Safety as a priority at shopping centres in Gauteng: an assessment of existing security measures

Lutchminarain, Natasha

02 1900

Text in English / Violent crime and more specifically armed robberies constitute a growing threat to shopping centres in terms of their vulnerability to such criminal acts. These violent crimes are becoming ever more organised and sophisticated. Shopping centres across South Africa have become the latest targets for these syndicates. Due to the increasing number of armed robberies and violent crimes at shopping centres and the nature of violence used in these attacks, it points to a need for improvements to be made to the security measures that are in place at shopping centres. This study explored the risks and vulnerabilities at shopping centres that have led to the phenomenon of armed robberies at shopping centres in Gauteng; evaluated the current physical protection systems that are in place at shopping centres in Gauteng in order to assist with the reduction of shopping centre armed robberies; and recommendations were made for the implementation of effective security risk control measures at shopping centre’s across South Africa and specifically the province of Gauteng. Self-administered questionnaire surveys were used to explore the phenomenon from the perspectives of both retail employees and customers. The data collected from the questionnaires, utilising the non-experimental research design, were quantitatively analysed. Based on the findings from the study recommendations for the improvement of shopping centre security were formulated along with recommendations for future research. / Security Risk Management / M.Tech. (Security Management)

Shopping centre

Shopping mall

Mall

Armed robbery

Violent crimes

Security measures

Security risk control measures

Retail employee

Customer

Retail

363.289096822

Um framework para desenvolvimento e implementação de sistemas seguros baseados em hardware / A framework for development and implementation of secure hardware-based systems

Gallo Filho, Roberto Alves, 1978-

20 April 2004

Orientador : Ricardo Dahab. / Tese (doutorado) - Universidade Estadual de Campinas, Instituto de Computação / Made available in DSpace on 2018-08-21T17:02:27Z (GMT). No. of bitstreams: 1 GalloFilho_RobertoAlves_D.pdf: 5999506 bytes, checksum: 6ef66e76246dddb7de30593abff60bc5 (MD5) Previous issue date: 2012 / Resumo A concepção de sistemas seguros demanda tratamento holístico, global. A razão é que a mera composição de componentes individualmente seguros não garante a segurança do conjunto resultante2. Enquanto isso, a complexidade dos sistemas de informação cresce vigorosamente, dentre outros, no que se diz respeito: i) ao número de componentes constituintes; ii) ao número de interações com outros sistemas; e iii) 'a diversidade de natureza dos componentes. Este crescimento constante da complexidade demanda um domínio de conhecimento ao mesmo tempo multidisciplinar e profundo, cada vez mais difícil de ser coordenado em uma única visão global, seja por um indivíduo, seja por uma equipe de desenvolvimento. Nesta tese propomos um framework para a concepção, desenvolvimento e deployment de sistemas baseados em hardware que é fundamentado em uma visão única e global de segurança. Tal visão cobre um espectro abrangente de requisitos, desde a integridade física dos dispositivos até a verificação, pelo usuário final, de que seu sistema está logicamente íntegro. Para alcançar este objetivo, apresentamos nesta tese o seguinte conjunto de componentes para o nosso framework: i) um conjunto de considerações para a construção de modelos de ataques que capturem a natureza particular dos adversários de sistemas seguros reais, principalmente daqueles baseados em hardware; ii) um arcabouço teórico com conceitos e definições importantes e úteis na construção de sistemas seguros baseados em hardware; iii) um conjunto de padrões (patterns) de componentes e arquiteturas de sistemas seguros baseados em hardware; iv) um modelo teórico, lógico-probabilístico, para avaliação do nível de segurança das arquiteturas e implementações; e v) a aplicação dos elementos do framework na implementação de sistemas de produção, com estudos de casos muito significativos3. Os resultados relacionados a estes componentes estão apresentados nesta tese na forma de coletânea de artigos. 2 Técnicas "greedy" não fornecem necessariamente os resultados ótimos. Mais, a presença de componentes seguros não é nem fundamental. 3 Em termos de impacto social, econômico ou estratégico / Abstract: The conception of secure systems requires a global, holistic, approach. The reason is that the mere composition of individually secure components does not necessarily imply in the security of the resulting system4. Meanwhile, the complexity of information systems has grown vigorously in several dimensions as: i) the number of components, ii) the number of interactions with other components, iii) the diversity in the nature of the components. This continuous growth of complexity requires from designers a deep and broad multidisciplinary knowledge, which is becoming increasingly difficult to be coordinated and attained either by individuals or even teams. In this thesis we propose a framework for the conception, development, and deployment of secure hardware-based systems that is rooted on a unified and global security vision. Such a vision encompasses a broad spectrum of requirements, from device physical integrity to the device logical integrity verification by humans. In order to attain this objective we present in this thesis the following set of components of our framework: i) a set of considerations for the development of threat models that captures the particular nature of adversaries of real secure systems based on hardware; ii) a set of theoretical concepts and definitions useful in the design of secure hardware-based systems; iii) a set of design patterns of components and architectures for secure systems; iv) a logical-probabilistic theoretical model for security evaluation of system architectures and implementations; and v) the application of the elements of our framework in production systems with highly relevant study cases. Our results related to these components are presented in this thesis as a series of papers which have been published or submitted for publication. 4Greedy techniques do not inevitably yield optimal results. More than that, the usage of secure components is not even required / Doutorado / Ciência da Computação / Doutor em Ciência da Computação

Proteção de dados

Sistemas de segurança

Data protection

Computer networks - Security measures

Security systems

A validated information privacy governance questionnaire to measure the perception of how effective privacy is governed in a financial institution in the South African context

Swartz, Paulus

04 1900

The general aim of this research is to develop a conceptual privacy governance framework (CPGF) that can be used to develop a valid and reliable information privacy governance questionnaire (IPGQ) to assess the perception of employees of how effective the organisation governs privacy. The CPGF was developed to incorporate a comprehensive set of privacy components that could assist management in governing privacy across an organisation. IPGQ statements were derived from the theory of the sub-components of CPGF, evaluated by an expert panel and pre-tested by a pilot group. A quantitative mono method research was followed using a survey questionnaire to collect data in a financial institution in South Africa. Exploratory Factor Analysis (EFA) was used to determine the underlying factorial structure and the Cronbach Alpha was used to establish the internal reliability of the factors. From the initial item reduction of the constructs, four factors were derived to test the privacy perception of employees. The IPGQ consisted of 49 valid and reliable questions. One-way Analysis of Variance (ANOVA) was used, and three significant differences were discovered among the demographical groups for the age groups and two for the employment status groups (organisational commitment and privacy controls). The CPGF and IPGQ can aid organisations to determine if organisations are effectively governing the privacy in the organisations in order to assist them in meeting the accountability condition of the Protection of Personal Information Act (POPIA). / Computing / M. Sc. (Information Systems)

005.8

Computer networks -- Security measures

Privacy, Right of -- South Africa

Data protection -- South Africa

A secure mobile agent e-commerce protocol

Yu, Min-Chieh

09 December 2015

Indiana University-Purdue University Indianapolis (IUPUI) / There are many advantages of mobile agent such as delegation of tasks, asynchronous processing, adaptable service in interfaces, and code shipping. Mobile agents can be utilized in many areas such as electronic commerce, information retrieval, network management, etc. The main problem with mobile agents is security. The three basic security design goals of a system are confidentiality, integrity, and availability. The goal of this thesis concerns the property of secure purchasing by mobile agents. First present Jalal's anonymous authentication protocol. Next, we construct our single mobile agent protocol based on Jalal's authentication technique. Also, we add some addition cryptography techniques to make the data more secure during its migration. Lastly, we build a multiple mobile agent protocol based on the single mobile agent protocol. Here, the multiple mobile agents are capable to make the decision and purchase the item for user.

Mobile Agent

E-commerce

Electronic commerce -- Purchasing

Mobile commerce -- Cryptography

Computer security -- Research

Investigation and development of a system for secure synchronisation in a wireless mesh network

De Bruyn, Daniel Nicholas

January 2010

Thesis (M. Tech.(Electrical Engineering)) -- Central University of technology, Free State, 2010 / This dissertation gives an overview of the research done in developing a protocol to synchronise information in a secure wireless mesh network. Alternative methods to control wireless devices were investigated in the non-controlled frequency spectrum. The aim of the research was to develop a protocol that can be loaded on a micro-controller with limited intelligence, controlling endpoints. The protocol minimises human interference and automatically negotiates which device becomes the master controller. The device is able to discover and locate neighbour devices in range. The device has the capability to be stationary or mobile and host multiple control endpoints. Control endpoints can be digital or analogue, input or output, and belongs to a group like security, lighting or irrigation. These capabilities can change according to the solution’s requirements. Control endpoints with the same capabilities must be able to establish a connection between each other. An endpoint has a user-friendly name and can update the remote endpoint with the description. When a connection is established both endpoints update each other with their user-friendly name and their status. A local endpoint can trigger a certain action on a receiving control point. The system was tested with a building monitoring system because it is static and a less expensive choice, thus making the evaluation more suitable. A simulator for a personal computer was developed to evaluate the new protocol. Finally, the protocol was implemented and tested on a micro-controller platform.

Computer networks - Security measures

Computer network protocols

Synchronization

Addressing the incremental risks associated with social media by using the cobit 5 control framework

Gerber, Petro

04 1900

Thesis (MComm)--Stellenbosch University, 2015. / ENGLISH ABSTRACT: Social media offers great opportunities for businesses and the use thereof will increase competitiveness. However, social media also introduce significant risks to those who adopt it. A business can use existing IT governance control framework to address the risks introduced by social media. However a business should combine existing control frameworks for adequate and complete IT governance. This study was undertaken to help businesses to identify incremental risks resulting from the adoption of social media and to develop an integrated IT governance control framework to address these risks both at strategic and operational level. With the help of the processes in COBIT 5, this study provides safeguards or controls which can be implemented to address the IT risks that social media introduce to a business. By implementing the safeguards and controls identified from COBIT 5, a business ensures that they successfully govern the IT related risks at strategic level. This study also briefly discuss the steps that a business can follow to ensure IT related risks at operational level is addressed through the implementation of configuration controls. / AFRIKAANSE OPSOMMING: Sosiale media bied groot geleenthede vir besighede en die gebruik daarvan sal mededingendheid verhoog. Sosiale media hou ook egter beduidende risiko's in vir diegene wat dit aanneem. 'n Besigheid kan bestaande Informasie Tegnologie (IT) kontrole raamwerke gebruik om die risiko's wat ontstaan as gevolg van die gebruik van sosiale media aan te spreek. Vir voldoende en volledige IT korporatiewe beheer moet 'n besigheid egter bestaande kontrole raamwerke kombineer. Hierdie studie is onderneem om besighede te help om die toenemende risiko's wat ontstaan as gevolg van die gebruik van die sosiale media, te identifiseer en om 'n geïntegreerde IT kontrole raamwerk te ontwikkel om hierdie risiko's op strategiese sowel as operasionele vlak aan te spreek. Met die hulp van die prosesse in COBIT 5 voorsien hierdie studie voorsorgmaatreëls of kontroles wat geïmplementeer kan word om die IT-risiko's waaraan die besigheid, deur middel van sosiale media blootgestel is, aan te spreek. Deur die implementering van die voorsorgmaatreëls en kontroles soos geïdentifiseer uit COBIT 5, verseker ʼn besigheid dat hulle die IT-verwante risiko's op strategiese vlak suksesvol beheer. Hierdie studie bespreek ook kortliks die stappe wat 'n besigheid kan volg om te verseker dat IT-verwante risiko's op operasionele vlak aangespreek word deur die implementering van konfigurasie kontroles.

Social media risks

UCTD

Social media

Computer security

Social media -- Security measures

Risk management

A structured approach to the identification of the significant risks related to enterprise mobile solutions at a mobile technology component level

Sahd, Lize-Marie

04 1900

Thesis (MComm)--Stellenbosch University, 2015. / ENGLISH ABSTRACT: The consumerisation of mobile technology is driving the mobile revolution and enterprises are forced to incorporate mobile solutions into their business processes in order to remain competitive. While there are many benefits relating to the investment in and use of mobile technology, significant risks are also being introduced into the business. The fast pace of technological innovation and the rate of adoption of mobile technology by employees has, however, created an environment where enterprises are deploying mobile solutions on an ad hoc basis. Enterprises are only addressing the risks as they are occurring and resulting in losses. The key contributing factor to this lack of governance and management is the fact that those charged with governance do not understand the underlying mobile technology components. The purpose of this research is to improve the understanding of the underlying components of mobile technology. The research further proposes to use this understanding to identify the significant risks related to mobile technology and to formulate appropriate internal controls to address these risks. The findings of the research identified the following underlying components of mobile technology: mobile devices; mobile infrastructure, data delivery mechanisms and enabling technologies; and mobile applications. Based on an understanding of the components and subcategories of mobile technology, a control framework was used to identify the significant risks related to each component and subcategory. The significant risks identified included both risks to the users (including interoperability, user experience, connectivity and IT support) as well as risks to the enterprise’s strategies (including continuity, security, cost and data ownership). The research concludes by formulating internal controls that the enterprise can implement to mitigate the significant risks. This resulted in two matrixes that serve as quick-reference guides to enterprises in the identification of significant risks at an enterprise specific mobile technology component level, as well as the relevant internal controls to consider. The matrixes also assist enterprises in determining the best mobile solutions to deploy in their business, given their strategies, risk evaluation and control environment. / AFRIKAANSE OPSOMMING: Die mobiele revolusie word deur die verbruiker van mobiele tegnologie aangedryf en, ten einde kompeterend te bly, word ondernemings gedwing om mobiele tegnologie in hul besigheidsprosesse te implementeer. Terwyl daar baie voordele verbonde is aan die investering in en gebruik van mobiele tegnologie, word die besigheid egter ook blootgestel aan wesenlike risiko’s. Die vinnige tempo waarteen mobiele tegnologie ontwikkel en deur werknemers aangeneem word, het egter ʼn omgewing geskep waarin ondernemings mobiele tegnologie op ʼn ad hoc basis ontplooi. Besighede spreek eers die risiko’s aan nadat dit reeds voorgekom het en verliese as gevolg gehad het. Die hoof bydraende faktor tot die tekort aan beheer en bestuur van mobiele tegnologie is die feit dat diegene verantwoordelik vir beheer, nie onderliggend mobiele tegnologie komponente verstaan nie. Die doel van hierdie navorsing is om die begrip van die onderliggende komponente van mobiele tegnologie te verbeter. Die navorsing poog verder om die wesenlike risiko’s verbonde aan mobiele tegnologie te identifiseer en om toepaslike interne beheermaatreëls te formuleer wat die risiko’s sal aanspreek. Die bevindinge van die navorsing het die volgende onderliggende komponente van mobiele tegnologie geïdentifiseer: mobiele toestelle; mobiele infrastruktuur, data afleweringsmeganismes, en bemagtigende tegnologieë; en mobiele toepassings. Gebaseer op ʼn begrip van die komponente en subkategorieë van mobiele tegnologie, is ʼn kontrole raamwerk gebruik om die wesenlike risiko’s verbonde aan elke komponent en subkategorie van die tegnologie, te identifiseer. Die wesenlike risiko’s sluit beide risiko’s vir die gebruiker (insluitend kontinuïteit, gebruikerservaring, konnektiwiteit en IT ondersteuning) sowel as risiko’s vir die onderneming se strategieë (insluitend kontinuïteit, sekuriteit, koste en data eienaarskap) in. Die navorsing sluit af met die formulering van die beheermaatreëls wat geïmplementeer kan word om die wesenlike risiko’s aan te spreek. Dit het gelei tot twee tabelle wat as vinnige verwysingsraamwerke deur ondernemings gebruik kan word in die identifisering van wesenlike risiko’s op ʼn onderneming-spesifieke tegnologie komponentvlak asook die oorweging van relevante interne beheermaatreëls. Die tabelle help ondernemings ook om die beste mobiele tegnologie vir hul besigheid te implementeer, gebaseer op hul strategie, risiko evaluering en beheeromgewing.

Mobile computing

Mobile communication systems

Mobile computing -- Security measures

Computer security

Mobile computing -- Risk management

UCTD

The Burner Project: Privacy and Social Control in a Networked World

Shade, Molly

05 1900

As mobile phones become increasingly ubiquitous in today’s world, academic and public audiences alike are curious about the interaction between mobile technologies and social norms. To investigate this phenomenon, I examined how individuals use technology to actively manage their communication behaviors. Through a three-month research project on usage patterns of Burner, a mobile application, this thesis explores the relationships among technology, culture, and privacy. Burner is a service that equips individuals with the means to create, maintain, and/or dissolve social ties by providing temporary, disposable numbers to customers. The application offers a way to communicate without relying on a user’s personal phone number. In other words, Burner acts as a “privacy layer” for mobile phones. It also provides a valuable platform to examine how customers use the application as a strategy for communication management. This thesis represents a marriage of practice and theory: (1) As an applied enterprise, the project was constructed as a customer needs assessment intending to examine how the service was situated in the lives of its users. The findings have successfully been applied to my client’s company strategy and have led to a more informed customer approach. (2) As an academic endeavor, this research contributes to existing scholarship in anthropology, computer-mediated communication, privacy, and design. The results provide rich fodder for discussions about the impact of mobile communication and services.

design anthropology

privacy

technical communication

computer mediated communication

cultural anthropology

Social norms.

Privacy, Right of.

An uncertainty-aware reputation system in mobile networks: analysis and applications

Unknown Date

Many emerging mobile networks aim to provide wireless network services without relying on any infrastructure. The main challenge in these networks comes from their self-organized and distributed nature. There is an inherent reliance on collaboration among the participants in order to achieve the aimed functionalities. Therefore, establishing and quantifying trust, which is the driving force for collaboration, is important for applications in mobile networks. This dissertation focuses on evaluating and quantifying trust to stimulate collaboration in mobile networks, introducing uncertainty concepts and metrics, as well as providing the various analysis and applications of uncertainty-aware reputation systems. Many existing reputation systems sharply divide the trust value into right or wrong, thus ignoring another core dimension of trust: uncertainty. As uncertainty deeply impacts a node's anticipation of others' behavior and decisions during interaction, we include it in the reputation system. Specifically, we use an uncertainty metric to directly reflect a node's confidence in the sufficiency of its past experience, and study how the collection of trust information may affect uncertainty in nodes' opinions. Higher uncertainty leads to higher transaction cost and reduced acceptance of communication. We exploit mobility to efficiently reduce uncertainty and to speed up trust convergence. We also apply the new reputation system to enhance the analysis of the interactions among mobile nodes, and present three sample uncertainty-aware applications. We integrate the uncertainty-aware reputation model with game theory tools, and enhance the analysis on interactions among mobile nodes. / Instead of reactively protecting the mobile networks from existing attacks as in the traditional security paradigms, the analysis in this dissertation gives more insights on nodes' rationality in the interaction, which will enable the mechanism design in mobile networks to be security and incentive compatible. Moreover, we present three sample applications, in which we clearly identify the challenges, specifically formalize the problems, and cleverly employ the uncertainty mitigation schemes. These applications show that the uncertainty definition and mitigation schemes can benefit a broad range of applications, including fields such as security, network services, and routing. / by Feng Li. / Vita. / Thesis (Ph.D.)--Florida Atlantic University, 2009. / Includes bibliography. / Electronic reproduction. Boca Raton, Fla., 2009. Mode of access: World Wide Web.

Computer network architectures

Mobile computing

Implementation of the IEEE 1609.2 WAVE Security Services Standard

Unknown Date

This work presents the implementation of the the IEEE 1609.2 WAVE Security Services Standard. This implementation provides the ability to generate a message signature, along with the capability to verify that signature for wave short messages transmitted over an unsecured medium. Only the original sender of the message can sign it, allowing for the authentication of a message to be checked. As hashing is used during the generation and verification of signatures, message integrity can be verified because a failed signature verification is a result of a compromised message. Also provided is the ability to encrypt and decrypt messages using AES-CCM to ensure that sensitive information remains safe and secure from unwanted recipients. Additionally this implementation provides a way for the 1609.2 specific data types to be encoded and decoded for ease of message transmittance. This implementation was built to support the Smart Drive initiative’s VANET testbed, supported by the National Science Foundation and is intended to run on the Vehicular Multi-technology Communication Device (VMCD) that is being developed. The VMCD runs on the embedded Linux operating system and this implementation will reside inside of the Linux kernel. / Includes bibliography. / Thesis (M.S.)--Florida Atlantic University, 2016. / FAU Electronic Theses and Dissertations Collection

Expert systems (Computer science)

Wireless LANs

Wireless sensor networks