A framework for a cybersecurity policy in South African schools

- Mhlaba, Surety Aleta

Title
A framework for a cybersecurity policy in South African schools
Creator
Mhlaba, Surety Aleta
Subject
Computer security -- Government policy -- South Africa
Subject
Computer security -- South Africa
Subject
Cyber intelligence (Computer security)
Subject
Computer security -- South Africa Educational technology -- Security measures
Date Issued
2024-04
Date
2024-04
Type
Master's theses
Type
text
Identifier
http://hdl.handle.net/10948/64651
Identifier
vital:73835
Description
Today, learners at school grow up within an Information and Communication Technology (ICT) environment and have become technology users. A growing number of learners have access to ICT devices, such as mobile phones, tablets and desktop computers owing to their affordability. Access to ICT devices enables learners to interact in cyberspace which offers them numerous advantages and benefits. Cyberspace enables learners to improve their learning by providing ease of access to information and other learning material. Additionally, it allows them to socialise and to communicate with each without having to be in the same place. Furthermore, it allows them to participate in games, including educational games, to help with their learning. Despite these benefits, learners are prone to falling victim to a range of cyber risks and attacks. These cyber risks and attacks include cyberbullying, accessing inappropriate content and being exposed to sexual grooming. This is due to the fact that cyberspace is an unregulated platform and its complex nature does not make it easy to govern. Thus, there is a need to implement a policy that can govern and educate school learners on how to protect and conduct themselves when accessing cyberspace to avoid and reduce exposure to cyber risks. Countries like the United Kingdom (UK), Australia (AU) and Rwanda (RW) have developed cybersecurity policies to assist schools to develop and implement a cybersecurity policy to create a cybersecurity environment for learners with the support and commitment of the government. These countries continue to implement cybersecurity strategies and advocate for a cybersecurity policy to be implemented in schools to foster a cybersecurity culture. However, this does not seem to be the case for South Africa. The South African education system does not have a standard national cybersecurity policy to be implemented in all schools to handle cyber risks and incidents. The Department of Basic Education (DBE) drafted guidelines to assist schools to implement cybersecurity strategies such as a cybersecurity-related policy; however, these guidelines do not include guidance on how to implement them and they have not been enacted. Because of the lack of commitment from the government to implement a cybersecurity policy at school level, learners continue to be exposed to cyber risks. Hence, it is up to each school to create and implement a cybersecurity policy that is unique to that school to help keep their learners safe. In terms of South African law, schools are ultimately responsible for the safety and well-being of school learners. School Governing Bodies (SGBs) have a legal obligation to ensure that cybersecurity measures are in place to protect learners from cyber risks, especially when schools provide access or expect learners to have and use ICT devices during school hours. However, schools (including SGBs) are ill-equipped to implement cybersecurity initiatives by themselves. They lack knowledge about ICT and are hampered by severe time and financial constraints. This study proposes a framework to assist SGBs in implementing a cybersecurity policy in South African schools. To address this need, the study first performed a literature review to identify the problem area, that schools in South Africa have no cybersecurity policy to guide them and protect school learners from cyber risks. There is a need for cybersecurity policies in schools and the SGBs entrusted with such a responsibility lack the resources and capacity to develop them. Moreover, many schools do not have cybersecurity policies in place to protect school learners if cyber risk incidents occur. This led to identifying research objectives together with research methods to address the problem area. The primary objective is to develop a framework to assist SGBs in implementing a basic cybersecurity policy in South African schools. In order to achieve the primary objective, the study determined cybersecurity policy implementation components and characteristics of cybersecurity policies using the literature review method to obtain the framework design components. Thereafter, cybersecurity-related policies, guidelines and best practices in South Africa and globally were identified and analysed for the school environment through the use of a literature review and qualitative content analysis to obtain cybersecurity policy content suitable for the school environment. Once these actions were performed, the formulation and design of the framework for implementing a basic cybersecurity policy using the relevant policy components and characteristics took place, which resulted in the proposed framework solution.
Description
Thesis (MIT) -- Faculty of Engineering, the Built Environment, and Technology, School of Information Technology, 2024
Format
computer
Format
online resource
Format
application/pdf
Format
1 online resource (XXX pages)
Format
pdf
Publisher
Nelson Mandela University
Publisher
Faculty of Engineering, the Built Environment, and Technology
Language
English
Rights
Nelson Mandela University
Rights
All Rights Reserved
Rights
Open Access
  • Hits: 145
  • Visitors: 155
  • Downloads: 31

Collections

NMU School of Information and Communication Technology
Thumbnail File Description Size Format
SOURCE1 Mhlaba, SA.pdf 4 MB Adobe Acrobat PDF
  • Disclaimer
  • Privacy
  • Copyright
  • Contact