871 resultados para Information security evaluation
Resumo:
This document briefly summarizes the pavement management activities under the existing Iowa Department of Transportation (DOT) Pavement Management System. The second part of the document provides projected increase in use due to the implementation of the Iowa DOT Pavement Management Optimization System. All estimates of existing time devoted to the Pavement Management System and project increases in time requirements are estimates made by the appropriate Iowa DOT office director or function manager. Included is the new Pavement Management Optimization Structure for the three main offices which will work most closely with the Pavement Management Optimization System (Materials, Design, and Program Management).
Resumo:
This thesis presents security issues and vulnerabilities in home and small office local area networks that can be used in cyber-attacks. There is previous research done on single vulnerabilities and attack vectors, but not many papers present full scale attack examples towards LAN. First this thesis categorizes different security threads and later in the paper methods to launch the attacks are shown by example. Offensive security and penetration testing is used as research methods in this thesis. As a result of this thesis an attack is conducted using vulnerabilities in WLAN, ARP protocol, browser as well as methods of social engineering. In the end reverse shell access is gained to the target machine. Ready-made tools are used in the attack and their inner workings are described. Prevention methods are presented towards the attacks in the end of the thesis.
Resumo:
The text analyses the intelligence activity against Poland in the period 1944-1989. The paper also contains a case study, i.e. an analysis of the American intelligence service activity held against Poland. While examining the research thesis, the author used the documents and analyses prepared by the Ministry of Internal Affairs. In order to best illustrate the point, the author presented a number of cases of persons who spied for the USA, which was possible thanks to the analysis of the training materials of the Ministry of Internal Affairs directed to the officers of the Security Service and the Citizens’ Militia. The text tackles the following issues: (1) to what extent did the character of the socio-political system influence the number of persons convicted for espionage against Poland in the period under examination?, (2) what was the level of interest of the foreign intelligence services in Poland before the year 1990?, (3) is it possible to indicate the specificity of the U.S. intelligence activity against Poland? 1) The analysis of data indicates that the period 1946-1956 witnessed a great number of convictions for espionage, which is often associated with the peculiar political situation in Poland of that time. Up to 1953, the countries of the Eastern bloc had reproduced the Stalin’s system, which only ceased due to the death of Stalin himself. Since then, the communist systems gradually transformed into the system of nomenklatura. Irrespective of these changes, Poland still witnessed a wave of repressions, which resulted from the threats continuously looming over the communist authorities – combating the anti-communist underground movement, fighting with the Ukrainian Insurgent Army, the Polish government-in-exile, possible revisionism of borders, social discontent related to the socio-political reforms. Hence, a great number of convictions for espionage at that time could be ascribed to purely political sentences. Moreover, equally significant was the fact that the then judicial practice was preoccupied assessing negatively any contacts and relations with foreigners. This excessive number of convictions could ensue from other criminal-law provisions, which applied with respect to the crimes against the State, including espionage. What is also important is the fact that in the Stalin’s period the judiciary personnel acquired their skills and qualifications through intensive courses in law with the predominant spirit of the theory of evidence and law by Andrey Vyshinsky. Additionally, by the decree of 1944 the Penal Code of the Polish Armed Forces was introduced; the code envisaged the increase in the number of offences classified as penalised with death penalty, whereas the high treason was subject to the military jurisdiction (the civilians were prosecuted in military courts till 1955; the espionage, however, still stood under the military jurisdiction). In 1946, there was introduced the Decree on particularly dangerous crimes in the period of the State’s recovery, which was later called a Small Penal Code. 2) The interest that foreign intelligence services expressed in relation to Poland was similar to the one they had in all countries of Eastern and Central Europe. In the case of Poland, it should be noted that foreign intelligence services recruited Polish citizens who had previously stayed abroad and after WWII returned to their home country. The services also gathered information from Poles staying in immigrant camps (e.g. in FRG). The activity of the American intelligence service on the territory of FRG and West Berlin played a key role. The documents of the Ministry of Internal Affairs pointed to the global range of this activity, e.g. through the recruitment of Polish sailors in the ports of the Netherlands, Japan, etc. In line with the development in the 1970s, espionage, which had so far concentrated on the defence and strategic sectors, became focused on science and technology of the People’s Republic of Poland. The acquisition of collaborators in academic circles was much easier, as PRL opened to academic exchange. Due to the system of visas, the process of candidate selection for intelligence services (e.g. the American) began in embassies. In the 1980s, the activity of the foreign intelligence services concentrated on the specific political situation in Poland, i.e. the growing significance of the “Solidarity” social movement. 3) The specificity of the American intelligence activity against Poland was related to the composition of the residency staff, which was the largest in comparison to other Western countries. The wide range of these activities can be proved by the quantitative data of convictions for espionage in the years 1944-1984 (however, one has to bear in mind the factors mentioned earlier in the text, which led to the misinterpretation of these data). Analysing the data and the documents prepared by the Ministry of Internal Affairs, one should treat them with caution, as, frequently, the Polish counter-intelligence service used to classify the ordinary diplomatic practice and any contacts with foreigners as espionage threats. It is clearly visible in the language of the training materials concerned with “secret service methods of the intelligence activity” as well as in the documents on operational activities of the Security Service in relation to foreigners. The level of interest the USA had in Poland was mirrored in the classification of diplomatic posts, according to which Warsaw occupied the second place (the so-called Group “B”) on the three-point scale. The CIA experienced spectacular defeats during their activity in Poland: supporting the Polish underground anti-communist organisation Freedom and Independence and the so-called Munich-Berg episode (both cases took place in the 1950s). The text focuses only on selected issues related to the espionage activities against Poland. Similarly, the analysis of the problem has been based on selected sources, which has limited the research scope - however, it was not the aim of the author to present the espionage activity against Poland in a comprehensive way. In order to assess the real threat posed by the espionage activity, one should analyse the case of persons convicted for espionage in the period 1944-1989, as the available quantitative data, mentioned in the text, cannot constitute an explicit benchmark for the scale of espionage activity. The inaccuracies in the interpretation of data and variables, which can affect the evaluation of this phenomenon, have been pointed out in the text.
Resumo:
O presente trabalho de investigação aplicada tem como titulo “Processo de Awareness dos Utilizadores nas Redes Militares”, com o intuito de “identificar a forma mais eficiente e eficaz de efetuar um design de um processo de awareness de forma a sensibilizar os utilizadores do sistema de e-mail do Exército para os ataques de phishing” que é o objetivo desta investigação. Por este motivo, de início foram selecionados objetivos específicos que remetem para este principal. Foi definido que precisamos de conhecer as principais teorias comportamentais que influenciam o sucesso dos ataques de phishing, de forma a perceber e combater estes mesmos. Foi, também, necessário perceber quais os principais métodos ou técnicas de ensino de atitudes, para possibilitar a sensibilização dos utilizadores, como também era necessário definir o meio de awareness para executar esta mesma. Por último, era necessário o processo de awareness, portanto, precisamos de critérios de avaliação e, para isso, é importante definir estes mesmos para validar a investigação. Para responder a estes quatro objetivos específicos e ao objetivo geral da investigação foi criada a questão central do trabalho que é “Como efetuar o design de um processo de awareness para o Exército que reduza o impacto dos ataques de phishing executados através do seu sistema de e-mail?” Devido ao carácter teórico-prático desta investigação, foi decidido que o método de investigação seria o Hipotético-Dedutivo, e o método de procedimento seria o Estudo de Caso. Foi uma investigação exploratória, utilizando as técnicas de pesquisa bibliográfica e análise documental para executar uma revisão de literatura completa com o intuito de apoiar a investigação, como, também, fundamentar todo o trabalho de campo realizado. Para a realização deste estudo, foi necessário estudar a temática Segurança da Informação, já que esta suporta a investigação. Para existir segurança da informação é necessário que as propriedades da segurança da informação se mantenham preservadas, isto é, a confidencialidade, a integridade e a disponibilidade. O trabalho de campo consistiu em duas partes, a construção dos questionários e da apresentação de sensibilização e a sua aplicação e avaliação (outputs da investigação). Estes produtos foram usados na sessão de sensibilização através da aplicação do questionário de aferição seguido da apresentação de sensibilização, e terminando com o questionário de validação (processo de awareness). Conseguiu-se, após a sensibilização, através do processo de awareness, que os elementos identificassem com maior rigor os ataques de phishing. Para isso utilizou-se, na sensibilização, o método de ensino ativo, que incorpora boas práticas para a construção de produtos de sensibilização, utilizando os estilos de aprendizagem auditivo, mecânico e visual, que permite alterar comportamentos.
Resumo:
Background: Parents of children with cancer experience a demanding situation and often suffer from psychological problems such as stress. Trying to coping with the complex body of information about their child's disease is one factor that contributes to this stress. The aim of this study is to evaluate an intervention for person-centred information to parents of children with cancer that consists of four sessions with children's nurses trained in the intervention method. Methods/Design: This is a multi-centre RCT with two parallel arms and a 1:1 allocation ratio. The primary outcome is illness-related parental stress. Secondary outcomes are post-traumatic stress symptoms, anxiety, depression, satisfaction with information, expected and received knowledge, and experiences with health care providers. A process evaluation is performed to describe experiences and contextual factors. Data are collected using web questionnaires or paper forms according to the parents' preference, audio recording of the intervention sessions, and qualitative interviews with parents and the intervention nurses. Discussion: Few studies have evaluated information interventions for parents of children with cancer using large multi-centre RCTs. This intervention is designed to be performed by regular staff children's nurses, which will facilitate implementation if the intervention proves to be effective. Trial registration: Clinical trials NCT02332226 (December 11, 2014).
Resumo:
The 10th European Conference on Information Systems Management is being held at The University of Evora, Portugal on the 8 /9 September 2016. The Conference Chair is Paulo Silva and the Programme Chairs are Prof. Rui Quaresma and Prof. António Guerreiro. ECISM provides an opportunity for individuals researching and working in the broad field of information systems management, including IT evaluation to come together to exchange ideas and discuss current research in the field. This has developed into a particularly important forum for the present era, where the modern challenges of managing information and evaluating the effectiveness of related technologies are constantly evolving in the world of Big Data and Cloud Computing. We hope that this year’s conference will provide you with plenty of opportunities to share your expertise with colleagues from around the world. The keynote speakers for the Conference are Carlos Zorrinho from the Portuguese Delegation and Isabel Ramos from University of Minho, Portugal. ECISM 2016 received an initial submission of 84 abstracts. After the double blind peer review process 25 aca demic papers, 7 PhD research papers, 3 Masters research paper and 5 work in progress papers have been ac cepted for publication in these Conference Proceedings. These papers represent research from around the world, including Belgium, Brazil, China, Czech Republic, Kazakhstan, Malaysia, New Zealand, Norway, Oman, Poland, Portugal, South Africa, Sweden, The Netherlands, UK and Vietnam.
Resumo:
This paper presents our work at 2016 FIRE CHIS. Given a CHIS query and a document associated with that query, the task is to classify the sentences in the document as relevant to the query or not; and further classify the relevant sentences to be supporting, neutral or opposing to the claim made in the query. In this paper, we present two different approaches to do the classification. With the first approach, we implement two models to satisfy the task. We first implement an information retrieval model to retrieve the sentences that are relevant to the query; and then we use supervised learning method to train a classification model to classify the relevant sentences into support, oppose or neutral. With the second approach, we only use machine learning techniques to learn a model and classify the sentences into four classes (relevant & support, relevant & neutral, relevant & oppose, irrelevant & neutral). Our submission for CHIS uses the first approach.
Resumo:
Nowadays, information security is a very important topic. In particular, wireless networks are experiencing an ongoing widespread diffusion, also thanks the increasing number of Internet Of Things devices, which generate and transmit a lot of data: protecting wireless communications is of fundamental importance, possibly through an easy but secure method. Physical Layer Security is an umbrella of techniques that leverages the characteristic of the wireless channel to generate security for the transmission. In particular, the Physical Layer based-Key generation aims at allowing two users to generate a random symmetric keys in an autonomous way, hence without the aid of a trusted third entity. Physical Layer based-Key generation relies on observations of the wireless channel, from which harvesting entropy: however, an attacker might possesses a channel simulator, for example a Ray Tracing simulator, to replicate the channel between the legitimate users, in order to guess the secret key and break the security of the communication. This thesis work is focused on the possibility to carry out a so called Ray Tracing attack: the method utilized for the assessment consist of a set of channel measurements, in different channel conditions, that are then compared with the simulated channel from the ray tracing, to compute the mutual information between the measurements and simulations. Furthermore, it is also presented the possibility of using the Ray Tracing as a tool to evaluate the impact of channel parameters (e.g. the bandwidth or the directivity of the antenna) on the Physical Layer based-Key generation. The measurements have been carried out at the Barkhausen Institut gGmbH in Dresden (GE), in the framework of the existing cooperation agreement between BI and the Dept. of Electrical, Electronics and Information Engineering "G. Marconi" (DEI) at the University of Bologna.
Resumo:
The increasing adoption of information systems in healthcare has led to a scenario where patient information security is more and more being regarded as a critical issue. Allowing patient information to be in jeopardy may lead to irreparable damage, physically, morally, and socially to the patient, potentially shaking the credibility of the healthcare institution. Medical images play a crucial role in such context, given their importance in diagnosis, treatment, and research. Therefore, it is vital to take measures in order to prevent tampering and determine their provenance. This demands adoption of security mechanisms to assure information integrity and authenticity. There are a number of works done in this field, based on two major approaches: use of metadata and use of watermarking. However, there still are limitations for both approaches that must be properly addressed. This paper presents a new method using cryptographic means to improve trustworthiness of medical images, providing a stronger link between the image and the information on its integrity and authenticity, without compromising image quality to the end user. Use of Digital Imaging and Communications in Medicine structures is also an advantage for ease of development and deployment.
Resumo:
Management systems standards (MSSs) have developed in an unprecedented manner in the last few years. These MSS cover a wide array of different disciplines, aims and activities of organisations. Also, organisations are populated with an enormous diversity of independent management systems (MSs). An integrated management system (IMS) tends to integrate some or all components of the business. Maximising their integration in one coherent and efficient MS is increasingly a strategic priority and constitutes an opportunity for businesses to be more competitive and consequently, promote its sustainable success. Those organisations that are quicker and more efficient in their integration and continuous improvement will have a competitive advantage in obtaining sustainable value in our global and competitive business world. Several scholars have proposed various theoretical approaches regarding the integration of management sub-systems, leading to the conclusion that there is no common practice for all organisations as they encompass different characteristics. One other author shows that several tangible and intangible gains for organisations, as well as to their internal and external stakeholders, are achieved with the integration of the individual standardised MSs. The purpose of this work was to conceive a model, Flexible, Integrator and Lean for IMSs, according to ISO 9001 for quality; ISO 14001 for environment and OHSAS 18001 for occupational health and safety (IMS–QES), that can be adapted and progressively assimilate other MSs, such as, SA 8000/ISO 26000 for social accountability, ISO 31000 for risk management and ISO/IEC 27001 for information security management, among others. The IMS–QES model was designed in the real environment of an industrial Portuguese small and medium enterprise, that over the years has been adopting, gradually, in whole or in part, individual MSSs. The developed model is based on a preliminary investigation conducted through a questionnaire. The strategy and research methods have taken into consideration the case study. Among the main findings of the survey we highlight: the creation of added value for the business through the elimination of several organisational wastes; the integrated management of the sustainability components; the elimination of conflicts between independent MS; dialogue with the main stakeholders and commitment to their ongoing satisfaction and increased contribution to the company’s competitiveness; and greater valorisation and motivation of employees as a result of the expansion of their skill base, actions and responsibilities, with their consequent empowerment. A set of key performance indicators (KPIs) constitute the support, in a perspective of business excellence, to the follow up of the organisation’s progress towards the vision and achievement of the defined objectives in the context of each component of the IMS model. The conceived model had many phases and the one presented in this work is the last required for the integration of quality, environment, safety and others individual standardised MSs. Globally, the investigation results, by themselves, justified and prioritised the conception of an IMS–QES model, to be implemented at the company where the investigation was conducted, but also a generic model of an IMS, which may be more flexible, integrator and lean as possible, potentiating the efficiency, added value both in the present and, fundamentally, for future.
Resumo:
The use of Mobile and Wireless Information Technologies (MWIT) for provisioning public services by a government is a relatively recent phenomenon. This paper evaluates the results of MWIT adoption by IBGE (The Brazilian Institute of Geography and Statistics) through a case study. In 2007, IBGE applied 82,000 mobile devices (PDAs) for data gathering in a census operation in Brazil. A set of challenges for a large scale application of MWIT required intensive work involving innovative working practices and service goals. The case reveals a set of outputs of this process, such as time and cost reductions in service provision, improved information quality, staff training and increased organizational effectiveness and agility.
Resumo:
Mestrado em Engenharia Electrotécnica e de Computadores
Resumo:
Mestrado em Relações Internacionais.
Resumo:
Apresentam-se os resultados parcelares de um estudo destinado a promover um melhor conhecimento das estratégias que os jovens em idade escolar (12-18 anos) consideram relevantes para avaliar as fontes de informação disponíveis na Internet. Para o efeito, foi aplicado um inquérito distribuído a uma amostra de 195 alunos de uma escola do 3o ciclo e outra do ensino secundário de um concelho do distrito do Porto. São apresentados e discutidos os resultados acerca da perceção destes alunos quanto aos critérios a aplicar na avaliação das fontes de informação disponíveis na Internet, na vertente da credibilidade. Serão apresenta- das as práticas que os jovens declaram ter relativamente ao uso de critérios de autoria, originalidade, estrutura, atualidade e de comparação para avaliar a credibilidade das fontes de informação. Em complemento, estes resultados serão comparados e discutidos com as perceções que os mesmos inquiridos demonstram possuir relativamente aos elementos que compõem cada um destes critérios. A análise dos dados obtidos é enquadrada e sustentada numa revisão da literatura acerca do conceito de credibilidade, aplicado às fontes de informação disponíveis na Internet. São ainda abordados alguns tópicos relaciona- dos com a inclusão de estratégias de avaliação da credibilidade da informação digital no modelo Big6, um dos modelos de desenvolvimento de competências de literacia da informação mais conhecidos e utilizados nas bibliotecas escolares portuguesas.
Resumo:
A função da escola é promover a aprendizagem nos jovens e estimular o acesso ao conhecimento. A utilização das TI proporciona um acesso mais rápido ao conhecimento mas, sem os mecanismos necessários, pode originar perdas e comprometer a segurança da informação. A ausência de legislação e de regulamentação que ajude na manutenção da rede informática da escola, coloca-as numa posição muito vulnerável, obrigando-as a agir individualmente de modo a suprimir esta carência. A solução passa não só pela consciencialização dos utilizadores para a necessidade de segurança, mas também pela criação de mecanismos que permitam acrescentar segurança à rede e à própria informação. Os projetos desenvolvidos pelo programa Safer Internet e pela ISECOM atuam junto da comunidade escolar, sensibilizando os utilizadores para a necessidade de segurança na Internet e nas comunicações. Por sua vez, a adoção de práticas seguras é um processo mais demorado mas exequível através da implementação de uma política de segurança da informação adaptada à realidade da escola, de acordo com a norma ISO 27001. Da recolha de opinião aos intervenientes do sistema resultaram dois documentos com a política de segurança da informação, um direcionado às escolas e outro aos utilizadores. Crê-se que a adoção destas recomendações pelas escolas pode trazer benefícios ao nível da segurança da informação.
