863 resultados para Information security policy
Resumo:
The text analyses the intelligence activity against Poland in the period 1944-1989. The paper also contains a case study, i.e. an analysis of the American intelligence service activity held against Poland. While examining the research thesis, the author used the documents and analyses prepared by the Ministry of Internal Affairs. In order to best illustrate the point, the author presented a number of cases of persons who spied for the USA, which was possible thanks to the analysis of the training materials of the Ministry of Internal Affairs directed to the officers of the Security Service and the Citizens’ Militia. The text tackles the following issues: (1) to what extent did the character of the socio-political system influence the number of persons convicted for espionage against Poland in the period under examination?, (2) what was the level of interest of the foreign intelligence services in Poland before the year 1990?, (3) is it possible to indicate the specificity of the U.S. intelligence activity against Poland? 1) The analysis of data indicates that the period 1946-1956 witnessed a great number of convictions for espionage, which is often associated with the peculiar political situation in Poland of that time. Up to 1953, the countries of the Eastern bloc had reproduced the Stalin’s system, which only ceased due to the death of Stalin himself. Since then, the communist systems gradually transformed into the system of nomenklatura. Irrespective of these changes, Poland still witnessed a wave of repressions, which resulted from the threats continuously looming over the communist authorities – combating the anti-communist underground movement, fighting with the Ukrainian Insurgent Army, the Polish government-in-exile, possible revisionism of borders, social discontent related to the socio-political reforms. Hence, a great number of convictions for espionage at that time could be ascribed to purely political sentences. Moreover, equally significant was the fact that the then judicial practice was preoccupied assessing negatively any contacts and relations with foreigners. This excessive number of convictions could ensue from other criminal-law provisions, which applied with respect to the crimes against the State, including espionage. What is also important is the fact that in the Stalin’s period the judiciary personnel acquired their skills and qualifications through intensive courses in law with the predominant spirit of the theory of evidence and law by Andrey Vyshinsky. Additionally, by the decree of 1944 the Penal Code of the Polish Armed Forces was introduced; the code envisaged the increase in the number of offences classified as penalised with death penalty, whereas the high treason was subject to the military jurisdiction (the civilians were prosecuted in military courts till 1955; the espionage, however, still stood under the military jurisdiction). In 1946, there was introduced the Decree on particularly dangerous crimes in the period of the State’s recovery, which was later called a Small Penal Code. 2) The interest that foreign intelligence services expressed in relation to Poland was similar to the one they had in all countries of Eastern and Central Europe. In the case of Poland, it should be noted that foreign intelligence services recruited Polish citizens who had previously stayed abroad and after WWII returned to their home country. The services also gathered information from Poles staying in immigrant camps (e.g. in FRG). The activity of the American intelligence service on the territory of FRG and West Berlin played a key role. The documents of the Ministry of Internal Affairs pointed to the global range of this activity, e.g. through the recruitment of Polish sailors in the ports of the Netherlands, Japan, etc. In line with the development in the 1970s, espionage, which had so far concentrated on the defence and strategic sectors, became focused on science and technology of the People’s Republic of Poland. The acquisition of collaborators in academic circles was much easier, as PRL opened to academic exchange. Due to the system of visas, the process of candidate selection for intelligence services (e.g. the American) began in embassies. In the 1980s, the activity of the foreign intelligence services concentrated on the specific political situation in Poland, i.e. the growing significance of the “Solidarity” social movement. 3) The specificity of the American intelligence activity against Poland was related to the composition of the residency staff, which was the largest in comparison to other Western countries. The wide range of these activities can be proved by the quantitative data of convictions for espionage in the years 1944-1984 (however, one has to bear in mind the factors mentioned earlier in the text, which led to the misinterpretation of these data). Analysing the data and the documents prepared by the Ministry of Internal Affairs, one should treat them with caution, as, frequently, the Polish counter-intelligence service used to classify the ordinary diplomatic practice and any contacts with foreigners as espionage threats. It is clearly visible in the language of the training materials concerned with “secret service methods of the intelligence activity” as well as in the documents on operational activities of the Security Service in relation to foreigners. The level of interest the USA had in Poland was mirrored in the classification of diplomatic posts, according to which Warsaw occupied the second place (the so-called Group “B”) on the three-point scale. The CIA experienced spectacular defeats during their activity in Poland: supporting the Polish underground anti-communist organisation Freedom and Independence and the so-called Munich-Berg episode (both cases took place in the 1950s). The text focuses only on selected issues related to the espionage activities against Poland. Similarly, the analysis of the problem has been based on selected sources, which has limited the research scope - however, it was not the aim of the author to present the espionage activity against Poland in a comprehensive way. In order to assess the real threat posed by the espionage activity, one should analyse the case of persons convicted for espionage in the period 1944-1989, as the available quantitative data, mentioned in the text, cannot constitute an explicit benchmark for the scale of espionage activity. The inaccuracies in the interpretation of data and variables, which can affect the evaluation of this phenomenon, have been pointed out in the text.
Resumo:
A new emerging paradigm of Uncertain Risk of Suspicion, Threat and Danger, observed across the field of information security, is described. Based on this paradigm a novel approach to anomaly detection is presented. Our approach is based on a simple yet powerful analogy from the innate part of the human immune system, the Toll-Like Receptors. We argue that such receptors incorporated as part of an anomaly detector enhance the detector’s ability to distinguish normal and anomalous behaviour. In addition we propose that Toll-Like Receptors enable the classification of detected anomalies based on the types of attacks that perpetrate the anomalous behaviour. Classification of such type is either missing in existing literature or is not fit for the purpose of reducing the burden of an administrator of an intrusion detection system. For our model to work, we propose the creation of a taxonomy of the digital Acytota, based on which our receptors are created.
Resumo:
Why do states facing high levels of international threat sometimes have militaries that are heavily involved in politics and at other times relatively apolitical, professional militaries? I argue that the answer to this puzzle lies in a state's history of 'acute' international crises rather than its 'chronic' threat environment. Major international crises lead to professionalization and de-politicization of militaries in both the short- and long-term. International crises underscore the need for the military to defend the state and highlight military deficiencies in this regard. Accordingly, major international crises lead to military professionalization and withdrawal from politics in order to increase military effectiveness. This effect persists years, and decades, later due to generational shifts in the officer corps. As the "Crisis Generation" of officers become generals, they bring with them a preference for professionalization and de-politicization. They guide the military towards abstention from politics. I test this theory using a new global dataset on military officers in national governing bodies from 1964-2008 and find strong support for the theory. Major international crises lead to two waves of military withdrawal from government, years apart. Further statistical analysis finds that this effect is most strongly felt in the non-security areas of governing, while in some cases, international crises may lead to militaries increasing their involvement in security policy-making. Further, international crises that end poorly for a state — i.e., defeats or stalemates — are found to drive more rapid waves of military withdrawal from government. The statistical analysis is supported by a case illustration of civil-military relations in the People's Republic of China, which demonstrates that the crisis of the Korean War (1950-53) led to two waves of military professionalization and de-politicization, decades apart. The first occurred immediately after the war. The second wave, occurring in the 1980s, involved wholesale military withdrawal from governing bodies, which was made possible by the ascent of the "Crisis Generation" of officers in the military, who had served as junior officers in the Korean War, decades prior.
Resumo:
Mestrado em Economia Internacional e Estudos Europeus
Resumo:
No desenvolvimento deste Trabalho de Investigação Aplicada, pretende-se responder à questão: Quais os requisitos necessários a implementar numa base de dados relacional de controlos de segurança da informação para Unidades, Estabelecimentos ou Órgãos militares do Exército Português? Deste modo, para se responder a esta questão central, houve necessidade de subdividir esta em quatro questões derivadas, sendo elas: 1. Quais as principais dimensões de segurança da informação ao nível organizacional? 2. Quais as principais categorias de segurança da informação ao nível organizacional? 3. Quais os principais controlos de segurança da informação a implementar numa organização militar? 4. Quais os requisitos funcionais necessários a implementar numa base de dados de controlos de segurança da informação a implementar numa organização militar? Para responder a estas questões de investigação, este trabalho assenta numa investigação aplicada, com o objetivo de desenvolver uma aplicação prática para os conhecimentos adquiridos, materializando-se assim numa base de dados. Ainda, quanto ao objetivo da investigação, este é descritivo, explicativo e exploratório, uma vez que, tem o objetivo de descrever as principais dimensões, categorias e controlos da segurança da informação, assim como o objetivo de explicar quais são os requisitos funcionais necessários a implementar numa base de dados de controlos de segurança da informação. Por último, tem ainda o objetivo de efetuar um estudo exploratório, comprovando a eficácia da base de dados. Esta investigação assenta no método indutivo, partindo de premissas particulares para chegar a conclusões gerais, isto é, a partir de análise de documentos e de inquéritos por entrevista, identificar-se-ão quais são os requisitos funcionais necessários a implementar, generalizando para todas as Unidades, Estabelecimentos ou Órgãos militares do Exército Português. No que corresponde ao método de procedimentos, usar-se-á o método comparativo, com vista a identificar qual é a norma internacional de gestão de segurança de informação mais indicada a registar na base de dados. Por último, como referido anteriormente, no que concerne às técnicas de investigação, será usado o inquérito por entrevista, identificando os requisitos necessários a implementar, e a análise de documentos, identificando as principais dimensões, categoriasou controlos necessários a implementar numa base de dados de controlos de segurança da informação. Posto isto, numa primeira fase da investigação, através da análise de documentos, percecionam-se as principais dimensões, categorias e controlos de segurança da informação necessários a aplicar nas Unidades, Estabelecimentos ou Órgãos militares do Exército Português, por forma a contribuir para o sucesso na gestão da segurança da informação militar. Ainda, através de entrevistas a especialistas da área de segurança da informação e dos Sistemas de Informação nas unidades militares, identificar-se-ão quais os requisitos funcionais necessários a implementar numa base de dados de controlos de segurança da informação a implementar numa organização militar. Por último, numa segunda fase, através do modelo de desenvolvimento de software em cascata revisto, pretende-se desenvolver uma base de dados relacional, em Microsoft Access, de controlos de segurança da Informação a fim de implementar em Unidades, Estabelecimentos ou Órgãos militares do Exército Português. Posteriormente, após o desenvolvimento da base de dados, pretende-se efetuar um estudo exploratório com vista a validar a mesma, de modo a comprovar se esta responde às necessidades para a qual foi desenvolvida.
Resumo:
O presente trabalho de investigação aplicada tem como titulo “Processo de Awareness dos Utilizadores nas Redes Militares”, com o intuito de “identificar a forma mais eficiente e eficaz de efetuar um design de um processo de awareness de forma a sensibilizar os utilizadores do sistema de e-mail do Exército para os ataques de phishing” que é o objetivo desta investigação. Por este motivo, de início foram selecionados objetivos específicos que remetem para este principal. Foi definido que precisamos de conhecer as principais teorias comportamentais que influenciam o sucesso dos ataques de phishing, de forma a perceber e combater estes mesmos. Foi, também, necessário perceber quais os principais métodos ou técnicas de ensino de atitudes, para possibilitar a sensibilização dos utilizadores, como também era necessário definir o meio de awareness para executar esta mesma. Por último, era necessário o processo de awareness, portanto, precisamos de critérios de avaliação e, para isso, é importante definir estes mesmos para validar a investigação. Para responder a estes quatro objetivos específicos e ao objetivo geral da investigação foi criada a questão central do trabalho que é “Como efetuar o design de um processo de awareness para o Exército que reduza o impacto dos ataques de phishing executados através do seu sistema de e-mail?” Devido ao carácter teórico-prático desta investigação, foi decidido que o método de investigação seria o Hipotético-Dedutivo, e o método de procedimento seria o Estudo de Caso. Foi uma investigação exploratória, utilizando as técnicas de pesquisa bibliográfica e análise documental para executar uma revisão de literatura completa com o intuito de apoiar a investigação, como, também, fundamentar todo o trabalho de campo realizado. Para a realização deste estudo, foi necessário estudar a temática Segurança da Informação, já que esta suporta a investigação. Para existir segurança da informação é necessário que as propriedades da segurança da informação se mantenham preservadas, isto é, a confidencialidade, a integridade e a disponibilidade. O trabalho de campo consistiu em duas partes, a construção dos questionários e da apresentação de sensibilização e a sua aplicação e avaliação (outputs da investigação). Estes produtos foram usados na sessão de sensibilização através da aplicação do questionário de aferição seguido da apresentação de sensibilização, e terminando com o questionário de validação (processo de awareness). Conseguiu-se, após a sensibilização, através do processo de awareness, que os elementos identificassem com maior rigor os ataques de phishing. Para isso utilizou-se, na sensibilização, o método de ensino ativo, que incorpora boas práticas para a construção de produtos de sensibilização, utilizando os estilos de aprendizagem auditivo, mecânico e visual, que permite alterar comportamentos.
Resumo:
In recent years, there has been an enormous growth of location-aware devices, such as GPS embedded cell phones, mobile sensors and radio-frequency identification tags. The age of combining sensing, processing and communication in one device, gives rise to a vast number of applications leading to endless possibilities and a realization of mobile Wireless Sensor Network (mWSN) applications. As computing, sensing and communication become more ubiquitous, trajectory privacy becomes a critical piece of information and an important factor for commercial success. While on the move, sensor nodes continuously transmit data streams of sensed values and spatiotemporal information, known as ``trajectory information". If adversaries can intercept this information, they can monitor the trajectory path and capture the location of the source node. This research stems from the recognition that the wide applicability of mWSNs will remain elusive unless a trajectory privacy preservation mechanism is developed. The outcome seeks to lay a firm foundation in the field of trajectory privacy preservation in mWSNs against external and internal trajectory privacy attacks. First, to prevent external attacks, we particularly investigated a context-based trajectory privacy-aware routing protocol to prevent the eavesdropping attack. Traditional shortest-path oriented routing algorithms give adversaries the possibility to locate the target node in a certain area. We designed the novel privacy-aware routing phase and utilized the trajectory dissimilarity between mobile nodes to mislead adversaries about the location where the message started its journey. Second, to detect internal attacks, we developed a software-based attestation solution to detect compromised nodes. We created the dynamic attestation node chain among neighboring nodes to examine the memory checksum of suspicious nodes. The computation time for memory traversal had been improved compared to the previous work. Finally, we revisited the trust issue in trajectory privacy preservation mechanism designs. We used Bayesian game theory to model and analyze cooperative, selfish and malicious nodes' behaviors in trajectory privacy preservation activities.
Resumo:
Systems security is essential for the efficient operation of all organizations. Indeed, most large firms employ a designated ‘Chief Information Security Officer’ to coordinate the operational aspects of the organization’s information security. Part of this role is in planning investment responses to information security threats against the firm’s corporate network infrastructure. To this end, we develop and estimate a vector equation system of threats to 10 important IP services, using industry standard SANS data on threats to various components of a firm’s information system over the period January 2003 – February 2011. Our results reveal strong evidence of contagion between such attacks, with attacks on ssh and Secure Web Server indicating increased attack activity on other ports. Security managers who ignore such contagious inter-relationships may underestimate the underlying risk to their systems’ defence of security attributes, such as sensitivity and criticality, and thus delay appropriate information security investments.
Resumo:
The objective of this research is to identify the factors that influence the migration of free software to proprietary software, or vice-versa. The theoretical framework was developed in light of the Diffusion of Innovations Theory (DIT) proposed by Rogers (1976, 1995), and the Unified Theory of Acceptance and Use of Technology (UTAUT) proposed by Venkatesh, Morris, Davis and Davis (2003). The research was structured in two phases: the first phase was exploratory, characterized by adjustments of the revised theory to fit Brazilian reality and the identification of companies that could be the subject of investigation; and the second phase was qualitative, in which case studies were conducted at ArcelorMittal Tubarão (AMT), a private company that migrated from proprietary software (Unix) to free software (Linux), and the city government of Serra, in Espírito Santo state, a public organization that migrated from free software (OpenOffice) to proprietary (MS Office). The results show that software migration decision takes into account factors that go beyond issues involving technical or cost aspects, such as cultural barriers, user rejection and resistance to change. These results underscore the importance of social aspects, which can play a decisive role in the decision regarding software migration and its successful implementation.
Resumo:
Healthcare systems have assimilated information and communication technologies in order to improve the quality of healthcare and patient's experience at reduced costs. The increasing digitalization of people's health information raises however new threats regarding information security and privacy. Accidental or deliberate data breaches of health data may lead to societal pressures, embarrassment and discrimination. Information security and privacy are paramount to achieve high quality healthcare services, and further, to not harm individuals when providing care. With that in mind, we give special attention to the category of Mobile Health (mHealth) systems. That is, the use of mobile devices (e.g., mobile phones, sensors, PDAs) to support medical and public health. Such systems, have been particularly successful in developing countries, taking advantage of the flourishing mobile market and the need to expand the coverage of primary healthcare programs. Many mHealth initiatives, however, fail to address security and privacy issues. This, coupled with the lack of specific legislation for privacy and data protection in these countries, increases the risk of harm to individuals. The overall objective of this thesis is to enhance knowledge regarding the design of security and privacy technologies for mHealth systems. In particular, we deal with mHealth Data Collection Systems (MDCSs), which consists of mobile devices for collecting and reporting health-related data, replacing paper-based approaches for health surveys and surveillance. This thesis consists of publications contributing to mHealth security and privacy in various ways: with a comprehensive literature review about mHealth in Brazil; with the design of a security framework for MDCSs (SecourHealth); with the design of a MDCS (GeoHealth); with the design of Privacy Impact Assessment template for MDCSs; and with the study of ontology-based obfuscation and anonymisation functions for health data.
Resumo:
En el interés de alcanzar la estabilidad y promover el mantenimiento de la paz internacional, la diplomacia preventiva nace como un concepto generador de estrategias encaminadas a actuar antes, durante y después del conflicto. El siguiente documento busca analizar el funcionamiento de los instrumentos de diplomacia preventiva empleados por las Naciones Unidas en la crisis de Kosovo de 1998 y 1999. Esta crisis surgida a raíz del conflicto entre el gobierno serbio y un movimiento disidente, conocido como el Ejército de Liberación Albano-Kosovar, que pretendía darle un perfil más autónomo al territorio y a la población albano-kosovar, reveló una serie de debilidades estructurales que sigue enfrentando este mecanismo en la resolución de conflictos étnicos al interior de los Estados.
Resumo:
El presente trabajo tiene como objetivo mostrar como se dio la modernización de las Fuerzas Militares de Colombia a través del Plan Colombia y como la implementación de este, fue determinante para el desarrollo operativo-estratégico y táctico adelantado en la Política de Seguridad Democrática de tres maneras: la primera hubo una gran inversión adelantada por el gobierno colombiano en colaboración con el gobierno estadounidense. En segunda instancia, una vez realizado el desembolso previsto se procedió a la compra a gran escala de armamento, aeronaves y vehículos de combate pesados. En tercera y ultima instancia se aumento el pie de fuerza y se invirtió en entrenamiento militar contraguerrilla, que consolidaron la presencia del Estado en zonas de conflicto interno y prolongado, supliendo las necesidades de los colombianos en situación de vulnerabilidad.
Resumo:
La presente investigación tiene como finalidad analizar las implicaciones humanitarias de la participación de las Compañías Militares Privadas (PMC) contratadas por los Estados en escenarios de conflicto, a partir del caso de Blackwater y Estados Unidos en Irak (2003-2007), con el fin de mostrar a través de algunos hechos específicos como el acaecido en la plaza Al Nisour los vacíos existentes en la regulación de sus actividades. Frente a estos hechos se muestra como la Comunidad Internacional ha tratado de avanzar en la creación de un régimen internacional que las controle, sin embargo, como se evidencia a lo largo de este escrito la falta de compromiso por parte de los Estados ha hecho que esta tarea se vea obstaculizada y por lo tanto la actuación de estas compañías se encuentra aún en una zona jurídica gris.
Resumo:
"Serial no. 107-182."
