Legal and policy aspects to consider when providing information security in the corporate environment

Dagada, Rabelani

11 1900

E-commerce is growing rapidly due to the massive usage of the Internet to conduct commercial transactions. This growth has presented both customers and merchants with many advantages. However, one of the challenges in E-commerce is information security. In order to mitigate e-crime, the South African government promulgated laws that contain information security legal aspects that should be integrated into the establishment of information security. Although several authors have written about legal and policy aspects regarding information security in the South African context, it has not yet been explained how these aspects are used in the provision of information security in the South African corporate environment. This is the premise upon which the study was undertaken. Forty-five South African organisations participated in this research. Data gathering methods included individual interviews, website analysis, and document analysis. The findings of this study indicate that most organisations in South Africa are not integrating legal aspects into their information security policies. One of the most important outcomes of this study is the proposed Concept Model of Legal Compliance in the Corporate Environment. This Concept Model embodies the contribution of this study and demonstrates how legal requirements can be incorporated into information security endeavours. The fact that the proposed Concept Model is technology-independent and that it can be implemented in a real corporate environment, regardless of the organisation’s governance and management structure, holds great promise for the future of information security in South Africa and abroad. Furthermore, this thesis has generated a topology for linking legislation to the provision of information security which can be used by any academic or practitioner who intends to implement information security measures in line with the provisions of the law. It is on the basis of this premise that practitioners can, to some extent, construe that the integration of legislation into information security policies can be done in other South African organisations that did not participate in this study. Although this study has yielded theoretical, methodological and practical contributions, there is, in reality, more research work to be done in this area. / School of Computing / D. Phil. (Information Systems)

343.9944068

Intellectual property -- South Africa

A criminological exploration of cyber stalking in South Africa

Sissing, Kim Shandre

17 January 2014

The introduction of cyber technology, accompanied by its fast developing nature, has not only resulted in numerous advantages to its user and society as a whole but has also produced harmful consequences specifically impacting on cyber crime. One of these harmful effects is cyber stalking. Cyber stalking is the use of the Internet or any electronic medium to stalk, harass and pursue victims. This unwanted perusal has various negative implications for the victim, as cyber stalking can disrupt many aspects of an individual’s lifestyle. In this study, the occurrence, nature and the impact of cyber stalking among the victims of cyber stalking were explored. Additionally, protective measures available to victims of cyber stalking were examined as a way to facilitate the operational efficiency of related legislation. This was done through determining the occurrence, nature and the impact of cyber stalking as well as the extent of the usage of social networks in the commission of cyber stalking. Legislation specific to South Africa and the effectiveness of such legislation were examined. The study implemented a qualitative approach. Twelve research participants who met the requirements of the study were selected by means of purposive and snowball sampling methods. The study was publicised on the Internet through current popular social network sites. In conjunction to the cyber theme of the study, the research participants were requested to complete an online e-mail interview to share their personal cyber stalking victimisation experiences. Within the constraints of the e-mail interview, a semi-structured interview schedule was incorporated in order to guide the research participants in sharing their cyber stalking victimisation experiences. The findings of the study were extensive; ranging from emerged patterns to unique and exclusive experiences. In brief, the study concludes that cyber stalking is occurring in South Africa, its nature and impact is complex and although there are many common themes within cyber stalking, it is uniquely situated to individual cyber stalking incident(s). Although there is no current South African legislation specifically aimed at addressing cyber stalking, South African legislation comprehensively deals with addressing the problem of cyber stalking within various related legislation. It was determined that although cyber stalking is effectively addressed in the drafting of legislation, it is ineffectively administered at grass roots level, where the police act as the gatekeepers and vital role players in the reporting and intervention of crime. Based upon the findings, as guided by the aims and objectives of the study, recommendations for the prevention and intervention of cyber stalking as well as recommendations for future research were made. As derived from the research participants’ responses as well as from current literature, recommendations focused on all victims of cyber stalking while specifically paying attention to young victims and victims who are business users. Recommendations were also made to assist in dealing with cyber stalking as well as recommendations aimed at assisting professional role players. In the final chapter of the study, emphasis is placed on awareness and educational campaigns aimed at informing the cyber community of cyber stalking. / Criminal & Procedural Law / Masters of Arts (Criminology)

Cyber stalking

Vindictive cyber stalking

Composed cyber stalking

Intimate cyber stalking

Stalking

Cyber stalking victims

Social networks

Internet

364.1580968

Cyberstalking -- South Africa

Stalking -- South Africa

Computer crimes -- South Africa

Internet -- Safety measures

Victims of crimes -- South Africa

Investigating the use of forensic stylistic and stylometric techniques in the analyses of authorship on a publicly accessible social networking site (Facebook)

Michell, Colin Simon

2013 July 1900

This research study examines the forensic application of a selection of stylistic and stylometric techniques in a simulated authorship attribution case involving texts on the social networking site, Facebook. Eight participants each submitted 2,000 words of self-authored text from their personal Facebook messages, and one of them submitted an extra 2,000 words to act as the ‘disputed text’. The texts were analysed in terms of the first 1,000 words received and then at the 2,000-word level to determine what effect text length has on the effectiveness of the chosen style markers (keywords, function words, most frequently occurring words, punctuation, use of digitally mediated communication features and spelling). It was found that despite accurately identifying the author of the disputed text at the 1,000-word level, the results were not entirely conclusive but at the 2,000-word level the results were more promising, with certain style markers being particularly effective. / Linguistics / MA (Linguistics)

Facebook

Authorship attribution

Style markers

Idiolect

Forensic linguistics

Forensic stylistics

Stylometrics

WordSmith Tools

363.2565

Forensic linguistics

Language and the Internet

Internet -- Law and legislation

Computer crimes -- Investigation

Authorship -- Identification

A criminological exploration of cyber stalking in South Africa

Sissing, Shandre Kim

06 1900

The introduction of cyber technology, accompanied by its fast developing nature, has not only resulted in numerous advantages to its user and society as a whole but has also produced harmful consequences specifically impacting on cyber crime. One of these harmful effects is cyber stalking. Cyber stalking is the use of the Internet or any electronic medium to stalk, harass and pursue victims. This unwanted perusal has various negative implications for the victim, as cyber stalking can disrupt many aspects of an individual’s lifestyle. In this study, the occurrence, nature and the impact of cyber stalking among the victims of cyber stalking were explored. Additionally, protective measures available to victims of cyber stalking were examined as a way to facilitate the operational efficiency of related legislation. This was done through determining the occurrence, nature and the impact of cyber stalking as well as the extent of the usage of social networks in the commission of cyber stalking. Legislation specific to South Africa and the effectiveness of such legislation were examined. The study implemented a qualitative approach. Twelve research participants who met the requirements of the study were selected by means of purposive and snowball sampling methods. The study was publicised on the Internet through current popular social network sites. In conjunction to the cyber theme of the study, the research participants were requested to complete an online e-mail interview to share their personal cyber stalking victimisation experiences. Within the constraints of the e-mail interview, a semi-structured interview schedule was incorporated in order to guide the research participants in sharing their cyber stalking victimisation experiences. The findings of the study were extensive; ranging from emerged patterns to unique and exclusive experiences. In brief, the study concludes that cyber stalking is occurring in South Africa, its nature and impact is complex and although there are many common themes within cyber stalking, it is uniquely situated to individual cyber stalking incident(s). Although there is no current South African legislation specifically aimed at addressing cyber stalking, South African legislation comprehensively deals with addressing the problem of cyber stalking within various related legislation. It was determined that although cyber stalking is effectively addressed in the drafting of legislation, it is ineffectively administered at grass roots level, where the police act as the gatekeepers and vital role players in the reporting and intervention of crime. Based upon the findings, as guided by the aims and objectives of the study, recommendations for the prevention and intervention of cyber stalking as well as recommendations for future research were made. As derived from the research participants’ responses as well as from current literature, recommendations focused on all victims of cyber stalking while specifically paying attention to young victims and victims who are business users. Recommendations were also made to assist in dealing with cyber stalking as well as recommendations aimed at assisting professional role players. In the final chapter of the study, emphasis is placed on awareness and educational campaigns aimed at informing the cyber community of cyber stalking. / Criminal and Procedural Law / M. A. (Criminology)

Cyber stalking

Vindictive cyber stalking

Composed cyber stalking

Intimate cyber stalking

Stalking

Cyber stalking victims

Social networks

Internet

364.1580968

Cyberstalking -- South Africa

Stalking -- South Africa

Computer crimes -- South Africa

Internet -- Safety measures

Victims of crimes -- South Africa

Legal and policy aspects to consider when providing information security in the corporate environment

Dagada, Rabelani

11 1900

E-commerce is growing rapidly due to the massive usage of the Internet to conduct commercial transactions. This growth has presented both customers and merchants with many advantages. However, one of the challenges in E-commerce is information security. In order to mitigate e-crime, the South African government promulgated laws that contain information security legal aspects that should be integrated into the establishment of information security. Although several authors have written about legal and policy aspects regarding information security in the South African context, it has not yet been explained how these aspects are used in the provision of information security in the South African corporate environment. This is the premise upon which the study was undertaken. Forty-five South African organisations participated in this research. Data gathering methods included individual interviews, website analysis, and document analysis. The findings of this study indicate that most organisations in South Africa are not integrating legal aspects into their information security policies. One of the most important outcomes of this study is the proposed Concept Model of Legal Compliance in the Corporate Environment. This Concept Model embodies the contribution of this study and demonstrates how legal requirements can be incorporated into information security endeavours. The fact that the proposed Concept Model is technology-independent and that it can be implemented in a real corporate environment, regardless of the organisation’s governance and management structure, holds great promise for the future of information security in South Africa and abroad. Furthermore, this thesis has generated a topology for linking legislation to the provision of information security which can be used by any academic or practitioner who intends to implement information security measures in line with the provisions of the law. It is on the basis of this premise that practitioners can, to some extent, construe that the integration of legislation into information security policies can be done in other South African organisations that did not participate in this study. Although this study has yielded theoretical, methodological and practical contributions, there is, in reality, more research work to be done in this area. / School of Computing / D. Phil. (Information Systems)

343.9944068

Intellectual property -- South Africa

Cyber crime: a comparative law analysis

Maat, Sandra Mariana

11 1900

The Electronic Communications and Transactions Act, 25 of 2002, eradicated various lacunae that previously existed in respect of cyber crimes. Cyber crimes such as inter alia hacking, rogue code, unauthorised modification of data and denial of service attacks have now been criminalised. Specific criminal provisions in relation to spamming, computer-related fraud and extortion have also been included in the Act. It is argued that theft of incorporeal items such as information has already been recognised in our law, but has not been taken to its logical conclusion in our case law. However, there are instances where neither the common law nor our statutory provisions are applicable and where there is still a need for legislative intervention. The Act sufficiently deals with jurisdiction, the admissibility of data messages, the admissibility of electronic signatures and the regulation of cryptography. Cyber inspectors are a new addition to law enforcement. / Jurisprudence / L. L. M.

Digital signatures

Cryptography

Cyber inspectors

Unauthorised interception

Computer-related fraud

Theft of information

Denial of service attacks

Cyber crime

Hacking

Rogue code

343.9944068

Computer crimes -- South Africa

The human element in information security : an analysis of social engineering attacks in the greater Tshwane area of Gauteng, South Africa

Van Rensburg, Kim Shandre Jansen

06 1900

Criminology and Security Science / D. Litt. et Phil. (Criminology)

Criminological theories

Hacking

Impersonation

Information security

Personal information

Phishing

Privacy

Risk

Social engineering

Social networks

Threat

Vulnerability

Multi-inter-transdisciplinary (MIT)

005.80968227

Strafregtelike beskerming van inligting

Nienaber, Catharina Wilhelmina

11 1900

In hierdie proefskrif is die belangrike rol wat inligting tans en toenemend in die samelewing speel ondersoek, om te beklemtoon hoe noodsaaklik dit tans is om `n misdryf wat die wederregtelike en opsetlike verkryging van inligting strafbaar sal reël, te verorden. Die rol wat industriële spioenasie in die verband speel word uitgelig. As gevolg van die bepaalde onliggaamlike aard van inligting kan inligting nie soos liggaamlike eiendom `n persoon ontneem word nie. Inligting word gewoonlik bloot gekopieer en die oorspronklike houer van die inligting behou die inligting hoewel die dader ook die inligting verkry. Die gemeenregtelike misdaad van diefstal maak dus nie voorsiening vir die diefstal van inligting waar die inligting bloot gekopieer of gedupliseer is nie. Om te bepaal hoe hierdie bepaalde probleem in ander lande se regstelsels aangespreek word en om kennis op te doen oor hoe dit in die Suid-Afrikaanse reg aangespreek behoort te word, is die strafregtelike bepalings en selfs nie-strafregtelike bepalings in lande soos Engeland, Amerika, Kanada en Nederland ondersoek. Ten einde vas te stel welke inligting deur die strafreg beskerm behoort te word, is selfs sekere nie-strafregtelike bepalings van vermelde lande en van die Suid-Afrikaanse reg nagegaan. Insigte is verkry oor welke elemente sodanige inligting aan moet voldoen en `n definisie van beskermwaardige inligting word aanbeveel. Vir hierdie doel is `n nuwe begrip van beskermwaardige inligting geskep. Die redes waarom diefstal van inligting nie in Suid-Afrikaanse en die ander lande se regstelsels nie erken word nie, is bespreek. Die wyse waarop die gemeenregtelike misdaad van diefstal na die diefstal van onliggaamlike geld uitgebrei is, is ondersoek waarna `n aanbeveling gemaak word oor hoe die definisie van diefstal uitgebrei kan word om ook ander onliggaamlike objekte in te sluit. As gevolg van die bepaalde aard van inligting kan die gemeenregtelike definisie van diefstal nie uitgebrei word om inligting as `n objek in te sluit nie en word `n statutêre misdryf van diefstal van inligting voorgestel. / Jurisprudence / LL. D.

Inligting

Handelsgeheime

Onliggaamlike sake

Onliggaamlike eiendom

Spioenasie

Vertroulikheid

Diefstal

Gemeenregtelike misdaad

Kriminalisering

Geld

Data

Beskermwaardige inligting

Ekonomiese waarde

Kommunikasies

Intellektuele eiendom

Business intelligence -- South Africa

Computer crimes -- South Africa

Commercial crimes -- South Africa

Information warfare -- South Africa

Investigating the use of forensic stylistic and stylometric techniques in the analyses of authorship on a publicly accessible social networking site (Facebook)

Michell, Colin Simon

07 1900

This research study examines the forensic application of a selection of stylistic and stylometric techniques in a simulated authorship attribution case involving texts on the social networking site, Facebook. Eight participants each submitted 2,000 words of self-authored text from their personal Facebook messages, and one of them submitted an extra 2,000 words to act as the ‘disputed text’. The texts were analysed in terms of the first 1,000 words received and then at the 2,000-word level to determine what effect text length has on the effectiveness of the chosen style markers (keywords, function words, most frequently occurring words, punctuation, use of digitally mediated communication features and spelling). It was found that despite accurately identifying the author of the disputed text at the 1,000-word level, the results were not entirely conclusive but at the 2,000-word level the results were more promising, with certain style markers being particularly effective. / Linguistics and Modern Languages / M.A. (Linguistics)

Facebook

Authorship attribution

Style markers

Idiolect

Forensic linguistics

Forensic stylistics

Stylometrics

WordSmith Tools

363.2565

Forensic linguistics

Language and the Internet

Internet -- Law and legislation

Computer crimes -- Investigation

Authorship -- Identification

E-crimes and e-authentication - a legal perspective

Njotini, Mzukisi Niven

27 October 2016

E-crimes continue to generate grave challenges to the ICT regulatory agenda. Because e-crimes involve a wrongful appropriation of information online, it is enquired whether information is property which is capable of being stolen. This then requires an investigation to be made of the law of property. The basis for this scrutiny is to establish if information is property for purposes of the law. Following a study of the Roman-Dutch law approach to property, it is argued that the emergence of an information society makes real rights in information possible. This is the position because information is one of the indispensable assets of an information society. Given the fact that information can be the object of property, its position in the law of theft is investigated. This study is followed by an examination of the conventional risks that ICTs generate. For example, a risk exists that ICTs may be used as the object of e-crimes. Furthermore, there is a risk that ICTs may become a tool in order to appropriate information unlawfully. Accordingly, the scale and impact of e-crimes is more than those of the offline crimes, for example theft or fraud. The severe challenges that ICTs pose to an information society are likely to continue if clarity is not sought regarding: whether ICTs can be regulated or not, if ICTs can be regulated, how should an ICT regulatory framework be structured? A study of the law and regulation for regulatory purposes reveals that ICTs are spheres where regulations apply or should apply. However, better regulations are appropriate in dealing with the dynamics of these technologies. Smart-regulations, meta-regulations or reflexive regulations, self-regulations and co-regulations are concepts that support better regulations. Better regulations enjoin the regulatory industries, for example the state, businesses and computer users to be involved in establishing ICT regulations. These ICT regulations should specifically be in keeping with the existing e-authentication measures. Furthermore, the codes-based theory, the Danger or Artificial Immune Systems (the AIS) theory, the Systems theory and the Good Regulator Theorem ought to inform ICT regulations. The basis for all this should be to establish a holistic approach to e-authentication. This approach must conform to the Precautionary Approach to E-Authentication or PAEA. PAEA accepts the importance of legal rules in the ICT regulatory agenda. However, it argues that flexible regulations could provide a suitable framework within which ICTs and the ICT risks are controlled. In addition, PAEA submit that a state should not be the single role-player in ICT regulations. Social norms, the market and nature or architecture of the technology to be regulated are also fundamental to the ICT regulatory agenda. / Jurisprudence / LL. D.

Biometric characters

Computer hacking

E-authentication

Furtum,

ICT regulation

ID fraud

ID theft

Information or computer systems

Larceny

Man-in-the-middle attacks

Phishing

ICTs

PAEAN

345.268

Computer crimes -- Law and legislation

Computer networks -- Security measures

Authentication

Phishing

Intellectual property