Global ETD Search

31	An integrated approach for information security compliance in a financial services organisation Desai, Mohammed Reza January 2016 (has links) Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2016. / The aim of this research is to identify and explore the factors affecting information security compliance of information security policies and regulations, in a financial services organisation. The organisation has to comply with information security regulations and legislations by righteousness of its operations in light of the fact that any wrong doing together with misuse of data, are continually expanding. Corporate embarrassments comes about due to rupture of security, results in expanded thoughtfulness regarding corporate consistency. Legislature and policies have been set up to counter information security issues. This legislature and policies are not adequately addressing the compliance issues that arise, but are needed within organisations. Compliance targets are not met due to inconsistent guidelines that turns out to be significant in diminishing the financial position, reputation and security of information. This research further aims to explore whether employees comply with laws and regulations regarding information in an organisation. This is done in order to confirm whether governance and human factors play any significant part in compliance. The research is an exploratory study and specifically analyses the governance function and which stakeholders influence its operations in information compliance. The research investigates certain questions on organisational culture and the human factor, do influence employee’s compliance to laws and regulations. The objectives of the research are to investigate which factors, and how such factors influence compliance of information security policies and compliance with the goal of designing an integrated framework to assist in counteracting these findings. The research is underpinned by the Neo-institutional theory, Agency Theory and Rational choice theory. The Denison organisational cultural model and a framework proposed by von Solms are used as lenses to interpret the data of the research. Computer networks -- Security measures Computer security
32	Um estudo sobre a implementação de criptossistemas baseados em emparelhamentos bilineares sobre curvas elípticas em cartões inteligentes de oito bits / A study about implementation of elliptic curve pairing based cryptosystems in 8-bit smart cards Oliveira, Matheus Fernandes de 10 January 2010 (has links) Orientador: Marco Aurelio Amaral Henriques / Dissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação / Made available in DSpace on 2018-08-16T22:16:21Z (GMT). No. of bitstreams: 1 Oliveira_MatheusFernandesde_M.pdf: 924070 bytes, checksum: b0355f2150875c0a6c636bf2da2ea8a9 (MD5) Previous issue date: 2010 / Resumo: Emparelhamentos bilineares sobre curvas elípticas são funções matemáticas que viabilizam o desenvolvimento de uma série de novos protocolos criptográficos, entre eles, os criptossistemas baseados em identidades. Esses criptossistemas representam uma nova forma de se implementar criptografia de chaves públicas na qual são atenuadas ou completamente retiradas as restrições relativas ao tipo, tamanho e formato das chaves públicas. Este trabalho apresenta um estudo sobre a implementação de criptossistemas baseados em emparelhamentos bilineares sobre curvas elípticas em cartões inteligentes de oito bits. O trabalho mostra ainda o desenvolvimento de equações específicas baseadas no método conhecido como Montgomery's Ladder para multiplicação escalar de curvas elípticas supersingulares em corpos binários. Estas novas equações tornam o algoritmo mais rápido sem perder suas características de segurança originais. O trabalho apresenta também a técnica de delegação segura de emparelhamentos, na qual um dispositivo computacionalmente restrito, como um cartão inteligente, delega o cálculo do emparelhamento para um dispositivo com maior poder computacional. É proposta uma modificação nesta técnica que diminui o número de operações executadas pelo cartão inteligente / Abstract: Bilinear pairings over elliptic curves are mathematical functions that enable the development of a set of new cryptographic protocols, including the so called identity based cryptosystems. These cryptosystems represent a new way to implement public- key cryptography in such a way that the restrictions related to public keys type, size and format are reduced or completely removed. This work presents a study about implementation of pairing based cryptosystems in 8-bit smart cards. It also presents new equations to be used in Montgomery's Ladder algorithm for scalar multiplication of supersingular ellipitic curves over binary fields. These equations make the algorithm faster without compromising its security characteristics. Finally, it discusses the secure delegation of pairing computation, that enables a computationally limited device, like a smart card, to delegate the computation of pairings to a more powerful device. It is proposed a modification in this technique to decrease the number of operations executed by the smart card / Mestrado / Engenharia de Computação / Mestre em Engenharia Elétrica Criptografia Curvas elípticas Criptografia de chaves públicas Formas bilineares Cryptography Information technology - Security Elliptic curves Public-key cryptography Bilinear forms
33	Uma abordagem para a correlação de eventos de segurança baseada em tecnicas de aprendizado de maquina / An approach to the correlation of security events based upon machine learning techniques Stroeh, Kleber 08 March 2009 (has links) Orientador: Edmundo Roberto Mauro Madeira / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-15T00:38:33Z (GMT). No. of bitstreams: 1 Stroeh_Kleber_M.pdf: 2516792 bytes, checksum: c036c25bc2fd2e2815780d3a5fedfde0 (MD5) Previous issue date: 2009 / Resumo: Organizações enfrentam o desafio crescente de garantir a segurança da informação junto às suas infraestruturas tecnológicas. Abordagens estáticas à segurança, como a defesa de perímetros, têm se mostrado pouco eficazes num novo cenário marcado pelo aumento da complexidade dos sistemas _ e conseqüentemente de suas vulnerabilidades - e pela evolução e automatização de ataques. Por outro lado, a detecção dinâmica de ataques por meio de IDSs (Intrusion Detection Systems) apresenta um número demasiadamente elevado de falsos positivos. Este trabalho propõe uma abordagem para coleta e normalização, e fusão e classificação de alertas de segurança. Tal abordagem envolve a coleta de alertas de diferentes fontes, e sua normalização segundo modelo de representação padronizado - IDMEF (Intrusion Detection Message Exchange Format). Os alertas normalizados são agrupados em meta-alertas (fusão ou agrupamento), os quais são classificados _ através de técnicas de aprendizado de máquina _ entre ataques e alarmes falsos. Uma implementação desta abordagem foi testada junto aos dados do desafio DARPA e Scan of the Month, contando com três implementações distintas de classificadores (SVM - Support Vector Machine -, Rede Bayesiana e Árvore de Decisão), bem como uma coletânea (ensemble) de SVM com Rede Bayesiana, atingindo resultados bastante relevantes. / Abstract: Organizations face the ever growing challenge of providing security within their IT infrastructures. Static approaches to security, such as perimetral defense, have proven less than effective in a new scenario characterized by increasingly complex systems _ and, therefore, more vulnerable - and by the evolution and automation of cyber attacks. Moreover, dynamic detection of attacks through IDSs (Instrusion Detection Systems ) presents too many false positives to be effective. This work presents an approach to collect and normalize, as well as to fuse and classify security alerts. This approach involves collecting alerts from different sources and normalizing them according to standardized structures - IDMEF (Intrusion Detection Message Exchange Format ). The normalized alerts are grouped into meta-alerts (fusion or clustering), which are later classified - through machine learning techniques _ into attacks or false alarms. An implementation of this approach is tested against DARPA Challenge and Scan of the Month, using three different classification techniques, as well as an ensemble of SVM and Bayesian Network, having achieved very relevant results. / Mestrado / Redes de Computadores / Mestre em Ciência da Computação Inteligência artificial Aprendizado de máquina Computer networks - Security measures Artificial intelligence Machine learning
34	Capacidade de sigilo e indisponibilidade de sigilo em sistemas MIMOME / Secrecy capacity and secrecy outage probability in MIMOME systems Guerreiro, André Saito, 1986- 25 August 2018 (has links) Orientador: Gustavo Fraidenraich / Dissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação / Made available in DSpace on 2018-08-25T15:23:35Z (GMT). No. of bitstreams: 1 Guerreiro_AndreSaito_M.pdf: 2368603 bytes, checksum: 297e17dce61316c0a4184fc3db28066c (MD5) Previous issue date: 2014 / Resumo: Neste trabalho, considera-se a transmissão de mensagem confidencial em um canal sem fio em que transmissor, receptor e escuta possuem múltiplas antenas. O trabalho divide-se em duas partes. Na primeira parte analisamos a capacidade de sigilo ergódica e a probabilidade de indisponibilidade de sigilo para os cenários em que o canal é ergódico e não ergódico respectivamente, ambos na presença de desvanecimento estacionário com distribuição Rayleigh e considerando conhecimento do estado do canal (CSI) no receptor e na escuta. No cenário ergódico, deriva-se uma nova expressão fechada para a capacidade ergódica de sistemas em que há conhecimento do estado do canal no transmissor (CSIT) do canal principal e do canal de escuta, no qual permite-se que matriz covariância varie no tempo. Também deriva-se um limite inferior para capacidade de sigilo com CSIT, no qual a matriz covariância é fixa no período de transmissão. A primeira expressão é restrita ao limite da alta relação sinal ruído (SNR), n_t antenas no transmissor, n_r antenas no receptor (n_r > n_t) e n_e=n_t antenas na escuta (arranjo n_t x n_r x n_t). A segunda expressão é restrita ao arranjo de antenas n_t x n_t x n_t e potência do ruído do canal principal e do canal de escuta iguais. No cenário não ergódico, deriva-se uma nova expressão fechada para a probabilidade de indisponibilidade de sigilo no limite da alta SNR, em um arranjo de antenas 2 nr x 2 com n_r > 2. Também calcula-se um limite superior para a probabilidade de indisponibilidade de sigilo para outros arranjos de antena. Na segunda parte, considera-se uma escuta ativa que é capaz de atacar de forma inteligente o processo de estimação de canal. Focando em sistemas de transmissão baseados na decomposição generalizada em valores singulares (GSVD), diferentes técnicas de ataque são propostas e simulações computacionais são utilizadas para avaliar a eficiência de cada uma delas / Abstract: In this thesis, we consider the transmission of confidential information over a multiple-input multiple-output multiple-eavesdropper (MIMOME) wireless channel. The content is largely divided in two. In the first part we analyse the ergodic secrecy capacity and the secrecy outage probability in the ergodic and non-ergodic scenario respectively, both with stationary Rayleigh distributed fading channels and channel state information (CSI) at the receiver and eavesdropper. For the ergodic scenario we derive a new closed-form expression for the ergodic secrecy capacity with channel state information at the transmitter (CSIT) of the main and the eavesdropper channels, allowing the covariance matrix to be time-varying. A lower bound for the ergodic capacity with CSIT, in which the covariance matrix is fixed for the entire transmission period is also derived. The first expression is restricted to the high-SNR limit, with n_t transmit antennas, n_r receive antennas (n_r >= n_t) and n_e=n_t eavesdropper antennas (n_t x n_r x n_t setup). The second expression is restricted to the n_t x n_t x n_t antenna setup and equal noise power at both channels. For the non-ergodic scenario, we derive a new closed-form expression for the secrecy outage probability in the high-SNR limit, in a 2x n_r x 2 setup with n_r \ge 2. We also calculate an upper-bound for the secrecy outage probability in other antenna setups. In the second part we consider an eavesdropper which is able to attack the channel sounding process through intelligent jamming. We focus on transmission systems based on generalized singular value decomposition (GSVD). We propose and analyze, through computer simulations, the efficiency of several attack techniques that intend to disrupt the secret communication between legitimate users / Mestrado / Telecomunicações e Telemática / Mestre em Engenharia Elétrica Sistemas de comunicação sem fio Radio - Transmissores e transmissão Wireless communication systems Radio - Transmitters and transmission
35	Threats in Information Security : Beyond technical solutions. - Using Threat Tree Analysis / Hot mot Informationssäkerhet : Bortom tekniska lösningar. - Använda Hotträdsanalys Olandersson, Sandra, Fredsson, Jeanette January 2001 (has links) To be able to protect an organisation's resources, it is important to understand what there is to protect and what to protect it from. The first step is to try to analyse the security threats that exist against an organisation's resources to explore the risks. Threats have to be identified, for the organisation to protect its resources and find where the optimal placement against threats is. This thesis analysis whether it is possible to obtain a Threat Tree Analysis that is useful for developing an information security policy for the municipality in Ronneby, using the SS 62 77 99-1 standard. A co-operation between the technical solutions and the administrative security is necessary to achieve information security, together with ordinary common sense. True, each of these can help improve security, but none of them is a complete solution. Security is not a product - it is a process. Threat trees form the basis of understanding that process. In this thesis, we have been using a qualitative method. The analysis method is a case study at the Social Department, at the municipality in Ronneby. Through interviews it has come us to hand, that the organisation has not established an information security policy which should give the code of practice for how the work of information security will pursue within the organisation. The organisation does neither use a model for structuring threats nor a method for collecting threats against information today. Through the structure of possible threats, the personnel generates an understanding of the organisation and takes active part finding adequate threats within the Social Department. As users understand the importance of security, how to use it, and where to report suspected violations, they can do a great deal to reduce the risk to loose information. Important to remember is that the education is an ongoing process, new users need training and trained users need reminding, especially when new technologies or processes are introduced. Thus, Threat Tree Analysis is useful for continuing towards developing an information security policy according to SS 62 77 99-1 standard. / För att kunna skydda en organisations resurser är det viktigt att förstå vad organisationen behöver skydda och vad den ska skydda det ifrån. Det första steget är att analysera hot mot organisationens resurser för att uppskatta riskerna. Hot måste identifieras för att organisationen ska kunna skydda sina resurser och hitta den optimala placeringen av åtgärder mot hot. Denna uppsatsen undersöker om det är möjligt att skapa en hotträdsanalys som är användbar för skapandet av en informationssäkerhetspolicy för Ronneby kommun, genom att använda standarden SS 62 77 99-1. Vi betonar i uppsatsen att ett samarbete mellan existerande tekniska lösningar och administrativ säkerhet är nödvändigt för att uppnå informationssäkerhet. Visst kan var och en av dessa hjälpa till att förbättra säkerheten, men ingen av dem är ensam den kompletta lösningen. Säkerhet är inte en produkt - det är en process. Hotträd formar grunden för en förståelse av den processen. I denna uppsats har vi använt en kvalitativ metod. Analysmetoden är en fallstudie på Socialförvaltningen i Ronneby kommun. Genom intervjuer har vi fått fram att organisationen inte har etablerat en informationssäkerhetspolicy, vilken ska ge riktlinjer för hur säkerhetsarbetet ska fullföljas inom organisationen. Organisationen använder varken en modell för att identifiera hot mot information eller en metod för att strukturera hoten. Genom strukturen av möjliga hot, genererar personalen en förståelse för organisationen och tar aktivt del i att identifiera hot mot Socialförvaltningen. Detta medför att alla användare förstår hur viktigt det är med säkerhet, vart de ska rapportera misstänkta händelser och de kan göra mycket för att minska risken att förlora information. Det är viktigt att komma ihåg att utbildning är en pågående process, nya användare behöver utbildning och utbildade användare behöver vidareutbildning, speciellt när nya tekniker eller processer introduceras. Därför är hotträdsanalysen en användbar modell för arbetet mot att skapa en informationssäkerhetspolicy enligt standarden SS 62 77 99-1. / Sandra Olandersson Blåbärsvägen 27 372 38 RONNEBY 0457 / 12084 Jeanette Fredsson Villa Viola 372 36 RONNEBY 0457 / 26616 Information security Administrative security Information technology security Resources Vulnerability Security awareness Risk assessments Threats Threat tree analysis Information security policy Computer Sciences Datavetenskap (datalogi)
36	Criptografia visual : método de alinhamento automático de parcelas utilizando dispositivos móveis / Visual cryptography : automatic alignment method using mobile devices Pietz, Franz, 1983- 12 November 2014 (has links) Orientador: Julio Cesar López Hernández / Dissertação (mestrado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-27T12:14:05Z (GMT). No. of bitstreams: 1 Pietz_Franz_M.pdf: 27442530 bytes, checksum: 1648252389eb63cf26ca0525be124bda (MD5) Previous issue date: 2014 / Resumo: A criptografia visual é um método de compartilhamento de segredos proposto por Naor em Shamir no artigo ''Criptografia Visual'' de 1994. Nele, uma imagem secreta é dividida em um conjunto de parcelas, sendo necessário sobrepor um número mínimo de parcelas para decodificarmos o segredo visualmente, sem nenhum tipo de dispositivo ou cálculo criptográfico; e analisando as parcelas isoladamente, não é possível recuperar nenhuma informação sobre a imagem secreta original. O esquema é considerado seguro e pode ser comparado com as cifras de one-time-pad, também chamadas de cifras perfeitas, devido à dificuldade do atacante obter o segredo ou parte dele. Existem propostas para a utilização de criptografia visual em protocolos de autenticação, como autenticação de transações bancárias e verificação de legitimidade de produtos. Entretanto, esse método possui problemas como definição do segredo recuperado, baixo contraste e desvios de alinhamento, que é o problema mais sensível. Nossa proposta mostra como utilizar um dispositivo móvel, como smartphone ou tablet, para realizar o alinhamento automático de parcelas e auxiliar o usuário no processo de recuperação de segredos encriptados utilizando criptografia visual. Para isso, utilizamos a câmera do dispositivo móvel para torná-lo uma ''transparência'' e técnicas de análise de imagens para localizar uma parcela exibida em um monitor ou impressa na embalagem de um produto, e sobrepô-la com uma parcela presente no dispositivo móvel, permitindo a visualização do segredo recuperado na tela do dispositivo. A utilização de um dispositivo móvel traz vantagens imediatas, como facilidade para a entrega de parcelas no momento da transação, sem necessidade de guardar informação previamente / Abstract: Visual cryptography is a secret sharing method proposed by Naor and Shamir in the paper ''Visual Cryptography'', in 1994. It split a secret image into a set of shares, so that we need to stack a minimum number of shares to visually decode the secret image without the help of hardware or computation, and analyzing the shares alone is not possible to obtain any information about the secret image. The scheme is considered safe and can be compared to the one-time-pad cyphers, also called perfect cyphers, due to the difficulty of an attacker to obtain the secret or part of it. There are proposals to use visual cryptography in authentication protocols, such as in bank transactions and product's legitimacy verification. But these methods have problems with recovered secret's definition, low contrast and misalignment of the shares, which is the most sensitive. Our proposal shows how to use a mobile device, such as smartphone or tablet, to perform automatic alignment of the shares and to assist a user to recover a secret encrypted using visual cryptography. For this, we use the device camera to turn it into a ''transparency'' and image analysis techniques to locate a share that can be displayed on a monitor or printed on the packaging of a product, and overlay it with a second share present on the mobile device, allowing the visualization of the recovered secret on the device's display. Using a mobile device brings immediate advantages, such as easy delivery of shares at the transaction's time, without having to store information in advance / Mestrado / Ciência da Computação / Mestre em Ciência da Computação Criptografia visual Computação móvel Criptografia de dados (Computação) Visual cryptography Mobile computing Data encryption (Computer science)
37	Towards a framework to ensure alignment among information security professionals, ICT security auditors and regulatory officials in implementing information security in South Africa Basani, Mandla 02 1900 (has links) Information security in the form of IT governance is part of corporate governance. Corporate governance requires that structures and processes are in place with appropriate checks and balances to enable directors to discharge their responsibilities. Accordingly, information security must be treated in the same way as all the other components of corporate governance. This includes making information security a core part of executive and board responsibilities. Critically, corporate governance requires proper checks and balances to be established in an organisation; consequently, these must be in place for all information security implementations. In order to achieve this, it is important to have the involvement of three key role players, namely information security professionals, ICT security auditors and regulatory officials (from now on these will be referred to collectively as the ‘role players’). These three role players must ensure that any information security controls implemented are properly checked and evaluated against the organisation’s strategic objectives and regulatory requirements. While maintaining their individual independence, the three role players must work together to achieve their individual goals with a view to, as a collective, contributing positively to the overall information security of an organisation. Working together requires that each role player must clearly understand its individual role, as well the role of the other players at different points in an information security programme. In a nutshell, the role players must be aligned such that their involvement will deliver maximum value to the organisation. This alignment must be based on a common framework which is understood and accepted by all three role players. This study proposes a South African Information Security Alignment (SAISA) framework to ensure the alignment of the role players in the implementation and evaluation of information security controls. The structure of the SAISA framework is based on that of the COBIT 4.1 (Control Objectives for Information and Related Technology). Hence, the SAISA framework comprises four domains, namely, Plan and Organise Information Security (PO-IS), Acquire and Implement Information Security (AI-IS), Deliver and Support Information Security (DS-IS) and Monitor and Evaluate Information Security (ME-IS). The SAISA framework brings together the three role players with a view to assisting them to understand their respective roles, as well as those of the other role players, as they implement and evaluate information security controls. The framework is intended to improve cooperation among the role players by ensuring that they view each other as partners in this process. Through the life cycle structure it adopts, the SAISA framework provides an effective and efficient tool for rolling out an information security programme in an organisation / Computer Science / M. Sc. (Computer Science) Information security professionals, ICT security auditors, Regulatory officials Framework Role players Information security programme Corporate governance IT governance COBIT 005.80968
38	Seed and Grow: An Attack Against Anonymized Social Networks Peng, Wei 07 August 2012 (has links) Indiana University-Purdue University Indianapolis (IUPUI) / Digital traces left by a user of an on-line social networking service can be abused by a malicious party to compromise the person’s privacy. This is exacerbated by the increasing overlap in user-bases among various services. To demonstrate the feasibility of abuse and raise public awareness of this issue, I propose an algorithm, Seed and Grow, to identify users from an anonymized social graph based solely on graph structure. The algorithm first identifies a seed sub-graph either planted by an attacker or divulged by collusion of a small group of users, and then grows the seed larger based on the attacker’s existing knowledge of the users’ social relations. This work identifies and relaxes implicit assumptions taken by previous works, eliminates arbitrary parameters, and improves identification effectiveness and accuracy. Experiment results on real-world collected datasets further corroborate my expectation and claim. social networks; anonymization; privacy Data protection Computer security Internet -- Safety measures Privacy, Right of Computer networks -- Social aspects
39	Framework for Adoption of Information and Communication Technology security culture in SMMEs in Gauteng Province, South Africa Mokwetli, M. A. January 2019 (has links) M. Tech. (Department of Information Technology, Faculty of Applied and Computer Sciences), Vaal University of Technology. / Information and Communication Technology (ICT) has become prevalent in our everyday business and personal lives. As such, users and organisations must know how to protect themselves against human errors that led to more companies losing or sharing information that should not be shared. The issue emanates from lack of ICT security culture both in individuals and organisations. This research is based on a wide theoretical review that is focused on proposing a conceptual model on technological, environmental and organisational factors that influence the adoption of ICT security culture and implementation in Small Medium and Micro Enterprises (SMMEs). Factors or determinants that influence the adoption of ICT security culture in SMMEs in the Gauteng province were investigated. Questionnaires were distributed to examine the perception of ICT security culture adoption among SMMEs in the Gauteng province South Africa. A sample of 647 individuals from different SMMEs in the Gauteng province returned the questionnaire. The results of the research study show that technological context (perceived benefits), environmental context (government regulations) and organisational context (management support) determinants have direct influence on the ICT security culture adoption. The recommendation is that information security awareness programmes must be put in place. Further research is recommended using more determinants that might have a positive impact toward the adoption of the ICT security culture. In order to minimize data breaches due to human error it is recommended that SMMEs around Gauteng Province in South Africa adopt the framework as outlined in this research study. ICT Security culture Information Security culture SMMEs ICT Adoption Human error Dissertations, Academic -- South Africa Information technology -- South Africa
40	Assessing information security compliant behaviour using the self-determination theory Gangire, Yotamu 02 1900 (has links) Information security research shows that employees are a source of some of the security incidents in the organisation. This often results from failure to comply with the Information Security Policies (ISPs). The question is, therefore, how to improve information security behaviour of employees so that it complies with the ISPs. This study aims to contribute to the understanding of information security behaviour, especially how it can be improved, from an intrinsic motivation perspective. A review of the literature suggested that research in information security behaviour is still predominantly based on the extrinsic perspective, while the intrinsic perspective has not received as much attention. This resulted in the study being carried out from the perspective of the self-determination theory (SDT) since this theory has also not received as much attention in the study of information security behaviour. The study then proposed an information security compliant behaviour conceptual model based on the self-determination theory, (ISCBMSDT). Based on this model, a questionnaire, the ISCBMSDT questionnaire, was developed using the Human Aspects of Information Security Questionnaire and SDT. Using this questionnaire, a survey (n = 263) was carried out at a South African university and responses were received from the academic, administrative and operational staff. The following statistical analysis of the data was carried out: exploratory factor analysis, reliability analysis, analysis of variance (ANOVA), independent samples test (t-tests) and Pearson correlation analysis. The responses to the survey questions suggest that autonomy questions received positive perception followed by competence questions and relatedness questions. The correlation analysis results show the existence of a statistically significant relationship between competence and autonomy factors. Also, a partial significant relationship between autonomy and relatedness factors as well as between competence and relatedness factors was observed. The exploratory factor analysis that was performed on the questionnaire produced 11 factors. Cronbach alpha was then computed for the eleven factors and all were found to be above 0.7, thus suggesting that the questionnaire is valid and reliable. The results of the research study also suggest that competence and autonomy could be more important than relatedness in directing information security behaviour among employees. / School of Computing / M. Tech. (Information Technology) Information security policies (ISP) Information security policy compliance Self-determination theory Intrinsic motivation 005.80711 Information policy -- South Africa

Search results