東華大學圖書館 |

語系: 繁體中文

說明(常見問題)

回圖書館首頁

手機版館藏查詢

登入

回首頁

切換: 標籤 | MARC模式 | ISBD

FindBook

Google Book

Amazon

博客來

Organizations' Security Management in Different Problem Domains: Empirical Evidence and Game-Theoretic Modeling.

紀錄類型:	書目-電子資源 : Monograph/item
正題名/作者:	Organizations' Security Management in Different Problem Domains: Empirical Evidence and Game-Theoretic Modeling./
作者:	Farhang, Sadegh.
出版者:	Ann Arbor : ProQuest Dissertations & Theses, : 2021,
面頁冊數:	118 p.
附註:	Source: Dissertations Abstracts International, Volume: 83-03, Section: B.
Contained By:	Dissertations Abstracts International83-03B.
標題:	Software upgrading. -
電子資源:	http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=28841726
ISBN:	9798460447848

Organizations' Security Management in Different Problem Domains: Empirical Evidence and Game-Theoretic Modeling.
Farhang, Sadegh.

Organizations' Security Management in Different Problem Domains: Empirical Evidence and Game-Theoretic Modeling. - Ann Arbor : ProQuest Dissertations & Theses, 2021 - 118 p.

Source: Dissertations Abstracts International, Volume: 83-03, Section: B.

Thesis (Ph.D.)--The Pennsylvania State University, 2021.

This item must not be sold to any third party vendors.

Security patch updates and operating system upgrades play a pivotal role in enhancing software performance, and they are a critical component of resolving software bugs and patching security issues. However, we are witnessing that both consumers and organizations do not often follow the best practices in terms of security updates and operating system upgrades. Therefore, it is essential to better understand the reasons why consumers and organizations do not follow best practices and how we can improve security practices in organizations. In this dissertation, we present three different studies on how consumers and organizations manage their security updates and operating system upgrades. First, we discuss how an organization should manage its security in the presence of the business need for new innovations and product versioning over time. In particular, with the help of a comprehensive survey study, we aim to investigate user upgrade practices with respect to different versions of the Microsoft operating system. A critical focus of our work is to better understand the impact and optimal management of end-of-life policies (i.e., when software support officially ends) and how organizations should deliver new innovations to consumers. Second, we perform a comprehensive study of 3,171 Android-related vulnerabilities and study to which degree they are reflected in the Android security bulletin, as well as in the security bulletins of three leading vendors: Samsung, LG, and Huawei. In our analysis, we focus on the metadata of these security bulletins (e.g., timing, affected layers, severity, and CWE data) to better understand the similarities and differences among vendors. We find that (i) the studied vendors in the Android ecosystem have adopted different structures for vulnerability reporting, (ii) vendors are less likely to react with delay for CVEs with Android Git repository references, and (iii) vendors handle Qualcomm-related CVEs different from the rest of external layer CVEs. In the third study, we model the competition of different vendors in the Android ecosystem and how it affects security. In particular, we show how vendors are incentivized to differentiate their products from the default Android Open Source Project (AOSP) and from each other, and how prices are shaped through this differentiation process. We further demonstrate the lack of incentives to invest in security when the consumers do not have the ability to evaluate the security properties of the software bundles on their purchased devices. We also model the impact of a regulator-imposed fine to incentivize vendors to conduct appropriate security investments.

ISBN: 9798460447848Subjects--Topical Terms:

3680542
Software upgrading.
Subjects--Index Terms:

Security practices

Organizations' Security Management in Different Problem Domains: Empirical Evidence and Game-Theoretic Modeling.
LDR:03851nmm a2200361 4500 001 2349111
005 20220920135741.5
008 241004s2021 ||||||||||||||||| ||eng d
020 $a 9798460447848
035 $a (MiAaPQ)AAI28841726
035 $a (MiAaPQ)PennState_24531smf5604
035 $a AAI28841726
040 $a MiAaPQ $c MiAaPQ
100 1 $a Farhang, Sadegh. $3 3688506
245 1 0 $a Organizations' Security Management in Different Problem Domains: Empirical Evidence and Game-Theoretic Modeling.
260 1 $a Ann Arbor : $b ProQuest Dissertations & Theses, $c 2021
300 $a 118 p.
500 $a Source: Dissertations Abstracts International, Volume: 83-03, Section: B.
500 $a Advisor: Liu, Peng.
502 $a Thesis (Ph.D.)--The Pennsylvania State University, 2021.
506 $a This item must not be sold to any third party vendors.
520 $a Security patch updates and operating system upgrades play a pivotal role in enhancing software performance, and they are a critical component of resolving software bugs and patching security issues. However, we are witnessing that both consumers and organizations do not often follow the best practices in terms of security updates and operating system upgrades. Therefore, it is essential to better understand the reasons why consumers and organizations do not follow best practices and how we can improve security practices in organizations. In this dissertation, we present three different studies on how consumers and organizations manage their security updates and operating system upgrades. First, we discuss how an organization should manage its security in the presence of the business need for new innovations and product versioning over time. In particular, with the help of a comprehensive survey study, we aim to investigate user upgrade practices with respect to different versions of the Microsoft operating system. A critical focus of our work is to better understand the impact and optimal management of end-of-life policies (i.e., when software support officially ends) and how organizations should deliver new innovations to consumers. Second, we perform a comprehensive study of 3,171 Android-related vulnerabilities and study to which degree they are reflected in the Android security bulletin, as well as in the security bulletins of three leading vendors: Samsung, LG, and Huawei. In our analysis, we focus on the metadata of these security bulletins (e.g., timing, affected layers, severity, and CWE data) to better understand the similarities and differences among vendors. We find that (i) the studied vendors in the Android ecosystem have adopted different structures for vulnerability reporting, (ii) vendors are less likely to react with delay for CVEs with Android Git repository references, and (iii) vendors handle Qualcomm-related CVEs different from the rest of external layer CVEs. In the third study, we model the competition of different vendors in the Android ecosystem and how it affects security. In particular, we show how vendors are incentivized to differentiate their products from the default Android Open Source Project (AOSP) and from each other, and how prices are shaped through this differentiation process. We further demonstrate the lack of incentives to invest in security when the consumers do not have the ability to evaluate the security properties of the software bundles on their purchased devices. We also model the impact of a regulator-imposed fine to incentivize vendors to conduct appropriate security investments.
590 $a School code: 0176.
650 4 $a Software upgrading. $3 3680542
650 4 $a Privacy. $3 528582
650 4 $a Security management. $3 3562413
650 4 $a Customization. $3 3682566
650 4 $a Computer science. $3 523869
650 4 $a Information technology. $3 532993
653 $a Security practices
653 $a Security updates
690 $a 0984
690 $a 0489
690 $a 0454
690 $a 0635
710 2 $a The Pennsylvania State University. $3 699896
773 0 $t Dissertations Abstracts International $g 83-03B.
790 $a 0176
791 $a Ph.D.
792 $a 2021
793 $a English
856 4 0 $u http://pqdd.sinica.edu.tw/twdaoapp/servlet/advanced?query=28841726