his.sePublikationer
Ändra sökning
Länk till posten
Permanent länk

Direktlänk
BETA
Nohlberg, Marcus
Alternativa namn
Publikationer (10 of 33) Visa alla publikationer
Kävrestad, J., Zaxmy, J. & Nohlberg, M. (2019). Analysing the Usage of Character Groups and Keyboard Patterns in Password Usage. In: Steven M. Furnell, Nathan L. Clarke (Ed.), Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019): . Paper presented at Human Aspects of Information Security & Assurance (HAISA 2019) International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019), Nicosia, Cyprus, July 15-17, 2019 (pp. 155-165). University of Plymouth Press
Öppna denna publikation i ny flik eller fönster >>Analysing the Usage of Character Groups and Keyboard Patterns in Password Usage
2019 (Engelska)Ingår i: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019) / [ed] Steven M. Furnell, Nathan L. Clarke, University of Plymouth Press, 2019, s. 155-165Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Even with the advances in different methods for authentication, passwords remain the mostcommon approach for authentication as well as for encryption of user data. Password guessingattacks have grown to be a vital part of computer forensics as well as penetration testing. In thispaper, we seek to provide a statistical analysis of password composition by analyzing whatcharacter sets that are most commonly used in over 1 billion leaked passwords in over 20different databases. Further, we use a survey to analyze if users that actively encrypt data differfrom the norm. The results of this study suggest that American lowercase letters and numbersare the, by far, most commonly used character sets and that users who actively encrypt data usekeyboard patterns and special characters more frequently than the average user.

Ort, förlag, år, upplaga, sidor
University of Plymouth Press, 2019
Nyckelord
passwords, password guessing, keyboard patterns, encryption, brute force
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
INF301 Data Science; Informationssystem (IS)
Identifikatorer
urn:nbn:se:his:diva-17455 (URN)978-0-244-19096-5 (ISBN)
Konferens
Human Aspects of Information Security & Assurance (HAISA 2019) International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019), Nicosia, Cyprus, July 15-17, 2019
Tillgänglig från: 2019-07-18 Skapad: 2019-07-18 Senast uppdaterad: 2019-08-27Bibliografiskt granskad
Kävrestad, J., Åhlfeldt, R.-M., Nohlberg, M., Johani, K. & Kowalski, S. (2019). Spiraling out in control: A Video Cartesian Dialectic on a Socio-technical Approach to Teaching Privacy, Information- and Cyber Security (PICS). In: Stewart Kowalski, Peter Bednar, Alexander Nolte, Ilia Bider (Ed.), Socio-Technical Perspective in IS Development 2019: Proceedings of the 5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019). Paper presented at 5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019), Stockholm, Sweden, June 10, 2019 (pp. 153-155). CEUR-WS, 2398
Öppna denna publikation i ny flik eller fönster >>Spiraling out in control: A Video Cartesian Dialectic on a Socio-technical Approach to Teaching Privacy, Information- and Cyber Security (PICS)
Visa övriga...
2019 (Engelska)Ingår i: Socio-Technical Perspective in IS Development 2019: Proceedings of the 5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019) / [ed] Stewart Kowalski, Peter Bednar, Alexander Nolte, Ilia Bider, CEUR-WS , 2019, Vol. 2398, s. 153-155Konferensbidrag, Poster (med eller utan abstract) (Refereegranskat)
Ort, förlag, år, upplaga, sidor
CEUR-WS, 2019
Serie
CEUR Workshop Proceedings, E-ISSN 1613-0073 ; 2398
Nyckelord
education, spiral learning, curriculum, information security
Nationell ämneskategori
Annan data- och informationsvetenskap
Forskningsämne
Informationssystem (IS)
Identifikatorer
urn:nbn:se:his:diva-17453 (URN)2-s2.0-85069459247 (Scopus ID)
Konferens
5th International Workshop on Socio-Technical Perspective in IS Development (STPIS 2019) co-located with 27th European Conference on Information Systems (ECIS 2019), Stockholm, Sweden, June 10, 2019
Tillgänglig från: 2019-07-18 Skapad: 2019-07-18 Senast uppdaterad: 2019-09-09Bibliografiskt granskad
Kävrestad, J., Eriksson, F. & Nohlberg, M. (2019). Understanding passwords – a taxonomy of password creation strategies. Information and Computer Security, 27(3), 453-467
Öppna denna publikation i ny flik eller fönster >>Understanding passwords – a taxonomy of password creation strategies
2019 (Engelska)Ingår i: Information and Computer Security, E-ISSN 2056-4961, Vol. 27, nr 3, s. 453-467Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Purpose Using authentication to secure data and accounts has grown to be a natural part of computing. Even if several authentication methods are in existence, using passwords remains the most common type of authentication. As long and complex passwords are encouraged by research studies and practitioners alike, computer users design passwords using strategies that enable them to remember their passwords. This paper aims to present a taxonomy of those password creation strategies in the form of a model describing various strategies used to create passwords. Design/methodology/approach The study was conducted in a three-step process beginning with a short survey among forensic experts within the Swedish police. The model was then developed by a series of iterative semi-structured interviews with forensic experts. In the third and final step, the model was validated on 5,000 passwords gathered from 50 different password databases that have leaked to the internet. Findings The result of this study is a taxonomy of password creation strategies presented as a model that describes the strategies as properties that a password can hold. Any given password can be classified as holding one or more of the properties outlined in the model. Originality/value On an abstract level, this study provides insight into password creation strategies. As such, the model can be used as a tool for research and education. It can also be used by practitioners in, for instance, penetration testing to map the most used password creation strategies in a domain or by forensic experts when designing dictionary attacks.

Ort, förlag, år, upplaga, sidor
Emerald Group Publishing Limited, 2019
Nyckelord
Computer security, Strategies, Passwords, Classification, Categorization
Nationell ämneskategori
Data- och informationsvetenskap
Forskningsämne
Informationssystem (IS)
Identifikatorer
urn:nbn:se:his:diva-17203 (URN)10.1108/ICS-06-2018-0077 (DOI)000479219900008 ()2-s2.0-85066986036 (Scopus ID)
Tillgänglig från: 2019-06-19 Skapad: 2019-06-19 Senast uppdaterad: 2019-08-23Bibliografiskt granskad
Kävrestad, J., Skärgård, M. & Nohlberg, M. (2019). Users perception of using CBMT for informationsecurity training. In: Steven M. Furnell, Nathan L. Clarke (Ed.), Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019): . Paper presented at Human Aspects of Information Security & Assurance (HAISA 2019) International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019), Nicosia, Cyprus, July 15-17, 201 (pp. 122-131). University of Plymouth Press
Öppna denna publikation i ny flik eller fönster >>Users perception of using CBMT for informationsecurity training
2019 (Engelska)Ingår i: Proceedings of the Thirteenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019) / [ed] Steven M. Furnell, Nathan L. Clarke, University of Plymouth Press, 2019, s. 122-131Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

It is well established that user behavior is a crucial aspect of information security and archivingsecure behavior through awareness and security training is the go-to solution proposed bypractitioners as well as the research community. Thus, there is a dire need for efficient trainingmethods for use in the security domain. This paper introduces ContextBased MicroTraining(CBMT), a framework for information security training that dictated that information securitytraining should be delivered to end users in short-sequences when the users are in a situationwhere the training is needed. Further, the users' perception of CBMT in evaluated in an onlinesurvey where about 200 respondents are subjected to training material and asked about how theyperceived them. The results show that users like the training material designed according to theCBMT framework and would prefer to use CBMT over other traditional methods of informationsecurity training.

Ort, förlag, år, upplaga, sidor
University of Plymouth Press, 2019
Nyckelord
information security, training, learning, user behavior, micro training, ContextBased MicroTraining, CBMT
Nationell ämneskategori
Datavetenskap (datalogi)
Forskningsämne
INF301 Data Science; Informationssystem (IS)
Identifikatorer
urn:nbn:se:his:diva-17454 (URN)978-0-244-19096-5 (ISBN)
Konferens
Human Aspects of Information Security & Assurance (HAISA 2019) International Symposium on Human Aspects of Information Security & Assurance (HAISA 2019), Nicosia, Cyprus, July 15-17, 201
Tillgänglig från: 2019-07-18 Skapad: 2019-07-18 Senast uppdaterad: 2019-08-27Bibliografiskt granskad
Kävrestad, J. & Nohlberg, M. (2019). Using Context Based MicroTraining to Develop OER for the Benefit of All. In: Proceedings of the 15th International Symposium on Open Collaboration, OpenSym 2019, 20-22 August 2019, Skövde, Sweden: . Paper presented at 15th International Symposium on Open Collaboration, OpenSym 2019, 20-22 August 2019, Skövde, Sweden. New York: ACM Digital Library, Article ID A7.
Öppna denna publikation i ny flik eller fönster >>Using Context Based MicroTraining to Develop OER for the Benefit of All
2019 (Engelska)Ingår i: Proceedings of the 15th International Symposium on Open Collaboration, OpenSym 2019, 20-22 August 2019, Skövde, Sweden, New York: ACM Digital Library, 2019, artikel-id A7Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

This paper demonstrates how Context Based MicroTraining (CBMT) can be used to develop open educational resources in a way that benefits students enrolled in university courses as well as anyone who wants to participate in open-learning activities. CBMT is a framework that provides guidelines for how educational resources should be structured. CBMT stipulates that information should be presented in short sequences and that is relevant for the learner’s current situation. In this paper, CBMT is implemented in a practical ICT course using video lectures that are delivered as open educational resources using YouTube. The experiences of enrolled students as well as YouTube users are evaluated as well as the actual results of the enrolled students. The results of the study suggest that users of the video lectures appreciate the learning approach. The actual results, i.e. learning outcomes, of the enrolled students are maintained. The study also demonstrates how using CBMT as open educational resources can free up time for teachers and increase the quality of teaching by benefitting from community feedback.

Ort, förlag, år, upplaga, sidor
New York: ACM Digital Library, 2019
Nyckelord
Open-learning, OER, Context Based MicroTraining, ondemand learning, higher education, nanolearning
Nationell ämneskategori
Annan teknik
Forskningsämne
Informationssystem (IS)
Identifikatorer
urn:nbn:se:his:diva-17636 (URN)10.1145/3306446.3340814 (DOI)978-1-4503-6319-8 (ISBN)
Konferens
15th International Symposium on Open Collaboration, OpenSym 2019, 20-22 August 2019, Skövde, Sweden
Tillgänglig från: 2019-09-03 Skapad: 2019-09-03 Senast uppdaterad: 2019-09-09Bibliografiskt granskad
Åhlfeldt, R.-M., Nohlberg, M., Söderström, E., Lennerholt, C. & van Laere, J. (2018). Current Situation Analysis of Information Security Level in Municipalities. Journal of Information System Security, 14(1), 3-19
Öppna denna publikation i ny flik eller fönster >>Current Situation Analysis of Information Security Level in Municipalities
Visa övriga...
2018 (Engelska)Ingår i: Journal of Information System Security, ISSN 1551-0123, E-ISSN 1551-0808, Vol. 14, nr 1, s. 3-19Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Municipalities manage a significant part of society's services, and hence they also handle a vast amount of information. A municipality's activities include managing a significant part of society's services, and municipalities’ supply and management of information are, therefore, critical for society in general, and also for achieving the municipalities’ own operational goals. However, research shows weaknesses in the municipalities' work on information security, and there is a need to study and identify the current level of security.

This paper presents the result from a GAP analysis mapping the current situation of Swedish municipalities' for systematic information security work, based on the demands made on municipalities from both research and social perspectives. The result shows that the information security level regarding the systematic security work is generally low, and that there is a need to implement adapted tools for Information Security Management Systems in order to support municipalities.

Nyckelord
Information Security, Information Security Management Systems, Municipality
Nationell ämneskategori
Data- och informationsvetenskap
Forskningsämne
Informationssystem (IS)
Identifikatorer
urn:nbn:se:his:diva-16354 (URN)
Tillgänglig från: 2018-11-02 Skapad: 2018-11-02 Senast uppdaterad: 2019-02-08Bibliografiskt granskad
Åhlfeldt, R.-M., Nohlberg, M., Söderström, E., Lennerholt, C. & van Laere, J. (2018). Current Situation Analysis of Information Security Level in Municipalities. In: Gurpreet Dhillin, Spyridon Samonas (Ed.), Proceedings of the Annual Information Institute Conference: . Paper presented at 17th Annual Security Conference, Las Vegas, March 26, 2018 - March 28, 2018. The Information Institute
Öppna denna publikation i ny flik eller fönster >>Current Situation Analysis of Information Security Level in Municipalities
Visa övriga...
2018 (Engelska)Ingår i: Proceedings of the Annual Information Institute Conference / [ed] Gurpreet Dhillin, Spyridon Samonas, The Information Institute , 2018Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Municipalities manage a significant part of society's services, and hence also handle a vast amount of information. A municipality's activities include managing a significant part of society's services, and the municipality's supply and management of information are, therefore, critical for society in general, but also for achieving the municipality's own operational goals. However, investigations show weaknesses in the municipalities' work on information security, and there is a need to study and identify the current level of security. This paper presents the result from a GAP analysis mapping the Swedish municipalities current situation for systematic information security work, based on the demands made on municipalities from both research and social perspectives. The result shows that the information security level regarding systematic security work is generally low and that there is a need for adapted tools for Information Security Management Systems in order to support municipalities.

Ort, förlag, år, upplaga, sidor
The Information Institute, 2018
Nationell ämneskategori
Systemvetenskap, informationssystem och informatik
Forskningsämne
INF303 Informationssäkerhet; Informationssystem (IS)
Identifikatorer
urn:nbn:se:his:diva-16755 (URN)978-1-935160-19-9 (ISBN)
Konferens
17th Annual Security Conference, Las Vegas, March 26, 2018 - March 28, 2018
Tillgänglig från: 2019-04-08 Skapad: 2019-04-08 Senast uppdaterad: 2019-07-08Bibliografiskt granskad
Kävrestad, J. & Nohlberg, M. (2018). Defining and modeling the online fraud process. In: Nathan L. Clarke, Steven M. Furnell (Ed.), Proceedings of the twelfth International Symposium on Human Aspects of Information Security & Assurance: HAISA 2018. Paper presented at Twelfth International Symposium on Human Aspects of Information Security & Assurance, Dundee, Scotland, 29th-31st August 2018 (pp. 203-213). Plymouth: University of Plymouth Press
Öppna denna publikation i ny flik eller fönster >>Defining and modeling the online fraud process
2018 (Engelska)Ingår i: Proceedings of the twelfth International Symposium on Human Aspects of Information Security & Assurance: HAISA 2018 / [ed] Nathan L. Clarke, Steven M. Furnell, Plymouth: University of Plymouth Press, 2018, s. 203-213Konferensbidrag, Publicerat paper (Refereegranskat)
Ort, förlag, år, upplaga, sidor
Plymouth: University of Plymouth Press, 2018
Nyckelord
Online fraud, Definition, Model
Nationell ämneskategori
Systemvetenskap, informationssystem och informatik
Forskningsämne
Informationssystem (IS)
Identifikatorer
urn:nbn:se:his:diva-16338 (URN)978-0-244-40254-9 (ISBN)
Konferens
Twelfth International Symposium on Human Aspects of Information Security & Assurance, Dundee, Scotland, 29th-31st August 2018
Tillgänglig från: 2018-10-25 Skapad: 2018-10-25 Senast uppdaterad: 2019-02-08Bibliografiskt granskad
Kävrestad, J., Eriksson, F. & Nohlberg, M. (2018). The Development of a Password Classification Model. Journal of Information System Security, 14(1), 31-46
Öppna denna publikation i ny flik eller fönster >>The Development of a Password Classification Model
2018 (Engelska)Ingår i: Journal of Information System Security, ISSN 1551-0123, E-ISSN 1551-0808, Vol. 14, nr 1, s. 31-46Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

In order to ensure that we are the only ones that can access our data, we use authentication to secure our computers and different online accounts. Passwords remain the most common type of authentication, even if there are several different ways to authenticate, including biometrics and tokens. With this study we aim to reveal and collect the different strategies that users are using when designing their passwords. To achieve this, a model was developed using interactive interviews with computer forensic experts. The model was then applied on 5,000 passwords gathered from 50 different password databases that had leaked to the Internet. The result is a model that can be used to classify passwords based on the strategy used to create them. As such, the results of this study increase the understanding of passwords and they can be used as a tool in education and training, as well as in future research.

Ort, förlag, år, upplaga, sidor
The Information Institute, 2018
Nyckelord
Passwords, Categorization, Classification, Strategies, Model
Nationell ämneskategori
Data- och informationsvetenskap
Forskningsämne
Informationssystem (IS)
Identifikatorer
urn:nbn:se:his:diva-15984 (URN)
Tillgänglig från: 2018-07-17 Skapad: 2018-07-17 Senast uppdaterad: 2018-12-21Bibliografiskt granskad
Åhlfeldt, R.-M., Nohlberg, M. & Söderstöm, E. (2017). Länsstyrelsernas förutsättningar att stödja kommuner gällande informationssäkerhet. Stockholm: Myndigheten för samhällsskydd och beredskap
Öppna denna publikation i ny flik eller fönster >>Länsstyrelsernas förutsättningar att stödja kommuner gällande informationssäkerhet
2017 (Svenska)Rapport (Övrigt vetenskapligt)
Abstract [sv]

En studie har genomförts av Högskolan i Skövde på uppdrag av Myndigheten för Samhällsskydd och beredskap (MSB) med syfte att kartlägga länsstyrelsernas faktiska möjligheter att samordna och stödja kommunernas arbete avseende informationssäkerhet. Arbetet har även inkluderat hur länsstyrelserna arbetar med att samordna och stödja kommunernas arbete avseende informationssäkerhet. Kartläggningen genomfördes hos sju utvalda länsstyrelser under perioden oktober 2016 till januari 2017 genom intervjuer av representanter från varje länsstyrelse.

Resultatet visar att länsstyrelserna behöver ett tydligt uppdrag med tillhörande mandat och resurser för att ha förutsättningar att kunna samordna och stödja kommunerna i deras informationssäkerhetsarbete. Detta anser de involverade länsstyrelserna saknas i nuläget. Dessutom visar resultatet på att det finns omfattande kompetensbrist inom informationssäkerhetsområdet. Kompetensbristen finns såväl i det interna arbetet som i det externa arbetet ut mot kommunerna, allt från ledningsnivå till operativ nivå. Det finns även behov av tydligare roller både strategiskt och operativt för att sätta igång arbetet och möjliggöra en tydligare överblick. Detta behövs för att ge förutsättningar till länsstyrelserna för att kunna samordna och stödja länsstyrelserna i informationssäkerhetsarbetet relaterat till kris och höjd beredskap men även för att erhålla en strategisk helhetssyn på informationssäkerhetsarbetet utifrån ett samhällsperspektiv.

Ort, förlag, år, upplaga, sidor
Stockholm: Myndigheten för samhällsskydd och beredskap, 2017. s. 29
Nyckelord
informationssäkerhet, krisberedskap
Nationell ämneskategori
Systemvetenskap, informationssystem och informatik
Forskningsämne
Informationssystem (IS)
Identifikatorer
urn:nbn:se:his:diva-13655 (URN)978-91-7383-729-3 (ISBN)
Projekt
LISAK - Länsstyrelsernas förutsättningar att stödja kommuner gällande informationssäkerhet
Forskningsfinansiär
Myndigheten för samhällsskydd och beredskap, MSB
Tillgänglig från: 2017-06-08 Skapad: 2017-06-08 Senast uppdaterad: 2018-01-13Bibliografiskt granskad
Organisationer

Sök vidare i DiVA

Visa alla publikationer