O enfoque social da segurança da informação

O uso cada vez mais disseminado de sistemas informatizados integrados por meio de redes é um fato determinante da sociedade da informação. Este universo de conteúdos e continentes digitais está sujeito a várias ameaças que comprometem seriamente a segurança do complexo usuário-sistema-informação. A tecnologia da informação é capaz de apresentar parte da solução a este problema, mas não é capaz de resolvê-lo integralmente. As políticas de segurança da informação devem contemplar o adequado equilíbrio dos aspectos humanos e técnicos da segurança da informação, em contraposição aos modelos de políticas atuais, extremamente voltados às questões tecnológicas. Palavras-chave Interação social. Segurança da informação. Políticas de segurança da informação. Social approach concerning information security Abstract The ever increasing use of network-integrated information systems is an Information Society’s landmark. This universe of digital contents and media is prone to some threats that seriously compromise the security of the user-system-information relationship. Information technology can present part of this problem’s solution, but cannot solve it integrally. The information security policies must observe the balance between the human and technology issues about information security, in contrast with current policy models, extremely devoted to technological questions. Keywords Information security. Information security policies. Policy networks. Social interaction

Protocol security for third generation telecommunication systems

In this thesis, a novel protocol stack architecture is presented. The Future Core Networks System (FCNS) forms a secure reference model for use in packet-switched structures, with its applicability ranging from computer to telecommunication networks. An insight on currently used network protocol systems is given, analysing standardised sets of communication rules with respect to the security they afford to the messages exchanged. The lack of protection schemes for the internal protocol stack messages and the implementation pitfalls of their security architectures are described, in relation to the effects they have on the communication process. The OSI security model is also considered, with disadvantages identified in the placement of security functionality and its management. The drawbacks depicted for currently used systems form the motivation behind this work. The analysis of the FCNS follows, which is composed of three parts. In the first part, the FCNS communication layers are examined, with respect to the mechanisms used to establish, maintain and tear down a connection between peer entities. In the second part, the security mechanisms of the proposed reference architecture are given, including details on the FCNS keystream generator used for the security of the internal FCNS messages. Finally, the FCNS Error Protocol is depicted, illustrating the modes of operation and advantages it exhibits over currently used systems. The work then moves into presenting details of the software FCNS implementation, followed by the presentation of the results and measurements obtained by the case studies created. Comparisons are given in relation to the TCP/IP suite, to provide the means of identifying the FCNS applicability in various network environments. The work is concluded by presenting the FCNS functionality in delivering information for the UMTS, together with further work that may enhance the flexibility and use of the proposed architecture

Tailored Information Security Strategies for Financial Services Companies in Nigeria

Some financial institutions in Nigeria have not deployed strategies that mitigate cyber exploitation risks in the financial services industry. Financial institution leaders are concerned because cyber exploitation contributed to the reduction in the adult banking population to a low 38%. Grounded in the integrated systems theory of information security management, the purpose of this multiple case study was to explore strategies some financial institution leaders in Nigeria use to prevent cyber exploitations. The participants included 6 chief information security officers of 6 financial institutions. Data were collected from semistructured interviews and company and public documents. A thematic analysis identified themes to include the need to align information security plans of actions with corporate strategies, ensuring there are information security policies, processes, and procedures to guide disciplined efforts for information risk mitigation. A comprehensive risk management process can be used to determine information security strategies to ensure all risk areas are covered. This study may contribute to positive social change when a much more significant percentage of the Nigerian public use financial services because institutions adopt strategies to protect confidentiality, integrity, and availability of information

Protocol security for third generation telecommunication systems

In this thesis, a novel protocol stack architecture is presented. The Future Core Networks System (FCNS) forms a secure reference model for use in packet-switched structures, with its applicability ranging from computer to telecommunication networks. An insight on currently used network protocol systems is given, analysing standardised sets of communication rules with respect to the security they afford to the messages exchanged. The lack of protection schemes for the internal protocol stack messages and the implementation pitfalls of their security architectures are described, in relation to the effects they have on the communication process. The OSI security model is also considered, with disadvantages identified in the placement of security functionality and its management. The drawbacks depicted for currently used systems form the motivation behind this work. The analysis of the FCNS follows, which is composed of three parts. In the first part, the FCNS communication layers are examined, with respect to the mechanisms used to establish, maintain and tear down a connection between peer entities. In the second part, the security mechanisms of the proposed reference architecture are given, including details on the FCNS keystream generator used for the security of the internal FCNS messages. Finally, the FCNS Error Protocol is depicted, illustrating the modes of operation and advantages it exhibits over currently used systems. The work then moves into presenting details of the software FCNS implementation, followed by the presentation of the results and measurements obtained by the case studies created. Comparisons are given in relation to the TCP/IP suite, to provide the means of identifying the FCNS applicability in various network environments. The work is concluded by presenting the FCNS functionality in delivering information for the UMTS, together with further work that may enhance the flexibility and use of the proposed architecture.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

An alternative architectural framework to the OSI security model

In this paper an alternative framework to the OSI security model is presented. An identification of the principles governing security function assignment inside the OSI communication layers is given, followed by an analysis of the advantages of the security reference model. Also the IPsec and Stream Control Transmission Protocol (SCTP) architectures are briefly presented, illustrating their features features and usages. The disadvantages and implementation pitfalls of the presented models are then brought forward, in relation to performance and security issues. The Future Core Networks System (FCNS) is presented, which constitutes the proposed reference architecture. The features of the FCNS are given, together with an analysis of the advantages our proposal exhibits with respect to the protocols presented, followed by the software implementation of our model. Results from simulations show that FCNS offers an improvement in throughput of at least 10% in comparison with currently used communication protocol stack architectures. These throughput benefits are achieved even when the full security measures of FCNS are in operation. Finally, we present the FCNS applicability in current network systems and reveal future work. (C) 2004 Elsevier Ltd. All rights reserved