A data protection methodology to preserve critical information from the possible threat of information loss

Schwartzel, Taryn

03 October 2011

M.Tech. / Information is a company’s greatest asset that is continually under threat from human error, technological failure, natural disasters and other external factors. These threats need to be identified and quantified and their relevant protection techniques need to be deployed. This research will allow businesses to ascertain which of these data protection strategies to embrace and deploy, thereby highlighting the balance between cost and value for their business needs. Every commercial enterprise should understand the business value of their data and realise that protecting this data is of utmost importance. However, company data often resides on different mediums, in different locations and implementing a data protection strategy is not always cost effective in terms of the cost of storage mediums and protection methods. The challenges that businesses face is trying to distinguish between mission-critical data from other business data, excluding any non-business or invaluable data that resides on their systems. Thus a cost-effective data protection strategy can be implemented according to the different values of business data. This research provides a model to enable an organisation to: · Utilise the model as a framework or guideline in determining a strategy for protection, storage, retrieval and preservation of business critical data. · Define the data protection strategy to meet the organisation’s business requirements. · Define a cost effective data protection solution that encompasses protection, storage, retrieval and preservation of business critical data. · Make strategic decisions based on an array of best practices to ensure mission-critical data is protected accordingly. iii · Draw a conclusion between the costs of implementing these solutions against the real business value of the data that it protects.

Data protection

Computer security management

Electronic commerce - Security measures

The role of risk perception in Internet purchasing behaviour and intention

De Villiers, R. R. (Raoul Reenen)

12 1900

Thesis (MComm.)--Stellenbosch University, 2001. / ENGLISH ABSTRACT: In recent years the importance and number of users of electronic commerce and its medium, the Internet, have grown substantially. Despite this, the Business-to- Consumer sector has shown slow expansion and limited growth, with the majority of consumers slow to adopt the Internet as a medium for purchase. A probable factor affecting the purchasing behaviour of individuals is the perception of risk of a breach in (credit card) security and/or a violation of privacy. The research discussed here indicates that two closely related constructs, namely perceived privacy risk and perceived security risk exerts an influence on the Internet purchasing behaviour of Internet users, and more importantly, the intention to purchase. In addition, the role of social pressures regarding the provision of personal and credit card information is indicated to be of considerable importance. / AFRIKAANSE OPSOMMING: Die afgelope aantal jare het die belangrikheid en gebruik van eletroniese handel en die Internet aansienlik toegeneem. Ongeag hierdie groei het die sektor gemoeid met die handel tussen besighede en verbruikers egter beperkte groei getoon. 'n Waarskynlike rede vir die tendens in Internet aankoop gedrag is die persepsie dat daar 'n risiko is van misbruik van 'n krediet kaart sowel as misbruik en skending van privaatheid. Die studie wat hier bespreek word toon aan dat twee nou verwante kostrukte, naamlik persepsie van sekuriteits- en persepsie van privaatheidsrisiko 'n rol speel in die bepaling van Internet aankoop gedrag, sowel as die intensie om te koop. Verder is die rol van sosiale druk rakende die verskaffing van persoonlike en krediet kaart inligting uitgelig as 'n faktor van uiterste belang.

Consumer behavior

Electronic commerce -- Security measures

Consumer protection

Risk

Internet -- Security measures

Dissertations -- Business management

Theses -- Business management

Internet payment system--: mechanism, applications & experimentation.

January 2000

Ka-Lung Chong. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2000. / Includes bibliographical references (leaves 80-83). / Abstracts in English and Chinese. / Abstract --- p.i / Acknowledgments --- p.iii / Chapter 1 --- Introduction & Motivation --- p.1 / Chapter 1.1 --- Introduction --- p.1 / Chapter 1.2 --- Internet Commerce --- p.3 / Chapter 1.3 --- Motivation --- p.6 / Chapter 1.4 --- Related Work --- p.7 / Chapter 1.4.1 --- Cryptographic Techniques --- p.7 / Chapter 1.4.2 --- Internet Payment Systems --- p.9 / Chapter 1.5 --- Contribution --- p.16 / Chapter 1.6 --- Outline of the Thesis --- p.17 / Chapter 2 --- A New Payment Model --- p.19 / Chapter 2.1 --- Model Description --- p.19 / Chapter 2.2 --- Characteristics of Our Model --- p.22 / Chapter 2.3 --- Model Architecture --- p.24 / Chapter 2.4 --- Comparison --- p.30 / Chapter 2.5 --- System Implementation --- p.30 / Chapter 2.5.1 --- Acquirer Interface --- p.31 / Chapter 2.5.2 --- Issuer Interface --- p.32 / Chapter 2.5.3 --- Merchant Interface --- p.32 / Chapter 2.5.4 --- Payment Gateway Interface --- p.33 / Chapter 2.5.5 --- Payment Cancellation Interface --- p.33 / Chapter 3 --- A E-Commerce Application - TravelNet --- p.35 / Chapter 3.1 --- System Architecture --- p.35 / Chapter 3.2 --- System Features --- p.38 / Chapter 3.3 --- System Snapshots --- p.39 / Chapter 4 --- Simulation --- p.44 / Chapter 4.1 --- Objective --- p.44 / Chapter 4.2 --- Simulation Flow --- p.45 / Chapter 4.3 --- Assumptions --- p.49 / Chapter 4.4 --- Simulation of Payment Systems --- p.50 / Chapter 5 --- Discussion of Security Concerns --- p.54 / Chapter 5.1 --- Threats to Internet Payment --- p.54 / Chapter 5.1.1 --- Eavesdropping --- p.55 / Chapter 5.1.2 --- Masquerading --- p.55 / Chapter 5.1.3 --- Message Tampering --- p.56 / Chapter 5.1.4 --- Replaying --- p.56 / Chapter 5.2 --- Aspects of A Secure Internet Payment System --- p.57 / Chapter 5.2.1 --- Authentication --- p.57 / Chapter 5.2.2 --- Confidentiality --- p.57 / Chapter 5.2.3 --- Integrity --- p.58 / Chapter 5.2.4 --- Non-Repudiation --- p.58 / Chapter 5.3 --- Our System Security --- p.58 / Chapter 5.4 --- TravelNet Application Security --- p.61 / Chapter 6 --- Discussion of Performance Evaluation --- p.64 / Chapter 6.1 --- Performance Concerns --- p.64 / Chapter 6.2 --- Experiments Conducted --- p.65 / Chapter 6.2.1 --- Description --- p.65 / Chapter 6.2.2 --- Analysis on the Results --- p.65 / Chapter 6.3 --- Simulation Analysis --- p.69 / Chapter 7 --- Conclusion & Future Work --- p.72 / Chapter A --- Experiment Specification --- p.74 / Chapter A.1 --- Configuration --- p.74 / Chapter A.2 --- Experiment Results --- p.74 / Chapter B --- Simulation Specification --- p.77 / Chapter B.1 --- Parameter Listing --- p.77 / Chapter B.2 --- Simulation Results --- p.77 / Bibliography --- p.80

Electronic commerce--Security measures

Electronic funds transfers

Internet--Security measures

World Wide Web--Security measures

Computer security

Economic issues in distributed computing

Huang, Yun, 1973-

28 August 2008

On the Internet, one of the essential characteristics of electronic commerce is the integration of large-scale computer networks and business practices. Commercial servers are connected through open and complex communication technologies, and online consumers access the services with virtually unpredictable behavior. Both of them as well as the e-Commerce infrastructure are vulnerable to cyber attacks. Among the various network security problems, the Distributed Denial-of-Service (DDoS) attack is a unique example to illustrate the risk of commercial network applications. Using a massive junk traffic, literally anyone on the Internet can launch a DDoS attack to flood and shutdown an eCommerce website. Cooperative technological solutions for Distributed Denial-of-Service (DDoS) attacks are already available, yet organizations in the best position to implement them lack incentive to do so, and the victims of DDoS attacks cannot find effective methods to motivate the organizations. Chapter 1 discusses two components of the technological solutions to DDoS attacks: cooperative filtering and cooperative traffic smoothing by caching, and then analyzes the broken incentive chain in each of these technological solutions. As a remedy, I propose usage-based pricing and Capacity Provision Networks, which enable victims to disseminate enough incentive along attack paths to stimulate cooperation against DDoS attacks. Chapter 2 addresses possible Distributed Denial-of-Service (DDoS) attacks toward the wireless Internet including the Wireless Extended Internet, the Wireless Portal Network, and the Wireless Ad Hoc network. I propose a conceptual model for defending against DDoS attacks on the wireless Internet, which incorporates both cooperative technological solutions and economic incentive mechanisms built on usage-based fees. Cost-effectiveness is also addressed through an illustrative implementation scheme using Policy Based Networking (PBN). By investigating both technological and economic difficulties in defense of DDoS attacks which have plagued the wired Internet, our aim here is to foster further development of wireless Internet infrastructure as a more secure and efficient platform for mobile commerce. To avoid centralized resources and performance bottlenecks, online peer-to-peer communities and online social network have become increasingly popular. In particular, the recent boost of online peer-to-peer communities has led to exponential growth in sharing of user-contributed content which has brought profound changes to business and economic practices. Understanding the dynamics and sustainability of such peer-to-peer communities has important implications for business managers. In Chapter 3, I explore the structure of online sharing communities from a dynamic process perspective. I build an evolutionary game model to capture the dynamics of online peer-to-peer communities. Using online music sharing data collected from one of the IRC Channels for over five years, I empirically investigate the model which underlies the dynamics of the music sharing community. Our empirical results show strong support for the evolutionary process of the community. I find that the two major parties in the community, namely sharers and downloaders, are influencing each other in their dynamics of evolvement in the community. These dynamics reveal the mechanism through which peer-to-peer communities sustain and thrive in a constant changing environment. / text

Electronic commerce--Security measures

Computer networks--Security measures

Online social networks

A model to enhance the perceived trustworthiness of Eastern Cape essential oil producers selling through electronic marketplaces

Gcora, Nozibele

January 2016

Eastern Cape Province farmers in the natural essential oils industry are yet to fully realise the use of electronic commerce (e-commerce) platforms, such as electronic marketplaces (e-marketplaces) for business purposes. This is due to the issues that include lack of awareness, poor product quality, untrusted payment gateways and unsuccessful delivery that are associated with e-marketplaces. As a result, farmers do not trust e-marketplaces and therefore hesitate to engage in e-marketplaces for business purposes. This is further complicated by natural essential oils buyers‟ tendency of preferring face-to-face interaction with a supplier rather than online interaction as they need quality assurance. As such, this research proposes a model to enhance the perceived trustworthiness of natural essential oil producers in the Eastern Cape Province selling through e-marketplaces. The model constitutes the factors that could be considered in assisting essential oil producers to create a perception of trustworthiness to buyers in e-marketplaces. These factors were evaluated amongst five organisations involved in the production, retail or processing of essential oils using a multiple-case study methodology. The study‟s use of multiple-case study was applied within the interpretivist paradigm and five cases were considered. Interviews, document analysis and observations were used for data collection. Data analysis was done using within-case analysis followed by cross-case analysis to establish factors of trust. The essential oil producers based in the Gauteng, Kwazulu-Natal and Western Cape provinces were cases that had been successfully using e-marketplaces for a notable period of time. Accordingly, factors that contributed to the successful use of e-marketplaces informed the proposed model of this research. The model proposes that perceived trustworthiness of enterprises in e-marketplaces can be achieved through following the uncertainty reduction stages (Entry, Personal and Exit) and applying uncertainty reduction strategies (passive, active and interactive).

Essences and essential oils -- Marketing

A framework for secure human computer interaction.

Johnston, James

02 June 2008

This research is concerned with the development of a framework for the analysis and design of interfaces found in a security environment. An example of such an interface is a firewall. The purpose of this research is to use the framework as a method to improve the usability of an interface, thus aiding the user to implement the correct security features. The purpose is also to use the framework to assist in the development of trust between a user and a computer system. In this research the framework comprises six criteria which are used to analyse interfaces found in the traditional software environment, Internet banking environment and e-commerce environment. In order to develop the framework an overview of the fields of information security and human computer interfaces (HCI) is given. The overview provides background information and also establishes the existing research which has been done in these fields. Due to its popularity, the Windows Internet Connection Firewall is analysed in this research. Based on the criteria a level of trust fostered between the user and interface is calculated for the firewall. It is then shown how this level of trust can be improved by modifying the interface. A proposed interface for the firewall is presented according to the criteria. Interfaces found in the online Internet environment are discussed. This is important in order to identify the similarities and differences between traditional software interfaces and web interfaces. Due to these differences the criteria are modified to be relevant in the analysis and design of security interfaces found on the Internet. Three South African online banking websites are analysed according to the modified framework. Each interface is broken down into a number of components which are then analysed individually. The results of the analysis are compared between the three banking sites to identify the elements which make up a successful interface in an online banking environment. Lastly, three interfaces of e-commerce websites are analysed. Recommendations are made on how the interfaces can be improved, thus leading to a higher level of trust. / Labuschagne, L., Prof.

electronic commerce security measures

web sites security measures

internet banking security measures

firewalls (computer security)

Microsoft Windows (computer file)

computer security

human- computer interaction

Mobile commerce over GSM: A banking perspective on security

Van der Merwe, Pieter Ben

20 July 2004

GSM has changed the face of communication and information exchange, much as the Internet did. With the advances made in the mobile technology arena, new opportunities are created. Mobile Commerce (m-Commerce) is one such opportunity. Each new advance in technology brings with it associated risks. This dissertation focuses on the risks involved with m-Commerce for the banking industry. This dissertation provides a detailed overview of basic services that any m-Commerce application should provide to the banking industry. These principles provide the foundation for securing any financial transaction over untrusted networks. Several mechanisms to provide these services are also discussed. Examples of such mechanisms include hash functions, Message Authentication Codes and Digital Signatures. The security of GSM networks has come under attack in the past. This is largely due to the fact that the GSM consortium opted to develop their security technologies in secret, rather than in the public domain. This dissertation aims to evaluate the security offered by GSM and assess potential attacks in order to further understand risks associated with m-Commerce applications over GSM. In recent years there have been significant additions to the GSM enabling technology family. The arrival of the SIM Application Toolkit and the Wireless Application Protocol promised to again change the face of commerce. Although market acceptance of these technologies proved to be initially slow, usage is set to increase exponentially within the next couple of years. A detailed analysis of these enabling technologies is presented in the dissertation. Possible attacks on these technologies are discussed in the latter part or this document. Based on the findings of the research, some changes to either the application architectures or the processing of the data have been suggested in order to enhance the security offered by these services. It is not the intent of this dissertation to redesign these applications, but to rather leverage off the current technologies in order to enable secure m-Commerce over these channels. This dissertation provides a detailed overview of basic services that any m-Commerce application should provide to the banking industry. These principles provide the foundation for securing any financial transaction over untrusted networks. Several mechanisms to provide these services are also discussed. Examples of such mechanisms include hash functions, Message Authentication Codes and Digital Signatures. The security of GSM networks has come under attack in the past. This is largely due to the fact that the GSM consortium opted to develop their security technologies in secret, rather than in the public domain. This dissertation aims to evaluate the security offered by GSM and assess potential attacks in order to further understand risks associated with m Commerce applications over GSM. In recent years there have been significant additions to the GSM enabling technology family. The arrival of the SIM Application Toolkit and the Wireless Application Protocol promised to again change the face of commerce. Although market acceptance of these technologies proved to be initially slow, usage is set to increase exponentially within the next couple of years. A detailed analysis of these enabling technologies is presented in the dissertation. Possible attacks on these technologies are discussed in the latter part or this document. Based on the findings of the research, some changes to either the application architectures or the processing of the data have been suggested in order to enhance the security offered by these services. It is not the intent of this dissertation to redesign these applications, but to rather leverage off the current technologies in order to enable secure m-Commerce over these channels. / Dissertation (M.Sc (Electronics))--University of Pretoria, 2005. / Electrical, Electronic and Computer Engineering / unrestricted

M-commerce

Mobile commerce security

Wireless application protocol

Wap

Wireless internet gateway

Wig

Stk

Sim application toolkit

Cryptographuy

Mobile commerce

Gsm security

Gsm

UCTD

Selected antecedents towards the acceptance of m-payment services and the relationship with attitude and future intentions

Makokoe, Isaac

01 March 2017

M. Tech. (Marketing, Faculty of Management Sciences), Vaal University of Technology / Keywords: Mobile payments, usefulness, ease of use, security, attitude, future intentions. An increased reliance on mobile phones by consumers for making retail purchases has been witnessed over the years. Given the pervasive use of m-payments and the incessant diffusion of innovations in South Africa, it is important for marketers to have knowledge of the right set of factors that enhance consumers’ intent towards favouring m-payments in future encounters. This study draws from the undertones of Davis’s (1989) Technology acceptance Model (TAM). Whereas the theory alludes to the influences of both usefulness and ease of use on consumer attitudes and behaviour, this study further amplifies the salience of cosumer perceptions of security as a salient drive towards m-payment acceptance. This is because m-payments involve moneybased transactions and therefore it is important for consumers to have assurance that they operate along a secure platform. The TAM was nominated as the underlying theory in this research owing to its effectiveness when applied during the initial phases of an innovation, to avoid costly mistakes of implementing innovation attributes that do not offer the requiredset of elements for persuading consumers. The purpose of this study was to test an integrative research model of the antecedents of mpayment acceptance using a South African sample of consumers. A quantitative study comprising a non-probability snowball sample of 474 consumers aged between 18 and 50 years was conducted in 2016, in and around the five major towns of Southern Gauteng province in South Africa. The structured questionnaire requested respondents to indicate their perceptions regarding the usefulness, ease of use and security of m-payment platforms they have utilised. In addition, the questionnaire relates to consumers’ attitude evaluations of m-payments in general, as well as their intentions to both use and recommending m-payments to others in the future. Initially, descriptive statistics were performed on the data set, including correlation analysis and multicolinearity testing. Subsequently, structural equation modelling was applied by first, assessing the measurement model using fit indices, confirmatory factor analysis and statistical accuracy tests of reliability and validity. Specification of the measurement model led to the conclusion that the future intentions model was a five-factor structure comprising usefulness, ease of use, security, attitude and future intentions. Thereafter, the results of the structural model (Structural model A) supported the existence of a direct influence between usefulness and security with attitude, while the latter was found to have a direct influence on future intentions. Nevertheless, the relationships between ease of use and attitude was not significant and therefore, alternative hypothesis Ha3 could not be supported in this study leading to the need to specify a vi subsequent competing model. Under Structural model B, perceived usefulness is used as both a dependent and an independent variable since it is predicted by perceived ease of use and in turn predicts attitude towards using and behavioural intention to use simultaneously. The results of Structural model B led to the decision to accept the competing model as the ultimate model for this research since the model presents complete evidence of path weights that are greater than 0.20, interpreted as evidence for significant path outcomes. Insights gained from this study could assist both marketing academics and practitioners to understand the perceptions of consumers towards m-payments. In this regard, if a determination is made that conducting m-payment transactions in secure and effort-free environments could enhance the effectiveness of consumers in their jobs and lives in general, then marketers could be in a better position to deliver a worthwhile innovation solution for South African consumers.

Dissertations, Academic -- South Africa

Mobile commerce -- Security measures

Business enterprises -- Data processing

Mobile communication systems

Near-field communication

Towards a model for ensuring optimal interoperability between the security systems of trading partners in a business-to-business e-commerce context

Pather, Maree

25 August 2009

A vast range of controls/countermeasures exists for implementing security on information systems connected to the Internet. For the practitioner attempting to implement an integrated solution between trading partners operating across the Internet, this has serious implications in respect of interoperability between the security systems of the trading partners. The problem is exacerbated by the range of specification options within each control. This research is an attempt to find a set of relevant controls and specifications towards a framework for ensuring optimal interoperability between trading partners in this context. Since a policy-based, layered approach is advocated, which allows each trading partner to address localized risks independently, no exhaustive risk analysis is attempted. The focus is on infrastructure that is simultaneously optimally secure and provides optimal interoperability. It should also be scalable, allowing for additional security controls to be added whenever deemed necessary. / Computing / M. Sc. (Information Systems)

Security

Business-to-business e-commerce (B2B)

Extranet

Interoperability

Trading partner

005.71

Computer networks -- Security measures

Electronic commerce -- Security measures

Electronic data interchange

The consumer-perceived risk associated with the intention to purchase online

Ward, Shannon-Jane

12 1900

Thesis (MComm (Business Management))--Stellenbosch University, 2008. / The market share of online purchasing is under two percent of total retail spending, which provides an indication that consumers have been slow to adopt online purchasing. Previous research has shown that consumers perceive risks associated with purchasing online and these perceptions are likely to affect purchase intention. Little research, however, has been done on perceived risk relating specifically to online purchasing, and in particular, risk related to branded and non-branded retailer websites. Research has shown that brand knowledge has a direct effect on a consumer’s intention to purchase from an online retailer and that this relationship between brand knowledge and intent to purchase online is mediated by perceived risk. The purpose of this exploratory study was therefore to investigate the consumer-perceived risks associated with the intention to purchase online. The research problem considered the question whether the perceived risks (financial, performance, physical, time, social and psychological risks) associated with a branded website (Kalahari.net) are different from the perceived risks associated with a non-branded website (Books.com). It was found that four types of perceived risk exist namely, performance, time, social, and personal risk. Of these risks, only performance risk had an influence on a consumer’s purchase intention from a non-branded website whereas performance and personal risk influenced a consumer’s intention to purchase from a branded website. It was also revealed that consumers perceive performance, time, and social risk as not statistically different when purchasing from a non-branded or a branded website. However, personal risk was perceived to be statistically differently for the two websites. In addition, the brand image dimension of brand knowledge had an influence on a consumer’s purchase intention from both the branded and non-branded websites. The brand awareness dimension of brand knowledge did not influence purchase intention at all. For all four risk types on both the branded and nonbranded websites (except social risk on Books.com), at least one and in some cases, both dimensions of brand knowledge influenced the degree of perceived risk associated with purchasing on the particular website. Finally, it was concluded that the more information search a consumer does before purchase of a book on a branded or non-branded website, the higher their perceived risk associated with purchasing from the particular website. A number of recommendations were made. Methods for decreasing the amount of performance risk which consumers perceive when purchasing a book online were firstly suggested. It was further recommended that Kalahari.net investigate the dimensions of their brand such as brand image, brand awareness, and brand trust, to identify the reasons why consumers perceive performance, social and time risk as being not statistically different when purchasing on a branded and a non-branded website. Since consumers did not see a difference between the brand image of the branded and the non-branded websites, it was recommended that the branded website make every effort to investigate their current branding strategy to identify the reasons consumers view the branded website in the same manner as the non-branded website. Furthermore, since both dimensions of brand knowledge influenced the degree of perceived risk associated with purchasing on the particular website to a certain extent, it was recommended that online retailers focus on building familiarity, positive thoughts, feelings, associations, and beliefs concerning the online retailer brand. Finally, it was recommended that the influence of information search online on perceived risk associated with purchasing be further investigated; because this study found that an action that was traditionally initiated as a means for decreasing perceived risk can now be attributed to increased consumer-perceived risk associated with online shopping.

Online purchasing

Risk perception

Internet shopping

Internet safety

Dissertations -- Business management

Theses -- Business management

Consumer confidence

Consumer behavior

Consumers -- Attitudes

Dissertations -- Industrial management

Theses -- Industrial management