Segurança da informação no correio eletrônico com base na ISO/IEC 17799 :um estudo de caso em uma instituição superior com foco no treinamento

The electronic mail service is one of the most Internet services that grow in the corporate environment. This evolution is bringing several problems for the organizations, especially to information that circulates inside of the corporate net. The lack of correct orientation to the people, about the usage and the security importance of these resources, is leaving breaches and causing misusage and overuse of service, for example. In recent literature, it starts to coming out several ideas, which has helped to rganizations how to plain and how to implement the information security system to the electronic mail in computer environment. However, these ideas are still not placed in practice in many companies, public or private. This dissertation tries to demonstrate the results of a research that has like goal, identify the importance that user training has over the information security policy, through a case study inside of private superior education institute in this state. Besides, this work had by basic orientation the ISO/IEC 17799, which talk about People Security. This study was developed over a proposed model to this research, which looked for offer conditions to guide the institution studied, how to plan better a information security policy to the electronic mail. Also, this research has an exploratory and descreptive nature and your type, qualitative. Firstly, it was applied na questionary to the information technology manager, as better way to get some general data and to deepen the contact which still then, it was being kept through e-mail. Thereupon this first contact, eleven interviews were done with the same manager, beside one interview with twenty-four users, among employees e students. After that to collect and transcript the interviews, were review with the manager all informations given, to correct any mistakes and to update that informations, to then, start the data analyze. The research suggests that the institution has a pro attitude about the information security policy and the electronic mail usage. However, it was clear that answers have their perception about information security under a very inexperient way, derived of a planning lack in relation to training program capable to solve the problem

Transmission network expansion planning in full open market considering security constraints

This paper presents a mathematical model and a methodology to solve the transmission network expansion planning problem with security constraints in full competitive market, assuming that all generation programming plans present in the system operation are known. The methodology let us find an optimal transmission network expansion plan that allows the power system to operate adequately in each one of the generation programming plans specified in the full competitive market case, including a single contingency situation with generation rescheduling using the security (n-1) criterion. In this context, the centralized expansion planning with security constraints and the expansion planning in full competitive market are subsets of the proposal presented in this paper. The model provides a solution using a genetic algorithm designed to efficiently solve the reliable expansion planning in full competitive market. The results obtained for several known systems from the literature show the excellent performance of the proposed methodology.

Kappa-PSO-ARTMAP Fuzzy: uma metodologia para detecção de intrusos baseado em seleção de atributos e otimização de parâmetros numa rede neural ARTMAP Fuzzy

Pós-graduação em Engenharia Elétrica - FEIS

PROFIX: método de avaliação on-line da proficiência digital

Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES)

A Security Framework for Wireless Sensor Networks Utilizing a Unique Session Key

Key management is a core mechanism to ensure the security of applications and network services in wireless sensor networks. It includes two aspects: key distribution and key revocation. Many key management protocols have been specifically designed for wireless sensor networks. However, most of the key management protocols focus on the establishment of the required keys or the removal of the compromised keys. The design of these key management protocols does not consider the support of higher level security applications. When the applications are integrated later in sensor networks, new mechanisms must be designed. In this paper, we propose a security framework, uKeying, for wireless sensor networks. This framework can be easily extended to support many security applications. It includes three components: a security mechanism to provide secrecy for communications in sensor networks, an efficient session key distribution scheme, and a centralized key revocation scheme. The proposed framework does not depend on a specific key distribution scheme and can be used to support many security applications, such as secure group communications. Our analysis shows that the framework is secure, efficient, and extensible. The simulation and results also reveal for the first time that a centralized key revocation scheme can also attain a high efficiency.

Revisiting the Security of the ALRED Design and Two of Its Variants: Marvin and LetterSoup

The ALRED construction is a lightweight strategy for constructing message authentication algorithms from an underlying iterated block cipher. Even though this construction's original analyses show that it is secure against some attacks, the absence of formal security proofs in a strong security model still brings uncertainty on its robustness. In this paper, aiming to give a better understanding of the security level provided by different authentication algorithms based on this design strategy, we formally analyze two ALRED variants-the MARVIN message authentication code and the LETTERSOUP authenticated-encryption scheme,-bounding their security as a function of the attacker's resources and of the underlying cipher's characteristics.

Biofuels Sustainability Certification Schemes: Challenges, Feasibility and Possible Approaches

The focus of this research is to develop and apply an analytical framework for evaluating the effectiveness and practicability of sustainability certification schemes for biofuels, especially in a developing country’s perspective. The main question that drives the research analysis is “Which are the main elements of and how to develop sustainability certification schemes that would be effective and practicable in certifying the contribution of biofuels in meeting the goals Governments and other stakeholders have set up?”. Biofuels have been identified as a promising tool to reach a variety of goals: climate change protection, energy security, agriculture development, and, especially in developing countries, economic development. Once the goals have been identified, and ambitious mandatory targets for biofuels use agreed at national level, concerns have been raised by the scientific community on the negative externalities that biofuels production and use can have at environment, social and economic level. Therefore certification schemes have been recognized as necessary processes to measure these externalities, and examples of such schemes are in effect, or are in a negotiating phase, both at mandatory and voluntary levels. The research focus has emerged by the concern that the ongoing examples are very demanding in terms of compliance, both for those that are subject to certification and those that have to certify, on the quantity and quality of information to be reported. A certification system, for reasons linked to costs, lack of expertise, inadequate infrastructure, absence of an administrative and legislative support, can represent an intensive burden and can act as a serious impediment for the industrial and agriculture development of developing countries, going against the principle of equity and level playing field. While this research recognizes the importance of comprehensiveness and ambition in designing an important tool for the measurement of sustainability effects of biofuels production and use, it stresses the need to focus on the effectiveness and practicability of this tool in measuring the compliance with the goal. This research that falls under the rationale of the Sustainability Science Program housed at Harvard Kennedy School, has as main objective to close the gap between the research and policy makers worlds in the field of sustainability certification schemes for biofuels.

Design, implementation and evaluation of a virtual laboratory for Computer Engineering Education

Broad consensus has been reached within the Education and Cognitive Psychology research communities on the need to center the learning process on experimentation and concrete application of knowledge, rather than on a bare transfer of notions. Several advantages arise from this educational approach, ranging from the reinforce of students learning, to the increased opportunity for a student to gain greater insight into the studied topics, up to the possibility for learners to acquire practical skills and long-lasting proficiency. This is especially true in Engineering education, where integrating conceptual knowledge and practical skills assumes a strategic importance. In this scenario, learners are called to play a primary role. They are actively involved in the construction of their own knowledge, instead of passively receiving it. As a result, traditional, teacher-centered learning environments should be replaced by novel learner-centered solutions. Information and Communication Technologies enable the development of innovative solutions that provide suitable answers to the need for the availability of experimentation supports in educational context. Virtual Laboratories, Adaptive Web-Based Educational Systems and Computer-Supported Collaborative Learning environments can significantly foster different learner-centered instructional strategies, offering the opportunity to enhance personalization, individualization and cooperation. More specifically, they allow students to explore different kinds of materials, to access and compare several information sources, to face real or realistic problems and to work on authentic and multi-facet case studies. In addition, they encourage cooperation among peers and provide support through coached and scaffolded activities aimed at fostering reflection and meta-cognitive reasoning. This dissertation will guide readers within this research field, presenting both the theoretical and applicative results of a research aimed at designing an open, flexible, learner-centered virtual lab for supporting students in learning Information Security.

Challenges of the Cooperative Movement In Addressing Issues of Human Security In the Context of a Neoliberal World: the Case of Argentina

The response of some Argentine workers to the 2001 crisis of neoliberalism gave rise to a movement of worker-recovered enterprises (empresas recuperadas por sus trabajadores or ERTs). The ERTs have emerged as former employees took over the control of generally fraudulently bankrupt factories and enterprises. The analysis of the ERT movement within the neoliberal global capitalist order will draw from William Robinson’s (2004) neo-Gramscian concept of hegemony. The theoretical framework of neo-Gramscian hegemony will be used in exposing the contradictions of capitalism on the global, national, organizational and individual scales and the effects they have on the ERT movement. The ERT movement has demonstrated strong level of resilience, despite the numerous economic, social, political and cultural challenges and limitations it faces as a consequence of the implementation of neoliberalism globally. ERTs have shown that through non-violent protests, democratic principles of management and social inclusion, it is possible to start constructing an alternative social order that is based on the cooperative principles of “honesty, openness, social responsibility and caring for others” (ICA 2007) as opposed to secrecy, exclusiveness, individualism and self-interestedness. In order to meet this “utopian” vision, it is essential to push the limits of the possible within the current social order and broaden the alliance to include the organized members of the working class, such as the members of trade unions, and the unorganized, such as the unemployed and underemployed. Though marginal in number and size, the members of ERTs have given rise to a model that is worth exploring in other countries and regions burdened by the contradictory workings of capitalism. Today, ERTs serve as living proofs that workers too are capable of successfully running businesses, not capitalists alone.

Cholesterol granuloma of the petrous apex: benefit of computer-aided surgery

The following is an analysis of the role of computer aided surgery by infralabyrinthine-subcochlear approach to the petrous apex for cholesterol granulomas with hearing preservation. In a retrospective case review from 1996 to 2008 six patients were analysed in our tertiary referral centre, otorhinolaryngology outpatient clinic. Excellent intraoperative localisation of the carotid artery, facial nerve and the entrance into the cholesterol cyst of the bone by means of the navigation system was seen. Additionally, the operation time decreased from an initial 4 h down to 2 h. The application of computer-aided surgery allows intraoperative monitoring of the position of the tip of the microsurgical instruments in case of a rare disease and in the delicate area of the petrous apex giving a high security level.

A FIREWALL MODEL OF FILE SYSTEM SECURITY

File system security is fundamental to the security of UNIX and Linux systems since in these systems almost everything is in the form of a file. To protect the system files and other sensitive user files from unauthorized accesses, certain security schemes are chosen and used by different organizations in their computer systems. A file system security model provides a formal description of a protection system. Each security model is associated with specified security policies which focus on one or more of the security principles: confidentiality, integrity and availability. The security policy is not only about “who” can access an object, but also about “how” a subject can access an object. To enforce the security policies, each access request is checked against the specified policies to decide whether it is allowed or rejected. The current protection schemes in UNIX/Linux systems focus on the access control. Besides the basic access control scheme of the system itself, which includes permission bits, setuid and seteuid mechanism and the root, there are other protection models, such as Capabilities, Domain Type Enforcement (DTE) and Role-Based Access Control (RBAC), supported and used in certain organizations. These models protect the confidentiality of the data directly. The integrity of the data is protected indirectly by only allowing trusted users to operate on the objects. The access control decisions of these models depend on either the identity of the user or the attributes of the process the user can execute, and the attributes of the objects. Adoption of these sophisticated models has been slow; this is likely due to the enormous complexity of specifying controls over a large file system and the need for system administrators to learn a new paradigm for file protection. We propose a new security model: file system firewall. It is an adoption of the familiar network firewall protection model, used to control the data that flows between networked computers, toward file system protection. This model can support decisions of access control based on any system generated attributes about the access requests, e.g., time of day. The access control decisions are not on one entity, such as the account in traditional discretionary access control or the domain name in DTE. In file system firewall, the access decisions are made upon situations on multiple entities. A situation is programmable with predicates on the attributes of subject, object and the system. File system firewall specifies the appropriate actions on these situations. We implemented the prototype of file system firewall on SUSE Linux. Preliminary results of performance tests on the prototype indicate that the runtime overhead is acceptable. We compared file system firewall with TE in SELinux to show that firewall model can accommodate many other access control models. Finally, we show the ease of use of firewall model. When firewall system is restricted to specified part of the system, all the other resources are not affected. This enables a relatively smooth adoption. This fact and that it is a familiar model to system administrators will facilitate adoption and correct use. The user study we conducted on traditional UNIX access control, SELinux and file system firewall confirmed that. The beginner users found it easier to use and faster to learn then traditional UNIX access control scheme and SELinux.

The German business and information technologies project

The Business and Information Technologies (BIT) project strives to reveal new insights into how modern IT impacts organizational structures and business practices using empirical methods. Due to its international scope, it allows for inter-country comparison of empirical results. Germany — represented by the European School of Management and Technologies (ESMT) and the Institute of Information Systems at Humboldt-Universität zu Berlin — joined the BIT project in 2006. This report presents the result of the first survey conducted in Germany during November–December 2006. The key results are as follows: • The most widely adopted technologies and systems in Germany are websites, wireless hardware and software, groupware/productivity tools, and enterprise resource planning (ERP) systems. The biggest potential for growth exists for collaboration and portal tools, content management systems, business process modelling, and business intelligence applications. A number of technological solutions have not yet been adopted by many organizations but also bear some potential, in particular identity management solutions, Radio Frequency Identification (RFID), biometrics, and third-party authentication and verification. • IT security remains on the top of the agenda for most enterprises: budget spending was increasing in the last 3 years. • The workplace and work requirements are changing. IT is used to monitor employees' performance in Germany, but less heavily compared to the United States (Karmarkar and Mangal, 2007).1 The demand for IT skills is increasing at all corporate levels. Executives are asking for more and better structured information and this, in turn, triggers the appearance of new decision-making tools and online technologies on the market. • The internal organization of companies in Germany is underway: organizations are becoming flatter, even though the trend is not as pronounced as in the United States (Karmarkar and Mangal, 2007), and the geographical scope of their operations is increasing. Modern IT plays an important role in enabling this development, e.g. telecommuting, teleconferencing, and other web-based collaboration formats are becoming increasingly popular in the corporate context. • The degree to which outsourcing is being pursued is quite limited with little change expected. IT services, payroll, and market research are the most widely outsourced business functions. This corresponds to the results from other countries. • Up to now, the adoption of e-business technologies has had a rather limited effect on marketing functions. Companies tend to extract synergies from traditional printed media and on-line advertising. • The adoption of e-business has not had a major impact on marketing capabilities and strategy yet. Traditional methods of customer segmentation are still dominating. The corporate identity of most organizations does not change significantly when going online. • Online sales channel are mainly viewed as a complement to the traditional distribution means. • Technology adoption has caused production and organizational costs to decrease. However, the costs of technology acquisition and maintenance as well as consultancy and internal communication costs have increased.