A Privacy-Preserving, Context-Aware, Insider Threat prevention and prediction model (PPCAITPP)

Tekle, Solomon Mekonnen

07 1900

The insider threat problem is extremely challenging to address, as it is committed by insiders who are trusted and authorized to access the information resources of the organization. The problem is further complicated by the multifaceted nature of insiders, as human beings have various motivations and fluctuating behaviours. Additionally, typical monitoring systems may violate the privacy of insiders. Consequently, there is a need to consider a comprehensive approach to mitigate insider threats. This research presents a novel insider threat prevention and prediction model, combining several approaches, techniques and tools from the fields of computer science and criminology. The model is a Privacy- Preserving, Context-Aware, Insider Threat Prevention and Prediction model (PPCAITPP). The model is predicated on the Fraud Diamond (a theory from Criminology) which assumes there must be four elements present in order for a criminal to commit maleficence. The basic elements are pressure (i.e. motive), opportunity, ability (i.e. capability) and rationalization. According to the Fraud Diamond, malicious employees need to have a motive, opportunity and the capability to commit fraud. Additionally, criminals tend to rationalize their malicious actions in order for them to ease their cognitive dissonance towards maleficence. In order to mitigate the insider threat comprehensively, there is a need to consider all the elements of the Fraud Diamond because insider threat crime is also related to elements of the Fraud Diamond similar to crimes committed within the physical landscape. The model intends to act within context, which implies that when the model offers predictions about threats, it also reacts to prevent the threat from becoming a future threat instantaneously. To collect information about insiders for the purposes of prediction, there is a need to collect current information, as the motives and behaviours of humans are transient. Context-aware systems are used in the model to collect current information about insiders related to motive and ability as well as to determine whether insiders exploit any opportunity to commit a crime (i.e. entrapment). Furthermore, they are used to neutralize any rationalizations the insider may have via neutralization mitigation, thus preventing the insider from committing a future crime. However, the model collects private information and involves entrapment that will be deemed unethical. A model that does not preserve the privacy of insiders may cause them to feel they are not trusted, which in turn may affect their productivity in the workplace negatively. Hence, this thesis argues that an insider prediction model must be privacy-preserving in order to prevent further cybercrime. The model is not intended to be punitive but rather a strategy to prevent current insiders from being tempted to commit a crime in future. The model involves four major components: context awareness, opportunity facilitation, neutralization mitigation and privacy preservation. The model implements a context analyser to collect information related to an insider who may be motivated to commit a crime and his or her ability to implement an attack plan. The context analyser only collects meta-data such as search behaviour, file access, logins, use of keystrokes and linguistic features, excluding the content to preserve the privacy of insiders. The model also employs keystroke and linguistic features based on typing patterns to collect information about any change in an insider’s emotional and stress levels. This is indirectly related to the motivation to commit a cybercrime. Research demonstrates that most of the insiders who have committed a crime have experienced a negative emotion/pressure resulting from dissatisfaction with employment measures such as terminations, transfers without their consent or denial of a wage increase. However, there may also be personal problems such as a divorce. The typing pattern analyser and other resource usage behaviours aid in identifying an insider who may be motivated to commit a cybercrime based on his or her stress levels and emotions as well as the change in resource usage behaviour. The model does not identify the motive itself, but rather identifies those individuals who may be motivated to commit a crime by reviewing their computer-based actions. The model also assesses the capability of insiders to commit a planned attack based on their usage of computer applications and measuring their sophistication in terms of the range of knowledge, depth of knowledge and skill as well as assessing the number of systems errors and warnings generated while using the applications. The model will facilitate an opportunity to commit a crime by using honeypots to determine whether a motivated and capable insider will exploit any opportunity in the organization involving a criminal act. Based on the insider’s reaction to the opportunity presented via a honeypot, the model will deploy an implementation strategy based on neutralization mitigation. Neutralization mitigation is the process of nullifying the rationalizations that the insider may have had for committing the crime. All information about insiders will be anonymized to remove any identifiers for the purpose of preserving the privacy of insiders. The model also intends to identify any new behaviour that may result during the course of implementation. This research contributes to existing scientific knowledge in the insider threat domain and can be used as a point of departure for future researchers in the area. Organizations could use the model as a framework to design and develop a comprehensive security solution for insider threat problems. The model concept can also be integrated into existing information security systems that address the insider threat problem / Information Science / D. Phil. (Information Systems)

Insider threat

Fraud diamond

Context-aware system

Information security

Privacy preservation

005.8

Computer networks -- Security measures

Computer networks -- Access control

Data protection

Penetration testing (Computer security)

Computer crimes

Hackers

Computer security

Exploring the value of computer forensics in the investigation of procurement fraud

Themeli, Aluwani Rufaroh

01 1900

The research problem for this study was that forensic investigators in the Forensic Services (FS) of the City of Tshwane (CoT) are unable to successfully deal with procurement fraud as a result of the lack of knowledge, skills and resources required to conduct computer forensics during the investigation of procurement fraud. This research was conducted to ascertain the value of computer forensics in the investigation of procurement fraud. Further, the study sought to determine how to improve the CoT forensic investigators’ knowledge and competence regarding the application of computer forensics in the investigation of procurement fraud. The purpose of this study was to explore the procedures that should be followed by CoT forensic investigators when conducting computer forensics during the investigation of procurement fraud. The research also aimed to discover new information, not previously known to the researcher, related to computer forensics during the investigation of procurement fraud by exploring national and international literature. In addition, the study explored existing practices so as to use this information to improve the current CoT procedure, within the confines of the legislative requirements. The overall purpose of this study is to provide practical recommendations for best practices, based on the results of the data analysis, which address the problem and enhance the investigative skills of CoT forensic investigators. The study established that it is imperative and compulsory to apply computer forensics in any procurement fraud investigation in order to efficiently track down cyber criminals and solve complicated and complex computer crimes. It was also established that forensic investigators within the FS in the CoT lack the necessary computer skills to optimally investigate procurement fraud. It is therefore recommended that CoT forensic investigators acquire the necessary skills and essential training in computer forensics in order to improve their knowledge and competence regarding the application and understanding of the value of computer forensics in the investigation of procurement fraud. / School of Criminal Justice / M.Tech. (Forensic Investigation)

Forensic investigation

Computer forensics

Procurement fraud

Computer investigation

Red flags

Computer evidence

Network forensics

Kickbacks

Conflict of interest

Bid rigging

363.2596309682275

Computer seizure as technique in forensic investigation

Ndara, Vuyani

19 March 2014

The problem encountered by the researcher was that the South African Police Service Cyber-Crimes Unit is experiencing problems in seizing computer evidence. The following problems were identified by the researcher in practice: evidence is destroyed or lost because of mishandling by investigators; computer evidence is often not obtained or recognised, due to a lack of knowledge and skills on the part of investigators to properly seize computer evidence; difficulties to establish authenticity and initiate a chain of custody for the seized evidence; current training that is offered is unable to cover critical steps in the performance of seizing computer evidence; computer seizure as a technique requires specialised knowledge and continuous training, because the information technology industry is an ever-changing area. An empirical research design, followed by a qualitative research approach, allowed the researcher to also obtain information from practice. A thorough literature study, complemented by interviews, was done to collect the required data for the research. Members of the South African Police Cyber-crime Unit and prosecutors dealing with cyber-crime cases were interviewed to obtain their input into, and experiences on, the topic. The aim of the study was to explore the role of computers in the forensic investigation process, and to determine how computers can be seized without compromising evidence. The study therefore also aimed at creating an understanding and awareness about the slippery nature of computer evidence, and how it can find its way to the court of law without being compromised. The research has revealed that computer crime is different from common law or traditional crimes. It is complicated, and therefore only skilled and qualified forensic experts should be used to seize computer evidence, to ensure that the evidence is not compromised. Training of cyber-crime technicians has to be priority, in order to be successful in seizing computers. / Department of Criminology / M.Tech. (Forensic Investigation)

Forensic

Digital forensic

Computer

Digital evidence

Investigators

Technicians

Chain of custody

Seizure

Cyber-crime

Cyber-crime technicians

363.25968

Computer crimes -- Investigation

Computer security

Forensic sciences -- Data processing

Crime scene searches

Electronic evidence

Computer networks -- Security measures

Probing Cyber-Bullying Experiences of First Year University Students at a Selected Rural University in South Africa

Tsorai, Precious Pachawo

18 May 2018

MGS / Institute for Gender and Youth Studies / Most people view bullying as a childhood challenge which children outgrow with age. However, bullies grow up and even go to universities where they continue with their bullying tactics; harassing their fellow students. The development of technology has allowed bullying to be taken to adulthood through cyber-bullying. Technology has become a big part of young people’s lives and it plays an increasingly important role in their day-to-day activities. However, it has also become a platform for young people to intimidate and harass each other. Cyber-bullying has become a huge problem for university students, which can cause long term effects to victims. It involves sending hurtful, threatening or embarrassing messages to one another. Cyber-bullying causes problems such as depression, anxiety, suicide, poor school attendance and performance for the victims of such an act. Both males and females take part in cyber-bullying. Avenues for cyber-bullying by students include emails, blogs, text messages, and social network sites such as Facebook, My Space, Whatsapp, Instagram and twitter among others. The main aim of this study was to probe cyber-bullying experiences of both male and female first year students at the University of Venda. Qualitative research approach was used. Snowball sampling, a subtype of non-probability sampling was used to select the respondents for the study. Semi-structured interviews were used as the data collecting tool. The data was analysed using thematic analysis. Confidentiality, anonymity, voluntary participation and informed consent were among the ethical considerations that were followed. The study found that cyber-bullying is prevalent at the University of Venda and it socially, academically, psychologically and physically affects students. More female students were found to be victims of cyber-bullying when compared to male students. In view of the magnitude of cyber-bullying among university students; there is a need for urgent action by the University of Venda management to come up with / NRF

Cyber-bullying

Cyber-bullies

Cyber-victims

Harass

Probe

Students

Technology

University

378.19580968257

Bullying -- South Africa -- Limpopo

University of Venda -- Students

The Effect of Cyber Security on Citizens Adoption of e-Commerce Services: The Case of Vhembe District in Limpopo Province of South Africa

Netshirando, Vusani

18 May 2019

MCom (Business Information Systems) / Department of Business Information Systems / Today, information and communication technologies (ICT) have become an integral part of humans lives more especially in business, be it those in developed or developing countries. The evolution of ICT’s has also led to the introduction of e-Commerce services. Both the public and private sectors, develop these technologies with customer satisfaction in mind. Out of all the efforts by businesses and ICT experts, e-commerce systems continue to fail because of low user acceptance and user attitude, especially in developing nations. Security issues are known to be of top most concern for online shoppers. A survey was administered to 161 respondents, to find out how cyber security affects consumer’s intentions and actual use of e-commerce systems. The study encompasses both users of e-commerce systems and non-users of e-commerce systems across Vhembe district of Limpopo Province in South Africa. A quantitative research approach was used. The findings revealed that perceived security was the main concern for non-users of e-commerce intentions to use e-commerce systems because of lack of information and lack of trust on e-commerce systems. The study also revealed that users of e-commerce systems are still concerned about security, even though they intend to continue using e-commerce systems. For the success of e-commerce in rural communities, government needs to join hands with retailers and SME’s to start awareness campaigns that will clarify how e-commerce systems work and eradicate negative perception on e-commerce systems. / NRF

E-Commerce

Adoption

Intention

Perceived security

Perceived trust

Perceived privacy

658.4780968257

Terrorism -- South Africa -- Limpopo

The moderating effect of information security on the adoption of mobile marketing transactions among South African tertiary students

Donga, Gift Taruwandira

January 2020

PhD (Business Management) / Department of Business Management / Despite the fast pace of development within the mobile commerce industry globally, marketers in developing countries are still lagging in understanding why and how consumers participate in mobile marketing transactions. The literature reporting on mobile marketing transactions’ adoption in a South African context remains largely inconsistent and fragmented as most previous studies are based on the experience of consumers in a non-South African (and nondeveloping country) context. Therefore, this study identifies a literature gap, in that there lacks a sufficient critical mass of studies into the moderating effect of information security on consumer adoption of mobile marketing transactions in South Africa particularly among the youth who have a strong affinity for constant mobile connectivity. Furthermore, confronted with rapid changes in emerging technology, previous models of technology adoption are slowly becoming outmoded. Consequently, this study considered testing a proposed model on the predictive power of marketing-related mobile activity to help improve understanding and prognosis of the adoption of mobile marketing transactions in South Africa. Specifically, in order to render these tests robust, perceived information security was applied as a moderator variable to increase the explanatory power of the model. The objectives set out for this research were measured utilising a single cross-sectional approach, guided by the positivist paradigm. In keeping with the dictates of ensuring the highest levels of reliability and validity, a measuring instrument developed from past studies was used. Using a self-administered questionnaire, data were collected from a sample of 810 students from selected South African universities. Descriptive and multivariate statistical tests including the moderated hierarchical regression analysis were used to analyse data. The implication of the study is that it provides both marketers and policymakers with a set of controllable variables that may be manipulated to promote the adoption of mobile marketing transactions. / NRF

Adoption

Mobile marketing

South Africa

Information security

Moderation

658.4780968257

Students -- South Africa -- Limpopo

Utilising advanced accounting software to trace the reintegration of proceeds of crime, from underground banking into the formal banking system

Botes, Christo

30 April 2008

The aim of this paper is to research how advanced accounting software can be used by police detectives, financial risk specialists and forensic investigation specialists, who are responsible for the investigation and tracing of the reintegration of proceeds of crime, from underground banking into formal banking system (pro active and reactive money laundering investigation) with a view on criminal prosecution. The research started of by looking at the basic ways how proceeds of crime are smuggled before it is integrated into the formal banking system. In that context, the phenomenon of Underground banking was researched. Currency smuggling, Hawala currency transfer schemes and the way in which it is used to move proceeds of crime were discussed in detail. Thereafter Formal banking and the way in which proceeds of crime is reintegrated from underground banking structures into formal banking systems were discussed. The use of advanced accounting software to trace the point where proceeds of crime are reintegrated into formal banking were researched extensively. Accounting software and investigative techniques on how to trace financial transactions which might be tainted with proceeds of crime were discussed. Accounting software which can be used on office computers such as laptops were discussed and more advanced automated systems which can be used to trace proceeds of crime transactions in the formal banking systems were also discussed. In specific, the investigative techniques on how to use these systems as investigative tools were discussed in great detail. This research paper gives a truly unique perspective on the financial investigative and analytical angle on proceeds of crime and money laundering detection. / Criminal Justice / M.Tech. (Forensic Investigation)

363.259680968

Forensic sciences -- South Africa

Forensic accounting -- South Africa

Criminal investigation -- South Africa

Fraud investigation -- South Africa

Hawala system

Accounting fraud -- South Africa

Accounting -- South Africa -- Software

Utilising advanced accounting software to trace the reintegration of proceeds of crime, from underground banking into the formal banking system

Botes, Christo

30 April 2008

The aim of this paper is to research how advanced accounting software can be used by police detectives, financial risk specialists and forensic investigation specialists, who are responsible for the investigation and tracing of the reintegration of proceeds of crime, from underground banking into formal banking system (pro active and reactive money laundering investigation) with a view on criminal prosecution. The research started of by looking at the basic ways how proceeds of crime are smuggled before it is integrated into the formal banking system. In that context, the phenomenon of Underground banking was researched. Currency smuggling, Hawala currency transfer schemes and the way in which it is used to move proceeds of crime were discussed in detail. Thereafter Formal banking and the way in which proceeds of crime is reintegrated from underground banking structures into formal banking systems were discussed. The use of advanced accounting software to trace the point where proceeds of crime are reintegrated into formal banking were researched extensively. Accounting software and investigative techniques on how to trace financial transactions which might be tainted with proceeds of crime were discussed. Accounting software which can be used on office computers such as laptops were discussed and more advanced automated systems which can be used to trace proceeds of crime transactions in the formal banking systems were also discussed. In specific, the investigative techniques on how to use these systems as investigative tools were discussed in great detail. This research paper gives a truly unique perspective on the financial investigative and analytical angle on proceeds of crime and money laundering detection. / Criminal Justice / M.Tech. (Forensic Investigation)

363.259680968

Forensic sciences -- South Africa

Forensic accounting -- South Africa

Criminal investigation -- South Africa

Fraud investigation -- South Africa

Hawala system

Accounting fraud -- South Africa

Accounting -- South Africa -- Software

Strafregtelike beskerming van inligting

Nienaber, Catharina Wilhelmina

11 1900

In hierdie proefskrif is die belangrike rol wat inligting tans en toenemend in die samelewing speel ondersoek, om te beklemtoon hoe noodsaaklik dit tans is om `n misdryf wat die wederregtelike en opsetlike verkryging van inligting strafbaar sal reël, te verorden. Die rol wat industriële spioenasie in die verband speel word uitgelig. As gevolg van die bepaalde onliggaamlike aard van inligting kan inligting nie soos liggaamlike eiendom `n persoon ontneem word nie. Inligting word gewoonlik bloot gekopieer en die oorspronklike houer van die inligting behou die inligting hoewel die dader ook die inligting verkry. Die gemeenregtelike misdaad van diefstal maak dus nie voorsiening vir die diefstal van inligting waar die inligting bloot gekopieer of gedupliseer is nie. Om te bepaal hoe hierdie bepaalde probleem in ander lande se regstelsels aangespreek word en om kennis op te doen oor hoe dit in die Suid-Afrikaanse reg aangespreek behoort te word, is die strafregtelike bepalings en selfs nie-strafregtelike bepalings in lande soos Engeland, Amerika, Kanada en Nederland ondersoek. Ten einde vas te stel welke inligting deur die strafreg beskerm behoort te word, is selfs sekere nie-strafregtelike bepalings van vermelde lande en van die Suid-Afrikaanse reg nagegaan. Insigte is verkry oor welke elemente sodanige inligting aan moet voldoen en `n definisie van beskermwaardige inligting word aanbeveel. Vir hierdie doel is `n nuwe begrip van beskermwaardige inligting geskep. Die redes waarom diefstal van inligting nie in Suid-Afrikaanse en die ander lande se regstelsels nie erken word nie, is bespreek. Die wyse waarop die gemeenregtelike misdaad van diefstal na die diefstal van onliggaamlike geld uitgebrei is, is ondersoek waarna `n aanbeveling gemaak word oor hoe die definisie van diefstal uitgebrei kan word om ook ander onliggaamlike objekte in te sluit. As gevolg van die bepaalde aard van inligting kan die gemeenregtelike definisie van diefstal nie uitgebrei word om inligting as `n objek in te sluit nie en word `n statutêre misdryf van diefstal van inligting voorgestel. / Jurisprudence / LL. D.

Inligting

Handelsgeheime

Onliggaamlike sake

Onliggaamlike eiendom

Spioenasie

Vertroulikheid

Diefstal

Gemeenregtelike misdaad

Kriminalisering

Geld

Data

Beskermwaardige inligting

Ekonomiese waarde

Kommunikasies

Intellektuele eiendom

Business intelligence -- South Africa

Computer crimes -- South Africa

Commercial crimes -- South Africa

Information warfare -- South Africa

Cyber crime: a comparative law analysis

Maat, Sandra Mariana

11 1900

The Electronic Communications and Transactions Act, 25 of 2002, eradicated various lacunae that previously existed in respect of cyber crimes. Cyber crimes such as inter alia hacking, rogue code, unauthorised modification of data and denial of service attacks have now been criminalised. Specific criminal provisions in relation to spamming, computer-related fraud and extortion have also been included in the Act. It is argued that theft of incorporeal items such as information has already been recognised in our law, but has not been taken to its logical conclusion in our case law. However, there are instances where neither the common law nor our statutory provisions are applicable and where there is still a need for legislative intervention. The Act sufficiently deals with jurisdiction, the admissibility of data messages, the admissibility of electronic signatures and the regulation of cryptography. Cyber inspectors are a new addition to law enforcement. / Jurisprudence / L. L. M.

Digital signatures

Cryptography

Cyber inspectors

Unauthorised interception

Computer-related fraud

Theft of information

Denial of service attacks

Cyber crime

Hacking

Rogue code

343.9944068

Computer crimes -- South Africa