical examples, this effort is designed to determine whether decision makers can benefit from Red Teams and Red Team fundamental concepts, and whether these concepts will be effective in assisting DHS and its partners in making better decisions. America's Homeland Security System is hampered by bureaucratic challenges. The U.S. government must dramatically re-orient itself. America needs to redefine its homeland security approach into a flexible adaptive system. Understanding the U.S. layers of security...

SITREP: The NPS Maritime Defense and Security Research Program Newsletter ; v.10 (November 2004)

Fonte: Monterey, California. Naval Postgraduate School; Maritime Defense and Security Research Program Publicador: Monterey, California. Naval Postgraduate School; Maritime Defense and Security Research Program
Tipo: Periódico
Português
Relevância na Pesquisa
46.03%
In this issue, the Maritime Domain Protection Task Force announces that it has changed its name and will now be known as the Maritime Domain Protection Research Group (MDP RG). Articles in this issue include: "MDP Research Group Sponsors New Project: MDP Research Group Sponsors New Project: Coalition Operating Area Surveillance and Targeting System Coalition Operating Area Surveillance and Targeting System"; "Systems Engineering and Integration Team Releases 'As Is' MDP Report"; "MDP Graduate Intern Elected President of International Law Enforcement Association"; and "Automating Institutional Knowledge for Maritime Domain Awareness"; SITREP, a monthly e-news brief covering the spectrum of maritime domain defense and security research. SITREP is produced by the Maritime Defense and Security Research Program as part of the National Security Institute—a cooperative research institute whose members include the Naval Postgraduate School, University of California at Santa Barbara, and Lawrence Livermore National Laboratory. The purpose of the Maritime Defense and Security Research program is to conduct, coordinate and collaborate Maritime defense and security research, experimentation, and information exchange between partnership universities; federal...

Collective security as a means for regional stability in Northeast Asia

Park, Changhee
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xx, 240 p.
Português
Relevância na Pesquisa
46.08%
Approved for public release; distribution is unlimited.; This thesis evaluates the applicability of a collective security system to Northeast Asian states as a means for regional stability in the future. The current bilateral security system will not fit with the future security environment because of three coming changes in this region: (1) Korean reunification; (2) a conspicuous reduction of the US security role; and (3) a future confrontational power structure between China and Japan. According to the theoretical perspectives of realists, institutionalists, and constructivists, there should be five conditions for the success for collective security: (1) positive identities, (2) shared interests, (3) institutions to control states' behaviors, (4) information, and (5) interactions between institutions and states. The case studies of the Locarno Pact and NATO confirms this. For the Northeast Asian states, it would be very difficult to form positive identities and share common security interests at present. However, as long as a future balance of power structure is not desirable for regional stability, the Northeast Asian states should set the goal of collective security for their co- prosperity in the future. They can establish a collective security system through the following steps: (1) the settlement of historical and ideological enmities; (2) confidence building; (3) establishment of a Northeast Asian institution for security cooperation; and (4) institutionalization of collective security; http://archive.org/details/collectivesecuri00park; Captain...

The characteristics of user-generated passwords

Sawyer, Darren Antwon
Fonte: Monterey, California: Naval Postgraduate School Publicador: Monterey, California: Naval Postgraduate School
Tipo: Tese de Doutorado Formato: viii, 100 p.
Português
Relevância na Pesquisa
46.04%
Approved for public release; distribution is unlimited.; The most widely used mechanism for access control to information systems is passwords. Passwords can be machine-generated using a list of words stored in a memory bank, machine-generated using a sophisticated algorithm to create a pseudo-random combination of characters or they can be user-generated. User-generated passwords typically take on the characteristics of some type of meaningful detail that is simple in structure and easy to remember. Memorability and security pose a difficult trade-off in password generation. A system security administrator wants passwords that are unpredictable, frequently changed and provide the greatest degree of system security achievable while users want passwords that are simple and easy to remember. When they become difficult to remember they are likely to be written down. Once written down a compromise to security occurs because users tend to store them in insecure places. This thesis looks at user-generated password characteristics. Of particular interest is how password selection, memorability and predictability are affected by the number of characters in a password, the importance and sensitivity of a user's data, a user's work location...

Human factors in Coast Guard Computer Security - an analysis of current awareness and potential techniques to improve security program viability

Whalen, Timothy J.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xxi, 106 p. ; 28 cm.
Português
Relevância na Pesquisa
46.04%
The Coast Guard is becoming increasingly reliant upon our nation's information infrastructure. As such, our ability to ensure the security of those systems is also increasing in import. Traditional information security measures tend to be system-oriented and often fail to address the human element that is critical to system success. In order to ensure information system security, both system and human factors requirements must be addressed. This thesis attempts to identify both the susceptibility of Coast Guard information systems to human factors-based security risks and possible means for increasing user awareness of those risks. This research is meant to aid the Coast Guard in continuing to capitalize on emerging technologies while simultaneously providing a secure information systems environment.; US Coast Guard (USCG) author

A Security Domain Model to Assess Software for Exploitable Covert Channels

Auguston, Mikhail; Levin, Timothy; Shaffer, Alan; Irvine, Cynthia E.
Fonte: Association for Computing Machinery (ACM) Publicador: Association for Computing Machinery (ACM)
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
46.04%
Within a multilevel secure (MLS) system, trusted subjects are granted privileges to perform operations that are not possible by ordinary subjects controlled by mandatory access control (MAC) policy enforcement mechanisms. These subjects are trusted not to conduct malicious activity or degrade system security. We present a formal definition for trusted subject behaviors, which depends upon a representation of information flow and control dependencies generated during a program execution. We describe a security Domain Model (DM) designed in the Alloy specification language for conducting static analysis of programs to identify illicit information flows, access control flaws and covert channel vulnerabilities. The DM is compiled from a representation of a target program, written in an intermediate Implementation Modeling Language (IML), and a specification of the security policy written in Alloy. The Alloy Analyzer tool is used to perform static analysis of the DM to detect potential security policy violations in the target program. In particular, since the operating system upon which the trusted subject runs has limited ability to control its actions, static analysis of trusted subject operations can contribute to the security of the system.

An Explicit Trust Model Towards Better System Security

Creado, Orhio Mark; Srinivasan, Bala; Le, Phu Dung; Tan, Jefferson
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 02/03/2014 Português
Relevância na Pesquisa
55.98%
Trust is an absolute necessity for digital communications; but is often viewed as an implicit singular entity. The use of the internet as the primary vehicle for information exchange has made accountability and verifiability of system code almost obsolete. This paper proposes a novel approach towards enforcing system security by requiring the explicit definition of trust for all operating code. By identifying the various classes and levels of trust required within a computing system; trust is defined as a combination of individual characteristics. Trust is then represented as a calculable metric obtained through the collective enforcement of each of these characteristics to varying degrees. System Security is achieved by facilitating trust to be a constantly evolving aspect for each operating code segment capable of getting stronger or weaker over time.; Comment: 13 pages, 7 figures, The Fourth International Conference on Computer Science and Information Technology, CCSIT 2014

A power system control scheme based on security visualisation in parameter space

Dong, Zhao Yang; Hill, David; Guo, Yi N
Fonte: Elsevier Publicador: Elsevier
Tipo: Artigo de Revista Científica
Português
Relevância na Pesquisa
46.09%
Power system real time security assessment is one of the fundamental modules of the electricity markets. Typically, when a contingency occurs, it is required that security assessment and enhancement module shall be ready for action within about 20 min time to meet the real time requirement. The recent California black out again highlighted the importance of system security. This paper proposed an approach for power system security assessment and enhancement based on the information provided from the pre-defined system parameter space. The proposed scheme opens up an efficient way for real time security assessment and enhancement in a competitive electricity market for single contingency case.