Global ETD Search

141	Evolving a secure grid-enabled, distributed data warehouse : a standards-based perspective Li, Xiao-Yu January 2007 (has links) As digital data-collection has increased in scale and number, it becomes an important type of resource serving a wide community of researchers. Cross-institutional data-sharing and collaboration introduce a suitable approach to facilitate those research institutions that are suffering the lack of data and related IT infrastructures. Grid computing has become a widely adopted approach to enable cross-institutional resource-sharing and collaboration. It integrates a distributed and heterogeneous collection of locally managed users and resources. This project proposes a distributed data warehouse system, which uses Grid technology to enable data-access and integration, and collaborative operations across multi-distributed institutions in the context of HV/AIDS research. This study is based on wider research into OGSA-based Grid services architecture, comprising a data-analysis system which utilizes a data warehouse, data marts, and near-line operational database that are hosted by distributed institutions. Within this framework, specific patterns for collaboration, interoperability, resource virtualization and security are included. The heterogeneous and dynamic nature of the Grid environment introduces a number of security challenges. This study also concerns a set of particular security aspects, including PKI-based authentication, single sign-on, dynamic delegation, and attribute-based authorization. These mechanisms, as supported by the Globus Toolkit’s Grid Security Infrastructure, are used to enable interoperability and establish trust relationship between various security mechanisms and policies within different institutions; manage credentials; and ensure secure interactions. Computational grids (Computer systems) Computer networks -- Security measures
142	A framework for information security governance in SMMEs Coertze, Jacques Jacobus January 2012 (has links) It has been found that many small, medium and micro-sized enterprises (SMMEs) do not comply with sound information security governance principles, specifically the principles involved in drafting information security policies and monitoring compliance, mainly as a result of restricted resources and expertise. Research suggests that this problem occurs worldwide and that the impact it has on SMMEs is great. The problem is further compounded by the fact that, in our modern-day information technology environment, many larger organisations are providing SMMEs with access to their networks. This results not only in SMMEs being exposed to security risks, but the larger organisations as well. In previous research an information security management framework and toolbox was developed to assist SMMEs in drafting information security policies. Although this research was of some help to SMMEs, further research has shown that an even greater problem exists with the governance of information security as a result of the advancements that have been identified in information security literature. The aim of this dissertation is therefore to establish an information security governance framework that requires minimal effort and little expertise to alleviate governance problems. It is believed that such a framework would be useful for SMMEs and would result in the improved implementation of information security governance. Computer networks -- Security measures
143	A framework for assuring conformance of cloud-based email at higher education institutions Willett, Melanie January 2013 (has links) Cloud computing is a relatively immature computing paradigm that could significantly benefit users. Cloud computing solutions are often associated with potential benefits such as cost reduction, less administrative hassle, flexibility and scalability. For organisations to realize such potential benefits, cloud computing solutions need to be chosen, implemented, managed and governed in a way that is secure, compliant with internal and external requirements and indicative of due diligence. This can be a challenge, given the many concerns and risks commonly associated with cloud computing solutions. One cloud computing solution that is being widely adopted around the world is cloud-based email. One of the foremost adopters of this cloud computing solution is higher education institutions. These higher education institutions stand to benefit greatly from using such services. Cloud-based email can be provisioned to staff and students at these institutions for free. Additionally, cloud service providers (CSPs) are able to provide a better email service than some higher education institutions would be able to provide if they were required to do so in-house. CSPs often provide larger inboxes and many extra services with cloud-based email. Cloud-based email is, therefore, clearly an example of a cloud computing solution that has the potential to benefit organisations. There are however, risks and challenges associated with the use of this cloud computing solution. Two of these challenges relate to ensuring conformance to internal and external (legal, regulatory and contractual obligations) requirements and to providing a mechanism of assuring that cloud-based email related activities are sound. The lack of structured guidelines for assuring the conformance of cloud-based email is putting this service at risk at higher education institutions in South Africa. This work addresses this problem by promoting a best practice based approach to assuring the conformance of cloud-based email at higher education institutions. To accomplish this, components of applicable standards and best practice guidelines for IT governance, IT assurance and IT conformance are used to construct a framework for assuring the conformance of cloud-based email. The framework is designed and verified using sound design science principles. The utility and value of the framework has been demonstrated at a higher education institution in South Africa. This framework can be used to assist higher education institutions to demonstrate due diligence in assuring that they conform to legal and best practice requirements for the management and governance of cloud-based email. This is a significant contribution in the relatively new field of cloud computing governance. Cloud computing -- Security measures Computer networks -- Security measures Web services
144	SecMVC : a model for secure software design based on the model-view-controller pattern Colesky, Michael Robert January 2014 (has links) Current advances in the software development industry are growing more ubiquitous by the day. This has caused for security, not only in the broader sense, but specifically within the design and overall development of software itself, to become all the more important. An evidently prevalent problem in the domain of software development is that software security is not consistently addressed during design, which undermines core security concerns, and leads to the development of insecure software. This research seeks to address this issue via a model for secure software design, which is based on a software design pattern, namely, the Model-View-Controller (MVC) pattern. The use of a pattern to convey knowledge is not a new notion. However, the ability of software design patterns to convey secure software design is an idea worth investigating. Following identification of secure software design principles and concepts, as well as software design patterns, specifically those relating to the MVC pattern, a model was designed and developed. With the MVC pattern argued as being a suitable foundation for the model, the security conscious MVC (SecMVC) combines secure software design principles and concepts into the MVC pattern. Together herewith, the MVC pattern’s components in the MVC Compound pattern, namely: the Observer pattern, the Strategy pattern, and the Composite pattern, have provided further sub-models for less abstraction and greater detail. These sub-models were developed, as a result of the SecMVC model’s evaluation in the validation for this study, an expert review. Argued in the light of similar research methods, the expert review was chosen – along with a process that included the use of two expert participants to validate the SecMVC model. It was determined through the expert review that the SecMVC model is of sufficient utility, quality, and efficacy to constitute research value. The research methodology process followed was design science, in which the SecMVC model, which includes its related sub-models, serves as the artefact and research output of this study. This research study contributes evidence of the feasibility for integrating knowledge into software design patterns. This includes the SecMVC model itself. In addition, it argues for the use of an expert review, as an evaluative research method for such an artifact. Computer software -- Development Model-driven software architecture
145	The ISO/IEC 27002 and ISO/IEC 27799 information security management standards : a comparative analysis from a healthcare perspective Ngqondi, Tembisa Grace January 2009 (has links) Technological shift has become significant and an area of concern in the health sector with regard to securing health information assets. Health information systems hosting personal health information expose these information assets to ever-evolving threats. This information includes aspects of an extremely sensitive nature, for example, a particular patient may have a history of drug abuse, which would be reflected in the patient’s medical record. The private nature of patient information places a higher demand on the need to ensure privacy. Ensuring that the security and privacy of health information remain intact is therefore vital in the healthcare environment. In order to protect information appropriately and effectively, good information security management practices should be followed. To this end, the International Organization for Standardization (ISO) published a code of practice for information security management, namely the ISO 27002 (2005). This standard is widely used in industry but is a generic standard aimed at all industries. Therefore it does not consider the unique security needs of a particular environment. Because of the unique nature of personal health information and its security and privacy requirements, the need to introduce a healthcare sector-specific standard for information security management was identified. The ISO 27799 was therefore published as an industry-specific variant of the ISO 27002 which is geared towards addressing security requirements in health informatics. It serves as an implementation guide for the ISO 27002 when implemented in the health sector. The publication of the ISO 27799 is considered as a positive development in the quest to improve health information security. However, the question arises whether the ISO 27799 addresses the security needs of the healthcare domain sufficiently. The extensive use of the ISO 27002 implies that many proponents of this standard (in healthcare), now have to ensure that they meet the (assumed) increased requirements of the ISO 27799. The purpose of this research is therefore to conduct a comprehensive comparison of the ISO 27002 and ISO 27799 standards to determine whether the ISO 27799 serves the specific needs of the health sector from an information security management point of view. Computer security
146	A model for legal compliance in the South African banking sector : an information security perspective Maphakela, Madidimalo Rabbie January 2008 (has links) In the past, many organisations used to keep their information on paper, which resulted in the loss of important information. In today’s knowledge era the information super-highway facilitates highly connected electronic environments where business applications can communicate on an intra- as well as inter-organizational level. As business expanded more into the cyber-world, so did the need to protect the information they have. Technology advances did not only bring benefits, it also increased the vulnerability of companies’ information. Information, the lifeblood of an organization, must be protected from threats such as hackers and fraud, amongst others. In the highly regulated financial sector, the protection of information is not only a best practice, but a legal obligation carrying penalties for non-compliance. From a positive aspect, organisations can identify security controls that can help them to secure their information, with the aid of legal sources. But organisations find themselves burdened by a burgeoning number of legal sources and requirements, which require vast resources and often become unmanageable. This research focuses on finding a solution for South African banks to comply with multiple legal sources, as seen from an information security perspective. Database security -- South Africa Computer security -- South Africa
147	A framework to mitigate phishing threats Frauenstein, Edwin Donald January 2013 (has links) We live today in the information age with users being able to access and share information freely by using both personal computers and their handheld devices. This, in turn, has been made possible by the Internet. However, this poses security risks as attempts are made to use this same environment in order to compromise the confidentiality, integrity and availability of information. Accordingly, there is an urgent need for users and organisations to protect their information resources from agents posing a security threat. Organisations typically spend large amounts of money as well as dedicating resources to improve their technological defences against general security threats. However, the agents posing these threats are adopting social engineering techniques in order to bypass the technical measures which organisations are putting in place. These social engineering techniques are often effective because they target human behaviour, something which the majority of researchers believe is a far easier alternative than hacking information systems. As such, phishing effectively makes use of a combination of social engineering techniques which involve crafty technical emails and website designs which gain the trust of their victims. Within an organisational context, there are a number of areas which phishers exploit. These areas include human factors, organisational aspects and technological controls. Ironically, these same areas serve simultaneously as security measures against phishing attacks. However, each of these three areas mentioned above are characterised by gaps which arise as a result of human involvement. As a result, the current approach to mitigating phishing threats comprises a single-layer defence model only. However, this study proposes a holistic model which integrates each of these three areas by strengthening the human element in each of these areas by means of a security awareness, training and education programme. Computer networks -- Security measures Mobile computing -- Security measures
148	A national strategy towards cultivating a cybersecurity culture in South Africa Gcaza, Noluxolo January 2017 (has links) In modern society, cyberspace is interwoven into the daily lives of many. Cyberspace is increasingly redefining how people communicate as well as gain access to and share information. Technology has transformed the way the business world operates by introducing new ways of trading goods and services whilst bolstering traditional business methods. It has also altered the way nations govern. Thus individuals, organisations and nations are relying on this technology to perform significant functions. Alongside the positive innovations afforded by cyberspace, however, those who use it are exposed to a variety of risks. Cyberspace is beset by criminal activities such as cybercrime, fraud, identity theft to name but a few. Nonetheless, the negative impact of these cyber threats does not outweigh the advantages of cyberspace. In light of such threats, there is a call for all entities that reap the benefits of online services to institute cybersecurity. As such, cybersecurity is a necessity for individuals, organisations and nations alike. In practice, cybersecurity focuses on preventing and mitigating certain security risks that might compromise the security of relevant assets. For a long time, technology-centred measures have been deemed the most significant solution for mitigating such risks. However, after a legacy of unsuccessful technological efforts, it became clear that such solutions in isolation are insufficient to mitigate all cyber-related risks. This is mainly due to the role that humans play in the security process, that is, the human factor. In isolation, technology-centred measures tend to fail to counter the human factor because of the perception among many users that security measures are an obstacle and consequently a waste of time. This user perception can be credited to the perceived difficulty of the security measure, as well as apparent mistrust and misinterpretation of the measure. Hence, cybersecurity necessitates the development of a solution that encourages acceptable user behaviour in the reality of cyberspace. The cultivation of a cybersecurity culture is thus regarded as the best approach for addressing the human factors that weaken the cybersecurity chain. While the role of culture in pursuing cybersecurity is well appreciated, research focusing on defining and measuring cybersecurity culture is still in its infancy. Furthermore, studies have shown that there are no widely accepted key concepts that delimit a cybersecurity culture. However, the notion that such a culture is not well-delineated has not prevented national governments from pursuing a culture in which all citizens behave in a way that promotes cybersecurity. As a result, many countries now offer national cybersecurity campaigns to foster a culture of cybersecurity at a national level. South Africa is among the nations that have identified cultivating a culture of cybersecurity as a strategic priority. However, there is an apparent lack of a practical plan to cultivate such a cybersecurity culture in South Africa. Thus, this study sought firstly to confirm from the existing body of knowledge that cybersecurity culture is indeed ill-defined and, secondly, to delineate what constitutes a national cybersecurity culture. Finally, and primarily, it sought to devise a national strategy that would assist SA in fulfilling its objective of cultivating a culture of cybersecurity on a national level. Computer networks -- Security measures Cyberspace -- Security measures Computer security -- South Africa Subculture -- South Africa
149	The computer incident response framework (CIRF) Pieterse, Theron Anton 10 October 2014 (has links) M.Com. (Informatics) / A company’s valuable information assets face many risks from internal and external sources. When these risks are exploited and reports on information assets are made public, it is usually easy to determine which companies had a contingency plan to deal with the various aspects of these “computer incidents”. This study incorporates important factors of computer incidents into a framework which will assists the company in effectively dealing and managing computer incidents when they occur. Computer networks - Security measures Risk management Computer security
150	MOSS : a model for open system security Van Zyl, Pieter Willem Jordaan 12 September 2012 (has links) Ph.D / This thesis looks at current security problems within open system environments, that is security problems within heterogeneous computer system environments that are interconnected via computer networks. Thereafter two security models, Kerberos and the Path Context Model, are considered together with their respective ability to address these security problems. Using concepts of the Path Context Model, a new security model, called MOSS (Model for Open System Security), is developed and it is shown how MOSS can address all the security problems identified. Two possible implementations of MOSS are then considered: the one is based on the concept of Static Security Agents (SSAs) for contemporary open system environments, and the other is based on the concept of Roaming Security Agents (RSAs) for object orientated open system environments. The research is concluded with a summary of possible future research considerations Computer security - South Africa Computer networks - Security measures Security systems - Models. Computers - Access control

Search results