NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 281
  • 55
  • 51
  • 25
  • 19
  • 18
  • 17
  • 10
  • 7
  • 7
  • 5
  • 5
  • 4
  • 4
  • 4
  • Tagged with
  • 584
  • 584
  • 232
  • 227
  • 181
  • 149
  • 104
  • 95
  • 80
  • 77
  • 75
  • 73
  • 71
  • 68
  • 68
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 151 to 160 of 584 (0.11 seconds)

Spelling suggestions: "subject:"data protection"" "subject:"mata protection""

151

Freedom of the press, or the infringement of the right to privacy?: media coverage of President Kgalema Motlanthe from October 2008 to April 2009 in three newspapers

Gamlashe, Thembinkosi January 2012 (has links)
The researcher attempts to assess in which respect the privacy of former President Kgalema Motlanthe may have been invaded during his presidency, in view of journalistic ethics and press codes currently in effect. The study will explore media practices based on media freedom at the time of publication, and assess whether this freedom is understood to suggest the infringement of the right to privacy in the coverage of the private lives of politicians in the media. This study will therefore examine a sample of articles from the Sunday Times, City Press and Mail and Guardian, covering former President Kgalema Motlanthe’s public behaviour that related to his private life, assess which aspects of his demeanour became the subject of media coverage, and correlate such reporting trends with fluctuations in his political career. The researcher will focus on the period when Kgalema Motlanthe was at the helm as the Head of State – from October 2008 to April 2009, and consider particularly the trends in the sampled press reports regarding his private life. The study furthermore examines some of the legislative and normative changes that affected the media in South Africa after democratisation, to correlate the trends observed in the press coverage with legislation. This further serves to identify possible gray areas that arise from reporting on the freedom of the press and may lead to the invasion of privacy.
Freedom of the press
Privacy, Right of
Press law
Data protection -- Law and legislation
152

Fostering information security culture through intergrating theory and technology

Van Niekerk, Johannes Frederick January 2010 (has links)
Today information can be seen as a basic commodity that is crucial to the continuous well-being of modern organizations. Many modern organizations will be unable to do business without access to their information resources. It is therefor of vital importance for organizations to ensure that their infor- mation resources are adequately protected against both internal and external threats. This protection of information resources is known as information security and is, to a large extent, dependent on the behavior of humans in the organization. Humans, at various levels in the organization, play vital roles in the pro- cesses that secure organizational information resources. Many of the prob- lems experienced in information security can be directly contributed to the humans involved in the process. Employees, either intentionally or through negligence, often due to a lack of knowledge, can be seen as the greatest threat to information security. Addressing this human factor in information security is the primary focus of this thesis. The majority of current approaches to dealing with the human factors in information security acknowledge the need to foster an information security culture in the organization. However, very few current approaches attempt to adjust the "generic" model(s) used to define organizational culture to be specific to the needs of information security. This thesis firstly proposes, and argues, such an adapted conceptual model which aims to improve the understanding of what an information security culture is. The thesis secondly focuses on the underlying role that information security educational programs play in the fostering of an organizational information security culture. It is argued that many current information security edu- cational programs are not based on sound pedagogical theory. The use of learning taxonomies during the design of information security educational programs is proposed as a possible way to improve the pedagogical rigor of such programs. The thesis also argues in favor of the use of blended and/or e-learning approaches for the delivery of information security educational content. Finally, this thesis provides a detailed overview demonstrating how the various elements contributed by the thesis integrates into existing trans- formative change management processes for the fostering of an organizational information security culture.
Data protection
Corporate culture -- South Africa
153

MISSTEV : model for information security shared tacit espoused values

Thomson, Kerry-Lynn January 2007 (has links)
One of the most critical assets in most organisations is information. It is often described as the lifeblood of an organisation. For this reason, it is vital that this asset is protected through sound information security practices. However, the incorrect and indifferent behaviour of employees often leads to information assets becoming vulnerable. Incorrect employee behaviour could have an extremely negative impact on the protection of information. An information security solution should be a fundamental component in most organisations. It is, however, possible for an organisation to have the most comprehensive physical and technical information security controls in place, but the operational controls, and associated employee behaviour, have not received much consideration. Therefore, the issue of employee behaviour must be addressed in an organisation to assist in ensuring the protection of information assets. The corporate culture of an organisation is largely responsible for the actions and behaviour of employees. Therefore, to address operational information security controls, the corporate culture of an organisation should be considered. To ensure the integration of information security into the corporate culture of an organisation, the protection of information should become part of the way the employees conduct their everyday tasks – from senior management, right throughout the entire organisation. Therefore, information security should become an integral component of the corporate culture of the organisation. To address the integration of information security into the corporate culture of an organisation, a model was developed which depicted the learning stages and modes of knowledge creation necessary to transform the corporate culture into one that is information security aware.
Computer security -- Management
Data protection
154

Governing information security using organisational information security profiles

Tyukala, Mkhululi January 2007 (has links)
The corporate scandals of the last few years have changed the face of information security and its governance. Information security has been elevated to the board of director level due to legislation and corporate governance regulations resulting from the scandals. Now boards of directors have corporate responsibility to ensure that the information assets of an organisation are secure. They are forced to embrace information security and make it part of business strategies. The new support from the board of directors gives information security weight and the voice from the top as well as the financial muscle that other business activities experience. However, as an area that is made up of specialist activities, information security may not easily be comprehended at board level like other business related activities. Yet the board of directors needs to provide oversight of information security. That is, put an information security programme in place to ensure that information is adequately protected. This raises a number of challenges. One of the challenges is how can information security be understood and well informed decisions about it be made at the board level? This dissertation provides a mechanism to present information at board level on how information security is implemented according to the vision of the board of directors. This mechanism is built upon well accepted and documented concepts of information security. The mechanism (termed An Organisational Information Security Profile or OISP) will assist organisations with the initialisation, monitoring, measuring, reporting and reviewing of information security programmes. Ultimately, the OISP will make it possible to know if the information security endeavours of the organisation are effective or not. If the information security programme is found to be ineffective, The OISP will facilitate the pointing out of areas that are ineffective and what caused the ineffectiveness. This dissertation also presents how the effectiveness or ineffctiveness of information security can be presented at board level using well known visualisation methods. Finally the contribution, limits and areas that need more investigation are provided.
Data protection
Computer security -- Management
Computer networks -- Security measures
155

The social, cultural, epistemological and technical basis of the concept of 'private' data

McCullagh, Karen January 2012 (has links)
In July 2008, the UK Information Commissioner launched a review of EU Directive 95/46/EC on the basis that: “European data protection law is increasingly seen as out of date, bureaucratic and excessively prescriptive. It is showing its age and is failing to meet new challenges to privacy, such as the transfer of personal details across international borders and the huge growth in personal information online. It is high time the law is reviewed and updated for the modern world.” Legal practitioners such as Bergkamp have expressed a similar sense of dissatisfaction with the current legislative approach: “Data Protection as currently conceived by the EU is a fallacy. It is a shotgun remedy against an incompletely conceptualised problem. It is an emotional, rather than rational reaction to feelings of discomfort with expanding data flows. The EU regime is not supported by any empirical data on privacy risks and demand…A future EU privacy program should focus on actual harms and apply targeted remedies.” Accordingly, this thesis critiques key concepts of existing data protection legislation, namely ‘personal’ and ‘sensitive’ data, in order to explore whether current data protection laws can simply be amended and supplemented to manage privacy in the information society. The findings from empirical research will demonstrate that a more radical change in EU law and policy is required to effectively address privacy in the digital economy. To this end, proposed definitions of data privacy and private data was developed and tested through semi-structured interviews with privacy and data protection experts. The expert responses indicate that Bergkamp et al have indeed identified a potential future direction for privacy and data protection, but that further research is required in order to develop a coherent definition of privacy protection based on managing risks to personal data, and harm from misuse of such information.
300
156

A prototype design for RBAC in a workflow environment

Cholewka, Damian Grzegorz 13 February 2012 (has links)
M.Sc. / Role-based access control (RBAC) associates roles with privileges and users with roles. These associations are, however, static in that changes are infrequent and explicit. In certain instances this does not reflect business requirements. Access to an object should be based not only on the identity of the object and the user, but also on the actual task that must be performed. Context-sensitive access control meets the requirements in that it also considers the actual task, i.e. the context of the work to be done, when deciding whether an access should be granted or not. Workflow technology provides an appropriate environment for establishing the context of work. This dissertation discusses the implementation of a context-sensitive access control mechanism within a workflow environment. Although the prototype represents scaled-down workflow functionality, it illustrates the concept of context-sensitive access control. Access control was traditionally aimed at physically controlling access to a computer terminal. Large doors were put in place and time was divided between users who needed to work on a terminal. Today, however, physical means of restraining access have to a large extent given way to logical controls. Current access control mechanisms frequently burden the end-users with unnecessary security-related tasks. A user may, for example, be expected to assume a specific role at the beginning of a session, resulting in unnecessary multi-logons. Alternatively, users can automatically play the most senior role that they can hold and consequently receive the permissions associated with that role. The user is therefore trusted to implement the security policy and not misuse granted privileges. It is also possible for an end-user to bypass security functionality inadvertently- end-users do not always remember to do the correct thing. End-users are furthermore not necessarily adequately educated in security principles and may thus regard security-related tasks as hampering the tasks that they regard as being more important.
Data protection
Workflow
Computer security
Computer access control
157

CoSAWoE - a model for context-sensitive access control in workflow environments.

Botha, Reinhardt A 29 May 2008 (has links)
Due to the correspondence between the role abstraction in Role-based Access Control (RBAC) and the notion of organizational positions, it seems easy to construct role hierarchies. This is, however, a misconception. This paper argues that, in order to reflect the functional requirements, a role hierarchy becomes very complex. In a bid to simplify the design of role hierarchies suitable for the expression of access control requirements in workflow systems, the paper proposes a “typed” role hierarchy. In a “typed” role hierarchy a role is of a speci fic type. The associations between different types of roles are limited by rules that govern the construction of a role hierarchy. This paper proposes a methodology to systematically construct a “typed” role hierarchy. Since the “typed” nature of the role hierarchy is only relevant during the construction of the role hierarchy, it can seamlessly be integrated into existing RBAC schemes that support the concept of role hierarchies. / Eloff, J.H.P., Prof.
workflow
data protection
computer security
computers access control
158

Secure multimedia databases.

Pedroncelli, Antony 02 June 2008 (has links)
A message can be communicated to other people using a combination of pictures, sounds, and actions. Ensuring that the message is understood as intended often depends on the presentation of these forms of multimedia. In today’s digital world, traditional multimedia artefacts such as paintings, photographs, audiotapes and videocassettes, although still used, are gradually being replaced with a digital equivalent. It is normally easy to duplicate these digital multimedia files, and they are often available within public repositories. Although this has its advantages, security may be a concern, especially for sensitive multimedia data. Information security services such as identification and authentication, authorisation, and confidentiality can be implemented to secure the data at the file level, ensuring that only authorised entities gain access to the entire multimedia file. It may not always be the case however that a message must be conveyed in the same way for every entity (user or program) that makes a request for the multimedia data. Although access control measures can be ensured for the multimedia at the file level, very little work has been done to ensure access control for multimedia at the content level. A number of models will be presented in this dissertation that should ensure logical access control at the content level for the three main types of multimedia, namely images, audio, and video. In all of these models, the multimedia data is securely stored in a repository, while the associated security information is stored in a database. The objects that contain the authorisation information are created through an interface that securely communicates with the database. Requests are made through another secure interface, where only the authorised multimedia data will be assembled according to the requesting entity’s security classification. Certain important side issues concerning the secure multimedia models will also be discussed. This includes security issues surrounding the model components and suspicion i.e. reducing the probability that a requesting entity would come to the conclusion that changes were made to the original multimedia data. / Prof. M.S. Olivier
Multimedia systems
access control
computer security
data protection
databases
159

Cross-Border Application of EU's General Data Protection Regulation (GDPR) - A private international law study on third state implications / Tillämpning av EU:s dataskyddsförordning över landgränserna - En internationellt privaträttslig studie om tredjestats implikationer

Taka, Anni-Maria January 2017 (has links)
No description available.
Private international law
data protection
EU
GDPR
Law
Juridik
160

The information security policy: an important information security management control.

Hone, Karin 22 April 2008 (has links)
This study originated from the realisation that the information security industry has identified the information security policy as one of the most important information security management controls. Within the industry there are, however, differing views as to what constitutes an information security policy, what it should contain, how it should be developed and how it should best be disseminated and managed. Numerous organisations claim to have an information security policy, but admit that it is not an effective control. The principal aim of this study is to make a contribution to the information security discipline by defining what an information security policy is, where it fits into the broader information security management framework, what elements an effective policy should contain, how it should be disseminated and how the document is best kept relevant, practical, up-to-date and efficient. The study develops and documents various processes and methodologies needed to ensure the effectiveness of the information security policy, such as the dissemination process and the information security policy management lifecycle. The study consists of five parts, of which Part I serves as introduction to the research topic. It provides background information to the topic and lays the foundation for the rest of the dissertation. Chapter 1 specifically deals with the research topic, the motivation for it and the issues addressed by the dissertation. Chapter 2 looks at the concept of information security management and what it consists of, highlighting the role an information security policy has to play in the discipline. Chapter 3 introduces the various international information security standards and codes of practice that are referred to, examined and analysed in the dissertation. This chapter specifically highlights how and to what extent each of these address the topic of the information security policy. Part II introduces the concept of the information security policy. Chapter 4 provides the background to what an information security policy is and where it fits into the broader structure of an organisation’s governance framework. Chapter 5 specifies what an effective information security policy is and what components are needed to ensure its success as an information security control. Part III expands the components of an effective information security policy as introduced in Chapter 5. This part consists of Chapters 6 to 8, with each of these addressing a single component. Chapter 6 further investigated the development of the information security policy. The dissemination of the document is discussed in Chapter 7 and Chapter 8 expands the concept of the information security policy management lifecycle. Part IV consists of Chapter 9, which deals with a case study applying the various processes and methodologies defined in the previous part. The case study deals with a fictitious organisation and provides detailed background information to indicate how the organisation should approach the development and dissemination of the information security policy. Some of the examples constructed from the case study include a sample information security policy and a presentation to be used as introduction to the information security policy. The dissertation is concluded in Chapter 10. This chapter provides a summarised overview of the research and the issues addressed in it. / Prof. J.H.P. Ehlers
computer security
computer security management
computer security standards
data protection

Page generated in 0.1164 seconds