879 resultados para Information security culture
Resumo:
n the recent years protection of information in digital form is becoming more important. Image and video encryption has applications in various fields including Internet communications, multimedia systems, medical imaging, Tele-medicine and military communications. During storage as well as in transmission, the multimedia information is being exposed to unauthorized entities unless otherwise adequate security measures are built around the information system. There are many kinds of security threats during the transmission of vital classified information through insecure communication channels. Various encryption schemes are available today to deal with information security issues. Data encryption is widely used to protect sensitive data against the security threat in the form of “attack on confidentiality”. Secure transmission of information through insecure communication channels also requires encryption at the sending side and decryption at the receiving side. Encryption of large text message and image takes time before they can be transmitted, causing considerable delay in successive transmission of information in real-time. In order to minimize the latency, efficient encryption algorithms are needed. An encryption procedure with adequate security and high throughput is sought in multimedia encryption applications. Traditional symmetric key block ciphers like Data Encryption Standard (DES), Advanced Encryption Standard (AES) and Escrowed Encryption Standard (EES) are not efficient when the data size is large. With the availability of fast computing tools and communication networks at relatively lower costs today, these encryption standards appear to be not as fast as one would like. High throughput encryption and decryption are becoming increasingly important in the area of high-speed networking. Fast encryption algorithms are needed in these days for high-speed secure communication of multimedia data. It has been shown that public key algorithms are not a substitute for symmetric-key algorithms. Public key algorithms are slow, whereas symmetric key algorithms generally run much faster. Also, public key systems are vulnerable to chosen plaintext attack. In this research work, a fast symmetric key encryption scheme, entitled “Matrix Array Symmetric Key (MASK) encryption” based on matrix and array manipulations has been conceived and developed. Fast conversion has been achieved with the use of matrix table look-up substitution, array based transposition and circular shift operations that are performed in the algorithm. MASK encryption is a new concept in symmetric key cryptography. It employs matrix and array manipulation technique using secret information and data values. It is a block cipher operated on plain text message (or image) blocks of 128 bits using a secret key of size 128 bits producing cipher text message (or cipher image) blocks of the same size. This cipher has two advantages over traditional ciphers. First, the encryption and decryption procedures are much simpler, and consequently, much faster. Second, the key avalanche effect produced in the ciphertext output is better than that of AES.
Resumo:
Extensive use of the Internet coupled with the marvelous growth in e-commerce and m-commerce has created a huge demand for information security. The Secure Socket Layer (SSL) protocol is the most widely used security protocol in the Internet which meets this demand. It provides protection against eaves droppings, tampering and forgery. The cryptographic algorithms RC4 and HMAC have been in use for achieving security services like confidentiality and authentication in the SSL. But recent attacks against RC4 and HMAC have raised questions in the confidence on these algorithms. Hence two novel cryptographic algorithms MAJE4 and MACJER-320 have been proposed as substitutes for them. The focus of this work is to demonstrate the performance of these new algorithms and suggest them as dependable alternatives to satisfy the need of security services in SSL. The performance evaluation has been done by using practical implementation method.
Resumo:
In today's complicated computing environment, managing data has become the primary concern of all industries. Information security is the greatest challenge and it has become essential to secure the enterprise system resources like the databases and the operating systems from the attacks of the unknown outsiders. Our approach plays a major role in detecting and managing vulnerabilities in complex computing systems. It allows enterprises to assess two primary tiers through a single interface as a vulnerability scanner tool which provides a secure system which is also compatible with the security compliance of the industry. It provides an overall view of the vulnerabilities in the database, by automatically scanning them with minimum overhead. It gives a detailed view of the risks involved and their corresponding ratings. Based on these priorities, an appropriate mitigation process can be implemented to ensure a secured system. The results show that our approach could effectively optimize the time and cost involved when compared to the existing systems
Resumo:
About ten years ago, triadic contexts were presented by Lehmann and Wille as an extension of Formal Concept Analysis. However, they have rarely been used up to now, which may be due to the rather complex structure of the resulting diagrams. In this paper, we go one step back and discuss how traditional line diagrams of standard (dyadic) concept lattices can be used for exploring and navigating triadic data. Our approach is inspired by the slice & dice paradigm of On-Line-Analytical Processing (OLAP). We recall the basic ideas of OLAP, and show how they may be transferred to triadic contexts. For modeling the navigation patterns a user might follow, we use the formalisms of finite state machines. In order to present the benefits of our model, we show how it can be used for navigating the IT Baseline Protection Manual of the German Federal Office for Information Security.
Resumo:
El presente proyecto tiene como objeto identificar cuáles son los conceptos de salud, enfermedad, epidemiología y riesgo aplicables a las empresas del sector de extracción de petróleo y gas natural en Colombia. Dado, el bajo nivel de predicción de los análisis financieros tradicionales y su insuficiencia, en términos de inversión y toma de decisiones a largo plazo, además de no considerar variables como el riesgo y las expectativas de futuro, surge la necesidad de abordar diferentes perspectivas y modelos integradores. Esta apreciación es pertinente dentro del sector de extracción de petróleo y gas natural, debido a la creciente inversión extranjera que ha reportado, US$2.862 millones en el 2010, cifra mayor a diez veces su valor en el año 2003. Así pues, se podrían desarrollar modelos multi-dimensional, con base en los conceptos de salud financiera, epidemiológicos y estadísticos. El termino de salud y su adopción en el sector empresarial, resulta útil y mantiene una coherencia conceptual, evidenciando una presencia de diferentes subsistemas o factores interactuantes e interconectados. Es necesario mencionar también, que un modelo multidimensional (multi-stage) debe tener en cuenta el riesgo y el análisis epidemiológico ha demostrado ser útil al momento de determinarlo e integrarlo en el sistema junto a otros conceptos, como la razón de riesgo y riesgo relativo. Esto se analizará mediante un estudio teórico-conceptual, que complementa un estudio previo, para contribuir al proyecto de finanzas corporativas de la línea de investigación en Gerencia.
Resumo:
El presente Trabajo de Grado busca caracterizar la cultura organizacional de una empresa del sector Financiero en Colombia y realizar orientaciones de acciones para el cambio organizacional de acuerdo con la estrategia de perdurabilidad establecida por la Alta Dirección de dicha empresa. Para este fin, se realiza una cuidadosa revisión y actualización del estado del arte de los conceptos clave ¨Cultura Organizacional¨ y ¨Cambio Organizacional¨. Es de resaltar que para el primero de ellos, se toma como punto de partida el estado del arte sobre Cultura Organizacional realizado por el profesor Carlos Eduardo Méndez Álvarez y cuyo marco temporal abarca desde los orígenes del concepto en el siglo XIX hasta el año 2006. Asimismo, luego de una cuidadosa revisión de los Modelos de Cambio Organizacional existentes y de la realidad de la empresa objeto de estudio, se adopta el Modelo ADKAR que consta de cinco fases: Conciencia del Cambio, Deseo, Conocimiento, Capacidad – Habilidad y Refuerzo. Asimismo, a partir de la construcción de un fundamento teórico sólido y a través de la aplicación de la metodología para describir la Cultura Organizacional en Colombia MEDECO se busca una aproximación a la Cultura Organizacional de la empresa objeto de estudio con el fin de describir e identificar los rasgos predominantes de su cultura organizacional y entregar una propuesta final con los rasgos necesarios que alientan la consecución exitosa de los procesos de cambio.
Resumo:
The object of analysis in the present text is the issue of operational control and data retention in Poland. The analysis of this issue follows from a critical stance taken by NGOs and state institutions on the scope of operational control wielded by the Polish police and special services – it concerns, in particular, the employment of “itemized phone bills and the so-called phone tapping.” Besides the quantitative analysis of operational control and the scope of data retention, the text features the conclusions of the Human Rights Defender referred to the Constitutional Tribunal in 2011. It must be noted that the main problems concerned with the employment of operational control and data retention are caused by: (1) a lack of specification of technical means which can be used by individual services; (2) a lack of specification of what kind of information and evidence is in question; (3) an open catalogue of information and evidence which can be clandestinely acquired in an operational mode. Furthermore, with regard to the access granted to teleinformation data by the Telecommunications Act, attention should be drawn to a wide array of data submitted to particular services. Also, the text draws on the so-called open interviews conducted mainly with former police officers with a view to pointing to some non-formal reasons for “phone tapping” in Poland. This comes in the form of a summary.
Resumo:
In a Report for the Society of Bookmen in 1928, British publishers estimated that between a quarter to two thirds of all the books they published went to four circulating libraries: Boots, Smith’s, Mudie’s, and The Times bookclub. This essay examines the literary impact of one of the largest of these, Boots Book-lovers’ Library (1899-66), which by 1935 had around 400 libraries attached to their high-street pharmacies catering for the tastes of over one million subscribers a year. Compared to the wealth of studies examining the influence of the library market in the Victorian period, the significance of the subscription libraries as key distributors of fiction in the twentieth century is not well known. But private libraries expanded rapidly in the early twentieth century to cater for what Sidney Dark termed a ‘new reading public’, and records in publishers’ archives indicate that authors routinely adapted their unpublished manuscripts in order to meet the perceived demands of this library reader. This article examines the impact of the Boots Book-lovers’ Library market on authors’ practices of writing and revision, and on literary marketing and censorship. It focuses in particular on the author James Hanley (1897-1985), using unpublished correspondence in the Chatto & Windus archive at the University of Reading to demonstrate how the publisher’s sense of the tastes and expectations of the Boots library reader influenced the editorial process.
Resumo:
An adaptive device is made up of an underlying mechanism, for instance, an automaton, a grammar, a decision tree, etc., to which is added an adaptive mechanism, responsible for allowing a dynamic modification in the structure of the underlying mechanism. This article aims to investigate if a programming language can be used as an underlying mechanism of an adaptive device, resulting in an adaptive language.
Resumo:
Dentre as profundas modificações experimentadas na Sociedade e, em especial, as que se produzem no mundo do trabalho, observamos movimentos em direção a formas de trabalho flexível, entre as quais se insere o Teletrabalho. Sem ser propriamente novo no cenário mundial, no Brasil ele surge com maior expressão recentemente, passando a ocupar espaços na mídia em geral e nos ambientes universitários. Todavia, são poucas as referências acadêmicas brasileiras ao assunto e estudos se fazem necessários. Com a pretensão de contribuir com conhecimentos a respeito do assunto, sob o prisma da realidade brasileira e de uma situação particular, o estudo utilizou referências teóricas e empíricas para examinar a viabilidade do Teletrabalho na Companhia de Processamento de Dados do Município de Porto Alegre. Abrangeu a análise de condições organizacionais, técnicas, humanas, legais e sindicais compreendidas na proposta e incluiu, igualmente, uma sugestão para um projeto de demonstração. O estudo, notadamente qualitativo, valoriza as perspectivas de segmentos potencialmente envolvidos num processo de adoção de Teletrabalho pela Empresa, como elemento para a sua compreensão. Foi desenvolvido mediante a realização de entrevistas com representantes dos sindicatos da categoria, dos funcionários e chefias, Diretoria da Empresa e especialistas em assuntos jurídicos e segurança de informações. O estudo concluiu ser a introdução do Teletrabalho viável em parte, num sistema de voluntariado, em regime de tempo parcial e, pelo menos inicialmente, em ambientes de telecentros. Mesmo existindo uma série de condições favoráveis, o atendimento de certos prérequisitos e o equacionamento de dúvidas e dificuldades são essenciais para promover uma implementação adequada, considerando as condições internas da Empresa, seu papel institucional e o contexto social onde está inserida. A pesquisa, na verdade, pode ser considerada um passo inicial dentro de um processo mais amplo, que integra o domínio da tecnologia do Teletrabalho para uso interno na Empresa, se assim for desejado, ou como uma alternativa para proposição de novos serviços a clientes e à comunidade.
Resumo:
This article describes some of the current transformations regarding the processes by which information and culture are generated, from the point of view of developing countries. In this brief analysis, the article discusses the role of projects such as Creative Commons for developing countries. It also discusses the idea of legal commons and social commons. While the idea of legal commons can be understood as the voluntary use of licenses such as Creative Commons in order to create a “commons”, the idea of social commons has to do with the tensions between legality and illegality in developing countries. These tensions appear prominently in the so-called global “peripheries”, and in many instances make the legal structure of intellectual property irrelevant, unfamiliar, or unenforceable, for various reasons. With the emergence of digital technology and the Internet, in many places and regions in developing countries (especially in the “peripheries”), technology ended up arriving earlier than the idea of intellectual property. Such a de facto situation propitiated the emergence of cultural industries that were not driven by intellectual property incentives. In these cultural businesses, the idea of “sharing” and of free dissemination of the content is intrinsic to the social circumstances taking place in these peripheries. Also, the appropriation of technology on the part of the “peripheries” ends up promoting autonomous forms of bridging the digital divide, such as the “LAN house” phenomenon discussed below. This paper proposes that many lessons can be learned from the business models emerging from social commons practices in developing countries. The tension between legality and illegality in “peripheral” areas in developing countries is not new. The work of Boaventura de Sousa Santos and others in the 1970s was paradigmatic for the discussion of legal pluralism regarding the occupation of land in Brazil. This paper aims to follow in that same pioneer tradition of studies about legal pluralism, and to apply those principles to the discussion of “intellectual property” rather than the ownership of land.
Resumo:
More over, the information has become the main asset of the institutions. Being thus, the Information Security (IS) is getting attention as one of the activities of extreme importance in the corporations. Guarantee the confidentiality, integrity, availability, no deny and legality becomes something very important for the day-by-day of the businesses. An analysis of the risk, passing through the assessment of the threats and vulnerabilities, is mandatory to let grow the activities of the institutions. Digital Certification came into IS to guarantee the Not Deny (ND) because it makes the unquestioned identification of the person that makes the action. Therefore, Information Security can be defined as a knowledge field focused in the protection of the information assets against: unauthorized access, improper modifications, not availability, deny of authorship and illegality.
Resumo:
As questões ligadas a gestão de riscos associados a segurança da informação já é uma realidade no cenário empresarial brasileiro. O crescimento das operações de negócios em direção aos sistemas de informação baseados em tecnologia fez com que os números de ameaças e de vulnerabilidades sobre as redes de computadores e comunicações aumentassem. Vários são os desafios de estruturação e implementação de uma área de segurança da informação dentro das empresas. Este trabalho analisa as diversas formas de construção de uma infra-estrutura de gestão de risco em segurança de informação, não só no âmbito tecnológico, mas também, no operacional e no mercadológico, de forma a estabelecer uma relação transparente às demais áreas internas da organização, aos clientes e a todo o mercado. A segurança da informação, vista freqüentemente como um assunto ligado a tecnologia, passa a ser entendida cada vez mais como um processo de negócio, e conseqüentemente, uma grande vantagem competitiva para o mundo empresarial.
Resumo:
Este trabalho apresenta relações entre a produtividade do trabalho e as capacitações que ocorreram nas Organizações Militares (OM) de telemática do Exército Brasileiro (EB), que representam o Sistema de Telemática do Exército (SisTEx). O período do estudo se dá entre janeiro de 2010 e julho de 2011. O SisTEx é melhor caracterizado pelo Centro Integrado de Telemática do Exército (CITEx), pelos Centros de Telemática de Área (CTA) e pelos Centros de Telemática (CT), subordinados ao Departamento de Ciência e Tecnologia (DCT) e dispostos ao longo de todo o território nacional. O estudo trata do conceito de produtividade do trabalho e do processo de capacitação no SisTEx. Fala sobre as áreas do conhecimento de interesse sistêmico e das áreas estratégicas que devem ser atendidas com capacitações, mostrando os resultados que surgiram em função das capacitações realizadas. Propõe sugestões para alinhar as necessidades de capacitação com as áreas estratégicas, destacando a importância das capacitações no planejamento estratégico, passando pelos interesses individuais. Relaciona estratégias que representam um diferencial competitivo na agregação de valor aos usuários. Traz comentários sobre a utilização do ensino a distância(EAD) e presencial para realização das capacitações. Trata da interferência das capacitações na produtividade e na percepção sobre o retorno do investimento (ROI). Relaciona, ainda, as capacidades do SisTEx com os estudos de inovação tecnológica no setor de serviços. Destaca as capacitações realizadas na áreas da segurança da informação e defesa cibernética. Considera que é possível melhorar a produtividade do trabalho em função das capacitações que ocorrem no SisTEx, que contribuem como um vetor de modernidade e transformação que agem diretamente no processo produtivo, proporcionando assim uma aceleração no desenvolvimento da qualidade dos serviços de TI prestados. Traz recomendações de estudos futuros para verificar a velocidade de acumulação das capacidades tecnológicas, o uso do EAD para capacitações de maior complexidade técnica e a criação de métricas para cálculo efetivo do ROI. Para tal, foi feito um estudo bibliográfico sobre a produtividade do trabalho e o processo de capacitação do SisTEx. O método adotado foi o do estudo de caso. Foram feitos questionamentos (survey) e enquetes/votações (poll) que foram aplicados nos chefes, exchefes de CTA/CT e nos discentes do SisTEx, militares que realizaram capacitações no período considerado.
