Framework for Adoption of Information and Communication Technology security culture in SMMEs in Gauteng Province, South Africa

Mokwetli, M. A.

January 2019

M. Tech. (Department of Information Technology, Faculty of Applied and Computer Sciences), Vaal University of Technology. / Information and Communication Technology (ICT) has become prevalent in our everyday business and personal lives. As such, users and organisations must know how to protect themselves against human errors that led to more companies losing or sharing information that should not be shared. The issue emanates from lack of ICT security culture both in individuals and organisations. This research is based on a wide theoretical review that is focused on proposing a conceptual model on technological, environmental and organisational factors that influence the adoption of ICT security culture and implementation in Small Medium and Micro Enterprises (SMMEs). Factors or determinants that influence the adoption of ICT security culture in SMMEs in the Gauteng province were investigated. Questionnaires were distributed to examine the perception of ICT security culture adoption among SMMEs in the Gauteng province South Africa. A sample of 647 individuals from different SMMEs in the Gauteng province returned the questionnaire. The results of the research study show that technological context (perceived benefits), environmental context (government regulations) and organisational context (management support) determinants have direct influence on the ICT security culture adoption. The recommendation is that information security awareness programmes must be put in place. Further research is recommended using more determinants that might have a positive impact toward the adoption of the ICT security culture. In order to minimize data breaches due to human error it is recommended that SMMEs around Gauteng Province in South Africa adopt the framework as outlined in this research study.

ICT Security culture

Information Security culture

SMMEs

ICT

Adoption

Human error

Dissertations, Academic -- South Africa

Information technology -- South Africa

IT security : Education, Knowledge and Awareness / IT Säkerhet : utbildning, kunskap och medvetenhet

Schiöld, Ellinor, Andersson, Sanna

January 2022

IT systems that contain large volumes of information are today extremely valuable to organizations. As the IT systems grow bigger, more challenges are emerging, vulnerability increases and control decreases. Organizations are using IT security to protect their IT systems from different threats and the human factor can be seen as one of the biggest risks towards IT security. Therefore it is not optimal to only focus on the technical solutions and measures, the focus should also be on the employees IT security knowledge and IT security awareness. To increase the knowledge of IT security and to make the employees more IT security aware requires continuous work and IT security education is often mentioned as a factor to increase IT security- knowledge and awareness. Despite this, challenges are mentioned in previous research, which means that even if an employee participates in an IT security education, the organizations can not take for granted that their employees have gained IT security knowledge or know how to act more security aware. IT security education, IT security knowledge and IT security is mentioned as three factors that can affect IT security. Three research questions were intended to be answered within this research with the purpose to investigate if these factors increase each other. Three hypotheses were also forming the basis for answering the research questions. With a quantitative method and questionnaire this research reached out to 158 employees at different Swedish branches within machine manufacturing, advertising, municipal work and sales industry. Results showed that one of the three hypotheses was accepted and the other two hypotheses were not accepted. This result also gave answers to the research questions regarding that IT security education does not increase IT security knowledge, IT security knowledge does not increase IT security awareness but IT security education increases IT security awareness.

IT security

IT security education

IT security knowledge

IT security awareness

IT security measures

employees

insider threats

human factor

Information Systems

A Control Theoretic Approach for Resilient Network Services

Vempati, Jagannadh Ambareesh

12 1900

Resilient networks have the ability to provide the desired level of service, despite challenges such as malicious attacks and misconfigurations. The primary goal of this dissertation is to be able to provide uninterrupted network services in the face of an attack or any failures. This dissertation attempts to apply control system theory techniques with a focus on system identification and closed-loop feedback control. It explores the benefits of system identification technique in designing and validating the model for the complex and dynamic networks. Further, this dissertation focuses on designing robust feedback control mechanisms that are both scalable and effective in real-time. It focuses on employing dynamic and predictive control approaches to reduce the impact of an attack on network services. The closed-loop feedback control mechanisms tackle this issue by degrading the network services gracefully to an acceptable level and then stabilizing the network in real-time (less than 50 seconds). Employing these feedback mechanisms also provide the ability to automatically configure the settings such that the QoS metrics of the network is consistent with those specified in the service level agreements.

Control Theory

Resilient

Network

DDoS

Feedback control

Graceful Degradation

System Identification

Computer Science

Computer networks -- Security measures.

Feedback control systems.

Control theory.

System identification.

Kartering van selfoontegnologie

Lochner, Hendrik Thomas

10 1900

It is sincerely hoped that this work will motivate other researchers and in particular my colleagues to do further research in the field of cellphone technology, especially how it can be mapped to enable it to be utilised as evidence in our courts. This research aims to develop the mapping of cellphone technology as an aid in the investigation of crime. The mapping of cellphone technology refers to how cellphone technology can be utilised in crime investigation and in particular how a criminal can be placed at the scene of a crime, as a result of a cellphone call that was either made or received. To place the suspect at the scene of a crime as a result of a call made or received, cellphone records and technology of the relevant cellphone company, as well as present computer programmes can be utilised. Shortly, it can be said that a criminal can geographically be placed within a space some where on this earth. / Criminology / M.Tech. (Forensic Investigation)

363.250968

Cell phones -- South Africa -- Pretoria

Trace analysis

Digital mapping

Misdaadvoorkoming by nywerhede: 'n gevallestudie by Transvaal Suiker Beperk / Crime prevention at industries : a case study at Transvaal Sugar Limited

Kruger, Johannes Frederick Eric

06 1900

Text in Afrikaans / Hierdie navorsing fokus op misdaadvoorkoming by nywerhede met Transvaal Suiker Beperk as geselekteerde studieveld. Die meganiese en fisiese misdaadvoorkomingsmaatreëls aan die hand van Oscar Newman se verdedigbare mimte model is as basis gebruik. Bestaande misdaadvoorkomingsmaatreëls te Transvaal Suiker Beperk is geëvalueer en aanbevelings is gemaak waar nodig. Die waarde van primêre fisiese versperrings ten opsigte van misdaadvoorkoming is beklemtoon tydens hierdie studie. Sonder die ondersteuning van konvensionele elektronika, en die insette van die mensfaktor, is fisiese misdaadvoorkomingsmaatreëls van geringe waarde. Omgewingsontwerp sluit hierby aan. Effektiewe misdaadvoorkoming verg deurlopende kreatiewe denke met toepaslike optrede. / This research focus on crime prevention at industries with Transvaal Sugar Limited as selected study field. The mechanical and physical crime prevention measures, based on Oscar Newman's defensible space model, was used as focus point. Crime prevention measures in place at Transvaal Sugar Limited was evaluated and the necessary recommendations made. The value of the primary physical barriers in regard off crime prevention was emphasised in this study. Without the support of conventional electronics, together with the inputs of the human factor, physical crime prevention measures will be of little value. Environmental design joins this field. Effective crime prevention needs continuous creative thinking together with the necessary action. / Criminolgy / M. A. (Kriminologie)

Misdaadvoorkoming

Verdedigbare ruimte

Omgewingsontwerp

Versperrings

Elektronica

Tegnologie

Crime prevention

Defensible space

Environmental design

Barriers

Electronics

Technology

364.490968

Kartering van selfoontegnologie

Lochner, Hendrik Thomas

10 1900

It is sincerely hoped that this work will motivate other researchers and in particular my colleagues to do further research in the field of cellphone technology, especially how it can be mapped to enable it to be utilised as evidence in our courts. This research aims to develop the mapping of cellphone technology as an aid in the investigation of crime. The mapping of cellphone technology refers to how cellphone technology can be utilised in crime investigation and in particular how a criminal can be placed at the scene of a crime, as a result of a cellphone call that was either made or received. To place the suspect at the scene of a crime as a result of a call made or received, cellphone records and technology of the relevant cellphone company, as well as present computer programmes can be utilised. Shortly, it can be said that a criminal can geographically be placed within a space some where on this earth. / Criminology and Security Science / M.Tech. (Forensic Investigation)

363.250968

Cell phones -- South Africa -- Pretoria

Trace analysis

Digital mapping

Misdaadvoorkoming by nywerhede: 'n gevallestudie by Transvaal Suiker Beperk / Crime prevention at industries : a case study at Transvaal Sugar Limited

Kruger, Johannes Frederick Eric

06 1900

Text in Afrikaans / Hierdie navorsing fokus op misdaadvoorkoming by nywerhede met Transvaal Suiker Beperk as geselekteerde studieveld. Die meganiese en fisiese misdaadvoorkomingsmaatreëls aan die hand van Oscar Newman se verdedigbare mimte model is as basis gebruik. Bestaande misdaadvoorkomingsmaatreëls te Transvaal Suiker Beperk is geëvalueer en aanbevelings is gemaak waar nodig. Die waarde van primêre fisiese versperrings ten opsigte van misdaadvoorkoming is beklemtoon tydens hierdie studie. Sonder die ondersteuning van konvensionele elektronika, en die insette van die mensfaktor, is fisiese misdaadvoorkomingsmaatreëls van geringe waarde. Omgewingsontwerp sluit hierby aan. Effektiewe misdaadvoorkoming verg deurlopende kreatiewe denke met toepaslike optrede. / This research focus on crime prevention at industries with Transvaal Sugar Limited as selected study field. The mechanical and physical crime prevention measures, based on Oscar Newman's defensible space model, was used as focus point. Crime prevention measures in place at Transvaal Sugar Limited was evaluated and the necessary recommendations made. The value of the primary physical barriers in regard off crime prevention was emphasised in this study. Without the support of conventional electronics, together with the inputs of the human factor, physical crime prevention measures will be of little value. Environmental design joins this field. Effective crime prevention needs continuous creative thinking together with the necessary action. / Criminolgy / M. A. (Kriminologie)

Misdaadvoorkoming

Verdedigbare ruimte

Omgewingsontwerp

Versperrings

Elektronica

Tegnologie

Crime prevention

Defensible space

Environmental design

Barriers

Electronics

Technology

364.490968

A framework to manage sensitive information during its migration between software platforms

Ajigini, Olusegun Ademolu

06 1900

Software migrations are mostly performed by organisations using migration teams. Such migration teams need to be aware of how sensitive information ought to be handled and protected during the implementation of the migration projects. There is a need to ensure that sensitive information is identified, classified and protected during the migration process. This thesis suggests how sensitive information in organisations can be handled and protected during migrations by using the migration from proprietary software to open source software to develop a management framework that can be used to manage such a migration process.A rudimentary management framework on information sensitivity during software migrations and a model on the security challenges during open source migrations are utilised to propose a preliminary management framework using a sequential explanatory mixed methods case study. The preliminary management framework resulting from the quantitative data analysis is enhanced and validated to conceptualise the final management framework on information sensitivity during software migrations at the end of the qualitative data analysis. The final management framework is validated and found to be significant, valid and reliable by using statistical techniques like Exploratory Factor Analysis, reliability analysis and multivariate analysis as well as a qualitative coding process. / Information Science / D. Litt. et Phil. (Information Systems)

Closed Source Software

Information classification

Information protection

Information security

Information sensitivity

Information sensitivity

IP Protection

IS Migration

IS theory development

IT control frameworks

005.8

Information technology -- Management

Computer programs -- Software

Information science -- Software

Computer programs -- Security measures

Data protection

A criminological exploration of associated robberies in Gauteng, South Africa

Thobane, Mahlogonolo Stephina

02 1900

Text in English / The goals of this research were to explore, describe and explain the crime of associated robbery, which at the time of this study, was a scientifically unknown phenomenon. Associated robbery is defined as “a bank-related robbery (by association) of cash or attempt thereto, committed against a bank client or his/her delegate, at any stage while en-route to or from a bank branch, ATM or cash centre or inside the branch to effect a deposit, or, withdrawal” (SABRIC 2013:4) This robbery is divided into two main categories, namely robbery before cash deposit and robbery after cash withdrawal. As found in literature and also evident in the findings of this study, more incidents and related cash losses are reported from robbery after withdrawal, which is sub-divided into muti scam, money bomb and spiked drink. This study followed an exploratory, sequential, mixed-method research approach where the qualitative phase took place first – followed by the quantitative phase. The topic was firstly explored by collecting qualitative data via in-depth, one-on-one interviews (from a phenomenological point of view) where mutual meaning was sought, as understood by victims of associated robbery. To gather quantitative data, 500 bank clients (i.e. individuals, small business owners and stokvel/saving club members) completed a survey questionnaire. Their perspective on the phenomenon of associated robbery was thus explained and described through the use of descriptive statistics, particularly univariate and bivariate statistical analysis. The most significant contribution made by this study, is embedment of the preventative measures used by the banking industry and other stakeholders such as the SAPS into the Situational Crime Prevention (SCP) and Crime Prevention Through Environmental Design (CPTED) principles approaches. This model is heavily grounded on 12 SCP strategies, namely: access control; deflecting offenders; controlling facilitation; entry/exist screening; formal surveillance; surveillance by employees; natural surveillance; target removal; reducing temptation; rule setting; stimulating conscience; and facilitating compliance. Furthermore, the model emphasises that the combating of associated robberies is a collaborative effort and thus the individual (bank client), the banking industry, the criminal justice system (CJS) and the general public all have to work together in fighting this endemic. The lack of knowledge mainly from a victim’s perspective was identified as one of the challenges faced. However, this presented an opportunity for this study to make a significant contribution to the development of scientific literature. Moreover, the use of opportunity theories to explain the reasons why individuals are victimised placed the phenomenon in the criminological research milieu – thus pioneering a way for researchers who may wish to conduct future research on the same topic. / Criminology and Security Science / D. Litt. et Phil. (Criminology)

Associated robbery

Bank-following robbery

Bank robbery

Business robbery

Common robbery

Fraud

House robbery

Money bomb

Muti

Small business

Stokvel/saving club

Spiked drink

364.1552096822

A framework for the protection of mobile agents against malicious hosts

Biermann, Elmarie

30 September 2004

The mobility attribute of a mobile agent implies deployment thereof in untrustworthy environments, which introduces malicious host threats. The research question deals with how a security framework could be constructed to address the mentioned threats without introducing high costs or restraining the mobile agent's autonomy or performance. Available literature have been studied, analysed and discussed. The salient characteristics as well as the drawbacks of current solutions were isolated. Through this knowledge a dynamic mobile agent security framework was defined. The framework is based on the definition of multiple security levels, depending on type of deployment environment and type of application. A prototype was constructed and tested and it was found to be lightweight and efficient, giving developers insight into possible security threats as well as tools for maximum protection against malicious hosts. The framework outperformed other frameworks / models as it provides dynamic solutions without burdening a system with unnecessary security gadgets and hence paying for it in system cost and performance / Computing / D.Phil.

Computer security

Communication networks

Countermeasure classification

Mobile agent security framework

Security framework requirements

Threats classification

Malicious hosts

Mobile agent security

005.8

Mobile agents (Computer software)

Computer security

Computer networks -- Security measures