An investigation of the bombing of automated teller machines (ATMs) with intent to steal cash content : case study from Gauteng

Sewpersad, Sarika

01 1900

An investigation of the bombing of automated teller machines (ATMs) with intent to steal cash contentof ATMs. This is inclusive of the impact on society (banks clients) and banking institutions as well as the danger it poses to the general public and public and private law enforcement personnel. / (M.Tech. (Security Management))

Automated teller machines

Banking equipment

Theft

Security risk management

ATM bombings

Modus operandi

An investigation of the bombing of automated teller machines (ATMs) with intent to steal cash content : case study from Gauteng

Sewpersad, Sarika

01 1900

An investigation of the bombing of automated teller machines (ATMs) with intent to steal cash contentof ATMs. This is inclusive of the impact on society (banks clients) and banking institutions as well as the danger it poses to the general public and public and private law enforcement personnel. / (M.Tech. (Security Management))

Automated teller machines

Banking equipment

Theft

Security risk management

ATM bombings

Modus operandi

An examination of the required operational skills and training standards for a Close Protection Operative in South Africa

Schneider, Gavriel

31 March 2005

The aim of this study was to determine the current operational skills requirements for Close Protection Operatives (CPOs) in South Africa. Operational skills refer to those skills that are vital in order for a CPO to effectively protect a designated person (this person is referred to as the `Principal'). In order to determine any shortcomings in the Close Protection industry, twenty in-depth interviews were conducted with current operational CPOs. A detailed literature review was also done in order to create a solid platform for the research and to assist in the verification of the information. During the research, it was found that the task of providing Close Protection could be divided into various sub-categories. This was necessary in order to gain a rounded perspective of a CPO's roles and duties. CPO's tasks in their entirety had to be unpacked into their smaller sub-components. In fact there were many ways to subdivide the skills requirements and functions of CPOs. It was, however, found that the actual subdivisions were less important than the gaining of a comprehensive understanding of how all the aspects are interrelated and should function synergistically. The need for regulation of the South African Close Protection industry was identified as a major concern among all interview respondents. In order to determine the relevant factors involved in regulation, the way countries such as the United Kingdom (UK), Australia and Israel regulate their industries, was assessed. It was noted that the industry in South Africa is `partially regulated'. This means that there is some sort of registration process for CPOs but no comprehensive monitoring and enforcement of accepted minimum competency standards. Currently in South Africa private sector CPOs are rated on the same scale as security guards and must be registered as a Grade level C with the Private Security Industry Regulatory Authority (PSIRA). This is not an effective manner to regulate CPOs. CPOs should be viewed as professionals and specialists since their skills far exceed those of a security guard (Grade C). According to South Africa's Skills Development Plan all industries will fall under Sector Education and Training Authorities (SETAs). Close Protection is grouped under the Police, Private Security, Legal, Correctional Services and Justice Sector Education and Training Authority (POSLEC SETA). There is currently a South African Qualifications Authority (SAQA) Unit Standard for Close Protection (Protection of Designated Persons, Units Standard number: 11510). However, the research revealed that while the unit standard correctly outlines the operational skills requirements of CPOs there are no assessment guidelines or clearly defined minimum skills requirements. Before the unit standard can be effectively implemented, agreed industry minimum standards for the relevant skills divisions in Close Protection need to be identified and implemented. But currently there is some confusion regarding which body is responsible for, firstly developing acceptable unit standards; secondly, getting the industry as a whole to agree and accept such standards; thirdly, to see to it that training on those standards is provided; and finally the monitoring of these standards in practice. In this study various training related factors were identified and examined in order to assess whether the way CPOs are trained in South Africa is effective or not. Aspects such as the intensity, focus, duration and content were examined. In general it was found that it is important for the following to be implemented: 1. Effective screening and pre-training evaluation of potential trainees. 2. Training should be job orientated and focus on training CPOs for the functions that they will actually have to perform. 3. Training methodologies should focus on an outcomes based approach and utilise the fundamentals of adult based education. 4. Training should simulate reality including the related stress factors that are placed on operational CPOs such as lack of sleep and high levels of activity interspersed with boring waiting periods. 5. Ongoing training and re-training are vital components to a CPO maintaining operational competency. 6. Close Protection instructors need to have both an operational background and training in instructional methodologies before being considered competent. It is important that in the long term international recognition of South African Close Protection qualifications is achieved. This is essential since many South African CPOs operate internationally. Globalisation and improvements in technology have made it easier for international networking to take place. This has meant that clients are using CPOs in different countries and international comparisons are inevitable. If South African CPOs are to be considered `world class' then internationally recognised minimum standards need to be implemented for the South African Close Protection industry. The research indicated and highlighted various trends that may affect the Close Protection industry. The trends identified that seemed most relevant to the South African Close Protection industry were as follows: * Increased public awareness of international terrorism has resulted form acts such as the 9/11 attacks. This has made people more aware of the need for and benefits of security. Use of well trained CPOs is one of the ways that potential clients are able to minimise their exposure to any potential terrorist attack. * A CPO's ability to communicate and liaise with all relevant parties involved in the Close Protection environment is vital to the success of any operation. Therefore it is vital that these aspects receive the relevant focus during training. * The CPO needs to be well trained in use of unarmed combat and alternative weaponry. He/she can no longer rely on the use of a firearm as the primary force option. * A CPO needs to be able to adapt to many different situations. It is important that a CPO is trained to blend in and use the correct protocol in any given situation. The focus of operations should be on operating in a low profile manner to avoid unnecessary attention. * A CPO needs to be well trained in all aspects of planning and avoidance. The skills needed to proactively identify and avoid threats are vital to modern day operations. The CPO also needs to be quick thinking and adaptable in order to function effectively. * A CPO needs to have a working knowledge of all security related aspects that could enhance the safety of his/her Principal (i.e. multi-skilled). In addition to the above mentioned factors, other recommendations emanating from this study focused on minimum competency standards for the identified subdivisions of close protection. Examples of possible assessment guidelines and criteria were identified covering the following broad classifications: * Prior educational qualifications * Physical abilities * CPO skills * Prior experience in guarding * Firearm skills * Unarmed combat * Protective skills * First aid skills * Security knowledge * Advanced driver training * Protocol and etiquette * Management and business skills * Related skills / Criminology / (M.Tech (Security Management))

Crime prevention -- South Africa

Bodyguards -- Training of

Security guards -- Training of

Industries -- Security measures

Hijacking of trucks with freight : a criminological analysis

Buys, Johannes Jacobus

11 1900

A considerable amount of research has been done regarding the hijacking of passenger vehicles. Little however, has been written on the hijacking of trucks with freight. The purpose of the research was to describe the nature, occurrence and extent of the hijacking of trucks with freight, the persons involved (this includes the victims and the offenders) and the impact these crimes have on the crime scene in South Africa. The research also aimed to develop a criminological model for prevention, based on the modus operandi of the offenders. Based on the theories explaining violent and economic crimes (e.g. anomie, differential association and sub-culture), an attempt was also made to explain the hijacking of trucks with freight. / Criminology / M.A.

Criminological analysis

Trucks

Hijacking

364.15520968

Organized crime -- South Africa

Cargo theft -- South Africa

Automobile theft -- South Africa

Trucks -- South Africa

Towards a framework to ensure alignment among information security professionals, ICT security auditors and regulatory officials in implementing information security in South Africa

Basani, Mandla

02 1900

Information security in the form of IT governance is part of corporate governance. Corporate governance requires that structures and processes are in place with appropriate checks and balances to enable directors to discharge their responsibilities. Accordingly, information security must be treated in the same way as all the other components of corporate governance. This includes making information security a core part of executive and board responsibilities. Critically, corporate governance requires proper checks and balances to be established in an organisation; consequently, these must be in place for all information security implementations. In order to achieve this, it is important to have the involvement of three key role players, namely information security professionals, ICT security auditors and regulatory officials (from now on these will be referred to collectively as the ‘role players’). These three role players must ensure that any information security controls implemented are properly checked and evaluated against the organisation’s strategic objectives and regulatory requirements. While maintaining their individual independence, the three role players must work together to achieve their individual goals with a view to, as a collective, contributing positively to the overall information security of an organisation. Working together requires that each role player must clearly understand its individual role, as well the role of the other players at different points in an information security programme. In a nutshell, the role players must be aligned such that their involvement will deliver maximum value to the organisation. This alignment must be based on a common framework which is understood and accepted by all three role players. This study proposes a South African Information Security Alignment (SAISA) framework to ensure the alignment of the role players in the implementation and evaluation of information security controls. The structure of the SAISA framework is based on that of the COBIT 4.1 (Control Objectives for Information and Related Technology). Hence, the SAISA framework comprises four domains, namely, Plan and Organise Information Security (PO-IS), Acquire and Implement Information Security (AI-IS), Deliver and Support Information Security (DS-IS) and Monitor and Evaluate Information Security (ME-IS). The SAISA framework brings together the three role players with a view to assisting them to understand their respective roles, as well as those of the other role players, as they implement and evaluate information security controls. The framework is intended to improve cooperation among the role players by ensuring that they view each other as partners in this process. Through the life cycle structure it adopts, the SAISA framework provides an effective and efficient tool for rolling out an information security programme in an organisation / Computer Science / M. Sc. (Computer Science)

Information security professionals,

ICT security auditors,

Regulatory officials

Framework

Role players

Information security programme

Corporate governance

IT governance

COBIT

005.80968

An investigation of developments in Web 3.0 : opportunities, risks, safeguards and governance

Bruwer, Hendrik Jacobus

04 1900

Thesis (MComm)--Stellenbosch University, 2014. / ENGLISH ABSTRACT: Many organisations consider technology as a significant asset to generate income and control cost. The World Wide Web (henceforth referred to as the Web), is recognised as the fastest growing publication medium of all time, now containing well over 1 trillion URLs. In order to stay competitive it is crucial to stay up to date with technological trends that create new opportunities for organisations, as well as creating risks. The Web acts as an enabler for technological advancement, and matures in its own unique way. From the static informative characteristics of Web 1.0, it progressed into the interactive experience Web 2.0 provides. The next phase of Web evolution, Web 3.0, is already in progress. Web 3.0 entails an integrated Web experience where the machine will be able to understand and catalogue data in a manner similar to humans. This will facilitate a world wide data warehouse where any format of data can be shared and understood by any device over any network. The evolution of the Web will bring forth new opportunities as well as challenges. Organisations need to be ready, and acquire knowledge about the opportunities and risks arising from Web 3.0 technologies. The purpose of this study is to define Web 3.0, and identify new opportunities and risks associated with Web 3.0 technologies by using a control framework. Identified opportunities can mainly be characterised as the autonomous integration of data and services which increases the pre-existing capabilities of Web services, as well as the creation of new functionalities. The identified risks mainly concern unauthorised access and manipulation of data; autonomous initiation of actions, and the development of scripts and languages. Risks will be mitigated by control procedures which organisations need to implement (examples include but is not limited to encryptions; access control; filtering; language and ontology development control procedures; education of consumers and usage policies). The findings will assist management in addressing the key focus areas of opportunities and risks when implementing a new technology. / AFRIKAANSE OPSOMMING: Baie organisasies beskou tegnologie as 'n belangrike bate om inkomste te genereer en kostes te beheer. Die Wêreldwye Web (voorts na verwys as die Web), word erken as die vinnigste groeiende publikasiemedium van alle tye, met tans meer as 1 triljoen URLs. Ten einde kompeterend te bly, is dit noodsaaklik om op datum te bly met tegnologiese tendense wat nuwe geleenthede, sowel as risikos, vir organisasies kan skep. Die Web fasiliteer tegnologiese vooruitgang, en ontwikkel op sy eie unieke manier. Vanaf die statiese informatiewe eienskappe van Web 1.0, het dit ontwikkel tot die interaktiewe ervaring wat Web 2.0 bied. Die volgende fase van Web-ontwikkeling, Web 3.0, is reeds in die proses van ontwikkeling. Web 3.0 behels 'n geïntegreerde Web-ervaring waar ʼn masjien in staat sal wees om data te verstaan en te kategoriseer op ʼn soortgelyke wyse as wat ʼn mens sou kon. Dit sal lei tot 'n wêreldwye databasis waar enige vorm van data gedeel en verstaan kan word deur enige toestel oor enige netwerk. Die ontwikkeling van die Web sal lei tot die ontstaan van nuwe geleenthede, sowel as uitdagings. Dit is noodsaaklik dat organisasies bewus sal wees hiervan, en dat hulle oor genoegsame kennis sal beskik met betrekking tot die geleenthede en risikos wat voortspruit uit Web 3.0 tegnologieë. Die doel van hierdie studie is om Web 3.0 te definieer, en nuwe geleenthede en risikos wat verband hou met Web 3.0 tegnologieë, te identifiseer deur gebruik te maak van ʼn kontrole raamwerk. Geleenthede wat geïdentifiseer is, word hoofsaaklik gekenmerk deur outonome integrasie van data en dienste wat lei tot ʼn toename in die vermoëns van reeds bestaande Webdienste, sowel as die skepping van nuwe funksionaliteite. Die risikos wat geïdentifiseer is, word hoofsaaklik gekenmerk deur ongemagtigde toegang en manipulasie van data; outonome inisieering van aksies, en die ontwikkeling van programskrifte en tale. Risikos wat geïdentifiseer is, sal aangespreek word deur die implementering van voorgestelde kontroleprosedures om sodanige risikos te verminder tot ʼn aanvaarbare vlak (voorbeelde sluit in maar is nie beperk tot enkripsie; toegangkontroles; filters; programmatuur taal en ontologie ontwikkels kontroles prosedures; opleiding van gebruikers en ontwikkelaars en beleide ten op sigte van gebruik van tegnologië). Die bevindinge sal bestuur in staat stel om die sleutelfokus-areas van geleenthede en risikos te adresseer gedurende die implementering van 'n nuwe tegnologie.

Dissertations -- Accountancy

Theses -- Accountancy

Dissertations -- Computer auditing

Theses -- Computer auditing

World Wide Web

World Wide Web -- Security measures

Risk assessment

UCTD

Benefits, business considerations and risks of big data

Smeda, Jorina

04 1900

Thesis (MComm)--Stellenbosch University, 2015. / ENGLISH ABSTRACT: Big data is an emerging technology and its use holds great potential and benefits for organisations. The governance of this technology is something that is still a big concern and as aspect for which guidance to organisations wanting to use this technology is still lacking. In this study an extensive literature review was conducted to identify and define the business imperatives distinctive of an organisation that will benefit from the use of big data. The business imperatives were identified and defined based on the characteristics and benefits of big data. If the characteristics and benefits are clear, the relevant technology will be better understood. Furthermore, the business imperatives provide business managers with guidance to whether their organisation will benefit from the use of this technology or not. The strategic and operational risks related to the use of big data were also identified and they are discussed in this assignment, based on a literature review. The risks specific to big data are highlighted and guidance is given to business managers as to which risks should be addressed when using big data. The risks are then mapped against COBIT 5 (Control Objectives for Information and Related Technology) to highlight the processes most affected when implementing and using big data, providing business managers with guidance when governing this technology. / AFRIKAANSE OPSOMMING: ‘Big data’ is 'n ontwikkelende tegnologie en die gebruik daarvan hou baie groot potensiaal en voordele vir besighede in. Die bestuur van hierdie tegnologie is egter ʼn groot bron van kommer en leiding aan besighede wat hierdie tegnologie wil gebruik ontbreek steeds. Deur middel van 'n uitgebreide literatuuroorsig is die besigheidsimperatiewe kenmerkend van 'n besigheid wat voordeel sal trek uit die gebruik van ‘big data’ geïdentifiseer. Die besigheidsimperatiewe is geïdentifiseer en gedefinieer gebaseer op die eienskappe en voordele van ‘big data’. Indien die eienskappe en voordele behoorlik verstaan word, is 'n beter begrip van die tegnologie moontlik. Daarbenewens bied die besigheidsimperatiewe leiding aan bestuur sodat hulle in staat kan wees om te beoordeel of hulle besigheid voordeel sal trek uit die gebruik van hierdie tegnologie of nie. Die strategiese en operasionele risiko's wat verband hou met die gebruik van ‘big data’ is ook geïdentifiseer en bespreek, gebaseer op 'n literatuuroorsig. Dit beklemtoon die risiko's verbonde aan ‘big data’ en daardeur word leiding verskaf aan besigheidsbestuurders ten opsigte van watter risiko's aangespreek moet word wanneer ‘big data’ gebruik word. Die risiko's is vervolgens gekarteer teen COBIT 5 (‘Control Objectives for Information and Related Technology’) om die prosesse wat die meeste geraak word deur die gebruik van ‘big data’ te beklemtoon, ten einde leiding te gee aan besigheidsbestuurders vir die beheer en kontrole van hierdie tegnologie.

UCTD

Big data

Big data -- Risk management

Safety, health, environment and quality framework for small and medium-sized entreprises in the Durban area

Reiner, Monika

03 1900

Thesis (MBA) -- Stellenbosch University, 2011. / A company’s primary goal is to make money. Simple as it may seem, this is not always easily achieved, and sustainability of the business may be a serious challenge. In an effort to make a profit, important aspects of safety, health, environment and quality (SHEQ) may sometimes be neglected. Some small and medium-sized enterprises (SME) merely do not have the understanding or the capacity to address all the important aspects of SHEQ, thereby placing the company under potential financial and legal risks. A survey was conducted in SMEs based in the Durban area to ascertain their level of legislative and voluntary system standard awareness and implementation. The questionnaire responses indicated that general awareness of legislation such as the Occupational Health and Safety Act, the Compensation for Occupational Injuries and Diseases Act, the National Environmental Management Act and voluntary system standards such as ISO 9001, ISO 14001 and OHSAS 18001 was relatively good, on the whole. However, implementation of the mandatory environmental requirements associated with the National Environmental Management Act was low, as was the implementation of the voluntary standards. Management and implementation of SHEQ responsibilities and requirement in larger organisations may be divided amongst various discipline specialists. However, in the SME these various disciplines may be the responsibility of one person, and often this person is the managing director. As such, this individual may not always have adequate time or understanding of the legal requirements of SHEQ aspects. There may also be a lack of understanding of the potential cost implications in not managing SHEQ aspects, and similarly budgeting requirements of managing SHEQ aspects appropriately. This research report introduces and summarises key SHEQ legislation and voluntary management system standards, such as the Occupational Health and Safety Act, the National Environmental Management Act, local bylaws, and introduces the ISO 9001, ISO 14001 and OHSAS 18001. Since some characteristics of the disciplines of health and safety, environment and quality may overlap, combining these into an integrated management system has merit. Such an integrated system can save the company time and money. This research report reviews some pertinent business requirements associated with SHEQ and presents an integrated management system guideline for the SME business owner. Business management, today, needs to learn from past business management developments. Successful and sustainable business management is not only about making a profit, but also incorporates a significant human resource management focus, health and safety assurance, the mitigation of potential environmental impacts from operations, whilst ensuring that quality standards of products and services are competitive.

Dissertations -- Business management

Theses -- Business management

A CyberCIEGE scenario illustrating multilevel secrecy issues in an air operations center environment

Meyer, Marc K.

06 1900

Approved for public release; distribution is unlimited / CyberCIEGE provides an addition to traditional Information Assurance (IA) education in the form of an interactive, entertaining, commercial-grade PC-based computer game. Educational objectives are contained in scenarios that serve to teach particular IA concepts. The details of a scenario are contained in a Scenario Definition File (SDF), which is written in the CyberCIEGE Scenario Definition Language. This language is rich enough to express a range of information security policies and operational data access requirements, resulting in a nearly limitless pool of possible scenarios. This thesis developed a playable scenario illustrating confidentiality protection concepts in an open storage environment modeled after an Air Operations Center. Educational goals include physical protection of high value assets and use of strong authentication policies to protect moderate value assets. The major work of this thesis was designing an SDF to reflect a military information security policy and work flow environment contained in the educational goals. The confirmation of the proper operation of selected aspects of the CyberCIEGE game engine, and the assurance that the SDF confronts the player with the security trade-offs occurred through the application of a testing methodology. The creation of detailed solutions and incorrect gameplay examples constitute this testing process. / Captain, United States Air Force

Computer games

Programming

Computer users

United States

Computer networks

Security measures

Computer security

CyberCIEGE

Information assurance

IA

Scenario definition file

SDF

Network security training

CyberCIEGE scenario illustrating secrecy issues through mandatory and discretionary access control policies in a multi-level security network

LaMore, Robert L.

06 1900

Approved for public release, distribution is unlimited / User training in computer and network security is crucial to the survival of modern networks, yet the methods employed to train users often seem ineffective. One possible reason is that users are not fully engaged during these training sessions and thus they tend to forget the lessons being taught. The CyberCIEGE game introduces a new method of training in computer and network security. The player engages in a simulation-based network security game, that reflects real-world security principles. Each time the CyberCIEGE game runs, it loads a Scenario Definition File (SDF) written to teach specific security concepts. This thesis developed such a scenario definition file for the CyberCIEGE game. The educational purpose of the scenario is to illustrate secrecy issues in the context of mandatory and discretionary access control in a multilevel networked environment. The primary work of this thesis was to construct the scenario definition file such that playing the resulting game would achieve this educational purpose. This thesis also resulted in the construction of scenario definition files to test the CyberCIEGE game engine for expected results. These tests resulted in several recommendations for improvement in the game engine. / First Lieutenant, United States Air Force

Computer networks

Security measures

Computer security

Computer users

United States

Computer games

Programming

Information assurance

CyberCIEGE

Scenario definition file

Network security training