Perception of employees concerning information security policy compliance : case studies of a European and South African university

Lububu, Steven

January 2018

Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2018. / This study recognises that, regardless of information security policies, information about institutions continues to be leaked due to the lack of employee compliance. The problem is that information leakages have serious consequences for institutions, especially those that rely on information for its sustainability, functionality and competitiveness. As such, institutions ensure that information about their processes, activities and services are secured, which they do through enforcement and compliance of policies. The aim of this study is to explore the extent of non-compliance with information security policy in an institution. The study followed an interpretive, qualitative case study approach to understand the meaningful characteristics of the actual situations of security breaches in institutions. Qualitative data was collected from two universities, using semi-structured interviews, with 17 participants. Two departments were selected: Human Resources and the Administrative office. These two departments were selected based on the following criteria: they both play key roles within an institution, they maintain and improve the university’s policies, and both departments manage and keep confidential university information (Human Resources transects and keeps employees’ information, whilst the Administrative office manages students’ records). This study used structuration theory as a lens to view and interpret the data. The qualitative content analysis was used to analyse documentation, such as brochures and information obtained from the websites of the case study’s universities. The documentation was then further used to support the data from the interviews. The findings revealed some factors that influence non-compliance with regards to information security policy, such as a lack of leadership skills, favouritism, fraud, corruption, insufficiency of infrastructure, lack of security education and miscommunication. In the context of this study, these factors have severe consequences on an institution, such as the loss of the institution’s credibility or the institution’s closure. Recommendations for further study are also made available.

Computer security

Computer networks -- Security measures

Data protection

Compliance to radiation safety standards by radiographers and dental professionals in Waterberg District Hospitals, Limpopo Province

Modiba, Reshoketswe Mokgadi

January 2014

Thesis (MPH. ) --University of Limpopo, 2014 / This dissertation reports on findings from a qualitative research that sought to investigate adherence and compliance to radiation safety protocols by radiographers and dental professionals in the Waterberg District. The study also sought to determine the knowledge the participants had on the chronic ill-effects of occupational exposure to radiation, safety protocols and their professional experience in dealing with occupational exposure to radiation. Altogether 60 participants from 8 health institutions in the Waterberg district took part in the study. They were compromised of males and females with ages ranging from 22-60 years. The response rate was 75% (n=45/60). The empirical data of the study shows a consistent yet disconcerting pattern among practitioners about safety compliance, safety protocols and their understanding of long term effect of occupational exposure to radiation. Despite their impressive knowledge of X-rays being a source of ionizing radiation, the level of their understanding of ill-effects thereof was of great concern. The general failure by both professionals in complying with the most basic safety protocols is worrisome. In a nutshell, yet some of the practitioners were found to be greatly exposed to radiation, their daily practices were found not consistent with procedures dictated by the guidelines on the use of medical X-ray equipment. Overall, only 59% of radiographers always wore their dosimeters, a basic monitoring and protective tool to measure their radiation exposure. In the study, only 38% of the dentists were found to be compliant and overwhelmingly alluded this to their employers being unable to supply them with crucial protective clothing, a finding that the researcher cannot dispute as indicated in the responses by the two groups. The failure of the employer in enforcing monitoring and assuring safety to the employees, patients and the general public emerged from this study. Various non-compliance patterns could be attributed to the participants and others to the employer. Protocols as clearly stipulated in R1332 of Hazardous Substance Act 15 of 1973 and other guidelines are not adhered to.

Radiation safety standards

Radiographers

Dental professionals

616.07570289

Radiation -- Safety measures.

Coherent Distortion Risk Measures in Portfolio Selection

Feng, Ming Bin

January 2011

The theme of this thesis relates to solving the optimal portfolio selection problems using linear programming. There are two key contributions in this thesis. The first contribution is to generalize the well-known linear optimization framework of Conditional Value-at-Risk (CVaR)-based portfolio selection problems (see Rockafellar and Uryasev (2000, 2002)) to more general risk measure portfolio selection problems. In particular, the class of risk measure under consideration is called the Coherent Distortion Risk Measure (CDRM) and is the intersection of two well-known classes of risk measures in the literature: the Coherent Risk Measure (CRM) and the Distortion Risk Measure (DRM). In addition to CVaR, other risk measures which belong to CDRM include the Wang Transform (WT) measure, Proportional Hazard (PH) transform measure, and lookback (LB) distortion measure. Our generalization implies that the portfolio selection problems can be solved very efficiently using the linear programming approach and over a much wider class of risk measures. The second contribution of the thesis is to establish the equivalences among four formulations of CDRM optimization problems: the return maximization subject to CDRM constraint, the CDRM minimization subject to return constraint, the return-CDRM utility maximization, the CDRM-based Sharpe Ratio maximization. Equivalences among these four formulations are established in a sense that they produce the same efficient frontier when varying the parameters in their corresponding problems. We point out that the first three formulations have already been investigated in Krokhmal et al. (2002) with milder assumptions on risk measures (convex functional of portfolio weights). Here we apply their results to CDRM and establish the fourth equivalence. For every one of these formulations, the relationship between its given parameter and the implied parameters for the other three formulations is explored. Such equivalences and relationships can help verifying consistencies (or inconsistencies) for risk management with different objectives and constraints. They are also helpful for uncovering the implied information of a decision making process or of a given investment market. We conclude the thesis by conducting two case studies to illustrate the methodologies and implementations of our linear optimization approach, to verify the equivalences among four different problem formulations, and to investigate the properties of different members of CDRM. In addition, the efficiency (or inefficiency) of the so-called 1/n portfolio strategy in terms of the trade off between portfolio return and portfolio CDRM. The properties of optimal portfolios and their returns with respect to different CDRM minimization problems are compared through their numerical results.

Coherent risk measures

Distortion risk measures

Portfolio selection

Coherent distortion risk measures

Linear programming

Linear fractional programming

Actuarial Science

A Comparison of Three Animal Welfare Assessment Programs on Canadian Swine Farms

Roberts, Ashley Nicole

02 January 2014

Standard measures used in animal welfare assessments include animal-based measures obtained by observing animals, resource-based measures obtained by observing facilities, and management-based measures obtained by interviewing farmers and checking records. Animal welfare assessments are composed of a variety of measures and can be very different from each other. The objectives of the research presented in this thesis were to investigate inter-observer reliability of three swine welfare assessment programs (ACA™, PQA Plus®, and Welfare Quality®), and to determine the concordance of rankings across the 3 assessments. All assessments and all types of measures were found to be highly reliable. Moderate concordance was found for the rankings of farms across all three assessments. The lowest ranked farms were correlated, indicating that all assessments identified the farms with the lowest levels of animal welfare. Results of this study can be used to identify the best measures and revise current on-farm animal welfare assessments. / Canadian Swine Research and Development Cluster, a Growing Canadian Agri-Innovation Program – Canadian Agri-Science Cluster Initiative of Agriculture and Agri-Food Canada (AAFC); and the Ontario Pork Council

Animal Welfare

Swine

Animal Welfare Assessments

Animal-Based Measures

Resource-Based Measures

Management-Based Measures

ACA™

PQA Plus®

Welfare Quality®

Coherent Distortion Risk Measures in Portfolio Selection

Feng, Ming Bin

January 2011

The theme of this thesis relates to solving the optimal portfolio selection problems using linear programming. There are two key contributions in this thesis. The first contribution is to generalize the well-known linear optimization framework of Conditional Value-at-Risk (CVaR)-based portfolio selection problems (see Rockafellar and Uryasev (2000, 2002)) to more general risk measure portfolio selection problems. In particular, the class of risk measure under consideration is called the Coherent Distortion Risk Measure (CDRM) and is the intersection of two well-known classes of risk measures in the literature: the Coherent Risk Measure (CRM) and the Distortion Risk Measure (DRM). In addition to CVaR, other risk measures which belong to CDRM include the Wang Transform (WT) measure, Proportional Hazard (PH) transform measure, and lookback (LB) distortion measure. Our generalization implies that the portfolio selection problems can be solved very efficiently using the linear programming approach and over a much wider class of risk measures. The second contribution of the thesis is to establish the equivalences among four formulations of CDRM optimization problems: the return maximization subject to CDRM constraint, the CDRM minimization subject to return constraint, the return-CDRM utility maximization, the CDRM-based Sharpe Ratio maximization. Equivalences among these four formulations are established in a sense that they produce the same efficient frontier when varying the parameters in their corresponding problems. We point out that the first three formulations have already been investigated in Krokhmal et al. (2002) with milder assumptions on risk measures (convex functional of portfolio weights). Here we apply their results to CDRM and establish the fourth equivalence. For every one of these formulations, the relationship between its given parameter and the implied parameters for the other three formulations is explored. Such equivalences and relationships can help verifying consistencies (or inconsistencies) for risk management with different objectives and constraints. They are also helpful for uncovering the implied information of a decision making process or of a given investment market. We conclude the thesis by conducting two case studies to illustrate the methodologies and implementations of our linear optimization approach, to verify the equivalences among four different problem formulations, and to investigate the properties of different members of CDRM. In addition, the efficiency (or inefficiency) of the so-called 1/n portfolio strategy in terms of the trade off between portfolio return and portfolio CDRM. The properties of optimal portfolios and their returns with respect to different CDRM minimization problems are compared through their numerical results.

Coherent risk measures

Distortion risk measures

Portfolio selection

Coherent distortion risk measures

Linear programming

Linear fractional programming

Actuarial Science

A description of maritime safety in South Africa

Cronje, Riaan

03 1900

Thesis (MPhil)--Stellenbosch University, 2000. / ENGLISH ABSTRACT: The increasing financial pressures exerted on ship owners in recent years due to cost inflation, overtonnage and low freight rates in many sectors, have forced ship owners to increase cost savings and contain costs. That induced certain shipowners to operate substandard ships. The cost advantages in substandard ships are through failing to maintain safety equipment and procedures, employing cheap and untrained crews, repairing only essential equipment on breakdown and register under flags that do not comply with all the international regulatory, economic and social requirements for ships. Those ships undercut the true costs of operating a ship and eventually drive the obedient shipowner out of the market at the cost of safe and clean seas. Because of the complex international environment in which shipping operates an international regulatory framework is needed to ensure safety at sea. This assignment gives a layout of that framework, which is co-ordinated by the International Maritime Organisation (!MO), as well as the ways in which it is implemented and regulated in individual countries, with reference to South Africa. The functioning of the South African Maritime Safety Agency (SAMSA), which has been established on 1 April 1998, is also discussed. The benefit of safe ports is highlighted and also the cost savings in marine insurance if ships are classified as safe. A brief description of the navigation instruments that SAMSA use to assist in achieving maritime safety is given. Finally, the diseconomies of substandard ships are debated against quality ships for cleaner seas. / AFRIKAANSE OPSOMMING: Die toenemende finansiële druk op skeepseienaars, as gevolg van koste inflasie, oortonnemaat en lae vragtariewe in verskeie sektore, het hulle gedwing om oor die laaste aantal jare hul kostes te beperk. Gedwonge kostebesparings gee aanleiding daartoe dat sekere skeepseienaars onveilige skepe bedryf. Kostevoordele in onveilige skepe word bereik deur veiligheidstoerusting en -prosedures nie in stand te hou nie, goedkoop en onopgeleide bemanning aan te stel, slegs die nodige herstelwerk aan toerusting te doen en deur te registreer onder vlae wat nie voldoen aan internasionale regulering, ekonomiese en sosiale vereistes vir skepe nie. Eienaars van sulke skepe, onderskruip die ware bedryfskoste van 'n skip en uiteindelik dryf dit die wetsgetroue skeepseienaars uit die mark ten koste van 'n veilige en skoon see. As gevolg van die komplekse internasionale omgewmg waann skeepvaart funksioneer, word 'n internasionale reguleringsraamwerk benodig om veiligheid ter see te verseker. Hierdie werkstuk gee 'n uitleg van daardie raamwerk, wat gekoordineer word deur die Internasionale Maritieme Organisasie (!MO), asook die manier waarop dit geïmplementeer en gereguleer word in individuele lande met verwysing tot Suid-Afrika. Die funksionering van die Suid-Afrikaanse Maritieme Veiligheids Agentskap (SAMSA), wat tot stand gebring is op 1 April 1998, word bespreek. Die voordele van veilige hawens word uitgelig, sowel as die besparings in maritieme versekeringskoste indien 'n skip as veilig geklassifiseer word. 'n Kort beskrywing van navigasie-instrumente wat SAMSA gebruik om maritieme veiligheid te bewerkstellig, word kortliks bespreek. Ten slotte, die dis-ekonomie van onveilige skepe word gedebateer teenoor die kwaliteit van skepe vir 'n skoner see.

Ships -- South Africa -- Safety measures

Dissertations -- Logistics

Theses -- Logistics

A data protection methodology to preserve critical information from the possible threat of information loss

Schwartzel, Taryn

03 October 2011

M.Tech. / Information is a company’s greatest asset that is continually under threat from human error, technological failure, natural disasters and other external factors. These threats need to be identified and quantified and their relevant protection techniques need to be deployed. This research will allow businesses to ascertain which of these data protection strategies to embrace and deploy, thereby highlighting the balance between cost and value for their business needs. Every commercial enterprise should understand the business value of their data and realise that protecting this data is of utmost importance. However, company data often resides on different mediums, in different locations and implementing a data protection strategy is not always cost effective in terms of the cost of storage mediums and protection methods. The challenges that businesses face is trying to distinguish between mission-critical data from other business data, excluding any non-business or invaluable data that resides on their systems. Thus a cost-effective data protection strategy can be implemented according to the different values of business data. This research provides a model to enable an organisation to: · Utilise the model as a framework or guideline in determining a strategy for protection, storage, retrieval and preservation of business critical data. · Define the data protection strategy to meet the organisation’s business requirements. · Define a cost effective data protection solution that encompasses protection, storage, retrieval and preservation of business critical data. · Make strategic decisions based on an array of best practices to ensure mission-critical data is protected accordingly. iii · Draw a conclusion between the costs of implementing these solutions against the real business value of the data that it protects.

Data protection

Computer security management

Electronic commerce - Security measures

A methodology for measuring and monitoring IT risk

Tansley, Natalie Vanessa

January 2007

The primary objective of the research is to develop a methodology for monitoring and measuring IT risks, strictly focusing on internal controls. The research delivers a methodology whereby an organization can measure its system of internal controls, providing assurance that the risks are at an acceptable level. To achieve the primary objective a number of secondary objectives were addressed: What are the drivers forcing organizations to better corporate governance in managing risk? What is IT risk management, specifically focusing on operational risk. What is internal control and specifically focusing on COSO’s internal control process. Investigation of measurement methods, such as, Balance Scorecards, Critical Success Factors, Maturity Models, Key Performance Indicators and Key Goal Indicators. Investigation of various frameworks such as CobiT, COSO and ISO 17799, ITIL and BS 7799 as to how they manage IT risk relating to internal control.

Information resources management

Knowledge and practices of food service staff regarding food safety and food hygiene in the Capricorn District Hospitals in the Limpopo Province, South Africa

Mashuba, Dorcus Mmaphefo

January 2016

Thesis (MPH.) -- University of Limpopo, 2016 / The purpose of this study was to assess the knowledge and practices of food service staff regarding food safety and food hygiene in Capricorn District hospitals, Limpopo Province. Quantitative, cross-sectional research was conducted to determine the knowledge and practices of food service staff. A convenient sampling technique was employed to select 84 food service staff members (11 food service supervisor and 73 food service aids). Data collection was done using structured questionnaires. Food service staff members consisting of food service aids and food service supervisors participated in the study. The data were analysed using the statistical package for social sciences version 23. Of the respondents 50 (60%) are female whereas 34 (40%) are males. The largest group of them, 34 (40%) had secondary education, 23 (27%) had matric whereas 16 (19%) had post matric qualifications. 80 (95%) of them answered correctly that they use an air dryer or paper towel for drying hands after washing whereas 65 (77%) answered incorrectly when asked the difference between washing and sanitizing. Seventy eight of the respondents answered correctly on practice questionnaire that they only reheat leftovers once whereas 69 (82%) answered incorrectly about the temperature one should maintain for potentially hazardous food that has been cooked and needs to be reheated. In this study a significant correlation was observed between level of education and knowledge, with p-value 0.016 and again between level of education and practices (p-value 0.024), also between work activity and practice (p-value 0.021). There was significant difference between knowledge level and practice with p-value 0.045. The result of the study suggest that although most food service staff are knowledgeable regarding some aspects of food hygiene and food safety significant gaps remains in food safety practices, posing risk to hospitalised patients who are already vulnerable. There is a need for training in areas were food service staff are lacking knowledge.

Food service

Food safety

Food hygiene

Food -- Safety measures

Food service -- Safety measures

Food handling -- Safety measures

Food poisoning

An investigation of nuclear excursions to determine the self-shutdown effects in thermal heterogeneous, highly enriched, liquid-moderated reactors

Fagan, John Robert.

January 1962

Call number: LD2668 .T4 1962 F35

Nuclear reactors--Safety measures.

Masters theses