835 resultados para Security.
Resumo:
The number of security violations is increasing and a security breach could have irreversible impacts to business. There are several ways to improve organization security, but some of them may be difficult to comprehend. This thesis demystifies threat modeling as part of secure system development. Threat modeling enables developers to reveal previously undetected security issues from computer systems. It offers a structured approach for organizations to find and address threats against vulnerabilities. When implemented correctly threat modeling will reduce the amount of defects and malicious attempts against the target environment. In this thesis Microsoft Security Development Lifecycle (SDL) is introduced as an effective methodology for reducing defects in the target system. SDL is traditionally meant to be used in software development, principles can be however partially adapted to IT-infrastructure development. Microsoft threat modeling methodology is an important part of SDL and it is utilized in this thesis to find threats from the Acme Corporation’s factory environment. Acme Corporation is used as a pseudonym for a company providing high-technology consumer electronics. Target for threat modeling is the IT-infrastructure of factory’s manufacturing execution system. Microsoft threat modeling methodology utilizes STRIDE –mnemonic and data flow diagrams to find threats. Threat modeling in this thesis returned results that were important for the organization. Acme Corporation now has more comprehensive understanding concerning IT-infrastructure of the manufacturing execution system. On top of vulnerability related results threat modeling provided coherent views of the target system. Subject matter experts from different areas can now agree upon functions and dependencies of the target system. Threat modeling was recognized as a useful activity for improving security.
Resumo:
Finnish Defence Studies is published under the auspices of the National Defence College, and the contributions reflect the fields of research and teaching of the College. Finnish Defence Studies will occasionally feature documentation on Finnish Security Policy. Views expressed are those of the authors and do not necessarily imply endorsement by the National Defence College.
Resumo:
The vast majority of our contemporary society owns a mobile phone, which has resulted in a dramatic rise in the amount of networked computers in recent years. Security issues in the computers have followed the same trend and nearly everyone is now affected by such issues. How could the situation be improved? For software engineers, an obvious answer is to build computer software with security in mind. A problem with building software with security is how to define secure software or how to measure security. This thesis divides the problem into three research questions. First, how can we measure the security of software? Second, what types of tools are available for measuring security? And finally, what do these tools reveal about the security of software? Measuring tools of these kind are commonly called metrics. This thesis is focused on the perspective of software engineers in the software design phase. Focus on the design phase means that code level semantics or programming language specifics are not discussed in this work. Organizational policy, management issues or software development process are also out of the scope. The first two research problems were studied using a literature review while the third was studied using a case study research. The target of the case study was a Java based email server called Apache James, which had details from its changelog and security issues available and the source code was accessible. The research revealed that there is a consensus in the terminology on software security. Security verification activities are commonly divided into evaluation and assurance. The focus of this work was in assurance, which means to verify one’s own work. There are 34 metrics available for security measurements, of which five are evaluation metrics and 29 are assurance metrics. We found, however, that the general quality of these metrics was not good. Only three metrics in the design category passed the inspection criteria and could be used in the case study. The metrics claim to give quantitative information on the security of the software, but in practice they were limited to evaluating different versions of the same software. Apart from being relative, the metrics were unable to detect security issues or point out problems in the design. Furthermore, interpreting the metrics’ results was difficult. In conclusion, the general state of the software security metrics leaves a lot to be desired. The metrics studied had both theoretical and practical issues, and are not suitable for daily engineering workflows. The metrics studied provided a basis for further research, since they pointed out areas where the security metrics were necessary to improve whether verification of security from the design was desired.
Resumo:
The Finnish legislation requires for a safe and secure learning environment. However, the comprehensive, risk based safety and security management (SSM) and the management commitment in the implementation and development of the SSM are not mentioned in the legislation. Multiple institutions, operators and researchers have studied and developed safety and security in educational institutions over the past decade. Typically the approach has been fragmented and without bringing up the importance of the comprehensive SSM. The development needs of the safety and security operations in universities have been studied. However, in universities of applied sciences (UASs) and in elementary schools (ESs), the performance level, strengths and weaknesses of the comprehensive SSM have not been studied. The objective of this study was to develop the comprehensive, risk based SSM of educational institutions by developing the new Asteri consultative auditing process and study its effects on auditees. Furthermore, the performance level in the comprehensive SSM in UASs and ESs were studied using Asteri and the TUTOR model developed by the Keski-Uusimaa Department for Rescue Services. In addition, strengths, development needs and differences were identified. In total, 76 educational institutions were audited between the years 2011 and 2014. The study is based on logical empiricism, and an observational applied research design was used. Auditing, observation and an electronic survey were used for data collection. Statistical analysis was used to analyze the collected information. In addition, thematic analysis was used to analyze the development areas of the organizations mentioned by the respondents in the survey. As one of the main contributions, this research presents the new Asteri consultative auditing process. Organizations with low performance levels on the audited subject benefit the most from the Asteri consultative auditing process. Asteri may be usable in many different types of audits, not only in SSM audits. As a new result, this study provides new knowledge on attitudes related to auditing. According to the research findings, auditing may generate negative attitudes and the auditor should take them into account when planning and preparing for audits. Negative attitudes can be compensated by producing added value, objectivity and positivity for the audit and, thus, improve the positive effects of auditing on knowledge and skills. Moreover, as the results of this study shows, auditing safety and security issues do not increase feelings of insecurity, but rather increase feelings of safety and security when using the new Asteri consultative auditing process with the TUTOR model. The results showed that the SSM in the audited UASs was statistically significantly more advanced than that in the audited ESs. However, there is still room for improvement in the ESs and the UASs as the approach to the SSM was fragmented. It can be assumed that the majority of Finnish UASs and ESs do not likely meet the basic level of the comprehensive, risk based the SSM.
Resumo:
An 1897 receipt from the Security, Loan & Savings Company to the Grand Central Hotel Co. for $15.00
Resumo:
During the 1980's and for much of the 1990's, many countries in the Asia Pacific were renowned for their economic development and prosperity. The Asian tigers were a source of great interest for many economists and international investors. The 1997 Asian financial crisis, however, dramatically altered the growth and the performance of these economies. The crisis sent several ofAsia's best performing economies on a downward spiral from which many have yet to fully recover. The crisis exposed the financial and the political weaknesses ofmany countries in the region. Moreover, the crisis severely affected the wellbeing and the security ofmany ofthe region's citizens. This text will examine the economic crisis in greater detail and explore current debates in the study of international relations theory. More specifically, this paper will examine recent challenges posed to traditional international relations theory and address alternative approaches to this field of study. This paper will examine Critical theory and its role in shifting the referent object of security from the state to the individual. In this context, this paper will also assess Critical theory's role in enabling such issues as gender and human security to find a place on the agendas of international relations scholars and foreign policy makers. The central focus ofthis study will be the financial crisis and its impact on human security in the Southeast Asia. Furthermore, this paper will assess the recovery efforts ofthe domestic governments, international organizations and various Canadian sponsored initiatives in the context ofhuman security.
Resumo:
Failed and fragile states that result from intrastate war pose severe threats to the security of both the international system and individual states alike. In the post-Cold War era, the international community has come to recognize the reality of these threats and the difficulty involved in ending violence and building sustainable peace in failed and fragile states. This work focuses upon the development of a comprehensive strategy for sustainable peace-building by incorporating the tenets of the human security doctrine into the peace-building process. Through the use of case studies of The Former Yugoslav Republic of Macedonia and East Timor, the development and refinement of the doctrine of human security will occur, as well as, an understanding of how and where human security fits into the sustainable peace-building equation. The end result of the analysis is the development of a hierarchical pyramid formation that brings together human security and peace-building into one framework that ultimately creates the foundation and structure of sustainable peace-building. With the development of a sustainable peace-building structure based upon the human security doctrine, the role of Canada in the support of sustainable peace-building is analyzed in relation to the form and level of involvement that Canada undertakes and contributes to in the implementation and support of sustainable peace-building initiatives. Following from this, recommendations are provided regarding what role(s) Canada should undertake in the sustainable peace-building process that take into consideration the present and likely future capabilities of Canada to be involved in various aspects of the peace-building process. ii This paper outlines the need for a peace-building strategy that is designed to be sustainable in order that failed and fragile states resulting from intrastate conflict do not regress or collapse back into a condition of civil war, and subsequently designs such a strategy. The linking of peace-building and human security creates the required framework from which sustainable peace-building is derived. Creating sustainable peace is necessary in order to increase the likelihood that both present and future generations existing in failed and fragile states will be spared from the scourge of intrastate war.
