Search results for "Tietoturva"
showing 10 items of 184 documents
Tietoturva digitaalisella elokuva-alalla
2014
Välivaara, Ville Tietoturva digitaalisella elokuva-alalla Jyväskylä: Jyväskylän yliopisto, 2013, 35 s. Tietojärjestelmätiede, kandidaatin tutkielma Ohjaaja: Halttunen, Veikko Elokuva-alalla viime vuosina läpi lyönyt digitaalinen esitystekniikka on muokannut alaa merkittävästi. Se on tuonut mukanaan lukuisia mahdollisuuksia ja parannuksia, mutta myös aiheellisen huolen liittyen tietoturvauhkiin ja kasvaneeseen pelkoon piratismista. Tässä tutkielmassa muodostetaan kokonaiskuva elokuva-alalla käytössä olevasta tietoturva-arkkitehtuurista, tuodaan ilmi mahdollisia hyökkäyskeinoja joita laittoman elokuvakopion muodostamiseen voidaan käyttää, pohditaan nykyisen tietoturva-arkkitehtuurin heikkouks…
Examining the side effects of organizational Internet monitoring on employees
2020
PurposeInternet monitoring in organizations can be used to monitor risks associated with Internet usage and information systems in organizations, such as employees' cyberloafing behavior and information security incidents. Extant research has mainly discussed the effect of Internet monitoring in achieving the targeted goals (e.g. mitigating cyberloafing behavior and information security incidents), but little attention has been paid to the possible side effects of Internet monitoring. Drawing on affective events theory, the authors attempt to reveal that Internet monitoring may cause side effects on employees' Internet usage policy satisfaction, intrinsic work motivation and affective organ…
Kyberturvallisuus esineiden internetissä
2017
Esineiden internetin laitteiden määrä on jatkuvasti kasvussa ja niiden hyödyt koskettavat kaikkia yhteiskuntamme jäseniä. Valitettavasti samanaikaisesti myös onnistuneiden kyberhyökkäysten määrä on kasvussa ja se uhkaa esineiden inter-netin luotettavuutta. Tämän takia onkin tärkeää tutkia, minkälaisia uhkia esinei-den internet kohtaa ja kuinka näiltä uhkilta voitaisiin suojautua. Tutkielmassa käsitellään esineiden internetin laitteita, mitä kyseiset laitteet ovat, kuinka ne toi-mivat ja miten ne ovat suojattu. Tutkielma toteutettiin kirjallisuuskatsauksena ja sen lähteinä on käytetty pääsääntöisesti akateemisten julkaisujen artikkeleita. Tutkielmassa selvisi esineiden internetin kyberturval…
To Calculate or To Follow Others : How Do Information Security Managers Make Investment Decisions?
2019
Economic models of information security investment suggest estimating cost and benefit to make an information security investment decision. However, the intangible nature of information security investment prevents managers from applying costbenefit analysis in practice. Instead, information security managers may follow experts’ recommendations or the practices of other organizations. The present paper examines factors that influence information security managers’ investment decisions from the reputational herding perspective. The study was conducted using survey questionnaire data collected from 106 organizations in Finland. The findings of the study reveal that the ability and reputation …
H-KPP : Hypervisor-Assisted Kernel Patch Protection
2022
We present H-KPP, hypervisor-based protection for kernel code and data structures. H-KPP prevents the execution of unauthorized code in kernel mode. In addition, H-KPP protects certain object fields from malicious modifications. H-KPP can protect modern kernels equipped with BPF facilities and loadable kernel modules. H-KPP does not require modifying or recompiling the kernel. Unlike many other systems, H-KPP is based on a thin hypervisor and includes a novel SLAT switching mechanism, which allows H-KPP to achieve very low (≈6%) performance overhead compared to baseline Linux.
Nanovised Control Flow Attestation
2022
This paper presents an improvement of control flow attestation (C-FLAT) for Linux. C-FLAT is a control attestation system for embedded devices. It was implemented as a software executing in ARM’s TrustZone on bare-metal devices. We extend the design and implementation of C-FLAT through the use of a type 2 Nanovisor in the Linux operating system. We call our improved system “C-FLAT Linux”. Compared to the original C-FLAT, C-FLAT Linux reduces processing overheads and is able to detect the SlowLoris attack. We describe the architecture of C-FLAT Linux and provide extensive measurements of its performance in benchmarks and real-world scenarios. In addition, we demonstrate the…
HyperIO: A Hypervisor-Based Framework for Secure IO
2023
Malware often attempts to steal input and output through human interface devices to obtain confidential information. We propose to use a thin hypervisor, called “HyperIO”, to realize a secure path between input and output devices using a partial implementation of device drivers. We apply our approach using two security systems built on HyperIO: FireSafe and ClipCrypt. FireSafe is a web browser extension which allows a remote web server to display and receive sensitive user information securely. ClipCrypt enables the user to securely enter and view their confidential information in commodity Windows applications.
Protection Motivation Theory in Information Systems Security Research
2021
Protection motivation theory (PMT) is one of the most commonly used theories to examine information security behaviors. Our systematic review of the application of PMT in information systems (IS) security and the comparison with its application for decades in psychology identified five categories of important issues that have not yet been examined in IS security research. Discussing these issues in terms of why they are relevant and important for IS security, and to what extent IS research has not considered them, offers new research opportunities associated with the study of PMT and IS security threats. We suggest how future studies can approach each of the open issues to provide a new roa…
State of the Art in Information Security Policy Development
2020
Despite the prevalence of research that exists under the label of “information security policies” (ISPs), there is no consensus on what an ISP means or how ISPs should be developed. This article reviews state-of-the-art ISP development by examining a diverse sample of literature on the subject. The definition and function of an ISP is studied first, revealing a rich tapestry of different notions behind the same term. When looking at the broad picture of the research on ISP development methods, we find different phases and levels of detail. Analyzing the different views on the content, context, and strategy alignment provides for further understanding on the complexity of the matter. As an o…
Shall we follow? Impact of reputation concern on information security managers’ investment decisions
2020
Information security (infosec) is important for organizations. While budgeting for infosec is a crucial resource allocation decision, infosec managers may choose to follow other fellow experts’ recommendations or baseline practices. The present paper uses reputational herding theory to explain the decision made by infosec managers to use a “let's follow others” strategy in this context. Based on a sample of 106 organizations in Finland, we find that infosec managers’ ability to accurately predict the benefit of infosec investment, as well as their reputations, have significant effects on motivating them to discount their own information. Infosec managers’ discounting of their own informatio…