Global ETD Search

131	Navigating between information security management documents : a modeling methodology Domingues, Steve January 2010 (has links) Organizations no longer draft their own standards. Instead, organizations take advantage of the available international standards. One standard may not cover all the organization's needs, requiring organizations to implement more than one standard. The same aspect in an organization may be covered by two or more standards, creating an overlap. An awareness of such overlaps led to various institutions creating mapping documents illustrating how a control from one standard relates to a control from a different standard. The mapping documents are consulted by the end user, to identify how a control in one standard may relate to other standards. This allows the end user to navigate between the standards documents. These mapping documents are valuable to a person who wishes to grasp how different standards deal with a specific control. However, the navigation between standards is a cumbersome task. In order to navigate between the standards the end user is required to consult three or more documents, depending on the number of standards that are mapped to the control being investigated. The need for a tool that will provide fast and efficient navigation between standards was identified. The data tier of the tool is the focus of this dissertation. As a result, this research proposes a modeling methodology that will allow for the modeling of the standards and the information about the mapping between standards, thereby contributing to the creation of tools to aid in the navigation between standards. A comparison between the major data modeling paradigms identifies multi-dimensional modeling as the most appropriate technique to model standards. Adapting an existing modeling methodology to cater for the modeling standards, yield a five step standard modeling methodology. Once modeled, the standards can be physically implemented as a database. The database schema that results from the standard modeling methodology adheres to a specific pattern and can thus be expressed according to well-defined meta-model. This allows for the generation of SQL statements by a tool with limited knowledge of the standards in a way that allows the quick navigation between standards. To determine the usefulness of the standards modeling methodology the research presents iv a prototype that utilizes the well-defined meta-model to navigate between standards. It is shown that, as far as navigation is concerned, no code changes are necessary when adding a new standard or new mappings between standards. This research contributes to the creation of a tool that can easily navigate between standards by providing the ability to model the data tier in such a way that it is extensible, yet remains independent of the application and presentation tiers. Computer security -- Management Business -- Standards
132	A national strategy towards cultivating a cybersecurity culture in South Africa Gcaza, Noluxolo January 2017 (has links) In modern society, cyberspace is interwoven into the daily lives of many. Cyberspace is increasingly redefining how people communicate as well as gain access to and share information. Technology has transformed the way the business world operates by introducing new ways of trading goods and services whilst bolstering traditional business methods. It has also altered the way nations govern. Thus individuals, organisations and nations are relying on this technology to perform significant functions. Alongside the positive innovations afforded by cyberspace, however, those who use it are exposed to a variety of risks. Cyberspace is beset by criminal activities such as cybercrime, fraud, identity theft to name but a few. Nonetheless, the negative impact of these cyber threats does not outweigh the advantages of cyberspace. In light of such threats, there is a call for all entities that reap the benefits of online services to institute cybersecurity. As such, cybersecurity is a necessity for individuals, organisations and nations alike. In practice, cybersecurity focuses on preventing and mitigating certain security risks that might compromise the security of relevant assets. For a long time, technology-centred measures have been deemed the most significant solution for mitigating such risks. However, after a legacy of unsuccessful technological efforts, it became clear that such solutions in isolation are insufficient to mitigate all cyber-related risks. This is mainly due to the role that humans play in the security process, that is, the human factor. In isolation, technology-centred measures tend to fail to counter the human factor because of the perception among many users that security measures are an obstacle and consequently a waste of time. This user perception can be credited to the perceived difficulty of the security measure, as well as apparent mistrust and misinterpretation of the measure. Hence, cybersecurity necessitates the development of a solution that encourages acceptable user behaviour in the reality of cyberspace. The cultivation of a cybersecurity culture is thus regarded as the best approach for addressing the human factors that weaken the cybersecurity chain. While the role of culture in pursuing cybersecurity is well appreciated, research focusing on defining and measuring cybersecurity culture is still in its infancy. Furthermore, studies have shown that there are no widely accepted key concepts that delimit a cybersecurity culture. However, the notion that such a culture is not well-delineated has not prevented national governments from pursuing a culture in which all citizens behave in a way that promotes cybersecurity. As a result, many countries now offer national cybersecurity campaigns to foster a culture of cybersecurity at a national level. South Africa is among the nations that have identified cultivating a culture of cybersecurity as a strategic priority. However, there is an apparent lack of a practical plan to cultivate such a cybersecurity culture in South Africa. Thus, this study sought firstly to confirm from the existing body of knowledge that cybersecurity culture is indeed ill-defined and, secondly, to delineate what constitutes a national cybersecurity culture. Finally, and primarily, it sought to devise a national strategy that would assist SA in fulfilling its objective of cultivating a culture of cybersecurity on a national level. Computer networks -- Security measures Cyberspace -- Security measures Computer security -- South Africa Subculture -- South Africa
133	The computer incident response framework (CIRF) Pieterse, Theron Anton 10 October 2014 (has links) M.Com. (Informatics) / A company’s valuable information assets face many risks from internal and external sources. When these risks are exploited and reports on information assets are made public, it is usually easy to determine which companies had a contingency plan to deal with the various aspects of these “computer incidents”. This study incorporates important factors of computer incidents into a framework which will assists the company in effectively dealing and managing computer incidents when they occur. Computer networks - Security measures Risk management Computer security
134	An incremental approach to a secure e-commerce environment Mapeka, Kgabo Elizabeth 07 October 2014 (has links) M.Sc. (Computer Science) / The terms "Electronic Commerce" and "Internet Commerce" are often used interchangeably to mean similar processes. By definition, electronic commerce (e-commerce) means any exchange of information that occurs electronically. There are various types of electronic commerce transactions to name a few; electronic data interchange (EDI), fax, electronic funds transfer, interorganisational systems, technical data and document exchange, customer credit approval systems, interaction with customers and vendors, etc ([151, p. 27). The term internet commerce evolved with the era of the Internet. It became evident that both business and consumers are gradually conducting business via the Internet. For the purpose of this dissertation the term e-commerce will be used to refer to both electronic commerce and Internet commerce. The aim of this dissertation is to give guidance to organisations or individuals wishing to build a secure electronic commerce environment. This will be achieved by presenting an incremental phase by phase reference model. The model gives guidance on how to establish a network (local area network) with the intention to expand it through various phases to a complete, secure electronic commerce environment in the future. The dissertation will be discussed in the ten chapters outlined below. These chapters are discussed in detail in chapter 1. Chapter 1 sets out the problem addressed in this dissertation, the main objective of the dissertation and its structure. Chapter 2 introduces the framework of the reference model. It presents the different phases of the e-commerce reference model. Chapters 3 to 8 outline the phases of the e-commerce reference model in detail. Electronic commerce - Security measures Information networks - Planning Information networks - Security measures
135	Security protocols for mobile ad hoc networks Davis, Carlton R. January 2006 (has links) No description available.
136	A Security Analysis of Smartphones Verma, Ishita 08 1900 (has links) Indiana University-Purdue University Indianapolis (IUPUI) / This work analyzes and discusses the current security environment of today's (and future) smartphones, and proposes a security model which will reduce smartphone vulnerabilities, preserving privacy, integrity and availability of smartphone native applications to authorized parties. For this purpose, we begin with an overlook of current smartphone security standards, and explore the threats, vulnerabilities and attacks on them, that have been uncovered so far with existing popular smartphones. We also look ahead at the future uses of the smartphones, and the security threats that these newer applications would introduce. We use this knowledge to construct a mathematical model, which gives way to policies that should be followed to secure the smartphone under the model. We finally discuss existing and proposed security mechanisms that can be incorporated in the smartphone architecture to meet the set policies, and thus the set security standards. security model mechanisms security policies Smartphones -- Security measures Mobile computing -- Security measures Data protection
137	Towards a model for ensuring optimal interoperability between the security systems of trading partners in a business-to-business e-commerce context Pather, Maree 25 August 2009 (has links) A vast range of controls/countermeasures exists for implementing security on information systems connected to the Internet. For the practitioner attempting to implement an integrated solution between trading partners operating across the Internet, this has serious implications in respect of interoperability between the security systems of the trading partners. The problem is exacerbated by the range of specification options within each control. This research is an attempt to find a set of relevant controls and specifications towards a framework for ensuring optimal interoperability between trading partners in this context. Since a policy-based, layered approach is advocated, which allows each trading partner to address localized risks independently, no exhaustive risk analysis is attempted. The focus is on infrastructure that is simultaneously optimally secure and provides optimal interoperability. It should also be scalable, allowing for additional security controls to be added whenever deemed necessary. / Computing / M. Sc. (Information Systems) Security Business-to-business e-commerce (B2B) Extranet Interoperability Trading partner 005.71 Computer networks -- Security measures Electronic commerce -- Security measures Electronic data interchange
138	Towards a model for ensuring optimal interoperability between the security systems of trading partners in a business-to-business e-commerce context Pather, Maree 25 August 2009 (has links) A vast range of controls/countermeasures exists for implementing security on information systems connected to the Internet. For the practitioner attempting to implement an integrated solution between trading partners operating across the Internet, this has serious implications in respect of interoperability between the security systems of the trading partners. The problem is exacerbated by the range of specification options within each control. This research is an attempt to find a set of relevant controls and specifications towards a framework for ensuring optimal interoperability between trading partners in this context. Since a policy-based, layered approach is advocated, which allows each trading partner to address localized risks independently, no exhaustive risk analysis is attempted. The focus is on infrastructure that is simultaneously optimally secure and provides optimal interoperability. It should also be scalable, allowing for additional security controls to be added whenever deemed necessary. / Computing / M. Sc. (Information Systems) Security Business-to-business e-commerce (B2B) Extranet Interoperability Trading partner 005.71 Computer networks -- Security measures Electronic commerce -- Security measures Electronic data interchange
139	The governance of significant enterprise mobility security risks Brand, Johanna Catherina 12 1900 (has links) Thesis (MComm)--Stellenbosch University, 2013. / ENGLISH ABSTRACT: Enterprise mobility is emerging as a megatrend in the business world. Numerous risks originate from using mobile devices for business-related tasks and most of these risks pose a significant security threat to organisations’ information. Organisations should therefore apply due care during the process of governing the significant enterprise mobility security risks to ensure an effective process to mitigate the impact of these risks. Information technology (IT) governance frameworks, -models and -standards can provide guidance during this governance process to address enterprise mobility security risks on a strategic level. Due to the existence of the IT gap these risks are not effectively governed on an operational level as the IT governance frameworks, -models and -standards do not provide enough practical guidance to govern these risks on a technical, operational level. This study provides organisations with practical, implementable guidance to apply during the process of governing these risks in order to address enterprise mobility security risks in an effective manner on both a strategic and an operational level. The guidance given to organisations by the IT governance frameworks, -models and -standards can, however, lead to the governance process being inefficient and costly. This study therefore provides an efficient and cost-effective solution, in the form of a short list of best practices, for the governance of enterprise mobility security risks on both a strategic and an operational level. / AFRIKAANSE OPSOMMING: Ondernemingsmobiliteit kom deesdae as ‘n megatendens in die besigheidswêreld te voorskyn. Talle risiko's ontstaan as gevolg van die gebruik van mobiele toestelle vir sake-verwante take en meeste van hierdie risiko's hou 'n beduidende sekuriteitsbedreiging vir organisasies se inligting in. Organisasies moet dus tydens die risikobestuursproses van wesenlike mobiliteit sekuriteitsrisiko’s die nodige sorg toepas om ‘n doeltreffende proses te verseker ten einde die impak van hierdie risiko’s te beperk. Informasie tegnologie (IT)- risikobestuurraamwerke, -modelle en -standaarde kan op ‘n strategiese vlak leiding gee tydens die risikobestuursproses waarin mobiliteit sekuriteitsrisiko’s aangespreek word. As gevolg van die IT-gaping wat bestaan, word hierdie risiko’s nie effektief op ‘n operasionele vlak bestuur nie aangesien die ITrisikobestuurraamwerke, -modelle en -standaarde nie die nodige praktiese leiding gee om hierdie risiko’s op ‘n tegniese, operasionele vlak te bestuur nie. Om te verseker dat organisasies mobiliteit sekuriteitsrisiko’s op ‘n effektiewe manier op beide ‘n strategiese en operasionele vlak bestuur, verskaf hierdie studie praktiese, implementeerbare leiding aan organisasies wat tydens die bestuursproses van hierdie risiko’s toegepas kan word. Die leiding aan organisasies, soos verskaf in die IT-risikobestuurraamwerke, - modelle en -standaarde, kan egter tot’n ondoeltreffende en duur risikobestuursproses lei. Hierdie studie bied dus 'n doeltreffende, koste-effektiewe oplossing, in die vorm van 'n kort lys van beste praktyke, vir die bestuur van die mobiliteit sekuriteitsrisiko’s op beide 'n strategiese en 'n operasionele vlak. Dissertations -- Accountancy Theses -- Accountancy Dissertations -- Computer auditing Theses -- Computer auditing Computer security -- Management Mobile computing -- Security measures
140	The role of risk perception in Internet purchasing behaviour and intention De Villiers, R. R. (Raoul Reenen) 12 1900 (has links) Thesis (MComm.)--Stellenbosch University, 2001. / ENGLISH ABSTRACT: In recent years the importance and number of users of electronic commerce and its medium, the Internet, have grown substantially. Despite this, the Business-to- Consumer sector has shown slow expansion and limited growth, with the majority of consumers slow to adopt the Internet as a medium for purchase. A probable factor affecting the purchasing behaviour of individuals is the perception of risk of a breach in (credit card) security and/or a violation of privacy. The research discussed here indicates that two closely related constructs, namely perceived privacy risk and perceived security risk exerts an influence on the Internet purchasing behaviour of Internet users, and more importantly, the intention to purchase. In addition, the role of social pressures regarding the provision of personal and credit card information is indicated to be of considerable importance. / AFRIKAANSE OPSOMMING: Die afgelope aantal jare het die belangrikheid en gebruik van eletroniese handel en die Internet aansienlik toegeneem. Ongeag hierdie groei het die sektor gemoeid met die handel tussen besighede en verbruikers egter beperkte groei getoon. 'n Waarskynlike rede vir die tendens in Internet aankoop gedrag is die persepsie dat daar 'n risiko is van misbruik van 'n krediet kaart sowel as misbruik en skending van privaatheid. Die studie wat hier bespreek word toon aan dat twee nou verwante kostrukte, naamlik persepsie van sekuriteits- en persepsie van privaatheidsrisiko 'n rol speel in die bepaling van Internet aankoop gedrag, sowel as die intensie om te koop. Verder is die rol van sosiale druk rakende die verskaffing van persoonlike en krediet kaart inligting uitgelig as 'n faktor van uiterste belang. Consumer behavior Electronic commerce -- Security measures Consumer protection Risk Internet -- Security measures Dissertations -- Business management Theses -- Business management

Search results