Search results for "Tietoturva"

showing 10 items of 184 documents

A secure OAuth 2.0 implementation model

2016

Pilveen tallennetaan yhä enemmän dataa ja verkkopalveluiden määrää kasvaa jatkuvasti. Tämän vuoksi käyttäjillä on yhä useammin tarve sallia kolmannen osapuolen sovelluksille pääsy verkkopalveluihin tallennettuun dataan. OAuth 2.0 valtuutuskehys pyrkii tarjoamaan avoimen ja standardoidun protokollan valtuuttamiseen. OAuth 2.0:n tietoturvallinen toteutus vaatii kuitenkin laajaa tuntemusta OAuth 2.0:n spesifikaatiosta ja verkkopalveluiden tietoturvasta yleisesti. Tämän konstruktiivisen tutkimuksen tarkoituksena on konstruktoida web-kehittäjille tietoturvallinen malli OAuth 2.0 sovelluskehyksen toteutusta varten. Tutkimuksessa tunnistetaan tietoturvallisen OAuth 2.0 toteutuksen ominaisuudet. Tä…

OAuth 2.0OAuthtietoturvavaltuutus
researchProduct

Avaimet sähköiseen kaupankäyntiin : toimikortit osana julkisen avaimen infrastruktuuria

2002

PKItietosuojaverkkokauppatoimikortitvarmuustietoturvakaupankäyntiprosessi
researchProduct

Can individuals’ neutralization techniques be overcome? A field experiment on password policy

2020

Individuals’ lack of adherence to password security policy is a persistent problem for organizations. This problem is especially worrisome because passwords remain the primary authentication mechanism for information systems, and the number of passwords has been increasing. For these reasons, determining methods to improve individuals’ adherence to password-security policies constitutes an important issue for organizations. Extant research has shown that individuals use neutralization techniques, i.e., types of rationalizations, to disregard organizational information-security policies. What has not been determined from extant information security research is whether these neutralizations c…

PasswordAuthenticationPassword policyGeneral Computer Scienceinformation securitybusiness.industryComputer scienceInternet privacytietoturvapolitiikka020206 networking & telecommunicationsContext (language use)02 engineering and technologyInformation securityneutralizationsalasanatpasswordsAuthentication (law)Password strengthinformation security policy0202 electrical engineering electronic engineering information engineering020201 artificial intelligence & image processingtietoturvabusinesshenkilöstökoulutusLawComputers & Security
researchProduct

Effects of PSD2 on security architecture of mobile banking : a review of literature

2017

This thesis aims to find out the changes that the Payment Service Directive (PSD2) will bring to the security architecture of mobile banking. PSD2 will create a situation where security mechanisms are separated from the actual banking application. Payment service providers must provide their Application Programming Interface for third party developers to give them access to authentication of payment transactions. PSD2 requires payments service providers to offer strong customer authentication with separate authentication mechanism from the banking application. This thesis found that academic literature about the security architecture of mobile banking does not provide a model where a separa…

Payment Service DirectivejärjestelmäarkkitehtuuriMobile bankingtietoturva-arkkitehtuuriverkkomaksaminenSecurity architecturePSD2mobiilipankitKirjallisuuskatsaussalausvarmenteetdirektiivitmobiilisovelluksetsovelluskehyksettietoturvakyberturvallisuusmaksupalvelutmaksupalveludirektiivi
researchProduct

Towards a Secure DevOps Approach for Cyber-Physical Systems

2020

With the expansion of cyber-physical systems (CPSs) across critical and regulated industries, systems must be continuously updated to remain resilient. At the same time, they should be extremely secure and safe to operate and use. The DevOps approach caters to business demands of more speed and smartness in production, but it is extremely challenging to implement DevOps due to the complexity of critical CPSs and requirements from regulatory authorities. In this study, expert opinions from 33 European companies expose the gap in the current state of practice on DevOps-oriented continuous development and maintenance. The study contributes to research and practice by identifying a set of needs…

Process managementComputer scienceeducationPerspective (graphical)0202 electrical engineering electronic engineering information engineeringCyber-physical system020207 software engineering02 engineering and technologytietoturvaDevOps113 Computer and information sciences020202 computer hardware & architectureInternational Journal of Systems and Software Security and Protection
researchProduct

Method Framework for Developing Enterprise Architecture Security Principles

2019

Organizations need to consider many facets of information security in their daily operations – among others, the rapidly increasing use of IT, emerging technologies and digitalization of organizations’ core resources provoke new threats that can be difficult to anticipate. It has been argued that the security and privacy considerations should be embedded in all the areas of organizational activities instead of only relying technical security mechanisms provided by the underlying systems and software. Enterprise Architecture Management (EAM) offers a holistic approach for managing different dimensions of an organization, and can be conceived as a coherent and consistent set of principles tha…

Process managementlcsh:T58.5-58.64information securitylcsh:Information technologyComputer scienceEmerging technologiesenterprise architecture managementconstructive researchtietoturvapolitiikkaEnterprise architectureInformation securityyrityksetenterprise architecture principleBody of knowledgeinformation security policyConstructive researchEnterprise Architecture Management; Enterprise Architecture Principle; Information Security; Information Security Policy; Method Framework; Constructive ResearchEnterprise architecture managementGeneral Materials SciencekokonaisarkkitehtuuritietoturvaSet (psychology)Empirical evidencemethod frameworktietojärjestelmätComplex Systems Informatics and Modeling Quarterly
researchProduct

Radiotaajuisen etätunnistuksen tietoturvaongelmat esineiden Internetissä

2016

Radiotaajuinen etätunnistus (RFID, engl. radio frequency identification) on viivakoodiin verrattavissa oleva radiotaajuuksilla toimiva etätunnistusjärjestelmä. RFID on eräs esineiden Internetin aistitason tekniikoista, ja sitä voidaan käyttää esineiden väliseen langattomaan tunnistukseen ja tiedonsiirtoon. Tutkielma esittelee tekniikkaan liittyviä tietoturvaongelmia ja mahdollisia ratkaisukeinoja. RFID-järjestelmät ovat alttiita useille hyökkäyksille, mutta niiden käytöstä voi aiheutua myös tahattomia ongelmatilanteita, muun muassa törmäyskonflikteja ja standardiongelmia. Radiotaajuisen etätunnistuksen tietoturvaongelmia voidaan pyrkiä estämään käyttämällä erilaisia tietoturvaprotokollia, j…

RFIDIoTesineiden InternetInternet of Thingsaistitasotietoturva
researchProduct

E-passin teknologiaratkaisu

2017

Tutkielmassa kerrotaan passin kehitys tavallisesta matkustusasiakirjasta e-passiksi. Työssä esitellään e-passin sovelluksen tekniset ratkaisut. Teknologiaratkaisuun kuuluu olennaisena RFID -mikrosiru ja sille tallennettu biometrinen tunniste. Tutkimuksessa selvitetään yleisemmät biometriset tunnisteet ja niiden käsittelyvaiheet. Työ on tieteellisiin artikkeleihin perustuva kirjoitelma. Yhdysvaltojen e-passiin toteutettiin RFID-tunniste ja se sai aikanaan arvostelua teknologiavalinnoista. Euroopan ja Suomen e-passien kehitykseen on vaikuttanut kokemukset Yhdysvaltojen e-passin käyttöönottoprojektista. Tutkielmassa pyritään löytämään eroja Yhdysvaltojen, Euroopan ja Suomen e-passien tietoturv…

RFIDpassitsähköiset palvelutmatkustusasiakirjattietoturvabiotunnistusyksilönsuojae-passi
researchProduct

Influence of Organizational Culture on Employees Information Security Policy Compliance in Ethiopian Companies

2021

Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' threats; conversely, insiders are responsible for most security breaches in organizations. Further, the majority of information security research findings are limited to solutions that are technically focused. However, it is now recognized that the technological approach alone does not carry the security level needed. So this led researchers to embark on socio-technical approaches. Thus, this study explores organizational culture's effect on employees' intention to comply w…

Rational Choice TheoryorganisaatiokulttuuriInformation SecuritytietoturvapolitiikkaInformation Security Policy CompliancetietoturvaOrganizational Culturerationaalisen valinnan teoria
researchProduct

ISAdetect

2020

Static and dynamic binary analysis techniques are actively used to reverse engineer software's behavior and to detect its vulnerabilities, even when only the binary code is available for analysis. To avoid analysis errors due to misreading op-codes for a wrong CPU architecture, these analysis tools must precisely identify the Instruction Set Architecture (ISA) of the object code under analysis. The variety of CPU architectures that modern security and reverse engineering tools must support is ever increasing due to massive proliferation of IoT devices and the diversity of firmware and malware targeting those devices. Recent studies concluded that falsely identifying the binary code's ISA ca…

Reverse engineeringprosessoritComputer scienceFirmware02 engineering and technologycomputer.file_formatcomputer.software_genrehaittaohjelmatInstruction setObject codeComputer engineering020204 information systemsEndianness0202 electrical engineering electronic engineering information engineeringMalwareesineiden internet020201 artificial intelligence & image processingBinary codeExecutabletietoturvacomputerProceedings of the Tenth ACM Conference on Data and Application Security and Privacy
researchProduct