ebook img

the observation of information security awareness in turkey ahmet durmuş september 2014 PDF

157 Pages·2014·2.43 MB·Turkish
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview the observation of information security awareness in turkey ahmet durmuş september 2014

THE OBSERVATION OF INFORMATION SECURITY AWARENESS IN TURKEY AHMET DURMUŞ SEPTEMBER 2014 THE OBSERVATION OF INFORMATION SECURITY AWARENESS IN TURKEY A THESIS SUBMITTED TO THE GRADUATE SCHOOL OF NATURAL AND APPLIED SCIENCES OF ÇANKAYA UNIVERSITY BY AHMET DURMUŞ IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE IN THE DEPARTMENT OF COMPUTER ENGINEERING SEPTEMBER 2014 ABSTRACT THE OBSERVATION OF INFORMATION SECURITY AWARENESS IN TURKEY DURMUŞ, Ahmet M.Sc., Department of Computer Engineering Supervisor: Assist. Prof. Dr. A. Nurdan SARAN September 2014, 96 pages In this thesis, information security awareness of five different sample domains has been examined by web-based general survey composed of basic security topics. Moreover, information security awareness of IT security personnel working in seven different public institutions which have great and complex network systems has also been examined by more technical survey as well. The correct and incorrect way of behaviour of respondents have been put forwarded in line with the discussion of information security principals by analyzing the responses with using well-known statistic analysis tool. Hence, the current posture of information security awareness has been spotted. The weak and strong sides of internet users in security knowledge have been emphasized with the analysis of general survey data. In the analysis of technical survey, the shortages of security measures resulted in some vulnerabilities in the institution networks have been highlighted. At the end of general survey, participants have been directed to relative website and a suggestion document has been also presented in order to contribute positively to their information security awareness at the same time. Keywords: Information Security Awareness, Survey, Public Institution. iv ÖZ TÜRKİYE’DE BİLGİ GÜVENLİĞİ FARKINDALIĞININ İNCELENMESİ DURMUŞ, Ahmet Yüksek Lisans, Bilgisayar Mühendisliği Anabilim Dalı Tez Yöneticisi: Yrd.Doç.Dr. A. Nurdan SARAN Eylül 2014, 96 sayfa Bu tezde temel bilgi güvenliği konularından oluşan web tabanlı genel bir anketle beş farklı örnek küme için bilgi güvenliği farkındalığı incelenmiştir. Ayrıca daha teknik bir anketle de büyük ve kompleks ağ yapısına sahip yedi devlet kurumumuzda çalışan, güvenlikten sorumlu bilgi işlem personelinin bilgi güvenliği farkındalığı da incelenmiştir. İyi bilinen bir istatistik analiz aracıyla anket katılımcılarının sorulara verdiği cevaplar analiz edilerek bilgi güvenliği prensipleri bakımından tartışılmak suretiyle doğru ve yanlış davranış şekilleri ortaya konulmuştur. Böylece, bilgi güvenliği farkındalığının mevcut durumu tespit edilmiştir. Bu bakımdan, genel anket verilerinin analiziyle internet kullancılarının bilgi güvenliği kültüründeki zayıf ve güçlü yanlar vurgulanmış; teknik anketin analiziyle ise devlet kurumlarımızın ağ yapılarında eksik güvenlik önlemleri sonucu ortaya çıkan zafiyetlere vurgulanmıştır. Genel anket sonunda katılımcılar, ilgili websitesi sayfasına yönlendirilerek ve ayrıca öneriler dökümanı sunularak aynı zamanda farkındalıklarına pozitif katkı sağlanmıştır. Anahtar Kelimeler: Bilgi Güvenliği Farkındalığı, Anket, Devlet Kurumu. v ACKNOWLEDGEMENTS I would like to express my sincere gratitude to Assist. Prof. Dr. A. Nurdan SARAN for her supervision, special guidance, suggestions, and encouragement through the development of this thesis. It is a pleasure to express my special thanks to my family for their valuable support. vi TABLE OF CONTENTS STATEMENT OF NON PLAGIARISM.................................................................. iii ABSTRACT.............................................................................................................. iv ÖZ………………………………………………………………………………….. v ACKNOWLEDGEMENTS………………………………………………………... vi TABLE OF CONTENTS………………………………………………………….. vii LIST OF FIGURES………………………………………………………………... ix LIST OF TABLES………………………………………………………………… x LIST OF ABBREVIATIONS……………………………………………………... xiii CHAPTERS: 1. INTRODUCTION........................................................................................ 1 1.1 Background..................................................................................... 1 1.2 Literature Review............................................................................ 4 1.3 Problem Description…………....................................................... 11 1.4 Problem Statements…………………………………………….. 12 1.5 Sub-problem Statements………………………………………… 12 1.6 Purposes of the Research………………………………………… 13 1.7 Limitations of the Research……………………………………… 14 1.8 Assumptions……………………………………………………… 14 2. RESEARCH METHOD……………........................................................... 15 2.1 Universe and Sample…………………………………….............. 15 2.2 Motivation…………....................................................................... 16 2.3 Forming Questionnaires…………….............................................. 18 2.3.1 Technical questionnaire 19 2.3.2 General questionnaire 21 2.4 Data Gathering………...…………………………………………. 24 2.4.1 Technical questionnaire 24 2.4.2 General questionnaire 25 3. STATISTICAL ANALYSIS AND DISCUSSIONS.................................... 26 3.1 Results of the General Questionnaire…………………................. 26 3.1.1 Analysis of demographic variables 29 3.1.2 Analysis of security incidents and reporting 32 3.1.3 Analysis of e-mail security 42 3.1.4 Analysis of safely use of computer and internet 47 vii 3.1.5 Analysis of threats and preventive measures 53 3.1.6 Analysis of password security 62 3.1.7 Analysis of IS terms and social engineering 66 3.2 Results of the Technical Questionnaire.......................................... 69 3.2.1 Analysis of demographic variables 70 3.2.2 Analysis of security standards, procedures and training 71 3.2.3 Analysis of firewall, IPS, management, penetration and 74 traffic control 3.2.4 Analysis of wireless network security 76 3.2.5 Analysis of OSI application layer security 78 3.2.6 Analysis of OSI transport layer security 78 3.2.7 Analysis of OSI network layer security 78 3.2.8 Analysis of OSI data link layer security 79 3.2.9 Analysis of OSI physical layer security 82 3.2.10 Analysis of end point security 84 4. CONCLUSION AND FUTURE WORKS………………………………... 85 4.1 Conclusion………………………………...................................... 85 4.1.1 General Survey…………………………………………………... 85 4.1.2 Technical Survey………………………………………………… 90 4.2 Future Works…………………...................................................... 93 REFERENCES.......................................................................................................... R1 APPENDICES........................................................................................................... A1 A. CURRICULUM VITAE........…...……….......……………………………. A1 B. GENERAL SURVEY FORM…………………………………………… A4 C. TECHNICAL SURVEY FORM………………………………………….. A10 D. IS SUGGESTION DOCUMENT FOR GENERAL SURVEY…………... A18 E. GLOSSARY FOR SURVEYS A29 viii LIST OF FIGURES FIGURES Figure 1 Network threats in 2012 (McAfee research)……………….. 27 Figure 2 Top SQL-Injection Attackers ……………………………… 28 Figure 3 Malware encounter and infection rates in 2013…………….. 28 ix

Description:
Bu tezde temel bilgi güvenliği konularından oluşan web tabanlı genel bir anketle beş farklı örnek küme için bilgi güvenliği farkındalığı incelenmiştir. bir anketle de büyük ve kompleks ağ yapısına sahip yedi devlet kurumumuzda.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.