A. James Clark School of Engineering

Permanent URI for this communityhttp://hdl.handle.net/1903/1654

The collections in this community comprise faculty research works, as well as graduate theses and dissertations.

Browse

Subject: search.filters.subject.Information Technology

Search Results

Now showing 1 - 4 of 4
  • Thumbnail Image
    Item
    Model-Based Support for Information Technology Security Decision Making
    (2011) Chrun, Danielle; Cukier, Michel; Mosleh, Ali; Reliability Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    With the increase in the number and diversity of attacks, a main concern for organizations is to keep their network and systems secure. Existing frameworks to manage Information Technology (IT) security include empirical evaluations, security risk assessments, cost-benefit analyses, and adversary-based evaluations. These techniques are often not easy to apply and their results are usually difficult to convey. This dissertation presents a model to help reasoning about security and to support communication between IT security experts and managers. The model identifies major components of security: threat, user, organization, asset, and emphasizes the human element. Characteristics for each component are determined and cover the attacker's motivations, the user's risk perception, the IT security team expertise, and the depth of protection of the asset. These characteristics are linked through causal influences that can represent positive or negative relationships and be leveraged to rank alternatives through a set of weights. The described formalism allows IT security officers to brainstorm about IT security issues, to evaluate the impacts of alternative solutions on characteristics of security, and ultimately on the level of security, and to communicate their findings to managers. The contributions of this dissertation are three-fold. First, we introduce an approach to develop and validate a model for IT security decision making, given known issues related to this task: difficulties in sharing security data, lack of accepted security metrics, limitation in available information and use of experts. We propose a development and validation process that relies on two sources of information: experts and data. Second, we provide the results of the model development for academic environments. The resulting model is based on extended discussions with the Director of Security at the University of Maryland (UMD), two interviewed experts, fifteen surveyed experts, and empirical data collected at UMD. Finally, we demonstrate the use of the model to justify IT security decisions and present methodological steps towards measuring various characteristics of the model.
  • Thumbnail Image
    Item
    Risk Management for Enterprise Resource Planning System Implementations in Project-Based Firms
    (2010) ZENG, YAJUN; Skibniewski, Miroslaw J.; Civil Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Enterprise Resource Planning (ERP) systems have been regarded as one of the most important information technology developments in the past decades. While ERP systems provide the potential to bring substantial benefits, their implementations are characterized with large capital outlay, long duration, and high risks of failure including implementation process failure and system usage failure. As a result, the adoption of ERP systems in project-based firms has been lagged behind lots of companies in many other industries. In order to ensure the success of ERP system implementations in project-based firms, sound risk management is the key. The overall objective of this research is to identify the risks in ERP system implementations within project-based firms and develop a new approach to analyze these risks and quantitatively assess their impacts on ERP system implementation failure. At first, the research describes ERP systems in conjunction with the nature and working practices of project-based firms and current status and issues related to ERP adoption in such firms, and thus analyzes the causes for their relatively low ERP adoption and states the research problems and objectives. Accordingly, a conceptual research framework is presented, and the procedures and research methods are outlined. Secondly, based on the risk factors regarding generic ERP projects in extant literature, the research comprehensively identifies the risk factors of ERP system implementation within project-based firms. These risk factors are classified into different categories, qualitatively described and analyzed, and used to establish a risk taxonomy. Thirdly, an approach is developed based on fault tree analysis to decompose ERP systems failure and assess the relationships between ERP component failures and system usage failure, both qualitatively and quantitatively. The principles and processes of this approach and related fault tree analysis methods and techniques are presented in the context of ERP projects. Fourthly, certain practical strategies are proposed to manage the risks of ERP system implementations. The proposed risk assessment approach and management strategies together with the comprehensive list of identified risk factors not only contribute to the body of knowledge of information system risk management, but also can be used as an effective tool by practitioners to actively analyze, assess, and manage the risks of ERP system implementations within project-based firms.
  • Thumbnail Image
    Item
    e-Government Technical Security Controls Taxonomy for Information Assurance Contractors - A Relational Approach
    (2010) Fofana, Momodu Idris; Skibniewski, Miroslaw J; Civil Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    When project managers consider risks that may affect a project, they rarely consider risks associated with the use of information systems. The Federal Information Security Management Act (FISMA) of 2002 recognizes the importance of information security to the economic and national security of the Unites States. The requirements of FISMA are addressed using the NIST Special Publication 800-53 Rev 3, which has improved the way organizations practice information assurance. The NIST SP 800-53 Rev 3 takes a hierarchical approach to information assurance, which has resulted in the duplication and subsequent withdrawal and merging of fifteen security controls. In addition, the security controls are not associated with the appropriate information systems. The current security assessment model often results in a waste of resources, since controls that are not applicable to an information system have to be addressed. This research developed and tested the value of using an information system breakdown structure (ISBS) model for identification of project information system resources. It also assessed the value of using an e-Government Relational Technical Security Controls Model for mapping the ISBS to the applicable relational technical security controls. A questionnaire containing ninety-five items was developed and emailed to twenty-four information security contractors of which twenty-two efficiently completed questionnaires were received. The questionnaire assessed the value of using the ISBS, and the relationships of the e-Government Relational Technical Security Controls model. Literature review and industry experts opinion was used to triangulate the research results and establish their validity. Cronbach's Alpha coefficient for the four sections of the questionnaire established its reliability. The results of the research indicated that the ISBS model is an invaluable, customizable, living tool that should be used for identification of information system resources on projects. It can also be used for assigning responsibility for the different information systems and for security classification. The study also indicated that using the e-Government Relational Technical Security Controls provides a relational and fully integrated approach to information assurance while reducing the likelihood of duplicating security controls. This study could help project managers identify and mitigate risks associated with the use of information systems on projects.
  • Thumbnail Image
    Item
    Content Recognition and Context Modeling for Document Analysis and Retrieval
    (2009) Zhu, Guangyu; Chellappa, Rama; Doermann, David S; Electrical Engineering; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    The nature and scope of available documents are changing significantly in many areas of document analysis and retrieval as complex, heterogeneous collections become accessible to virtually everyone via the web. The increasing level of diversity presents a great challenge for document image content categorization, indexing, and retrieval. Meanwhile, the processing of documents with unconstrained layouts and complex formatting often requires effective leveraging of broad contextual knowledge. In this dissertation, we first present a novel approach for document image content categorization, using a lexicon of shape features. Each lexical word corresponds to a scale and rotation invariant local shape feature that is generic enough to be detected repeatably and is segmentation free. A concise, structurally indexed shape lexicon is learned by clustering and partitioning feature types through graph cuts. Our idea finds successful application in several challenging tasks, including content recognition of diverse web images and language identification on documents composed of mixed machine printed text and handwriting. Second, we address two fundamental problems in signature-based document image retrieval. Facing continually increasing volumes of documents, detecting and recognizing unique, evidentiary visual entities (\eg, signatures and logos) provides a practical and reliable supplement to the OCR recognition of printed text. We propose a novel multi-scale framework to detect and segment signatures jointly from document images, based on the structural saliency under a signature production model. We formulate the problem of signature retrieval in the unconstrained setting of geometry-invariant deformable shape matching and demonstrate state-of-the-art performance in signature matching and verification. Third, we present a model-based approach for extracting relevant named entities from unstructured documents. In a wide range of applications that require structured information from diverse, unstructured document images, processing OCR text does not give satisfactory results due to the absence of linguistic context. Our approach enables learning of inference rules collectively based on contextual information from both page layout and text features. Finally, we demonstrate the importance of mining general web user behavior data for improving document ranking and other web search experience. The context of web user activities reveals their preferences and intents, and we emphasize the analysis of individual user sessions for creating aggregate models. We introduce a novel algorithm for estimating web page and web site importance, and discuss its theoretical foundation based on an intentional surfer model. We demonstrate that our approach significantly improves large-scale document retrieval performance.