Threat modeling a factory environment using Microsoft Security Development Lifecycle methodology

The number of security violations is increasing and a security breach could have irreversible impacts to business. There are several ways to improve organization security, but some of them may be difficult to comprehend. This thesis demystifies threat modeling as part of secure system development. Threat modeling enables developers to reveal previously undetected security issues from computer systems. It offers a structured approach for organizations to find and address threats against vulnerabilities. When implemented correctly threat modeling will reduce the amount of defects and malicious attempts against the target environment. In this thesis Microsoft Security Development Lifecycle (SDL) is introduced as an effective methodology for reducing defects in the target system. SDL is traditionally meant to be used in software development, principles can be however partially adapted to IT-infrastructure development. Microsoft threat modeling methodology is an important part of SDL and it is utilized in this thesis to find threats from the Acme Corporation’s factory environment. Acme Corporation is used as a pseudonym for a company providing high-technology consumer electronics. Target for threat modeling is the IT-infrastructure of factory’s manufacturing execution system. Microsoft threat modeling methodology utilizes STRIDE –mnemonic and data flow diagrams to find threats. Threat modeling in this thesis returned results that were important for the organization. Acme Corporation now has more comprehensive understanding concerning IT-infrastructure of the manufacturing execution system. On top of vulnerability related results threat modeling provided coherent views of the target system. Subject matter experts from different areas can now agree upon functions and dependencies of the target system. Threat modeling was recognized as a useful activity for improving security.

Applying the security-development nexus on the ground: Land restitution in Colombia

The general consensus on the security-development nexus is that both are key to achieving sustainable peace in war-torn societies. However, this debate has largely taken place among international actors, with little empirical evidence about how security and development relate to each other or are even considered by local actors. The current paper applies the security-development nexus to the case of land restitution in Colombia. Following decades of internal armed conflict, in 2012 the national government passed sweeping land restitution legislation amid on-going violence. Through in-depth interviews and focus groups with multiple actors involved in this process, ranging from international organizations to national government units, from regional institutions to local communities, the paper analyses the objectives, impact, challenges and opportunities for land restitution related to security and development. Undermining peacebuilding, a lack of coherence in the integration of security and development priorities limits the extent to which either supports, or is promoted by, land restitution efforts in Colombia. The paper concludes with reflections on how the security-development nexus may promote peacebuilding amid on-going conflict.

Development and Effect Analysis of the Asteri Consultative Auditing Process - Safety and Security Management in Educational Institutions

The Finnish legislation requires for a safe and secure learning environment. However, the comprehensive, risk based safety and security management (SSM) and the management commitment in the implementation and development of the SSM are not mentioned in the legislation. Multiple institutions, operators and researchers have studied and developed safety and security in educational institutions over the past decade. Typically the approach has been fragmented and without bringing up the importance of the comprehensive SSM. The development needs of the safety and security operations in universities have been studied. However, in universities of applied sciences (UASs) and in elementary schools (ESs), the performance level, strengths and weaknesses of the comprehensive SSM have not been studied. The objective of this study was to develop the comprehensive, risk based SSM of educational institutions by developing the new Asteri consultative auditing process and study its effects on auditees. Furthermore, the performance level in the comprehensive SSM in UASs and ESs were studied using Asteri and the TUTOR model developed by the Keski-Uusimaa Department for Rescue Services. In addition, strengths, development needs and differences were identified. In total, 76 educational institutions were audited between the years 2011 and 2014. The study is based on logical empiricism, and an observational applied research design was used. Auditing, observation and an electronic survey were used for data collection. Statistical analysis was used to analyze the collected information. In addition, thematic analysis was used to analyze the development areas of the organizations mentioned by the respondents in the survey. As one of the main contributions, this research presents the new Asteri consultative auditing process. Organizations with low performance levels on the audited subject benefit the most from the Asteri consultative auditing process. Asteri may be usable in many different types of audits, not only in SSM audits. As a new result, this study provides new knowledge on attitudes related to auditing. According to the research findings, auditing may generate negative attitudes and the auditor should take them into account when planning and preparing for audits. Negative attitudes can be compensated by producing added value, objectivity and positivity for the audit and, thus, improve the positive effects of auditing on knowledge and skills. Moreover, as the results of this study shows, auditing safety and security issues do not increase feelings of insecurity, but rather increase feelings of safety and security when using the new Asteri consultative auditing process with the TUTOR model. The results showed that the SSM in the audited UASs was statistically significantly more advanced than that in the audited ESs. However, there is still room for improvement in the ESs and the UASs as the approach to the SSM was fragmented. It can be assumed that the majority of Finnish UASs and ESs do not likely meet the basic level of the comprehensive, risk based the SSM.

Development of the Advisory Council's interim recommendations on the treatment of women.

"September 12, 1980."

Toimitilaturvallisuuden kehittäminen

Työn tavoitteena oli selvittää mitä toimitilaturvallisuus on, mitkä ovat kohdeyrityksen emoyhtiön vaatimukset toimitilaturvallisuudelle ja mikä on toimitilaturvallisuuden tila diplomityön kohdeyrityksessä. Samalla tarkasteltiin mahdollisuutta toimitilaturvallisuuden mittaamiselle yrityksessä. Työn teoria koskettelee aluksi riskejä ja riskienhallintaa. Yritysriskien kautta siirrytään yritysturvallisuuteen ja erityisesti sen osa-alueista toimitilaturvallisuuteen eli yrityksen fyysiseen turvallisuuteen. Toimitilaturvallisuudesta esitellään sen osa-alueet ja niiden suojauskeinoja. Myös yritysturvallisuuden johtamista, johtamisen kehittämistä, sekä tuon kehityksen seuraamista mittarein käsitellään. Teorian lisäksi esitellään emoyrityksen vaatimukset toimitilaturvallisuudelle. Empiirinen osuus toteutettiin avoimin haastatteluin ja havainnoinnin avulla. Osuudessa tarkasteltiin toimitilaturvallisuuden nykytilaa kohdeyrityksessä verraten sitä teoriaan ja emoyrityksen vaateisiin. Vaikka kohdeyrityksen toimitilaturvallisuus olikin suhteellisen hyvällä mallilla, toimintaehdotuksia eri toimitilaturvallisuuden osa-alueille saatiin useita.

El Plan Colombia o el desarrollo como seguridad: un análisis documental entre la primera versión del Plan Colombia y la definitiva

El Plan Colombia fue diseñado como un paquete de ayuda internacional para la búsqueda de la paz en un marco de colaboración multilateral. Tras una negociación bilateral de dos años entre Colombia y Estados Unidos, el Plan concentró sus objetivos en la lucha contra el narcotráfico. Este trabajo pretende mostrar en qué consistió este cambio y describir el significado de la política del Plan. Se plantea que la política está determinada por la concepción del desarrollo como seguridad (Duffield, 2001 y 2002). Para ello, se realiza un análisis comparativo documental entre el primer texto del Plan Colombia, incluido en el Plan Nacional de Desarrollo de 1998, y el texto definitivo hecho por el gobierno en el 2000. La monografía argumenta que la ayuda otorgada está determinada por la lucha internacional contra las drogas y un nuevo modelo de Estado que implica tanto replantear las relaciones sociales a nivel local como una reflexión acerca de la soberanía estatal en el marco de nuevas tendencias globales.

Securitización en el desierto: Una respuesta al terrorismo en Malí y en Níger, 2009 - 2013.

Este es un estudio sobre las dinámicas de seguridad en Malí durante el periodo de 2009 a 2013. La investigación busca explicar de qué manera se ha dado un proceso de securitización de los grupos insurgentes frente a la amenaza generada por la proliferación de grupos armados no estatales en el territorio comprendido entre Malí y Níger. Se toma a Níger con el ánimo de ver la existencia de un subcomplejo regional de seguridad entre este país y Malí. De esta manera se afirma que el aumento de las actividades insurgentes y terroristas en la zona compuesta por Malí y Níger se da por la proliferación de actores armados no estatales, entre los cuales se encuentran los grupos seculares e insurgentes Tuareg, las agrupaciones islamistas fundamentalistas y los grupos que se componen entre rebeldes Tuareg, criminales e islamistas, éstos actores han afectado la percepción que tiene Malí sobre su seguridad.

Post-conflict peacebuilding: strategies and lessons from Bosnia and Herzegovina, El Salvador and Sierra Leone

Includes bibliography

Rethinking the Conflict-Poverty Nexus: From Securitising Intervention to Resilience

We are witnessing nothing less than a revolution in international policy-thinking, with a shift from imagining that international policy-makers can solve development/ security problems through the export or transfer of policy practices or their imposition through conditionality, to understanding that problems should be grasped as emergent consequences of complex social processes which need to be worked with rather than against. This paper, prepared for the 2014 CEPA conference, focuses therefore less on the politicisation and securitisation of questions of conflict and poverty and more on the depoliticisation of questions of conflict and poverty, especially through frameworks of resilience.

Colombia como referente en la lucha contra las drogas : perspectivas de la cooperación con África Occidental

Este estudio de caso se realiza con el objetivo de analizar cómo la cooperación entre Colombia y África occidental en la lucha contra el tráfico de drogas repercute en la imagen del Estado colombiano como referente en esfuerzos antinarcóticos desde la periferia. En consecuencia, se busca conocer la forma en la cual los acuerdos bilaterales interinstitucionales, la participación en foros y la creación de una agenda internacional de lucha contra las drogas para un escenario nacional transformado, configuran la imagen del Estado colombiano. Para tal objetivo, el trabajo se desarrollará a través de los conceptos de identidad de Alexander Wendt, periferia de Mohammed Ayoob y Cooperación Sur-Sur de la Organización de Naciones Unidas y la Agencia Presidencial de Cooperación Internacional de Colombia.

The African studies course of the Instituto de Estudos Superiores Militares. An analysis of the correlations and conflictive character inside the triangle - Development, environment and security - in Africa’s Nigeria

Relatório de Estágio de Mestrado em Ciência Política e Relações Internacionais Globalização e Ambiente

Development of an investor relations strategy - Case SSH Communications Security Corp. Communications Security Corp.

Tutkimuksen tavoitteena oli muodostaa viitekehys sijoittajaviestinnän strategian muodostamiseen ja soveltaa viitekehystä käytännössä. Tutkimusongelma nousi case-yrityksestä, SSH Communications Security Oyj:stä, joka listautui vuoden 2000 lopussa. Teoreettinen viitekehys perustuu aikaisempaan kirjallisuuteen sijoittajaviestinnästä, strategian kehittämisestä ja rahoitusteoriasta. Rahoitusteorian alueet, joita käsiteltiin tutkimuksessa ovat; vapaaehtoinen tiedottaminen, markkinatehokkuus ja agenttiteoria. Tutkimuksen empiirinen osa toteutettiin soveltamalla teoreettista viitekehystä case yritykseen. Empiirisessä osuudessa käytiin läpi seuraavat vaiheet; nykyisen tilan ulkoinen ja sisäinen analyysi, tavoitteiden asettaminen ja sijoittajaviestintä strategia ehdotuksen muodostaminen case yritykseen. Tutkielman viimeinen kappale kokoaa tärkeimmät löydökset, pohtii työn teoreettista kontribuutiota ja liikkeenjohdollisia kytköksiä sekä esittää tutkimuksen herättämiä ehdotuksia jatkotutkimuksille