NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 6562
  • 1927
  • 919
  • 814
  • 686
  • 373
  • 179
  • 161
  • 154
  • 105
  • 93
  • 81
  • 79
  • 77
  • 76
  • Tagged with
  • 14837
  • 2974
  • 2027
  • 1876
  • 1454
  • 1382
  • 1345
  • 1298
  • 1264
  • 1169
  • 1155
  • 1149
  • 1075
  • 1030
  • 952
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 811 to 820 of 14837 (0.045 seconds)
811

Tourism in an unstable and complex world? Searching for relevant a political risk paradigm and model for tourism organisations

Piekarz, M J 25 November 2009 (has links)
This work has a single aim, focusing on developing a political risk model relevant for tourism organisations, which are operating in an increasingly complex and turbulent international environment. It pays particular attention to the language of risk (how risks are articulated and described), the culture of risk (how risks are viewed), and the risk process (how they are analysed and assessed). The work critically evaluates a variety of methods that can be utilised to scan, analyse and assess political hazards and risks. It finds that many of the existing methods of political and country risk assessment are limited and not sufficiently contextualised to the needs of the tourism industry. Whilst many models can have an attractive façade of using positivistic methods to calculate political risks, in practice these are fraught with problems. The study also highlights a more complex relationship between tourism and political instability, whereby tourism can be characterised as much by its robustness, as its sensitivity. A model is developed which primarily adapts a systems theory approach, whereby a language, culture and practical process is developed through which the analysis of various factors and indicators can take place. The approach adopted has a number of stages, which vary in the amount of data necessary for the analysis and assessment of political risks. The model begins by utilising existing travel advice databases, moving onto an analysis of the frequency of past events, then to the nature of the political system itself, finishing with an analysis and assessment of more complex input factors and indicators which relate to notions of causation. One of the more provocative features of the model is the argument that it is more than possible to make an assessment of the risks that the political environment can pose to a tourism organisation, without necessarily understanding theories of causation.
Tourism
National security
Security
Evaluation research
Political stability
812

Information security risk management: a holistic framework.

Bornman, Werner George 22 April 2008 (has links)
Information security risk management is a business principle that is becoming more important for organisations due to external factors such as governmental regulations. Since due diligence regarding information security risk management (ISRM) is necessitated by law, organisations have to ensure that risk information is adequately communicated to the appropriate parties. Organisations can have numerous managerial levels, each of which has specific functions related to ISRM. The approaches of each level differ and this makes a cohesive ISRM approach throughout the organisation a daunting task. This task is compounded by strategic and tactical level management having specific requirements imposed on them regarding risk management. Tactical level management has to meet these requirements by instituting processes that can deliver on what is required. Processes in turn should be executed by operational level management. However, the available approaches of each managerial level make it impossible to communicate and consolidate information from the lower organisational levels to top level management due to the differing terminology, concepts and scope of each approach. This dissertation addresses the ISRM communication challenge through a systematic and structured solution. ISRM and related concepts are defined to provide a solid foundation for ISRM communication. The need for and institutions that impose risk management requirements are evaluated. These requirements are used to guide the solution for ISRM communication. At strategic level, governmental requirements from various countries are evaluated. These requirements are used as the goals of the communication processes. Different approaches at tactical and operational level are evaluated to determine if they can meet the strategic level requirements. It was found that the requirements are not met by most of the evaluated approaches. The Bornman Framework for ISRM Methodology Evaluation (BFME) is presented. It allows organisations to evaluate ISRM methodologies at operational level against the requirements of strategic management. This framework caters for the ability of ISRM methodologies to be adapted to organisational requirements. Developed scales allow for a qualitative comparison between different methodologies. The BFME forms the basis of the Bornman Framework for ISRM Information Communication (BFIC). This communication framework communicates the status of each ISRM component. This framework can be applied to any ISRM methodology after it has been evaluated by the BFME. The Bornman Risk Console (BRC) provides a practical implementation of the BFIC. The prototype utilises an existing ISRM methodology’s approach and provides decision-enabling risk information to top level management. By implementing the BRC and following the processes of the BFME and BFIC the differences in the approaches at each managerial level in different organisational structures are negated. These frameworks and prototype provide a holistic communication framework that can be implemented in any organisation. / Prof. L. Labuschagne
risk management
information technology security measures
computer security management
813

Information security of a bluetooth-enabled handheld device

Tvrz, Frankie 16 November 2009 (has links)
M.Tech. / Mobile handheld devices are moving from being peripheral devices and are now fulfilling functionality provided by laptops and desktops. The capability and functionality of handheld devices have improved. This makes the devices more prominent within public and private environments, allowing information to be processed inside and outside of the organisation’s network. Of all mobile handheld devices, the personal digital assistant (PDA) is seen to be more robust and powerful, increasing its use and popularity among users. PDAs offer wireless connectivity like Bluetooth and operate with multiple operating systems, also allowing them to be considered as a private or organisational enterprise tool. Bluetooth connectivity allows workers to access information anywhere, including both personal and corporate information. Software and applications have been specifically developed for handheld devices such as PDAs, giving users a high level of usability and functionality. The purpose of this dissertation is to present an information security evaluation of a Bluetooth-enabled handheld device, such as a PDA. The use of Bluetooth wireless technology and functionality provides added benefits, but also brings new information security threats to an organisation’s information assets. The research attempts to understand the implications of using a Bluetooth-enabled handheld device in both public and private environments. Five high-level layers are defined for this discussion. Information security risks are evaluated based on current research into vulnerabilities, attacks and tools that exist to compromise a Bluetooth-enabled handheld device. A Bluetooth penetration testing methodology is suggested for the identified vulnerabilities, attacks and tools, where a practical assessment is performed for a critical analysis of the information security mechanisms implemented by the Bluetooth-enabled handheld device (PDA). Possible recommendations to mitigate identified information security risks are also made. This study motivates the necessity of understanding the risks presented by a mobile workforce using Bluetooth connectivity in mobile handheld devices which can be used in both private and public environments.
814

Constructing Secure MapReduce Framework in Cloud-based Environment

Wang, Yongzhi 27 March 2015 (has links)
MapReduce, a parallel computing paradigm, has been gaining popularity in recent years as cloud vendors offer MapReduce computation services on their public clouds. However, companies are still reluctant to move their computations to the public cloud due to the following reason: In the current business model, the entire MapReduce cluster is deployed on the public cloud. If the public cloud is not properly protected, the integrity and the confidentiality of MapReduce applications can be compromised by attacks inside or outside of the public cloud. From the result integrity’s perspective, if any computation nodes on the public cloud are compromised,thosenodes can return incorrect task results and therefore render the final job result inaccurate. From the algorithmic confidentiality’s perspective, when more and more companies devise innovative algorithms and deploy them to the public cloud, malicious attackers can reverse engineer those programs to detect the algorithmic details and, therefore, compromise the intellectual property of those companies. In this dissertation, we propose to use the hybrid cloud architecture to defeat the above two threats. Based on the hybrid cloud architecture, we propose separate solutions to address the result integrity and the algorithmic confidentiality problems. To address the result integrity problem, we propose the Integrity Assurance MapReduce (IAMR) framework. IAMR performs the result checking technique to guarantee high result accuracy of MapReduce jobs, even if the computation is executed on an untrusted public cloud. We implemented a prototype system for a real hybrid cloud environment and performed a series of experiments. Our theoretical simulations and experimental results show that IAMR can guarantee a very low job error rate, while maintaining a moderate performance overhead. To address the algorithmic confidentiality problem, we focus on the program control flow and propose the Confidentiality Assurance MapReduce (CAMR) framework. CAMR performs the Runtime Control Flow Obfuscation (RCFO) technique to protect the predicates of MapReduce jobs. We implemented a prototype system for a real hybrid cloud environment. The security analysis and experimental results show that CAMR defeats static analysis-based reverse engineering attacks, raises the bar for the dynamic analysis-based reverse engineering attacks, and incurs a modest performance overhead.
Security
MapReduce
Cloud Computing
Integrity
Confidentiality
Information Security
815

Governing information security within the context of "bring your own device" in small, medium and micro enterprises

Fani, Noluvuyo January 2017 (has links)
Throughout history, information has been core to the communication, processing and storage of most tasks in the organisation, in this case in Small-Medium and Micro Enterprises (SMMEs). The implementation of these tasks relies on Information and Communication Technology (ICT). ICT is constantly evolving, and with each developed ICT, it becomes important that organisations adapt to the changing environment. Organisations need to adapt to the changing environment by incorporating innovative ICT that allows employees to perform their tasks with ease anywhere and anytime, whilst reducing the costs affiliated with the ICT. In this modern, performing tasks with ease anywhere and anytime requires that the employee is mobile whilst using the ICT. As a result, a relatively new phenomenon called “Bring Your Own Device” (BYOD) is currently infiltrating most organisations, where personally-owned mobile devices are used to access organisational information that will be used to conduct the various tasks of the organisation. The use of BYOD in organisations breeds the previously mentioned benefits such as performing organisational tasks anywhere and anytime. However, with the benefits highlighted for BYOD, organisations should be aware that there are risks to the implementation of BYOD. Therefore, the implementation of BYOD deems that organisations should implement BYOD with proper management thereof.
Data protection
Computer security -- Management
Computer networks -- Security measures
816

MISSTEV : model for information security shared tacit espoused values

Thomson, Kerry-Lynn January 2007 (has links)
One of the most critical assets in most organisations is information. It is often described as the lifeblood of an organisation. For this reason, it is vital that this asset is protected through sound information security practices. However, the incorrect and indifferent behaviour of employees often leads to information assets becoming vulnerable. Incorrect employee behaviour could have an extremely negative impact on the protection of information. An information security solution should be a fundamental component in most organisations. It is, however, possible for an organisation to have the most comprehensive physical and technical information security controls in place, but the operational controls, and associated employee behaviour, have not received much consideration. Therefore, the issue of employee behaviour must be addressed in an organisation to assist in ensuring the protection of information assets. The corporate culture of an organisation is largely responsible for the actions and behaviour of employees. Therefore, to address operational information security controls, the corporate culture of an organisation should be considered. To ensure the integration of information security into the corporate culture of an organisation, the protection of information should become part of the way the employees conduct their everyday tasks – from senior management, right throughout the entire organisation. Therefore, information security should become an integral component of the corporate culture of the organisation. To address the integration of information security into the corporate culture of an organisation, a model was developed which depicted the learning stages and modes of knowledge creation necessary to transform the corporate culture into one that is information security aware.
Computer security -- Management
Data protection
817

Educating users about information security by means of game play

Monk, Thomas Philippus January 2011 (has links)
Information is necessary for any business to function. However, if one does not manage one’s information assets properly then one’s business is likely to be at risk. By implementing Information Security controls, procedures, and/or safeguards one can secure information assets against risks. The risks of an organisation can be mitigated if employees implement safety measures. However, employees are often unable to work securely due to a lack of knowledge. This dissertation evaluates the premise that a computer game could be used to educate employees about Information Security. A game was developed with the aim of educating employees in this regard. If people were motivated to play the game, without external motivation from an organisation, then people would also, indirectly, be motivated to learn about Information Security. Therefore, a secondary aim of this game was to be self-motivating. An experiment was conducted in order to test whether or not these aims were met. The experiment was conducted on a play test group and a control group. The play test group played the game before completing a questionnaire that tested the information security knowledge of participants, while the control group simply completed the questionnaire. The two groups’ answers were compared in order to obtain results. This dissertation discusses the research design of the experiment and also provides an analysis of the results. The game design will be discussed which provides guidelines for future game designers to follow. The experiment indicated that the game is motivational, but perhaps not educational enough. However, the results suggest that a computer game can still be used to teach users about Information Security. Factors that involved consequence and repetition contributed towards the educational value of the game, whilst competitiveness and rewards contributed to the motivational aspect of the game.
Computer security
Educational games -- Design
Computer networks -- Security measures
818

Corporate information risk : an information security governance framework

Posthumus, Shaun Murray January 2006 (has links)
Information Security is currently viewed from a technical point of view only. Some authors believe that Information Security is a process that involves more than merely Risk Management at the department level, as it is also a strategic and potentially legal issue. Hence, there is a need to elevate the importance of Information Security to a governance level through Information Security Governance and propose a framework to help guide the Board of Directors in their Information Security Governance efforts. IT is a major facilitator of organizational business processes and these processes manipulate and transmit sensitive customer and financial information. IT, which involves major risks, may threaten the security if corporate information assets. Therefore, IT requires attention at board level to ensure that technology-related information risks are within an organization’s accepted risk appetite. However, IT issues are a neglected topic at board level and this could bring about enronesque disasters. Therefore, there is a need for the Board of Directors to direct and control IT-related risks effectively to reduce the potential for Information Security breaches and bring about a stronger system of internal control. The IT Oversight Committee is a proven means of achieving this, and this study further motivates the necessity for such a committee to solidify an organization’s Information Security posture among other IT-related issues.
Computer security
819

Governing information security using organisational information security profiles

Tyukala, Mkhululi January 2007 (has links)
The corporate scandals of the last few years have changed the face of information security and its governance. Information security has been elevated to the board of director level due to legislation and corporate governance regulations resulting from the scandals. Now boards of directors have corporate responsibility to ensure that the information assets of an organisation are secure. They are forced to embrace information security and make it part of business strategies. The new support from the board of directors gives information security weight and the voice from the top as well as the financial muscle that other business activities experience. However, as an area that is made up of specialist activities, information security may not easily be comprehended at board level like other business related activities. Yet the board of directors needs to provide oversight of information security. That is, put an information security programme in place to ensure that information is adequately protected. This raises a number of challenges. One of the challenges is how can information security be understood and well informed decisions about it be made at the board level? This dissertation provides a mechanism to present information at board level on how information security is implemented according to the vision of the board of directors. This mechanism is built upon well accepted and documented concepts of information security. The mechanism (termed An Organisational Information Security Profile or OISP) will assist organisations with the initialisation, monitoring, measuring, reporting and reviewing of information security programmes. Ultimately, the OISP will make it possible to know if the information security endeavours of the organisation are effective or not. If the information security programme is found to be ineffective, The OISP will facilitate the pointing out of areas that are ineffective and what caused the ineffectiveness. This dissertation also presents how the effectiveness or ineffctiveness of information security can be presented at board level using well known visualisation methods. Finally the contribution, limits and areas that need more investigation are provided.
Data protection
Computer security -- Management
Computer networks -- Security measures
820

The establishment of a mobile phone information security culture: linking student awareness and behavioural intent

Bukelwa, Ngoqo January 2014 (has links)
The information security behaviour of technology users has become an increasingly popular research area as security experts have come to recognise that while securing technology by means of firewalls, passwords and offsite backups is important, such security may be rendered ineffective if the technology users themselves are not information security conscious. The mobile phone has become a necessity for many students but, at the same time, it exposes them to security threats that may result in a loss of information. Students in developing countries are at a disadvantage because they have limited access to information relating to information security threats, unlike their counterparts in more developed societies who can readily access this information from sources like the Internet. The developmental environment is plagued with challenges like access to the Internet or limited access to computers. The poor security behaviour exhibited by student mobile phone users, which was confirmed by the findings of this study, is of particular interest in the university context as most undergraduate students are offered a computer-related course which covers certain information security-related principles. During the restructuring of the South African higher education system, smaller universities and technikons (polytechnics) were merged to form comprehensive universities. Thus, the resultant South African university landscape is made up of traditional and comprehensive universities as well as universities of technology. Ordinarily, one would expect university students to have similar profiles. However in the case of this study, the environment was a unique factor which had a direct impact on students’ learning experiences and learning outcomes. Mbeki (2004) refers to two economies within South Africa the first one is financially sound and globally integrated, and the other found in urban and rural areas consists of unemployed and unemployable people who do not benefit from progress in the first economy. Action research was the methodological approach which was chosen for the purposes of this study to collect the requisite data among a population of university students from the ‘second economy’. The study focuses on the relationship between awareness and behavioural intention in understanding mobile phone user information security behaviour. The study concludes by proposing a behaviour profile forecasting framework based on predefined security behavioural profiles. A key finding of this study is that the security behaviour exhibited by mobile phone users is influenced by a combination of information security awareness and information security behavioural intention, and not just information security awareness.
Information safety

Page generated in 0.0684 seconds