11. Motivacija starejših odraslih za udeležbo na tečajih o informacijsko-komunikacijskih tehnologijah : diplomsko delo visokošolskega študijskega programa Informacijska varnostNina Škornik, 2024, diplomsko delo Opis: Razvoj informacijsko-komunikacijskih tehnologij (IKT) je močno vplival na sodobno družbo, pri čemer so starejši odrasli pogosto manj digitalno pismeni, zlasti v Sloveniji. Razumevanje njihove motivacije za vključitev v izobraževanje o IKT je ključno, saj vključuje čustvene in psihosocialne dejavnike. Raziskave so pokazale, da notranja motivacija, praktične koristi, socialna interakcija, podpora, prilagodljivost in samozavest vplivajo na motivacijo starejših odraslih za učenje o IKT. Kljub tem ugotovitvam so raziskave pogosto omejene na majhne in specifične vzorce, kar vpliva na splošnost ugotovitev. Da bi naslovili raziskovalno vrzel, smo izvedli kvantitativno raziskavo med starejšimi odraslimi v Sloveniji. Raziskava temelji na predlaganem teoretičnem modelu, ki je bil empirično preverjen in združuje ključne čustvene, psihosocialne ter kognitivne dejavnike. Ta model omogoča vpogled v motivacijo starejših odraslih, kar je pomembno za razvoj učinkovitih izobraževalnih programov. Rezultati raziskave kažejo, da je intelektualna radovednost, opredeljena kot želja po novih spoznanjih in kognitivni stimulaciji, ključna za spodbujanje starejših odraslih k vključitvi v izobraževalne programe. Model omogoča boljše razumevanje motivacije starejših odraslih za udeležbo na tečajih o IKT.
Ključne besede: informacijsko-komunikacijske tehnologije (IKT), starejši odrasli, motivacija, tečaji, vseživljenjsko učenje, diplomske naloge
Objavljeno v DKUM: 20.09.2024; Ogledov: 0; Prenosov: 47
 Celotno besedilo (721,97 KB) |
12. Drevesa za napovedno razvrščanje v kibernetski varnosti : diplomsko delo visokošolskega študijskega programa Informacijska varnostČrt Uršič, 2024, diplomsko delo Opis: Glavni cilj raziskave je oceniti, kako učinkovito lahko algoritem dreves za napovedno razvrščanje identificira in klasificira različne vrste kibernetskih napadov. Strojno učenje, ki je osrednji del sodobnih IT-okolij, vključno s sistemi za zaznavanje in preprečevanje napadov, se nenehno razvija in izboljšuje. V tem kontekstu smo izbrali algoritem dreves za napovedno razvrščanje (PCT) zaradi njegove predhodne uspešnosti v večrazrednih klasifikacijskih nalogah. Za primerjavo učinkovitosti PCT smo vzpostavili konkurenčno skupino enajstih drugih algoritmov, katerih rezultati služijo kot referenčna osnova za oceno. Da bi zagotovili natančnost in relevantnost rezultatov, smo razvili lastno metodologijo priprave podatkov in modelov. Prvi korak naših meritev je zajemal odstranjevanje neveljavnih in manjkajočih vrednosti v podatkovni zbirki. Nadaljevali smo z določanjem optimalnega števila lastnosti, izbirali smo samo tiste, ki imajo ključen vpliv na končni izid. V zaključni fazi smo nastavili parametre algoritmov in njihove vrednosti, ki smo jih optimizirali z uporabo mrežnega iskanja. Vse te strategije so omogočile zmanjšanje potrebnih računalniških virov, skrajšale čas učenja in procesiranja podatkov ter izboljšale končne rezultate. Ta pristop nam omogoča boljši vpogled v dejansko učinkovitost algoritmov. Rezultati naše študije kažejo, da čeprav izbrani algoritem PCT ni izstopal kot najboljši med primerjanimi algoritmi, kaže obetaven potencial za nadaljnje raziskave in praktično uporabo v sektorju kibernetske varnosti. Diplomsko delo tako ne le opredeljuje učinkovitost PCT, ampak tudi predlaga možne smeri za nadaljnji razvoj in izboljšave v tehnologijah zaznavanja kibernetskih groženj.
Ključne besede: drevesa za napovedno razvrščanje, kibernetska varnost, strojno učenje, diplomske naloge
Objavljeno v DKUM: 02.08.2024; Ogledov: 100; Prenosov: 34
Celotno besedilo (1,95 MB) |
13. Outsource or not? : An AHP based decision model for information security managementLuka Jelovčan, Anže Mihelič, Kaja Prislan Mihelič, 2022, izvirni znanstveni članek Opis: Purpose: Outsourcing information security has proven to be an efficient solution for information security management; however, it may not be the most suitable approach for every organization. This research aimed to develop a multi-criteria decision-making model that would enable organizations to determine which approach to information security management (outsourcing or internal management) is more suitable for their needs and capabilities.
Methods: Our study utilized several different research methods. First, the decision criteria were identified by reviewing related work and then selected by information security experts in a focus group. Second, a survey was conducted among information security practitioners to assign the criteria weights. Third, four use cases were conducted with four real-world organizations to assess the usability, ease of use, and usefulness of the developed model.
Results: We developed a ten-criteria model based on the analytic hierarchy process. The survey results promote performance-related criteria as more important than efficiency-focused criteria. Evidence from use cases proves that the decision model is useful and appropriate for various organizations.
Conclusion: To make informed decisions on approaching information security management, organizations must first conduct a thorough analysis of their capabilities and needs and investigate potential external contractors. In such a case, the proposed model can serve as a useful support tool in the decision-making process to obtain clear recommendations tailored to factual circumstances.
Ključne besede: information security, decision model, analytic hierarchy process, AHP, management, outsourcing
Objavljeno v DKUM: 24.06.2024; Ogledov: 141; Prenosov: 24
Celotno besedilo (1,97 MB)
Gradivo ima več datotek! Več... |
14. |
15. Ko se srečata znanje in odločanje : Pristopi k ocenjevanju varnostnih tveganjKaja Prislan Mihelič, Maja Modic, Branko Lobnikar, Boštjan Slak, Anže Mihelič, 2023, znanstvena monografija Opis: Ocenjevanje varnostnih tveganj predstavlja temelj strateškega upravljanja varnosti razvitih držav. V monografiji je predstavljen širok pregled različnih usmeritev in pristopov za ocenjevanje varnostnih tveganj in ogroženosti. Predstavljamo tako nacionalne strateške in zakonodajne podlage kot tudi ključne strokovne vire, mednarodne standarde in smernice. Poleg splošnih usmeritev monografija prikazuje nekatere prakse tujih držav ocenjevanja varnostnih tveganj in ogroženosti. Osrednji doprinos tega dela predstavlja predlagani model za ocenjevanje ogroženosti in tveganj na področju javne varnosti, ki je primarno namenjen organizacijam, ki delujejo na področju javne varnosti. Gre za model, ki je v svoji osnovi celovit, enovit in praktično uporaben. Model predstavlja vodilo in orodje za izvajalce (analitike) ter je zasnovan v obliki navodila, ki omogoča izvedbo ocene skozi analitično in sistematično zasnovan proces, skozi katerega se odločevalcem zagotovi ustrezna informacijska podpora za odločanje. Zaradi specifičnih pričakovanj in zahtev je model predlagan v polni in skrajšani različici.
Ključne besede: ocenjevanje tveganj, ocenjevanje ogroženosti, nacionalna varnost, analiza ogroženosti, varnostne organizacije
Objavljeno v DKUM: 03.01.2024; Ogledov: 525; Prenosov: 83
Celotno besedilo (5,42 MB)
Gradivo ima več datotek! Več... |
16. Identifying key activities, artifacts and roles in agile engineering of secure software with hierarchical clusteringAnže Mihelič, Tomaž Hovelja, Simon Vrhovec, 2023, izvirni znanstveni članek Opis: Different activities, artifacts, and roles can be found in the literature on the agile engineering of secure software (AESS). The purpose of this paper is to consolidate them and thus identify key activities, artifacts, and roles that can be employed in AESS. To gain initial sets of activities, artifacts, and roles, the literature was first extensively reviewed. Activities, artifacts, and roles were then cross-evaluated with similarity matrices. Finally, similarity matrices were converted into distance matrices, enabling the use of Ward’s hierarchical clustering method for consolidating activities, artifacts, and roles into clusters. Clusters of activities, artifacts, and roles were then named as key activities, artifacts, and roles. We identified seven key activities (i.e., security auditing, security analysis and testing, security training, security prioritization and monitoring, risk management, security planning and threat modeling; and security requirements engineering), five key artifacts (i.e., security requirement artifacts, security repositories, security reports, security tags, and security policies), and four key roles (i.e., security guru, security developer, penetration tester, and security team) in AESS. The identified key activities, artifacts, and roles can be used by software development teams to improve their software engineering processes in terms of software security.
Ključne besede: secure software development, security engineering, agile methods, agile development, software development, software engineering, software security, application security, cybersecurity, cyber resilience
Objavljeno v DKUM: 29.11.2023; Ogledov: 417; Prenosov: 12
Celotno besedilo (557,17 KB)
Gradivo ima več datotek! Več... |
17. Drivers for enhancing job performance of prison officers in Slovenia : effects of job attitudes, organizational, and work-related factorsKatrin Podgorski, Branko Lobnikar, Anže Mihelič, Kaja Prislan Mihelič, 2023, izvirni znanstveni članek Opis: Maintaining order and safety in a prison environment heavily depends on prison officers, who daily interact with prisoners and are constantly dealing with dangerous situations. Their task performance is vital for the organizational performance and the fulfillment of the prisons’ mission. For managing prison officers’ job performance efficiently, it is important to understand the associated factors; however, job performance in a prison environment remains completely unexplored in Slovenia. This article presents a study conducted among Slovenian prison officers (n = 201), which examined their task performance, its association with job attitudes, and the role of organizational and work-related factors. The study results showed that the prison officers’ task performance is associated with their job satisfaction, but not with their job involvement. Moreover, their job satisfaction is associated with perceived organizational justice, job stress, and the dangerousness of the job. Based on these findings, we demonstrated that task performance depends on several direct and indirect factors that prison management should prioritize, the key ones being stress reduction, strengthening the feeling of organizational justice, and the ability to deal with the job-related dangers successfully. This article highlights organizational and work-related factors important for improving the prison officers’ well-being at work.
Ključne besede: job performance, task performance, workplace psychology, prisons, rison officers
Objavljeno v DKUM: 29.11.2023; Ogledov: 347; Prenosov: 39
Celotno besedilo (913,91 KB)
Gradivo ima več datotek! Več... |
18. Agile development of secure software for small and medium-sized enterprisesAnže Mihelič, Simon Vrhovec, Tomaž Hovelja, 2023, izvirni znanstveni članek Opis: Although agile methods gained popularity and became globally widespread, developing secure software with agile methods remains a challenge. Method elements (i.e., roles, activities, and artifacts) that aim to increase software security on one hand can reduce the characteristic agility of agile methods on the other. The overall aim of this paper is to provide small- and medium-sized enterprises (SMEs) with the means to improve the sustainability of their software development process in terms of software security despite their limitations, such as low capacity and/or financial resources. Although software engineering literature offers various security elements, there is one key research gap that hinders the ability to provide such means. It remains unclear not only how much individual security elements contribute to software security but also how they impact the agility and costs of software development. To address the gap, we identified security elements found in the literature and evaluated them for their impact on software security, agility, and costs in an international study among practitioners. Finally, we developed a novel lightweight approach for evaluating agile methods from a security perspective. The developed approach can help SMEs to adapt their software development to their needs.
Ključne besede: secure software development, security engineering, agile, small and medium sized enterprises, software development management, security
Objavljeno v DKUM: 29.11.2023; Ogledov: 494; Prenosov: 7
Celotno besedilo (2,58 MB)
Gradivo ima več datotek! Več... |
19. Country life in the digital era : comparison of technology use and cybercrime victimization between residents of rural and urban environments in SloveniaIgor Bernik, Kaja Prislan Mihelič, Anže Mihelič, 2022, izvirni znanstveni članek Opis: Cybercrime is one of the most significant security challenges of the 21st century. However, official statistics do not provide insights into its prevalence and nature. Representative cross-sectional field studies may help fill this gap, focusing on differences between urban and rural technology users. We (a) investigated the association between the purpose of computers and other electronic device usage and perceived vulnerability, (b) compared the differences in the purpose of computers or other electronic device use and perceived vulnerability, and (c) compared the perceived cyber victimization between residents of rural and urban areas. We conducted a field study that resulted in a representative sample of the Republic of Slovenia in Europe. We found several significant differences in the purpose of technology use and perceived cyber victimization. Furthermore, the results indicate that the purpose of technology use is somehow associated with perceived vulnerability in cyberspace; however, such associations are different in cyberspace than in the material world.
Ključne besede: cyber victimization, cybercrime, rural environment, technology use, perceived vulnerability
Objavljeno v DKUM: 31.07.2023; Ogledov: 413; Prenosov: 56
Celotno besedilo (840,72 KB)
Gradivo ima več datotek! Več... |
20. Informacijska varnost v slovenskem start-up okolju : magistrsko deloLuka Jelovčan, 2023, magistrsko delo Opis: Start-up podjetja predstavljajo pomemben del podjetniškega okolja, saj na trg nenehno prinašajo nove rešitve, izdelke in pristope. Hkrati je start-up okolje izpostavljeno številnim tveganjem, ki nenehno ogrožajo nadaljnji razvoj ali celo obstoj posameznih start-up podjetij. Med glavna tveganja, ki so jim start-up podjetja izpostavljena, zagotovo sodijo tudi informacijskovarnostne grožnje, saj podatki in intelektualna lastnina predstavljajo temelj njihovega uspeha. Za start-up podjetja je tako ključnega pomena učinkovito upravljanje informacijske varnosti in s tem optimalno razpolaganje z omejenimi sredstvi. Ne glede na to je upravljanje informacijske varnosti med slovenskimi start-up podjetji popolnoma neraziskano področje. Da bi bila naslovljena vrzel v literaturi so bili v okviru izdelave magistrskega dela izvedeni intervjuji s predstavniki 18 slovenskih star-up podjetij. Cilj raziskave je bil ugotoviti, kako start-up podjetja razumejo koncept informacijske varnosti, kakšen odnos imajo do tega področja in kako k upravljanju informacijske varnosti pristopajo. Pri tem delo izhaja iz teoretičnega modela znanja, odnosa in vedenja, medtem ko sta upravljanje in izvajanje informacijskovarnostnih ukrepov presojani s pomočjo standarda ISO/IEC 27001. Rezultati raziskave kažejo, da se slovenska start-up podjetja zavedajo informacijskovarnostnih groženj in jih prepoznavajo kot pomemben dejavnik tveganja, ki lahko ogrozi razvoj podjetja, večina informacijsko varnost prepoznava kot pomembno za poslovni uspeh podjetja. K izvajanju informacijskovarnostnih ukrepov start-up podjetja pristopajo pragmatično, skladno s svojimi potrebami, znanjem in omejenimi sredstvi. S tem so povezani tudi informacijskovarnostni ukrepi, ki jih start-up podjetja izvajajo, saj največ pozornosti namenijo varnosti človeških virov, razdeljevanju dostopov in sledenju osnovnim dobrim praksam, pri čemer tehnološka start-up podjetja več pozornosti namenijo informacijski varnosti v dobavnih verigah in pri sodelovanju s partnerskimi podjetji. Rezultati raziskave ponujajo prvi vpogled v stanje informacijske varnosti med slovenskimi start-up podjetji ter omogočajo pripravo priporočil in prilagojenih ukrepov, ki bodo start-up podjetjem omogočali celovitejši in sistematičen pristop k upravljanju informacijske varnosti.
Ključne besede: informacijska varnost, start-up podjetja, tveganja, ISO/IEC 27001, diplomske naloge
Objavljeno v DKUM: 08.05.2023; Ogledov: 622; Prenosov: 162
Celotno besedilo (884,63 KB) |
