Visualisation of PF firewall logs using open source

Coetzee, Dirk

January 2015

If you cannot measure, you cannot manage. This is an age old saying, but still very true, especially within the current South African cybercrime scene and the ever-growing Internet footprint. Due to the significant increase in cybercrime across the globe, information security specialists are starting to see the intrinsic value of logs that can ‘tell a story’. Logs do not only tell a story, but also provide a tool to measure a normally dark force within an organisation. The collection of current logs from installed systems, operating systems and devices is imperative in the event of a hacking attempt, data leak or even data theft, whether the attempt is successful or unsuccessful. No logs mean no evidence, and in many cases not even the opportunity to find the mistake or fault in the organisation’s defence systems. Historically, it remains difficult to choose what logs are required by your organization. A number of questions should be considered: should a centralised or decentralised approach for collecting these logs be followed or a combination of both? How many events will be collected, how much additional bandwidth will be required and will the log collection be near real time? How long must the logs be saved and what if any hashing and encryption (integrity of data) should be used? Lastly, what system must be used to correlate, analyse, and make alerts and reports available? This thesis will address these myriad questions, examining the current lack of log analysis, practical implementations in modern organisation, and also how a need for the latter can be fulfilled by means of a basic approach. South African organizations must use technology that is at hand in order to know what electronic data are sent in and out of their organizations network. Concentrating only on FreeBSD PF firewall logs, it is demonstrated within this thesis the excellent results are possible when logs are collected to obtain a visual display of what data is traversing the corporate network and which parts of this data are posing a threat to the corporate network. This threat is easily determined via a visual interpretation of statistical outliers. This thesis aims to show that in the field of corporate data protection, if you can measure, you can manage.

Open source software -- South Africa

Data logging -- South Africa

Data integrity -- South Africa

Data protection -- South Africa

Computer crimes -- South Africa

Hacktivism

An enterprise information security model for a micro finance company: a case study

Owen, Morné

January 2009

The world has entered the information age. How the information is used within an organization will determine success or failure of the organisation. This study aims to provide a model, that once implemented, will provide the required protection for the information assets. The model is based on ISO 27002, an international security standard. The primary objective is to build a model that will provide a holistic security system specifically for a South African Micro Finance Company (MFC). The secondary objectives focuses on successful implementation of such a model, the uniqueness of the MFC that should be taken into account, and the maintenance of the model once implemented to ensure ongoing relevance. A questionnaire conducted at the MFC provided insight into the perceived understanding of information security. The questionnaire results were used to ensure the model solution addressed current information security shortcomings within the MFC. This study found that the information security controls in ISO 27002 should be applicable to any industry. The uniqueness for the MFC is not in the security controls, but rather in the regulations and laws applicable to it.

A standards-based security model for health information systems

Thomson, Steven Michael

January 2008

In the healthcare environment, various types of patient information are stored in electronic format. This prevents the re-entering of information that was captured previously. In the past this information was stored on paper and kept in large filing cabinets. However, with the technology advancements that have occurred over the years, the idea of storing patient information in electronic systems arose. This led to a number of electronic health information systems being created, which in turn led to an increase in possible security risks. Any organization that stores information of a sensitive nature must apply information security principles in order to ensure that the stored information is kept secure. At a basic level, this entails ensuring the confidentiality, integrity and availability of the information, which is not an easy feat in today’s distributed and networked environments. This paved the way for organized standardization activities in the areas of information security and information security management. Throughout history, there have been practices that were created to help “standardize” industries of all areas, to the extent that there are professional organizations whose main objective it is to create such standards to help connect industries all over the world. This applies equally to the healthcare environment, where standardization took off in the late eighties. Healthcare organizations must follow standardized security measures to ensure that patient information stored in health information systems is kept secure. However, the proliferation in standards makes it difficult to understand, adopt and deploy these standards in a coherent manner. This research, therefore, proposes a standards-based security model for health information systems to ensure that such standards are applied in a manner that contributes to securing the healthcare environment as a whole, rather than in a piecemeal fashion.

Information security risk management in small-scale organisations: a case study of secondary schools’ computerised information systems

Moyo, Moses

11 December 2014

Threats to computerised information systems are always on the rise and compel organisations to invest a lot of money and time amongst other technical controls in an attempt to protect their critical information from inherent security risks. The computerisation of information systems in secondary schools has effectively exposed these organisations to a host of complex information security challenges that they have to deal with in addition to their core business of teaching and learning. Secondary schools handle large volumes of sensitive information pertaining to educators, learners, creditors and financial records that they are obliged to secure. Computerised information systems are vulnerable to both internal and external threats but ease of access sometimes manifest in security breaches, thereby undermining information security. Unfortunately, school managers and users of computerised information systems are ignorant of the risks to their information systems assets and the consequences of the compromises that might occur thereof. One way of educating school managers and users about the risks to their computerised information systems is through a risk management programme in which they actively participate. However, secondary schools do not have the full capacity to perform information security risk management exercises due to the unavailability of risk management experts and scarce financial resources to fund such programmes. This qualitative case study was conducted in two secondary schools that use computerised information systems to support everyday administrative operations. The main objective of this research study was to assist secondary schools that used computerised information systems to develop a set of guidelines they would use to effectively manage information security risks in their computerised information systems. This study educated school managers and computerised information systems users on how to conduct simple risk management exercises. The Operationally Critical Threats, Assets and Vulnerability Evaluation for small-scale organisations risk management method was used to evaluate the computerised information systems in the two schools and attain the goals of the research study. Data for this study were generated through participatory observation, physical inspections and interview techniques. Data were presented, analysed and interpreted qualitatively. This study found that learners‟ continuous assessment marks, financial information, educators‟ personal information, custom application software, server-computers and telecommunication equipment used for networking were the critical assets. The main threats to these critical assets were authorised and unauthorised systems users, malware, system crashes, access paths and incompatibilities in software. The risks posed by these threats were normally led to the unavailability of critical information systems assets, compromise of data integrity and confidentiality. This also led to the loss of productivity and finance, and damage to school reputation. The only form of protection mechanism enforced by secondary schools was physical security. To mitigate the pending risks, the study educated school managers and users in selecting, devising and implementing simple protection and mitigation strategies commensurate with their information systems, financial capabilities and their level of skills. This study also recommended that secondary schools remove all critical computers from open-flow school networks, encrypt all critical information, password-protect all computers holding critical information and train all users of information systems of personal security. The study will be instrumental in educating school managers and computerised information systems users in information security awareness and risk management in general. / Science Engineering and Technology / M.Sc. (Information Systems)

005.80968

Computer security -- South Africa

Risk management -- South Africa

Information security risk management in small-scale organisations : a case study of secondary schools’ computerised information systems

Moyo, Moses

11 December 2014

Threats to computerised information systems are always on the rise and compel organisations to invest a lot of money and time amongst other technical controls in an attempt to protect their critical information from inherent security risks. The computerisation of information systems in secondary schools has effectively exposed these organisations to a host of complex information security challenges that they have to deal with in addition to their core business of teaching and learning. Secondary schools handle large volumes of sensitive information pertaining to educators, learners, creditors and financial records that they are obliged to secure. Computerised information systems are vulnerable to both internal and external threats but ease of access sometimes manifest in security breaches, thereby undermining information security. Unfortunately, school managers and users of computerised information systems are ignorant of the risks to their information systems assets and the consequences of the compromises that might occur thereof. One way of educating school managers and users about the risks to their computerised information systems is through a risk management programme in which they actively participate. However, secondary schools do not have the full capacity to perform information security risk management exercises due to the unavailability of risk management experts and scarce financial resources to fund such programmes. This qualitative case study was conducted in two secondary schools that use computerised information systems to support everyday administrative operations. The main objective of this research study was to assist secondary schools that used computerised information systems to develop a set of guidelines they would use to effectively manage information security risks in their computerised information systems. This study educated school managers and computerised information systems users on how to conduct simple risk management exercises. The Operationally Critical Threats, Assets and Vulnerability Evaluation for small-scale organisations risk management method was used to evaluate the computerised information systems in the two schools and attain the goals of the research study. Data for this study were generated through participatory observation, physical inspections and interview techniques. Data were presented, analysed and interpreted qualitatively. This study found that learners‟ continuous assessment marks, financial information, educators‟ personal information, custom application software, server-computers and telecommunication equipment used for networking were the critical assets. The main threats to these critical assets were authorised and unauthorised systems users, malware, system crashes, access paths and incompatibilities in software. The risks posed by these threats were normally led to the unavailability of critical information systems assets, compromise of data integrity and confidentiality. This also led to the loss of productivity and finance, and damage to school reputation. The only form of protection mechanism enforced by secondary schools was physical security. To mitigate the pending risks, the study educated school managers and users in selecting, devising and implementing simple protection and mitigation strategies commensurate with their information systems, financial capabilities and their level of skills. This study also recommended that secondary schools remove all critical computers from open-flow school networks, encrypt all critical information, password-protect all computers holding critical information and train all users of information systems of personal security. The study will be instrumental in educating school managers and computerised information systems users in information security awareness and risk management in general. / Science Engineering and Technology / M. Sc. (Information Systems)

005.80968

Computer security -- South Africa

Risk management -- South Africa

Security considerations of e-learning in higher education institutions

Ncubukezi, Tabisa

January 2012

Thesis (MTech (Information Technology))--Cape Peninsula University of Technology,2012. / Learning management systems (LMSs) have become the central aspects of educational processes in modern universities. Arguments are that LMSs improve educational efficiencies including the processes of storage, retrieval and exchange of content without distance, space and time constraints. A trusted platform without undue intrusions however, determines the extent to which these benefits can be realized in higher education (HE) spaces. The underlying assumption in this thesis therefore, is that e-Learning systems would lose its value and integrity when the security aspects are ignored. Despite this logic, an overwhelming evidence security omissions and disruptions continue to threaten e-Learning processes at CPUT, with a risk of the actual usage of LMS in the institution. For this reason, this study sought to investigate the extent as well as causes of existing security threats, security awareness programmes and the in/effectiveness of security measures within CPUT. Within the qualitative interpretive research framework, the purposive sampling method was used to select participants. Semi-structured interviews were then used to collect primary data from administrators, technicians, academics and students in the IT and the Public Relations departments at CPUT. The activity theory (AT) was then used as the lens to understand the security aspect in e-Learning systems in the CPUT. From this theory, an analytical framework was developed. It presents holistic view of the security environment of e- Learning as an activity system composed of actors (stakeholders), educational goals, rules (in the form of policies, guidelines and procedures), activities, mediating factors, transformation, and outcomes. The tension between these components accounts for failures in e-Learning security practices, and ultimately in the e-Learning processes. Whilst security measures exist on the e-Learning platform, findings show a combination of the tools, processes and awareness measures to be inadequate and therefore inhibiting. Poor adherence to security guidelines in particular, is a major shortfall in this institution. To this end, a continuous review of network policy, clear and consolidated communication between stakeholders as well as emphasis on the enforcement of security compliance by users across all departments is therefore recommended. Frequent security awareness and training programmes for all LMS users must also be prioritized in this institution.

Computer security -- South Africa

Towards an information security awareness process for engineering SMEs in emerging economies

Gundu, Tapiwa

January 2013

With most employees in Engineering Small and Medium Enterprises (SME) now having access to their own personal workstations, the need for information security management to safeguard against loss/alteration or theft of the firms’ important information has increased. These Engineering SMEs tend to be more concerned with vulnerabilities from external threats, although industry research suggests that a substantial proportion of security incidents originate from insiders within the firm. Hence, technical preventative measures such as antivirus software and firewalls are proving to solve only part of the problem as the employees controlling them lack adequate information security knowledge. This tends to expose a firm to risk and costly mistakes made by naïve/uninformed employees. This dissertation presents an information security awareness process that seeks to cultivate positive security behaviours using a behavioural intention model based on the Theory of Reasoned Action, Protection Motivation Theory and the Behaviourism Theory. The process and model have been refined and verified using expert review and tested through action research at an Engineering SME in South Africa. The main finding was information security levels of employees within the firm were low, but the proposed information security awareness process increased their knowledge thereby positively altering their behaviour.

Computer security -- South Africa

Information technology -- South Africa

Small business -- South Africa

Engineering firms -- South Africa

Information Security Awareness

Information Security Behaviour

Information Security Training

The Effect of Cyber Security on Citizens Adoption of e-Commerce Services: The Case of Vhembe District in Limpopo Province of South Africa

Netshirando, Vusani

18 May 2019

MCom (Business Information Systems) / Department of Business Information Systems / Today, information and communication technologies (ICT) have become an integral part of humans lives more especially in business, be it those in developed or developing countries. The evolution of ICT’s has also led to the introduction of e-Commerce services. Both the public and private sectors, develop these technologies with customer satisfaction in mind. Out of all the efforts by businesses and ICT experts, e-commerce systems continue to fail because of low user acceptance and user attitude, especially in developing nations. Security issues are known to be of top most concern for online shoppers. A survey was administered to 161 respondents, to find out how cyber security affects consumer’s intentions and actual use of e-commerce systems. The study encompasses both users of e-commerce systems and non-users of e-commerce systems across Vhembe district of Limpopo Province in South Africa. A quantitative research approach was used. The findings revealed that perceived security was the main concern for non-users of e-commerce intentions to use e-commerce systems because of lack of information and lack of trust on e-commerce systems. The study also revealed that users of e-commerce systems are still concerned about security, even though they intend to continue using e-commerce systems. For the success of e-commerce in rural communities, government needs to join hands with retailers and SME’s to start awareness campaigns that will clarify how e-commerce systems work and eradicate negative perception on e-commerce systems. / NRF

E-Commerce

Adoption

Intention

Perceived security

Perceived trust

Perceived privacy

658.4780968257

Terrorism -- South Africa -- Limpopo

Cybersecurity framework for cloud computing adoption in rural based tertiary institutions

Patala, Najiyabanu Noormohmed

18 May 2019

MCom (Business Information Systems) / Department of Business Information Systems / Although technology is being progressively used in supporting student learning and enhancing business processes within tertiary institutions, certain aspects are hindering the decisions of cloud usage. Among many challenges of utilizing cloud computing, cybersecurity has become a primary concern for the adoption. The main aim of the study was to investigate the effect of cloud cyber-security usage at rural based tertiary institutions in order to compare the usage with an urban-based institution and propose a cybersecurity framework for adoption of cloud computing cybersecurity. The research questions focused on determining the drivers for cloud cybersecurity usage; the current adoption issues; how cybersecurity challenges, benefits, and quality affects cloud usage; the adoption perceptions and awareness of key stakeholders and identifying a cloud cybersecurity adoption framework. A quantitative approach was applied with data collected from a simple random sample of students, lecturers, admin and IT staff within the tertiary institutions through structured questionnaires. The results suggested compliance with legal law as a critical driver for cloud cybersecurity adoption. The study also found a lack of physical control of data and harmful activities executed on the internet as challenges hampering the adoption. Prevention of identity fraud and cheaper security costs were identified as benefits of adoption. Respondents found cloud cybersecurity to be accurate and effective, although most of the students and employees have not used it. However, respondents were aware of the value of cybersecurity adoption and perceive for it to be useful and convenient, hence have shown the intention of adopting it. There were no significant elements identified to differentiate the perceptions of usage at rural and urban-based tertiary institutions. The results of the study are to be used for clarifying the cybersecurity aspects of cloud computing and forecasting the suitability cloud cybersecurity within the tertiary institutions. Recommendations were made on how tertiary institutions and management can promote cloud cybersecurity adoption and how students, lecturers, and staff can effectively use cloud cybersecurity. / NRF

Cloud computing adoption

Cloud computing security

Cloud cyber-security framework

005.57071168257

Computer networks -- Security measures.

Security system

The moderating effect of information security on the adoption of mobile marketing transactions among South African tertiary students

Donga, Gift Taruwandira

January 2020

PhD (Business Management) / Department of Business Management / Despite the fast pace of development within the mobile commerce industry globally, marketers in developing countries are still lagging in understanding why and how consumers participate in mobile marketing transactions. The literature reporting on mobile marketing transactions’ adoption in a South African context remains largely inconsistent and fragmented as most previous studies are based on the experience of consumers in a non-South African (and nondeveloping country) context. Therefore, this study identifies a literature gap, in that there lacks a sufficient critical mass of studies into the moderating effect of information security on consumer adoption of mobile marketing transactions in South Africa particularly among the youth who have a strong affinity for constant mobile connectivity. Furthermore, confronted with rapid changes in emerging technology, previous models of technology adoption are slowly becoming outmoded. Consequently, this study considered testing a proposed model on the predictive power of marketing-related mobile activity to help improve understanding and prognosis of the adoption of mobile marketing transactions in South Africa. Specifically, in order to render these tests robust, perceived information security was applied as a moderator variable to increase the explanatory power of the model. The objectives set out for this research were measured utilising a single cross-sectional approach, guided by the positivist paradigm. In keeping with the dictates of ensuring the highest levels of reliability and validity, a measuring instrument developed from past studies was used. Using a self-administered questionnaire, data were collected from a sample of 810 students from selected South African universities. Descriptive and multivariate statistical tests including the moderated hierarchical regression analysis were used to analyse data. The implication of the study is that it provides both marketers and policymakers with a set of controllable variables that may be manipulated to promote the adoption of mobile marketing transactions. / NRF

Adoption

Mobile marketing

South Africa

Information security

Moderation

658.4780968257

Students -- South Africa -- Limpopo