Ändra sökning
Avgränsa sökresultatet
1 - 23 av 23
RefereraExporteraLänk till träfflistan
Permanent länk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Träffar per sida
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sortering
  • Standard (Relevans)
  • Författare A-Ö
  • Författare Ö-A
  • Titel A-Ö
  • Titel Ö-A
  • Publikationstyp A-Ö
  • Publikationstyp Ö-A
  • Äldst först
  • Nyast först
  • Skapad (Äldst först)
  • Skapad (Nyast först)
  • Senast uppdaterad (Äldst först)
  • Senast uppdaterad (Nyast först)
  • Standard (Relevans)
  • Författare A-Ö
  • Författare Ö-A
  • Titel A-Ö
  • Titel Ö-A
  • Publikationstyp A-Ö
  • Publikationstyp Ö-A
  • Äldst först
  • Nyast först
  • Skapad (Äldst först)
  • Skapad (Nyast först)
  • Senast uppdaterad (Äldst först)
  • Senast uppdaterad (Nyast först)
Markera
Maxantalet träffar du kan exportera från sökgränssnittet är 250. Vid större uttag använd dig av utsökningar.
  • 1.
    Abbas, Haider
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Mikroelektronik och Informationsteknik, IMIT.
    Magnusson, Christer
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Yngström, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Hemani, Ahmed
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Mikroelektronik och Informationsteknik, IMIT.
    Analyzing IT Security Evaluation needs for Developing Countries2009Ingår i: IPID Annual Workshop 2009, Orebro, Sweden, 2009Konferensbidrag (Övrigt vetenskapligt)
  • 2.
    Abbas, Haider
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektronik- och datorsystem, ECS.
    Yngström, Louise
    Hemani, Ahmed
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektronik- och datorsystem, ECS.
    ROA Based Agile Security Evaluation of IT Products for Developing Countries2009Ingår i: IPID 4th Annual Conference 2009, London, UK, 2009Konferensbidrag (Övrigt vetenskapligt)
  • 3.
    Abbas, Haider
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektronik- och datorsystem, ECS.
    Yngström, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Hemani, Ahmed
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Elektronik- och datorsystem, ECS.
    Security Evaluation of IT Products: Bridging the Gap between Common Criteria (CC) and Real Option Thinking2008Ingår i: WCECS 2008: WORLD CONGRESS ON ENGINEERING AND COMPUTER SCIENCE, 2008, 530-533 s.Konferensbidrag (Refereegranskat)
    Abstract [en]

    Information security has long been considered as a key concern for organizations benefiting from the electronic era. Rapid technological developments have been observed in the last decade which has given rise to novel security threats, making IT, an uncertain infrastructure. For this reason, the business organizations have an acute need to evaluate the security aspects of their IT infrastructure. Since many years, CC (Common Criteria) has been widely used and accepted for evaluating the security of IT products. It does not impose predefined security rules that a product should exhibit but a language for security evaluation. CC has certain advantages over ITSEC1, CTCPEC2 and TCSEC3 due to its ability to address all the three dimensions: a) it provides opportunity for users to specify their security requirements, b) an implementation guide for the developers and c) provides comprehensive criteria to evaluate the security requirements. Among the few notable shortcomings of CC is the amount of resources and a lot of time consumption. Another drawback of CC is that the security requirements in this uncertain IT environment must be defined before the project starts. ROA is a well known modern methodology used to make investment decisions for the projects under uncertainty. It is based on options theory that provides not only strategic flexibility but also helps to consider hidden options during uncertainty. ROA comes in two flavors: first for the financial option pricing and second for the more uncertain real world problems where the end results are not deterministic. Information security is one of the core areas under consideration where researchers are employing ROA to take security investment decisions. In this paper, we give a brief introduction of ROA and its use in various domains. We will evaluate the use of Real options based methods to enhance the Common Criteria evaluation methodology to manage the dynamic security requirement specification and reducing required time and resources. We will analyze the possibilities to overcome CC limitations from the perspective of the end user, developer and evaluator. We believe that with the ROA enhanced capabilities will potentially be able to stop and possibly reverse this trend and strengthen the CC usage with a more effective and responsive evaluation methodology.

  • 4. Bakari, Jabiri Kuwe
    et al.
    Magnusson, Christer
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Tarimo, Charles N.
    Yngström, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    The mitigation of ICT risks using EMITL tool: An empirical study2005Ingår i: Security Management, Integrity, and Internal Control in Information Systems / [ed] Dowland, P; Furnell, S; Thuraisingham, B; Wang, XS, 2005, Vol. 193, 157-173 s.Konferensbidrag (Refereegranskat)
    Abstract [en]

    As the dependence on ICT in running organisations' core services is increasing, so is the exposure to the associated risks due to ICT use. In order to meet organisational objectives in ICT dependent organisations, risks due to ICT insecurity need to be addressed effectively and adequately. To achieve this, organisations must have effective means for the management of ICT risks. This involves assessment of the actual exposure to ICT risks relevant to their environment and implementation of relevant countermeasures based on the assessment results. On the contrary, in most organisations, ICT security (or ICT risk management) is perceived by the top management as a technical problem. As a result, measures for ICT risk mitigation that are ultimately put in place in such organisations tend to be inadequate. Furthermore, the traditional way of managing risks by transferring them to the insurance companies is not yet working, as it is difficult to estimate the financial consequences due to ICT-related risks. There is, therefore, a need to have methods or ways which can assist in interpreting ICT risks into a financial context (senior management language) thereby creating a common understanding of ICT risks among technical people and the management within ICT-dependent organisations. With a common understanding, it would be possible to realise a coordinated approach towards ICT risk mitigation. This paper is an attempt to investigate whether ICT risk mitigation can be enhanced using a customised software tool. A software tool for converting financial terminologies (financial risk exposure) to corresponding ICT security terminologies (countermeasures) is presented. The Estimated Maximum Information Technology Loss (EMitL) tool is investigated for its suitability as an operational tool for the above-mentioned purpose. EMitL is a tool utilised in a framework (Business Requirements on Information Technology Security BRITS) to bridge the understanding gap between senior management and the technical personnel (when it comes to ICT risk management). This work is based on an empirical study which involved interviews and observations conducted in five non-commercial organisations in Tanzania. The study was designed to establish the state of ICT security management practice in the studied organisations. The results of the study are being used here to investigate the applicability of the EMitL tool to address the observed state. The results from this study show that it is possible to customise EMitL into a usefully operational tool for interpreting risk exposure due to ICT into corresponding countermeasures. These results underline the need to further improve EMitL for wider use.

  • 5.
    Bakari, Jabiri Kuwe
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Tarimo, Charles N.
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Magnusson, Christer
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Yngstrom, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Bridging the gap between general management and technicians - A case study in ICT security2006Ingår i: Security and Privacy in Dynamic Environments / [ed] FischerHubner, S; Rannenberg, K; Yngstrom, L; Lindskog, S, NEW YORK, NY: SPRINGER , 2006, Vol. 201, 442-447 s.Konferensbidrag (Refereegranskat)
    Abstract [en]

    The lack of planning, business re-engineering, and coordination in the whole process of computerisation, is the most pronounced problem facing organisations in developing countries. These problems often lead to a discontinuous link between. technology. and the business processes. As a result, the introduced technology poses some critical risks to the organisations due to the different perceptions of the management and technical staff in viewing the ICT security problem. Ibis paper discusses a practical experience of bridging the gap between the general management and ICT technicians.

  • 6. Bakari, Jabiri Kuwe
    et al.
    Tarimo, Charles N.
    Yngstrom, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Magnusson, Christer
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Kowalski, Stewart
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Bridging the gap between general management and technicians - A case study on ICT security in a developing country2007Ingår i: Computers & security (Print), ISSN 0167-4048, Vol. 26, nr 1, 44-55 s.Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    The lack of planning, business re-engineering, and coordination in the whole process of computerisation is the most pronounced problem facing organisations. These problems often lead to a discontinuous link between technology and the business processes. As a result, the introduced technology poses some critical risks for the organisations due, in part, to different perceptions of the management and technical staffs in viewing the ICT security problem. This paper discusses a practical experience on bridging the gap between the general management and ICT technicians.

  • 7. Bakari, Jabiri Kuwe
    et al.
    Tarimo, Charles N.
    Yngström, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Magnusson, Christer
    State of ICT security management in the institutions of higher learning in developing countries: Tanzania case study2005Ingår i: 5th IEEE International Conference on Advanced Learning Technologies, Proceedings / [ed] Goodyear, P; Sampson, DG; Yang, DJT; Kinshuk, X; Okamoto, T; Hartley, R; Chen, NS, 2005, 1007-1011 s.Konferensbidrag (Refereegranskat)
    Abstract [en]

    Information and Communication Technology (ICT) is of strategic importance and essential functional requirements for many institutions of higher learning. In the developing world, ICT is achieving a breakthrough in management and teaching of online learning, which helps to cater for the increased student population. However the security of the information being processed, stored and exchanged is a growing concern to the management as the dependence on ICT for most of the institutions' core services functions is increasing. This paper discusses the current state of ICT security management practices in three institutions Of higher learning in Tanzania. The discussion includes the problems and consequences of ICT risks.

  • 8.
    Davidson, Alan
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Oja, R.
    Yngström, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    A Swedish IT forensics course - Expert opinions2009Ingår i: International Journal of Electronic Security and Digital Forensics, ISSN 1751-911X, E-ISSN 1751-9128, Vol. 2, nr 3, 322-333 s.Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    There is mounting pressure for institutes of higher education to fill society's need for qualified IT forensics practitioners. Despite that pressure, it is not clear how that need should be filled, for whom, and by whom. There are many published texts available on which one might base a course, though they are primarily written for English speaking countries. Given the differences in legal practices in different countries, and forensic's dependency on legal procedures, it is not clear how applicable such texts are to Swedish education in the subject. This paper summarises some of the ongoing work at the Department of Computer and Systems Sciences at Stockholm University where we seek to define what the primary elements of a Swedish IT forensics education should be. Interviews conducted with specialists in IT law and IT forensics indicate that there are discrepancies between how representatives from on the one hand the public legal system and on the other private enterprise view the need and the subject matter.

  • 9. Futcher, L.
    et al.
    Yngström, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    A review of IFIP TC 11 WG 11.8 publications through the ages2013Ingår i: IFIP Advances in Information and Communication Technology, 2013, 113-122 s.Konferensbidrag (Refereegranskat)
    Abstract [en]

    IFIP WG 11.8 established a series of conferences in 1999 entitled World Information Security Education (WISE). These conferences have been held every second year since then, with the eighth one being held in 2013. Not surprisingly, there has been numerous high quality papers presented and published in the WISE conference proceedings over the years. However, many of these publications are not easily accessible and are therefore not being readily cited. One of the reasons for the inaccessibility of these papers is that they have not been made widely available through either print or a well-known repository on the Web. Furthermore, a need exists to reflect on what has been done in the past in order to realize the future of these conferences and related events. In order to begin the process of addressing this need, this paper presents a review of the IFIP WG 11.8 publications through the ages. It also reflects briefly on the problems relating to the inaccessibility of these publications, the decline in paper submissions and the lack of citations.

  • 10. Karokola, Geoffrey
    et al.
    Kowalski, Stewart
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Yngström, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Secure e-government services: Towards a framework for integrating IT security services into e-government maturity models2011Ingår i: 2011 Information Security for South Africa - Proceedings of the ISSA 2011 Conference, 2011Konferensbidrag (Refereegranskat)
    Abstract [en]

    e-Government maturity models (eGMMs) lack security services (technical and socio/non-technical) in its critical maturity stages. The paper proposes a comprehensive framework for integrating IT security services into eGMM critical stages. The proposed framework is a result of integrating information security maturity model (ISMM) critical levels into e-government maturity model (eGMM) critical stages. The research utilizes Soft Systems Methodology (SSM) of scientific inquiry adopted from Checkland and Scholes. The paper contributes to the theoretical and empirical knowledge in the following ways: firstly, it introduces a new approach that shows how government's can progressively secure their e-government services; secondly, it outlines the security requirements (technical and non-technical) for critical maturity stages of eGMM; and thirdly, it enhances awareness and understanding to the governments and stakeholders such as practitioners, experts and citizens on the importance of security requirements being clearly defined within eGMM critical stages.

  • 11. Karokola, Geoffrey
    et al.
    Yngström, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    State of e-Government Development in the Developing World: Case of Tanzania - Security vie2009Ingår i: PROCEEDINGS OF 5TH INTERNATIONAL CONFERENCE ON E-GOVERNMENT / [ed] Lavin M, NR READING: ACADEMIC CONFERENCES LTD , 2009, 92-100 s.Konferensbidrag (Refereegranskat)
    Abstract [en]

    Given the fact that more governments are heavily investing in implementing and use of e-government applications - the major concern has always been on how to ensure secure prevention, detection and recovery of critical information being stored, processed, and transmitted between domains (government, business, and citizens). Traditionally, interactions between government, business communities and citizens require a physical visit to the government offices - hence little threats to paper based information assets; while with the advent of e-government application - it is possible to virtually locate the service closer to citizens - hence create needs for security. As part of an ongoing research on e-government security maturing for developing world - the current state of e-government development along with specific security issues and challenges is presented; where Tanzania is taken as a case study. The study involved six institutions located in the area, namely: President's Office, Public Service Management (PO-PSM) - responsible for administration of Tanzanian public sector; Prime Minister's Office, Regional Administration and Local Government (PMO-RALG) - responsible for instilling good governance to all level of local governments; Ministry of Lands, Housing and Human Settlements Development (MLHHSD) - responsible for land management; and Ministry of Finance and Economic Affairs (MoFEA) - responsible for manages the overall revenue, expenditure and financing of the Government. Others are Tanzania Revenue Authority (TRA) - agency responsible for government revenue collection; and the Tanzania Ports Authority (TPA) - responsible for all ports and cargo management. In the process, we used Systemic-Holistic-Approach (SHA) to explicitly investigate, evaluate, and analyze the specific security (technical and non-technical) related issues and challenges. The findings were: the level of security awareness among IT and non-IT staff; level of e-government application protection; and level of Security technical threats and nontechnical threats - 63%, 30%, 54%, 45%, 55%; 65%, 20%, 51%, 50%, 60%; and 60%, 23%, 53%, 48%, 54%; for PO-PSM; PMO-RALG; and MLHHSD respectively. Similarly the findings for MoFEA; TRA; and TPA were - 67%, 33%, 55%, 58%, 60%; 73%, 40%, 74%, 68%, 76%; and 70%, 20%, 70%, 65%, 73% respectively. Also the findings shows that to enhance security for e-government application - e-government development models need to have built in stage-wise security layers. Therefore, as most of developing countries are at their infant stages of e-government development - developers of e-government maturity models should explicitly consider integrating security as part of the model's critical requirements at all stages. This will not only ensure security for e-government critical information but also strengthen the level of trust between government and citizen.

  • 12. Karokola, Geoffrey
    et al.
    Yngström, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Kowalski, Stewart
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Secure e-government services: A comparative analysis of e-government maturity models for the developing regions - The need for security services2012Ingår i: International Journal of Electronic Government Research, ISSN 1548-3886, Vol. 8, nr 1, 1-25 s.Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    E-Government offers many benefits to government agencies, citizens and the business community. However, e-Government services are prone to current and emerging security challenges posing potential threats to critical information assets. Securing it appears to be a major challenge facing governments globally. Based on the international security standards - the paper thoroughly investigates and analyzes eleven e-government maturity models (eGMMs) for security services. Further, it attempts to establish a common frame of reference for eGMM critical stages. The study utilizes the Soft Systems Methodology (SSM) of scientific inquiry/ learning cycle adopted from Checkland and Scholes. The findings show that security services (technical and non-technical) are lacking in eGMMs - implying that eGMMs were designed to measure more quantity of offered e-government services than the quality of security services. Therefore, as a step towards achieving secure e-government services the paper proposes a common frame of reference for eGMM with five critical stages. These stages will later be extended to include the required security services.

  • 13.
    Magnusson, Christer
    et al.
    KTH, Tidigare Institutioner, Data- och systemvetenskap, DSV.
    Yngström, Louise
    KTH, Tidigare Institutioner, Data- och systemvetenskap, DSV.
    Method for insuring IT risks2004Konferensbidrag (Refereegranskat)
    Abstract [en]

    This paper explains in detail the method behind the insurance database Estimated Maximum information technology Loss (EMitL). The database has been a crucial tool to make it possible to insure IT perils. It helps to insure IT-perils financially in the same professional way as consequences of traditional perils like fire, flood, and robbery are insured, and thereby secures shareholders' investments. EMitL estimates the security awareness in an existing IT-platform. Based on that information, existing security measures can be "priced" as they may reduce the estimated maximum loss figures - and thereby the costs for the insurance. In addition, a more cost-effective decision can be made on additional security measures. Furthermore, the costs for the loss exposure inherent in a business service/product can be estimated in a better way, and thereby be incorporated in the product's price. The IT insurances are based on the traditional industries' classes: Liability, Loss of Property, and Business Interruption. The insurance class Liability is divided into insurance policies for: Business Interruption, Fraud and Embezzlement, Robbery and Theft, Defamation, Infringement of Privacy, and Infringement of code, trademark etc. The insurance policies in the class Loss of Property are: Fraud and Embezzlement, and Robbery and Theft. The database EMitL layers insurance covers, which is a common method in the insurance industry. This means that the insurance policies are layered according to the amount of financial cover they provide. The insurance levels relate and are converted to security levels. These levels are built on the IT security properties Integrity, Availability and Confidentiality, and are utilized differently, depending on the insurance level and the type of insurance policy. The properties and the levels constitute the base of the Security Polices produced by EMitL; they are used for the estimation of security awareness and as terms of insurance.

  • 14.
    Mwakalinga, G Jeffy
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT).
    Kowalski, Stewart
    KTH, Skolan för informations- och kommunikationsteknik (ICT).
    Yngström, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT).
    Methodology for considering environments and culture in developing information security systems2009Ingår i: ISSA 2009 Conference Proceedings, 2009Konferensbidrag (Refereegranskat)
    Abstract [en]

    In this paper, we describe a methodology for considering culture of users and environments when developing information security systems. We discuss the problem of how researchers and developers of security for information systems have had difficulties in considering culture of users and environments when they develop information security systems. This has created environments where people serve technology instead of technology serving people. Users have been considered just as any other component in an information system, which has resulted in having efficient technical controls but inadequate social controls for security. In this paper, we propose a holistic and immune security framework that considers culture of users and system environments in developing information security systems.

  • 15.
    Mwakalinga, G Jeffy
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT).
    Yngström, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT).
    Framework for Securing Mobile Software Agents2006Ingår i: Proceedings of the ISSA 2006 from Insight to Foresight Conference, ACM Sigmod , 2006Konferensbidrag (Refereegranskat)
    Abstract [en]

    Information systems are growing in size and complexity making it infeasible for human administrators to manage them. The aim of this work is to study ways of securing and using mobile software agents to deter attackers, protect information systems, detect intrusions, automatically respond to the intrusions and attacks, and to produce recovery services to systems after attacks. Current systems provide intrusion detection, prevention, protection, response, and recovery services but most of these services are manual and the reaction time is usually from a number of hours to days depending on the complexity of the systems. There are efforts of using mobile software agents to provide these services automatically, thereby reducing reaction time, but the technology is not widely accepted due to security issues of mobile agents.

    In this work, we have created a framework for securing mobile software agents in information systems. Communication security between platforms, protection of the baggage carried by agents, and protection of agents are provided. The framework has five components: deterrence, protection, detection, response and recovery sub-systems. The framework has been partially implemented and has an interface for administrators, monitored systems, NIST vulnerability database, patches‘ database, sensors, and Secure Mobile agents Run-Time System. This framework provides security for mobile agents at different levels and this increases trust in agents‘ technology. The response time, after intrusions are detected, is shortened. The framework helps systems to adapt by improving the performance of new generations of agents.

  • 16.
    Mwakalinga, G. Jeffy
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT).
    Yngström, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT).
    Integrated Security System for E-Government based on SAML Standard2004Ingår i: Proceedings of Information Security South Africa ISSA2004, 2004Konferensbidrag (Refereegranskat)
    Abstract [en]

    This paper describes an integrated security system for electronic-government services. Many governments are transforming manual government services to electronic government services. This transformation is in most cases done without involving users of the services. This makes users of these services have little trust in the e-government. Security is in most cases not addressed from the early stages of e-government development. Some governments depend on security solutions from private vendors and these governments do not have full control of security. E-government services have different levels of classification and so they require different types of authentication and authorization methods. Most e-government systems today use one form of authentication in all types of services without considering the different sensitivity levels. All countries have different levels of e-literacy and users with low levels of e-literacy do not understand some of today‘s e-government security systems. This security system provides multiple authentication methods. Some e-government services require simple authentication while other highly classified transactions demand strong authentication. This security system provides multiple authorization schemes, information integrity schemes and digital signature schemes. These schemes can be configured to accommodate different e-literacy levels. The system integrates a registration system, a certification system, an authorization system, and a smart card system. It bases on the Security Assertion Markup Language (SAML) standard, which is an XML-based framework for exchanging security information. The system can be integrated in existing e-government systems and can be built-in in new e-government systems. Information of different levels of classification can be stored in same websites and can be accessed through multiple authentication and authorization methods. This system enables the society to perform secure e-government transactions and accommodates different e-literacy levels.

  • 17.
    Mwakalinga, G. Jeffy
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT).
    Yngström, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT).
    Securing Mobile Agents for Survivable Systems2005Ingår i: Proceedings for the Internatioinal Information technnology conference IITC2005, 2005Konferensbidrag (Refereegranskat)
    Abstract [en]

    We have what we have today because of the decisions and actions that we made in the past. Our lives and computer technology in the future will depend on the decisions and actions we make today about them. In future, it is very likely that we will be walking with Web servers in mobile phones, PDAs, or MP3 players or in whatever devices. There will be so much information from banks, insurance, government, health, nursery, and schools requiring instant response that will necessitate people to carry Web servers. People will be required to make different authorization and privacy decisions, which cannot wait. The amount of information and actions can necessitate the need for helping hands in the form of mobile software agents, which are forms of non-human computer secretaries. These can be used in diverse business areas like auctions, contract negotiations, stock trading, and money transfer. These agents will need to carry information and perform transactions securely. How do we secure software mobile agents? In this paper, we describe ways of securing mobile agents for survivable systems. We describe ways of protecting mobile agents and the information that they carry

  • 18.
    Mwakalinga, G. Jeffy
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT).
    Yngström, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT).
    Sketch of a Generic Security Framework based on the Paradigms of Systemic-Holistic Approach and the Immune System2005Ingår i: Proceedings for the Information Seurity South Africa conference ISSA2005, 2005Konferensbidrag (Refereegranskat)
    Abstract [en]

    Everything that we see can be changed. Internet is vulnerable because it was not designed as awhole system. This can be changed by changing the way we think and approach the developmentof Internet. Initial development of the Internet and other systems focused only on computertechnology and communication’s protocols. Many systems are not secure today because mostresearch has concentrated on securing parts of the systems. Hence, we can change this by viewingsecurity of Internet and other systems holistically, by focusing not just on technology and protocolsbut by considering system’s environments, people using the systems, future of systems and otherfactors. In this paper we view and approach security of systems holistically. We discuss andsuggest a methodology of securing systems based on the paradigms of the Immune system and theSystemic-Holistic approach. The Immune system is used to protect human bodies from for instancedifferent types of viruses. The Systemic-holistic approach views and studies a system as a whole orin details at the theoretical, design, or the implementation level. It takes into considerationstechnical and non-technical aspects and the system’s environment. The generic security frameworkhas been created for using functions inspired by the immune system and the systemic-holisticapproach paradigms to secure systems. The framework contains the deterrence, protection,detection, response and recovery sub-systems. These sub-systems will be generically protectingboth at the border and internally in the system. This methodology will improve the way we designsecurity systems by generically considering different factors and people using the system.

  • 19.
    Mwakalinga, G. Jeffy
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT).
    Yngström, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT).
    Kowalski, Stewart
    KTH, Skolan för informations- och kommunikationsteknik (ICT).
    A Holistic and Immune System inspired Security Framework2009Ingår i: International Conference on Information Security and Privacy (ISP-09), 2009Konferensbidrag (Refereegranskat)
    Abstract [en]

    This paper presents a Framework for adaptive information security systems for securing information systems. Information systems today are vulnerable and not adaptive to the dynamic environments because initial development of these systems focused on computer technology and communications protocol only. Most research in information security does not consider culture of users, system environments and does not pay enough attention to the enemies of information systems. As a result, users serve technology instead of technology serving users. We apply the Systemic-Holistic Approach, the living systems theory, the Immune system, Systems theory, Cybernetics, and Socio-Technical systems to provide adaptability features, to consider culture of users and system environments in developing and designing information security systems. We apply socio-technical measures to secure the weak links in information security systems that have been created by culture of users. This security framework will help researchers and designers consider not only communication protocols and technology but also values of people like culture, legal, and traditions; environments where information systems run; and adaptive features in information security systems

  • 20.
    Mwakalinga, Jeffy
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Kowalski, Stewart
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Yngström, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Secure E-learning using the Holistic and Immune Security Framework2009Ingår i: The 4th International Conference for Internet Technology and Secured Transactions, 2009, 189-196 s.Konferensbidrag (Refereegranskat)
    Abstract [en]

    This paper describes how to secure e-learning systems by applying the Holistic and Immune Security Framework. E-learning has great potential for developing communities but security of e-learning systems has not been fully addressed. We have developed a security framework that considers culture of users and environments where information systems operate. We apply the holistic approach to secure e-learning systems. The holistic and immune security framework is a function of the deterrence, prevention, detection, response, and recovery system. The security framework makes an E-learning system learn to adapt to environments and to culture of users. We apply the principles of immune system to secure E-learning systems. We describe how to secure the weak links that are created by culture of users in E-leaning systems.

  • 21.
    Mwakalinga, Jeffy
    et al.
    KTH, Skolan för informations- och kommunikationsteknik (ICT).
    Yngström, Louise
    Integrated security administration in a global information system: From Research to Reality2004Ingår i: Proceedings of the International Information Technology Conference, 2004Konferensbidrag (Refereegranskat)
    Abstract [en]

    This paper describes an integrated security administration for global organizations and electronic government systems. It integrates certification systems, authorization systems, registration systems and smart card systems. Many organizations today are having departments all over the world. Employees, employers and customers have to access information located in different countries. This complicates management of security systems for the organizations. The challenges that the organization face include providing authentication, authorization, protection of information, non-repudiation, integrity, privacy and other security services in the global environment. Today, organizations usually install certification, authorization, smart card, and registration systems and apply them separately without sharing common data and without any common security administration procedures. Thus, a new employee or citizen, who needs registration services, a smart card, a public key certificate, and authorization attributes must usually identify her multiple times and must perform registration procedure at four different administration stations. In this research, we designed an integrated security administration procedure for all four-security systems, where we register users only once and the four security systems share all relevant security data and procedures. Therefore, the new integrated security administration is more efficient than existing procedures and it is simpler to manage and saves administration costs. This system bases on the Security Assertion Markup Language (SAML). SAML is an XML-based framework for exchanging security information. The research has achieved two goals: functional integration of data and security administration procedures and visual integration through a common security administration interface. These results are of high interest and importance when managing different components of an integrated security system.KEYWORDSPKI System, authorization, SAML, Directory system, smart card system, certification authority and attribute authority

  • 22.
    Yngström, Louise
    KTH, Tidigare Institutioner, Data- och systemvetenskap, DSV. Stockholm University, Sweden.
    An holistic approach to an international doctoral program2004Ingår i: Information security management, education and privacy: IFIP 18th World Computer Congress : TC11 19th International Information Security Workshops, 22-27 August 2004, Toulouse, France, Springer-Verlag New York, 2004, 117-132 s.Konferensbidrag (Refereegranskat)
    Abstract [en]

    The paper discusses forms and structures for an international doctoral program with specialization in information security and information assurance based on an analysis of international educational efforts in the area 1995-2003. The presentation underlines the need for holistic approaches to the IT security area and presents, as an example, the Systemic-Holistic Approach, SHA.

  • 23.
    Yngström, Louise
    KTH, Skolan för informations- och kommunikationsteknik (ICT), Data- och systemvetenskap, DSV.
    Can we tune information security management into meeting corporate governance needs?: (invited paper)2005Ingår i: SECURITY MANAGEMENT, INTEGRITY, AND INTERNAL CONTROL IN INFORMATION SYSTEMS / [ed] Dowland, P; Furnell, S; Thuraisingham, B; Wang, XS, 2005, Vol. 193, 237-245 s.Konferensbidrag (Refereegranskat)
    Abstract [en]

    This paper intends to stimulate discussion, research and new points-of-action for IS/IT security management from the background of corporate governance, contemporary debates of how to express observable consequences of IT and IT security, and of didactic issues. It is concluded that empirical research within IT security management is rare as compared to theoretical approaches but needed in order to have IS/IT security management on par with general management.

1 - 23 av 23
RefereraExporteraLänk till träfflistan
Permanent länk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf