Página 1 dos resultados de 1274 itens digitais encontrados em 0.016 segundos

Development of an information security awareness training program for the Royal Saudi Naval Forces (RSNF)

Alageel, Sami M.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado
Relevância na Pesquisa
46.16%
Approved for public release; distribution is unlimited; The Royal Saudi Naval Forces (RSNF) are vulnerable to the same kinds of threats to its information infrastructure as the rest of the industrialized nations. As an officer in the RSNF, I am familiar with the special information assurance needs and interests of my organization, and thus, I am in a position to leverage my formal Information Technology Management (ITM) education to address these needs. The United States has played a prominent lead role in establishing many educational curriculums in the area of information assurance (IA). Though the breadth and depth of educational curriculum and resource materials (i.e., universities, certification programs, computer-based training, Web content, etc.) is impressive; the shear volume can be overwhelming and intimidating to the novice. What is needed is a methodical survey of the main IA themes that are currently emphasized by the most prominent and respected institutions offering IA training and education. This survey needs to be cross-referenced to identify core areas, and any other didactic information (e.g., models, rules, best practices, etc.) that might prove useful in developing the final training product for the RSNF.

Design and analysis of a model reconfigurable cyber-exercise laboratory (RCEL) for information assurance education

Guild, R. James
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado
Relevância na Pesquisa
46.04%
Approved for public release, distribution is unlimited; This thesis addresses the need to create a flexible laboratory environment for teaching network security. For educators to fully realize the benefit of such a facility, proto-type exercise scenarios are also needed. The paper is based on a model laboratory created at the Naval Postgraduate School. The initial configuration of the NPS lab is described. The work then develops a list of learning objectives achievable in the RCEL. Six proto-type cyber-exercise scenarios are presented to supplement the RCEL description. The activities within each potential scenario are described. The learning objectives met during each scenario are shown. This work demonstrates how a variety of potential RCEL exercises can supplement traditional information assurance education delivery techniques.

Implementation of information assurance risk management training into existing the Navy training pipelines

Labert, Matthew J.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado
Relevância na Pesquisa
56.35%
Approved for public release, distribution is unlimited; With the implementation and continuing research on information systems, such as Information Technology for the 21st Century (IT-21), Navy-Marine Corps Intranet (NMCI), and "Network-Centric warfare," there is little doubt that the Navy is becoming heavily dependent on information and information systems. Though much has been accomplished technically to protect and defend these systems, an important security issue has thus far been overlooked-the human factor. Information Assurance Risk Management (IARM) was a proposal to standardize the way DON personnel discuss, treat, and implement information assurance. IARM addresses the human security aspect of information and information systems in a regimented way to be understandable through all levels of the DON. To standardize the way DON personnel perceive information assurance, they must be taught what IARM is and how to use it. Can an IARM course be implemented in the DON, and if so at what level and to whom should it be taught?

Supporting the Education of Information Assurance with a Laboratory Environment

Clark, Paul C.
Fonte: Proceedings of the 1st Symposium on Requirements Engineering for Information Security Publicador: Proceedings of the 1st Symposium on Requirements Engineering for Information Security
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
56.3%
Too many students are graduating from colleges and universities without taking a single course in information assurance. The need for students to receive more and better education in information assurance is undisputed. For those educational institutions already requiring and/or teaching such courses, the educational experience can be greatly enhanced with a supportive laboratory environment where carefully chosen hands-on tutorials or exercises can be assigned to support the material being presented in the classroom. This paper describes the experiences of supporting information assurance exercises and tutorials at the Naval Postgraduate School. Recommendations are provided so that others may learn from the experience.

Information Assurance Capacity Building: A Case Study

Falby, Naomi; Fulp, J.D.; Clark, Paul C.; Cote, R. Scott; Levin, Timothy E.; Rose, Matthew; Shifflett, Deborah; Irvine, Cynthia E.; Dinolt, George W.
Fonte: IEEE Publicador: IEEE
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
46.25%
Despite an urgent need to protect information in computer systems critical to business and government, the inadequacy of many security products combined with overmarketing and overstated claims leaves information managers with nowhere to turn. Cyber security education is needed to provide a population of individuals who can make sound choices for the operation and acquisition of information protection. A prerequisite is an adequate population of educators. We describe workshops intended to help educators new to the area of Information Assurance. The multiple objectives are: to identify key foundational topics to educators, to teach lessons learned regarding topics difficult to convey to students, and to create a sense of community among Information Assurance educators.

A computational model and multi-agent simulation for information assurance

VanPutte, Michael A.
Fonte: Monterey, California. Naval Postgraduate School. Publicador: Monterey, California. Naval Postgraduate School.
Relevância na Pesquisa
46.09%
Approved for public release, distribution is unlimited.; This dissertation introduces a computational model of IA called the Social-Technical Information Assurance Model (STIAM). STIAM models organizations, information infrastructures, and human actors as a complex adaptive system. STIAM provides a structured approach to express organizational IA issues and a graphical notation for depicting the elements and interactions. The model can be implemented in a computational system to discover possible adaptive behavior in an IA environment. A multi-agent simulation is presented that introduces several innovations in multi-agent systems including iconnectors, a biologically inspired visual language and mechanism for inter-agent communications. The computational model and simulation demonstrate how complex societies of autonomous entities interact. STIAM can be implemented as a hypothesis generator for scenario development in computer network defensive mechanisms.

United States Army Land Mobile Radio communication system: impacts of information assurance on Commercial Off-The-shelf systems

Chaney, William D.; Paolercio, Adrianne L.; Corzine, Mark
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Relevância na Pesquisa
46.09%
Joint Applied Project; This Joint Applied Project examined the technical, operational and programmatic implementation of Information Assurance (IA) as it relates to the Commercial-Off-the-Shelf (COTS) Land Mobile Radio (LMR) program within the United States (U.S.) Army. This project provides an overview of the LMR system, its capabilities and technical requirements, as well as the IA processes and requirements. The project then examines the technical aspects and impacts of implementing the IA requirements on the LMR system with possible interoperability with the Global Information Grid (GIG). As a result of this project, the U.S. Army will have a better understanding of the impact of IA on fielded LMR systems and its future impact to critical communications.

Center for Information Systems Security Studies and Research (CISR) Projects / HASP Program

Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Artigo de Revista Científica
EN_US
Relevância na Pesquisa
46.22%
This program provides a unifying conceptual framework and management structure for long range planning and coordination of focused Information Assurance research projects. The primary program goal is to support the strengthening of assurance provided by the National Information Infrastructure. Our approach includes the research and development of high assurance networks, systems, components and tools, and the open dissemination of outputs from those efforts, such as code and documentation.

Information assurance as a system of systems in the submarine force

Morgan, Mark R.
Fonte: Monterey California. Naval Postgraduate School Publicador: Monterey California. Naval Postgraduate School
Tipo: Tese de Doutorado
Relevância na Pesquisa
46.11%
Approved for public release; distribution is unlimited; There are significant gaps in the United States Navy Submarine Forces ability to integrate and manage Information Assurance requirements (IA), Information Technology (IT) manpower, End-to-End security, IT equipment, IT training, and applicable documentation that meet the intent of the Design for Undersea Submarine Warfare initiative promulgated in July 2011. Furthermore, the Submarine Force lacks common criteria for IA integration as a system of systems. IT operators and system administrators must understand the concept of end-to-end security. Senior leadership should understand the end-to-end security concept so as to understand the cause and effect on overall ship mission and vulnerabilities. Organizational governance must raise the level of awareness as to network security protection. Training, personnel, and equipment, should connect with ethics and security practices for total End-to-End Security. A paradigm shift in watchstanding must take place. Information Technician Submarines (ITS) duties are no longer a collateral duty. Submarine communications division and ITS division merging has the potential to solve the manning and watchstanding challenges. Senior enlisted leadership and senior communications officer leadership should take the lead on this merger...

Automating information assurance for cyber situational awareness within a smart cloud system of systems

Teo, Kuan Wei Edmund
Fonte: Monterey, California: Naval Postgraduate School Publicador: Monterey, California: Naval Postgraduate School
Tipo: Tese de Doutorado
Relevância na Pesquisa
46.24%
Approved for public release; distribution is unlimited.; In a world in which data is being generated in increasing large volumes and is easily accessible to multiple users in a cloud environment, there is a need to maintain situational awareness and information assurance of the data, ensuring the data is being monitored for vulnerabilities. This is especially crucial for military operations where the information being used to support the mission is confidential and readily available throughout the mission. It is essential to maintain the integrity of that information. The need is even more critical when data is being used to help save lives in natural disaster situations. A trio system concept within an enterprise/cloud network is developed in this research to provide situational awareness and command and control abilities to users, for detecting possible cyber attacks on network and computing resources, and maintaining confidentiality, integrity, and availability of critical data within the network. A systems engineering approach was used to develop and propose the solution to ensure information assurance and cyber situational awareness within a smart cloud of system of systems. This thesis provides system diagrams of the proposed architecture focusing on one of the systems using IDEF0 diagrams...

Unmanned Tactical Autonomous Control and Collaboration threat and vulnerability assessment

Batson, Louis T., V; Wimmer, Donald R., Jr.
Fonte: Monterey, California: Naval Postgraduate School Publicador: Monterey, California: Naval Postgraduate School
Tipo: Tese de Doutorado
Relevância na Pesquisa
56.22%
Approved for public release; distribution is unlimited; Information systems designed and developed without considering security and potential threats create avoidable risks to the United States and the Department of Defense (DOD). Unmanned Tactical Autonomous Control and Collaboration (UTACC) is a ground-breaking and original approach to using systems autonomy to augment and improve the intelligence, surveillance, and reconnaissance process. However, UTACC will fail to accomplish that task if the system is not built with security in mind from the outset. To improve the security of UTACC, this thesis conducts an analysis to identify threats and vulnerabilities in the system’s concept. The goal of this analysis was to mitigate threats and enable mission success to UTACC-supported missions. During the initial research, a framework for threat and vulnerability analysis was developed based on The National Institute of Standards and Technology’s (NIST) Risk Management Framework (RMF) and DOD’s Information Assurance Certification and Accreditation Process (DIACAP). This framework was used to create a threat template to analyze each threat facing UTACC and UTACC’s inherent vulnerabilities. The templates also include technical and non-technical security control strategies to mitigate each of the vulnerabilities within UTACC.; Captain...

Scenario selection and student assessment modules for CyberCIEGE

Teo, Tiat Leng
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xvi, 109 p. : ill. (some col.)
Relevância na Pesquisa
46.09%
Approved for public release, distribution is unlimited; CyberCIEGE aims to provide an Information Assurance (IA) teaching/learning Laboratory in the form of an interactive, entertaining, commercial-grade PC-based computer game. Each game plays as a single scenario that serves to teach a particular IA concept. However, more synergy can be gained if there is higher-order organization of these scenarios, such as by grouping around a set of desired concepts to be taught, or by increasing the complexity of the scenarios built around a common theme. This thesis aims to provide an instructor tool for this purpose. In addition, by tapping the CyberCIEGE event log files generated at the end of each game, we can reconstruct the game progress to support After Action Reviews (AAR) to assist the instructor and student to analyze game decisions and the student's progress. This provides a constructive follow-up to review and reinforce the concepts being taught.; Civilian, Singapore

A CYBERCIEGE campaign fulfilling Navy information assurance training and awareness requirements

Cone, Benjamin D.
Fonte: Monterey, California. Naval Postgraduate School Publicador: Monterey, California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xvi, 262 p. : ill. (col.) ;
Relevância na Pesquisa
66.16%
The broad use of information systems within organizations has led to an increased appreciation of the need to ensure that all users be aware of basic concepts in Information Assurance (IA). The Department of Defense (DOD) addressed the idea of user awareness in DOD Directive 8750.1. This directive requires that all users of DOD information systems undergo an initial IA awareness orientation followed by annual refresher instruction. This thesis created a CyberCIEGE campaign for the Naval Postgraduate School's CyberCIEGE project that will fulfill Navy requirements to meet DOD Directive 8750.1. The first portion of this thesis is an analysis of four IA programs and products. Requirements for Navy IA awareness and training products were developed from this analysis. The second part of this thesis is a description of two CyberCIEGE scenarios that were created to fulfill these requirements. The first scenario focuses on basic IA awareness and emphasizes information that the Navy should reinforce. The scenario is intended for all users of Navy information systems. The second scenario is intended for technical users and addresses more advanced concepts and technical considerations. The technical user scenario emphasizes skill application and problem solving.

Network vulnerability assessments: a proactive approach to protecting Naval medicine information assets

Reinkemeyer, Steven
Fonte: Monterey California. Naval Postgraduate School Publicador: Monterey California. Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xviii, 101 p. : ill. (some col.)
Relevância na Pesquisa
66.15%
Approved for public release, distribution is unlimited; The purpose of this study was to determine whether Naval Medicine's current Information Assurance Policy and resultant efforts properly address federal requirements or current threats confronting Naval Medicine information technology professionals. The primary research was conducted with a survey instrument detailing thirty questions with various response categories. The findings of the survey questionnaire revealed the existing numbers of previously compromised systems were directly related to the frequency of vulnerability scanning and remediation practices in the current threat environment. This study will provide insight to anyone interested in the future assessment of Naval Medicine's information security posture. These findings have important implications for command personnel charged with the responsibility and accountability of Naval Medicine's networks and data systems, as well as other communities throughout the Navy.; Lieutenant, United States Navy

Responding to the threat of cyberterrorism through information assurance

Ogren, Joel G.; Langevin, James R.
Fonte: Monterey, California: Naval Postgraduate School Publicador: Monterey, California: Naval Postgraduate School
Tipo: Tese de Doutorado Formato: xiii, 76 p.;28 cm.
EN_US
Relevância na Pesquisa
46.3%
Approved for public release, distribution unlimited.; The number of people connecting to the Internet is growing at an astounding rate: estimates range from 100% to 400% annually over the next five years. This unprecedented level of interconnectedness has brought with it the specter of a new threat: cyberterrorism. This thesis examines the impact of this threat on the critical infrastructure of the United States, specifically focusing on Department of Defense issues and the National Information Infrastructure (NII). A working definition for cyberterrorism is derived, and a description of the Nation's critical infrastructure is provided. A number of possible measures for countering the threat of cyberterrorism are discussed, with particular attention given to the concept of information assurance. Information assurance demands that trustworthy systems be developed from untrustworthy components within power generation systems, banking, transportation, emergency services, and telecommunications. The importance of vulnerability testing (or red teaming) is emphasized as part of the concept of information assurance. To support this, a cyberterrorist red team was formed to participate in the Marine Corps' Urban Warrior Experiment. The objective of this thesis is to address the impact of these issues from a Systems Management perspective. This includes taking into account the changes that must occur in order to improve the U.S.' ability to detect...

A Security Simulation Game Scenario Definition Language

Falby, Naomi; Thompson, Michael F.; Irvine, Cynthia E.
Fonte: IEEE Publicador: IEEE
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
46.27%
The Center for the Information Systems Studies and Research (CISR) at the Naval Postgraduate School has established a broad program in computer and network security education. The program, founded on a core in traditional computer science, is extended by a progression of specialized courses and a broad set of information assurance research projects. A CISR objective has been improvement of information assurance education and training for the U.S. military and government. Pursuant to that objective, CISR is developing a computer simulation game, CyberCIEGE, to teach computer security principles. CyberCIEGE players construct computer networks and make choices effecting the ability of these networks and the game's virtual users to protect valuable assets from attack by both vandals and well-motivated Professionals [1]. A key CyberCIEGE innovative is a scenario definition language that permits educators to generate many different security scenarios, each playable as an independent game. Every scenario includes a briefing that describes an enterprise (e.g., a business that depends on the secrecy of proprietary information) and gives the player information about what must be done to help make the enterprise successful. The scenario language is used to define a set of users and assets. Users are typically enterprise employees whose productive work makes money for the enterprise. Assets are various kinds of information required for user productivity. Example assets are secret formulas...

CyberCIEGE: An Extensible Tool for Information Assurance Education

Irvine, Cynthia E.; Thompson, Michael F.; Allen, Ken
Fonte: Rivermind, Inc. Publicador: Rivermind, Inc.
Tipo: Artigo de Revista Científica
Relevância na Pesquisa
46.42%
Good security is not intrusive and can be almost invisible to typical users, who are often unaware of or take it for granted. However, good security practice by user populations is a critical element of an organization's information assurance strategy. This is reflected in government information assurance teaching mandates such as DoD Directive 8570.1, which outlines objectives and requirements for information assurance (IA) education, training and awareness. Although mundane education, training and awareness programs may temporarily raise user interest, for many, mandatory education is considered a distracting waste of time. A new approach is needed to convey IA concepts that will engage the user�s imagination. CyberCIEGE*+ is an innovative computer-based tool to teach information assurance concepts. The tool enhances information assurance education and training through the use of computer gaming techniques. In the CyberCIEGE virtual world, students spend virtual money to operate and defend their networks, and can watch the consequences of their choices, while under attack. This paper describes CyberCIEGE and will present ways in which this tool can be used to achieve Federal and DoD information assurance teaching objectives.

Safe Teleradiology: Information Assurance as Project Planning Methodology

Collmann, Jeff; Alaoui, Adil; Nguyen, Dan; Lindisch, David
Fonte: American Medical Informatics Association Publicador: American Medical Informatics Association
Tipo: Artigo de Revista Científica
Publicado em //2005 EN
Relevância na Pesquisa
46.24%
The Georgetown University Medical Center Department of Radiology used a tailored version of OCTAVESM, a self-directed information security risk assessment method, to design a teleradiology system that complied with the regulation implementing the security provisions of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The system addressed threats to and vulnerabilities in the privacy and security of protected health information. By using OCTAVESM, Georgetown identified the teleradiology program's critical assets, described threats to the assurance of those assets, developed and ran vulnerability scans of a system pilot, evaluated the consequences of security breaches, and developed a risk management plan to mitigate threats to program assets, thereby implementing good information assurance practices. This case study illustrates the basic point that prospective, comprehensive planning to protect the privacy and security of an information system strategically benefits program management as well as system security.

Information Security Synthesis in Online Universities

Schuett, Maria; Syed; Rahman, M.
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 07/11/2011
Relevância na Pesquisa
46.11%
Information assurance is at the core of every initiative that an organization executes. For online universities, a common and complex initiative is maintaining user lifecycle and providing seamless access using one identity in a large virtual infrastructure. To achieve information assurance the management of user privileges affected by events in the user's identity lifecycle needs to be the determining factor for access control. While the implementation of identity and access management systems makes this initiative feasible, it is the construction and maintenance of the infrastructure that makes it complex and challenging. The objective of this paper1 is to describe the complexities, propose a practical approach to building a foundation for consistent user experience and realizing security synthesis in online universities.; Comment: 20 pages

An Implementation Framework (IF) for the National Information Assurance and Cyber Security Strategy (NIACSS) of Jordan

Otoom, Ahmed; Atoum, Issa
Fonte: Universidade Cornell Publicador: Universidade Cornell
Tipo: Artigo de Revista Científica
Publicado em 30/11/2014
Relevância na Pesquisa
46.11%
This paper proposes an implementation framework that lays out the ground for a coherent, systematic, and comprehensive approach to implement the National Information Assurance and Cyber Security Strategy (NIACSS) of Jordan. The Framework 1). Suggests a methodology to analyze the NIACSS, 2). Illustrates how the NIACSS analysis can be utilized to design strategic moves and develop an appropriate functional structure, and 3). proposes a set of adaptable strategic controls that govern the NIACSS implementation and allow achieving excellence, innovation, efficiency, and quality.The framework, if adopted, is expected to harvest several advantages within the following areas: information security implementation management, control and guidance, efforts consolidation, resource utilization, productive collaboration, and completeness. The framework is flexible and expandable; therefore, it can be generalized.; Comment: 7 pages,8 figures, The International Arab Journal of Information Technology, Vol. 10, No. 4, July 2013