Global ETD Search

11	NoSQL database considerations and implications for businesses Pretorius, Dawid Johannes 12 1900 (has links) Thesis (MComm)--Stellenbosch University, 2013. / ENGLISH ABSTRACT: NoSQL databases, a new way of storing and retrieving data, can provide businesses with many benefits, although they also pose many risks for businesses. The lack of knowledge among decision-makers of businesses regarding NoSQL databases can lead to risks left unaddressed and missed opportunities. This study, by means of an extensive literature review, identifies the key drivers, characteristics and benefits of a NoSQL database, thereby providing a clear understanding of the subject. The business imperatives related to NoSQL databases are also identified and discussed. This can help businesses to determine whether a NoSQL database might be a viable solution, and to align business and information technology (IT) objectives. The key strategic and operational IT risks are also identified and discussed, based on the literature review. This can help business to ensure that the risks related to the use of NoSQL databases are appropriately addressed. Lastly, the identified risks were mapped to the processes of COBIT (Control Objectives for Information and Related Technology) to inform a business of the highest risk areas and the associated focus areas. / AFRIKAANSE OPSOMMING: NoSQL databasisse, 'n nuwe manier om data te stoor en herwin, het die potensiaal om baie voordele vir besighede in te hou, maar kan ook baie risiko's teweeg bring. Gebrekkige kennis onder besigheidsbesluitnemers oor NoSQL databasisse kan lei tot onaangespreekte risiko’s en verlore geleenthede. Hierdie studie, deur middel van 'n uitgebreide literatuuroorsig, identifiseer die sleutel eienskappe, kenmerke en voordele van 'n NoSQL databasis, om sodoende 'n duidelike begrip van die onderwerp te verkry. Die besigheidsimperatiewe wat verband hou met NoSQL databasisse is ook geïdentifiseer en bespreek. Dit kan besighede help om te bepaal of 'n NoSQL databasis 'n werkbare oplossing kan wees, asook sake- en inligtingstegnologie (IT) doelwitte in lyn met mekaar bring. Na aanleiding van die literatuurstudie is die sleutel-strategiese en operasionele IT-risiko's geïdentifiseer en bespreek. Dit kan help om aan besighede sekerheid te verskaf dat die risiko's wat verband hou met die gebruik van NoSQL databasisse toepaslik aangespreek word. Laastens is die geïdentifiseerde risiko's gekoppel aan die prosesse van COBIT om 'n besigheid van die hoë-risiko areas en die gepaardgaande fokusareas in te lig. Non-relational databases Dissertations -- Accountancy Theses -- Accountancy Dissertations -- Computer auditing Theses -- Computer auditing
12	The governance of significant enterprise mobility security risks Brand, Johanna Catherina 12 1900 (has links) Thesis (MComm)--Stellenbosch University, 2013. / ENGLISH ABSTRACT: Enterprise mobility is emerging as a megatrend in the business world. Numerous risks originate from using mobile devices for business-related tasks and most of these risks pose a significant security threat to organisations’ information. Organisations should therefore apply due care during the process of governing the significant enterprise mobility security risks to ensure an effective process to mitigate the impact of these risks. Information technology (IT) governance frameworks, -models and -standards can provide guidance during this governance process to address enterprise mobility security risks on a strategic level. Due to the existence of the IT gap these risks are not effectively governed on an operational level as the IT governance frameworks, -models and -standards do not provide enough practical guidance to govern these risks on a technical, operational level. This study provides organisations with practical, implementable guidance to apply during the process of governing these risks in order to address enterprise mobility security risks in an effective manner on both a strategic and an operational level. The guidance given to organisations by the IT governance frameworks, -models and -standards can, however, lead to the governance process being inefficient and costly. This study therefore provides an efficient and cost-effective solution, in the form of a short list of best practices, for the governance of enterprise mobility security risks on both a strategic and an operational level. / AFRIKAANSE OPSOMMING: Ondernemingsmobiliteit kom deesdae as ‘n megatendens in die besigheidswêreld te voorskyn. Talle risiko's ontstaan as gevolg van die gebruik van mobiele toestelle vir sake-verwante take en meeste van hierdie risiko's hou 'n beduidende sekuriteitsbedreiging vir organisasies se inligting in. Organisasies moet dus tydens die risikobestuursproses van wesenlike mobiliteit sekuriteitsrisiko’s die nodige sorg toepas om ‘n doeltreffende proses te verseker ten einde die impak van hierdie risiko’s te beperk. Informasie tegnologie (IT)- risikobestuurraamwerke, -modelle en -standaarde kan op ‘n strategiese vlak leiding gee tydens die risikobestuursproses waarin mobiliteit sekuriteitsrisiko’s aangespreek word. As gevolg van die IT-gaping wat bestaan, word hierdie risiko’s nie effektief op ‘n operasionele vlak bestuur nie aangesien die ITrisikobestuurraamwerke, -modelle en -standaarde nie die nodige praktiese leiding gee om hierdie risiko’s op ‘n tegniese, operasionele vlak te bestuur nie. Om te verseker dat organisasies mobiliteit sekuriteitsrisiko’s op ‘n effektiewe manier op beide ‘n strategiese en operasionele vlak bestuur, verskaf hierdie studie praktiese, implementeerbare leiding aan organisasies wat tydens die bestuursproses van hierdie risiko’s toegepas kan word. Die leiding aan organisasies, soos verskaf in die IT-risikobestuurraamwerke, - modelle en -standaarde, kan egter tot’n ondoeltreffende en duur risikobestuursproses lei. Hierdie studie bied dus 'n doeltreffende, koste-effektiewe oplossing, in die vorm van 'n kort lys van beste praktyke, vir die bestuur van die mobiliteit sekuriteitsrisiko’s op beide 'n strategiese en 'n operasionele vlak. Dissertations -- Accountancy Theses -- Accountancy Dissertations -- Computer auditing Theses -- Computer auditing Computer security -- Management Mobile computing -- Security measures
13	An investigation of developments in Web 3.0 : opportunities, risks, safeguards and governance Bruwer, Hendrik Jacobus 04 1900 (has links) Thesis (MComm)--Stellenbosch University, 2014. / ENGLISH ABSTRACT: Many organisations consider technology as a significant asset to generate income and control cost. The World Wide Web (henceforth referred to as the Web), is recognised as the fastest growing publication medium of all time, now containing well over 1 trillion URLs. In order to stay competitive it is crucial to stay up to date with technological trends that create new opportunities for organisations, as well as creating risks. The Web acts as an enabler for technological advancement, and matures in its own unique way. From the static informative characteristics of Web 1.0, it progressed into the interactive experience Web 2.0 provides. The next phase of Web evolution, Web 3.0, is already in progress. Web 3.0 entails an integrated Web experience where the machine will be able to understand and catalogue data in a manner similar to humans. This will facilitate a world wide data warehouse where any format of data can be shared and understood by any device over any network. The evolution of the Web will bring forth new opportunities as well as challenges. Organisations need to be ready, and acquire knowledge about the opportunities and risks arising from Web 3.0 technologies. The purpose of this study is to define Web 3.0, and identify new opportunities and risks associated with Web 3.0 technologies by using a control framework. Identified opportunities can mainly be characterised as the autonomous integration of data and services which increases the pre-existing capabilities of Web services, as well as the creation of new functionalities. The identified risks mainly concern unauthorised access and manipulation of data; autonomous initiation of actions, and the development of scripts and languages. Risks will be mitigated by control procedures which organisations need to implement (examples include but is not limited to encryptions; access control; filtering; language and ontology development control procedures; education of consumers and usage policies). The findings will assist management in addressing the key focus areas of opportunities and risks when implementing a new technology. / AFRIKAANSE OPSOMMING: Baie organisasies beskou tegnologie as 'n belangrike bate om inkomste te genereer en kostes te beheer. Die Wêreldwye Web (voorts na verwys as die Web), word erken as die vinnigste groeiende publikasiemedium van alle tye, met tans meer as 1 triljoen URLs. Ten einde kompeterend te bly, is dit noodsaaklik om op datum te bly met tegnologiese tendense wat nuwe geleenthede, sowel as risikos, vir organisasies kan skep. Die Web fasiliteer tegnologiese vooruitgang, en ontwikkel op sy eie unieke manier. Vanaf die statiese informatiewe eienskappe van Web 1.0, het dit ontwikkel tot die interaktiewe ervaring wat Web 2.0 bied. Die volgende fase van Web-ontwikkeling, Web 3.0, is reeds in die proses van ontwikkeling. Web 3.0 behels 'n geïntegreerde Web-ervaring waar ŉ masjien in staat sal wees om data te verstaan en te kategoriseer op ŉ soortgelyke wyse as wat ŉ mens sou kon. Dit sal lei tot 'n wêreldwye databasis waar enige vorm van data gedeel en verstaan kan word deur enige toestel oor enige netwerk. Die ontwikkeling van die Web sal lei tot die ontstaan van nuwe geleenthede, sowel as uitdagings. Dit is noodsaaklik dat organisasies bewus sal wees hiervan, en dat hulle oor genoegsame kennis sal beskik met betrekking tot die geleenthede en risikos wat voortspruit uit Web 3.0 tegnologieë. Die doel van hierdie studie is om Web 3.0 te definieer, en nuwe geleenthede en risikos wat verband hou met Web 3.0 tegnologieë, te identifiseer deur gebruik te maak van ŉ kontrole raamwerk. Geleenthede wat geïdentifiseer is, word hoofsaaklik gekenmerk deur outonome integrasie van data en dienste wat lei tot ŉ toename in die vermoëns van reeds bestaande Webdienste, sowel as die skepping van nuwe funksionaliteite. Die risikos wat geïdentifiseer is, word hoofsaaklik gekenmerk deur ongemagtigde toegang en manipulasie van data; outonome inisieering van aksies, en die ontwikkeling van programskrifte en tale. Risikos wat geïdentifiseer is, sal aangespreek word deur die implementering van voorgestelde kontroleprosedures om sodanige risikos te verminder tot ŉ aanvaarbare vlak (voorbeelde sluit in maar is nie beperk tot enkripsie; toegangkontroles; filters; programmatuur taal en ontologie ontwikkels kontroles prosedures; opleiding van gebruikers en ontwikkelaars en beleide ten op sigte van gebruik van tegnologië). Die bevindinge sal bestuur in staat stel om die sleutelfokus-areas van geleenthede en risikos te adresseer gedurende die implementering van 'n nuwe tegnologie. Dissertations -- Accountancy Theses -- Accountancy Dissertations -- Computer auditing Theses -- Computer auditing World Wide Web World Wide Web -- Security measures Risk assessment UCTD
14	A structured technique for applying Risk Based Internal Auditing in information technology environments (with specific reference to IIA RBIA, King Report and CobiT) Wheeler, Sonya 03 1900 (has links) Thesis (M.Comm. (Accountancy))--University of Stellenbosch, 2005. / ENGLISH ABSTRACT: A technique that may be used to incorporate Risk Based Internal Auditing (RBIA) in the IT environment is to follow annual audit planning methodology steps. The IT infrastructure elements are linked to the business processes which they support. Their ranking are based on the risk assessments of the business process, the business process priority, the dependency of the business process on IT and the IT infrastructure element’s own risk assessment. CobiT is used as an auditing method, i.e. best practice guidance to audit against. Dissertations -- Accountancy Dissertations -- Accountancy Theses -- Accountancy Assignments -- Accountancy Risk Based Internal Auditing CobiT processes Computer auditing
15	Addressing the incremental risks associated with adopting a Bring Your Own Device program by using the COBIT 5 framework to identify keycontrols Weber, Lyle 04 1900 (has links) Thesis (MComm)--Stellenbosch University, 2014. / ENGLISH ABSTRACT: Bring Your Own Device (BYOD) is a technological trend which individuals of all ages are embracing. BYOD involves an employee of an organisation using their own mobile devices to access their organisations network. Several incremental risks will arise as a result of adoption of a BYOD program by an organisation. The research aims to assist organisations to identify what incremental risks they could potentially encounter if they adopt a BYOD program and how they can use a framework like COBIT 5 in order to reduce the incremental risks to an acceptable level. By means of an extensive literature review the study revealed 50 incremental risks which arise as a result of the adoption of a BYOD program. COBIT 5 was identified as the most appropriate framework which could be used to map the incremental risks against. Possible safeguards were identified from the mapping process which would reduce the incremental risks to an acceptable level. It was identified that 13 of the 37 COBIT 5 processes were applicable for the study. Theses -- Accountancy Dissertations -- Accountancy Computer networks -- Security measures Computer security -- Risk assessment Dissertations -- Computer auditing Theses -- Computer auditing UCTD
16	網路環境帳務稽核日誌系統之建置研究 / A Study on the Implementation of a model of Network Environment Accounting Auditing Log System 歐文純, Ou, Wen-Chueng Unknown Date (has links) 網路環境中，電子商務上的帳務稽核系統，需要內部控制與內部稽核機制的輔助；尤其是在科技快速發展的今日，沒有人能保證百分百的安全，當安全的環境產生漏洞後，需要有一道最後的防線來偵測環境的漏洞，以減少公司的損失，Olden[2000] 認為稽核(Auditing)是網路環境下，電子商務安全基礎建設(Security Infrastructure)中最重要的功能，此稽核的工作包括：(1)促使公司追蹤網站上的活動。(2)產生交易日誌及相關的安全事件。(3)利用稽核日誌以證明某一活動或交易的執行，並且可以追蹤與重新建立因為安全入侵或詐欺等受到影響的事件。因此需要一個網路環境帳務稽核日誌系統，以利後續的審計軌跡的追蹤與查核。本研究試著提出適合在網路環境交易上的帳務稽核日誌系統架構，以解決網路環境交易上帳務稽核的需求，提供一個容易瞭解的稽核方式，幫助管理者更容易掌握網路上的相關問題，並且加以改進。對於日誌的稽核方面，提出重要的整體檢驗概念：(1)個別系統異常的檢查及異常的交互核對，以便找出不易發現的錯誤。(2)應用系統使用者主管角色檢查，以防止內部控制不當的缺失。　在系統雛型建置上，由於各系統所產生的日誌並非為了帳務稽核之目的而設計，難免無法完全滿足帳務稽核日誌所需要的欄位，尤其是無法支援由任一日誌交叉查詢至其他三種日誌所需要的欄位，及受限於研究資源及時間的限制，在雛型系統的實作上，本研究只實作當交易日誌找出異常資料時，再交叉查詢到其他三種日誌。同時，因為重點是放在交叉查詢的檢查，為了減少資料量，因此交易日誌的檢查只舉出經過簡化的十個例子來示範。 / It is hard to implement perfect safe systems in network environment for electronic commerce, so we need internal control and audit mechanism to help detecting unsafe events or error events. Olden[2000] claims that auditing is one of the most critical functions of an e-commerce security infrastructure. The auditing component, which enables an organization to track a Website's activities, should generate logs of transactions and relevant security events. Audit logs serve as proof that an activity or transaction was performed. The logs are often the best way to track and recreate events leading to a security breach or fraudulent activities. In an effective e-commerce security infrastructure, every activity should automatically generate a log entry that can be accessed later. In this study, an implementation model of accounting auditing log system in network environment is proposed. It is essential for the auditing log system to integrate with, and leverage, existing technologies and environment platform logs for finding critical errors. The system should also perform user role conflict check for finding lack of user internal control. This research implemented a prototype system (Network Accounting Auditing log system, NAA) in the environment of NT windows and SQL server database system, in which NT system log, IIS log, FTP log, SQL server log, program maintenance log, five logs are assumed to be kept. For simplification, only 10 scenarios are checked whether there are any abcdrmal transaction events. If any abcdrmal event is found, the NAA system will further cross-check the above logs to find the possible reasons. 電腦稽核電子商務帳務稽核網路管理 Computer Auditing Electronic Commerce Accounting Auditing Network Management

Page generated in 0.0735 seconds