A model for security incident response in the South African National Research and Education network
- Authors: Mooi, Roderick David
- Date: 2014
- Subjects: Information networks -- South Africa , Internet -- Security measures , Computer networks -- Security measures -- South Africa , National Research and Education Network (Computer network)
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9813 , http://hdl.handle.net/10948/d1017598
- Description: This dissertation addresses the problem of a lack of a formal incident response capability in the South African National Research and Education Network (SA NREN). While investigating alternatives it was found that no clear method exists to solve this problem. Therefore, a second problem is identified: the lack of a definitive method for establishing a Computer Security Incident Response Team (CSIRT) or Computer Emergency Response Team (CERT) in general. Solving the second problem is important as we then have a means of knowing how to start when building a CSIRT. This will set the basis for addressing the initial problem, resulting in a prepared, improved and coordinated response to IT security incidents affecting the SANREN. To commence, the requirements for establishing a CSIRT are identified via a comprehensive literature review. These requirements are categorized into five areas, namely, the basic business requirements followed by the four Ps of the IT Infrastructure Library (ITIL). That is, People, Processes, Product and Partners, adapted to suit the CSIRT context. Through the use of argumentation, the relationships between the areas are uncovered and explored. Thereafter, a Design Science Research-based process is utilised to develop a generic model for establishing a CSIRT. The model is based on the interactions uncovered between the business requirements and the adapted four Ps. These are summarised through two views -- strategic and tactical -- together forming an holistic model for establishing a CSIRT. The model highlights the decisions required for the business requirements, services, team model and staff, policies and processes, tools and technologies, and partners of a CSIRT respectively. Finally, to address the primary objective, the generic model is applied to the SANREN environment. Thus, the second artefact is an instantiation, a specific model, which can be implemented to create a CSIRT for the SA NREN. To produce the specific model, insight into the nature of the SANREN environment was required. The status quo was revealed through the use of a survey and argumentative analysis of the results. The specific decisions in each area required to establish an SA NREN CSIRT are explored throughout the development of the model. The result is a comprehensive framework for implementing a CSIRT in the SA NREN, detailing the decisions required in each of the areas. This model additionally acts as a demonstration of the utility of the generic model. The implications of this research are twofold. Firstly, the generic model is useful as a basis for anyone wanting to establish a CSIRT. It helps to ensure that all factors are considered and that no important decisions are neglected, thereby enabling an holistic view. Secondly, the specific model for the SA NREN CSIRT serves as a foundation for implementing the CSIRT going forward. It accelerates the process by addressing the important considerations and highlighting the concerns that must be addressed while establishing the CSIRT.
- Full Text:
- Date Issued: 2014
- Authors: Mooi, Roderick David
- Date: 2014
- Subjects: Information networks -- South Africa , Internet -- Security measures , Computer networks -- Security measures -- South Africa , National Research and Education Network (Computer network)
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9813 , http://hdl.handle.net/10948/d1017598
- Description: This dissertation addresses the problem of a lack of a formal incident response capability in the South African National Research and Education Network (SA NREN). While investigating alternatives it was found that no clear method exists to solve this problem. Therefore, a second problem is identified: the lack of a definitive method for establishing a Computer Security Incident Response Team (CSIRT) or Computer Emergency Response Team (CERT) in general. Solving the second problem is important as we then have a means of knowing how to start when building a CSIRT. This will set the basis for addressing the initial problem, resulting in a prepared, improved and coordinated response to IT security incidents affecting the SANREN. To commence, the requirements for establishing a CSIRT are identified via a comprehensive literature review. These requirements are categorized into five areas, namely, the basic business requirements followed by the four Ps of the IT Infrastructure Library (ITIL). That is, People, Processes, Product and Partners, adapted to suit the CSIRT context. Through the use of argumentation, the relationships between the areas are uncovered and explored. Thereafter, a Design Science Research-based process is utilised to develop a generic model for establishing a CSIRT. The model is based on the interactions uncovered between the business requirements and the adapted four Ps. These are summarised through two views -- strategic and tactical -- together forming an holistic model for establishing a CSIRT. The model highlights the decisions required for the business requirements, services, team model and staff, policies and processes, tools and technologies, and partners of a CSIRT respectively. Finally, to address the primary objective, the generic model is applied to the SANREN environment. Thus, the second artefact is an instantiation, a specific model, which can be implemented to create a CSIRT for the SA NREN. To produce the specific model, insight into the nature of the SANREN environment was required. The status quo was revealed through the use of a survey and argumentative analysis of the results. The specific decisions in each area required to establish an SA NREN CSIRT are explored throughout the development of the model. The result is a comprehensive framework for implementing a CSIRT in the SA NREN, detailing the decisions required in each of the areas. This model additionally acts as a demonstration of the utility of the generic model. The implications of this research are twofold. Firstly, the generic model is useful as a basis for anyone wanting to establish a CSIRT. It helps to ensure that all factors are considered and that no important decisions are neglected, thereby enabling an holistic view. Secondly, the specific model for the SA NREN CSIRT serves as a foundation for implementing the CSIRT going forward. It accelerates the process by addressing the important considerations and highlighting the concerns that must be addressed while establishing the CSIRT.
- Full Text:
- Date Issued: 2014
Effectiveness of the project management profession in the Ugandan oil industry : performance, benefits and challenges
- Authors: Kiggundu, Kamulegeya John
- Date: 2014
- Subjects: Project Mangement -- Uganda , Oil industry workers -- Uganda , Benchmarking (Management) -- Uganda
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9707 , http://hdl.handle.net/10948/d1020059
- Description: Oil is one of the most valuable resources. For a country like Uganda, which is one of the least developed countries in the world with more than one third of the population still living below the poverty line; the discovery of this valuable resource has the capacity to radically alter the economy of the country. But on the other hand, oil exploration, mining and refining are complex, costly, long duration projects with many challenges that require sophisticated financial management, planning, scheduling and cost control. The project management profession is charged as a single point of responsibility for initiating, planning, executing, monitoring and controlling projects in order to meet stakeholder’s needs and expectations. The research objectives were: 1. To identify and examine the challenges and risks associated with the oil industry in Uganda. 2. To investigate the effectiveness of project management practices in the Ugandan oil industry in terms 1 above. 3. Identify how project success can be measured in the Ugandan oil industry. A case study was the research technique adopted and interviews were conducted with the major stakeholders in the Ugandan oil industry. The research findings reveal the challenges and risks that continue to plague the Ugandan oil industry and the role of project management in the exploration phase of the project. The research findings were used to evaluate the role, responsibility and service that project management professionals are expected to render and the actual role, responsibility and service that the professionals have been rendering to the stakeholders in the Ugandan oil industry. The research then concludes by proposing ways of improving the chances of project success in the Ugandan oil industry.
- Full Text:
- Date Issued: 2014
- Authors: Kiggundu, Kamulegeya John
- Date: 2014
- Subjects: Project Mangement -- Uganda , Oil industry workers -- Uganda , Benchmarking (Management) -- Uganda
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9707 , http://hdl.handle.net/10948/d1020059
- Description: Oil is one of the most valuable resources. For a country like Uganda, which is one of the least developed countries in the world with more than one third of the population still living below the poverty line; the discovery of this valuable resource has the capacity to radically alter the economy of the country. But on the other hand, oil exploration, mining and refining are complex, costly, long duration projects with many challenges that require sophisticated financial management, planning, scheduling and cost control. The project management profession is charged as a single point of responsibility for initiating, planning, executing, monitoring and controlling projects in order to meet stakeholder’s needs and expectations. The research objectives were: 1. To identify and examine the challenges and risks associated with the oil industry in Uganda. 2. To investigate the effectiveness of project management practices in the Ugandan oil industry in terms 1 above. 3. Identify how project success can be measured in the Ugandan oil industry. A case study was the research technique adopted and interviews were conducted with the major stakeholders in the Ugandan oil industry. The research findings reveal the challenges and risks that continue to plague the Ugandan oil industry and the role of project management in the exploration phase of the project. The research findings were used to evaluate the role, responsibility and service that project management professionals are expected to render and the actual role, responsibility and service that the professionals have been rendering to the stakeholders in the Ugandan oil industry. The research then concludes by proposing ways of improving the chances of project success in the Ugandan oil industry.
- Full Text:
- Date Issued: 2014
Factors impacting Tablet PC usage in low-income communities
- Authors: Meiring, Natalie
- Date: 2014
- Subjects: Information technology -- Economic aspects , Information technology -- Social aspects
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: http://hdl.handle.net/10948/4642 , vital:20625
- Description: The purpose of this research was to identify factors that impact on tablet PC usage in low-income communities. In order to determine and identify these factors a main research question and sub-research questions were formulated. The primary research question of this study was "What factors impact on tablet PC usage in low-income communities?" This main research question was answered by creating three sub-research questions followed by triangulating the results from these questions. The first sub-research question was aimed at determining whether prior exposure to touch screen technology impacts the user experience. In order to reach this objective an extensive literature review was conducted on the tablet PC landscape in South Africa. This literature review, coupled with the case study helped answer this first research question. The second sub-research question was concerned with determining whether existing user experience guidelines are relevant to South African users. A thorough literature review was conducted on user experience guidelines and related studies. This literature review, together with the results from the case study helped answer this second research question. The third sub-research question involved identifying specific factors which help improve the user experience of tablet PC users in a specific context. This research question was addressed in the case study. Each sub-research question provided results which were analysed in order to answer the main research question. The factors which impact on tablet PC usage were thus identified and recommendations were proposed.
- Full Text:
- Date Issued: 2014
- Authors: Meiring, Natalie
- Date: 2014
- Subjects: Information technology -- Economic aspects , Information technology -- Social aspects
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: http://hdl.handle.net/10948/4642 , vital:20625
- Description: The purpose of this research was to identify factors that impact on tablet PC usage in low-income communities. In order to determine and identify these factors a main research question and sub-research questions were formulated. The primary research question of this study was "What factors impact on tablet PC usage in low-income communities?" This main research question was answered by creating three sub-research questions followed by triangulating the results from these questions. The first sub-research question was aimed at determining whether prior exposure to touch screen technology impacts the user experience. In order to reach this objective an extensive literature review was conducted on the tablet PC landscape in South Africa. This literature review, coupled with the case study helped answer this first research question. The second sub-research question was concerned with determining whether existing user experience guidelines are relevant to South African users. A thorough literature review was conducted on user experience guidelines and related studies. This literature review, together with the results from the case study helped answer this second research question. The third sub-research question involved identifying specific factors which help improve the user experience of tablet PC users in a specific context. This research question was addressed in the case study. Each sub-research question provided results which were analysed in order to answer the main research question. The factors which impact on tablet PC usage were thus identified and recommendations were proposed.
- Full Text:
- Date Issued: 2014
Guidelines to address the human factor in the South African National Research and Education Network beneficiary institutions
- Authors: Mjikeliso, Yolanda
- Date: 2014
- Subjects: National Research and Education Network (Computer network) Information networks -- South Africa Computer networks -- Security measures -- South Africa
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: http://hdl.handle.net/10948/9946 , vital:26635
- Description: Even if all the technical security solutions appropriate for an organisation’s network are implemented, for example, firewalls, antivirus programs and encryption, if the human factor is neglected then these technical security solutions will serve no purpose. The greatest challenge to network security is probably not the technological solutions that organisations invest in, but the human factor (non-technical solutions), which most organisations neglect. The human factor is often ignored even though humans are the most important resources of organisations and perform all the physical tasks, configure and manage equipment, enter data, manage people and operate the systems and networks. The same people that manage and operate networks and systems have vulnerabilities. They are not perfect and there will always be an element of mistake-making or error. In other words, humans make mistakes that could result in security vulnerabilities, and the exploitation of these vulnerabilities could in turn result in network security breaches. Human vulnerabilities are driven by many factors including insufficient security education, training and awareness, a lack of security policies and procedures in the organisation, a limited attention span and negligence. Network security may thus be compromised by this human vulnerability. In the context of this dissertation, both physical and technological controls should be implemented to ensure the security of the SANReN network. However, if the human factors are not adequately addressed, the network would become vulnerable to risks posed by the human factor which could threaten the security of the network. Accordingly, the primary research objective of this study is to formulate guidelines that address the information security related human factors in the rolling out and continued management of the SANReN network. An analysis of existing policies and procedures governing the SANReN network was conducted and it was determined that there are currently no guidelines addressing the human factor in the SANReN beneficiary institutions. Therefore, the aim of this study is to provide the guidelines for addressing the human factor threats in the SANReN beneficiary institutions.
- Full Text:
- Date Issued: 2014
- Authors: Mjikeliso, Yolanda
- Date: 2014
- Subjects: National Research and Education Network (Computer network) Information networks -- South Africa Computer networks -- Security measures -- South Africa
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: http://hdl.handle.net/10948/9946 , vital:26635
- Description: Even if all the technical security solutions appropriate for an organisation’s network are implemented, for example, firewalls, antivirus programs and encryption, if the human factor is neglected then these technical security solutions will serve no purpose. The greatest challenge to network security is probably not the technological solutions that organisations invest in, but the human factor (non-technical solutions), which most organisations neglect. The human factor is often ignored even though humans are the most important resources of organisations and perform all the physical tasks, configure and manage equipment, enter data, manage people and operate the systems and networks. The same people that manage and operate networks and systems have vulnerabilities. They are not perfect and there will always be an element of mistake-making or error. In other words, humans make mistakes that could result in security vulnerabilities, and the exploitation of these vulnerabilities could in turn result in network security breaches. Human vulnerabilities are driven by many factors including insufficient security education, training and awareness, a lack of security policies and procedures in the organisation, a limited attention span and negligence. Network security may thus be compromised by this human vulnerability. In the context of this dissertation, both physical and technological controls should be implemented to ensure the security of the SANReN network. However, if the human factors are not adequately addressed, the network would become vulnerable to risks posed by the human factor which could threaten the security of the network. Accordingly, the primary research objective of this study is to formulate guidelines that address the information security related human factors in the rolling out and continued management of the SANReN network. An analysis of existing policies and procedures governing the SANReN network was conducted and it was determined that there are currently no guidelines addressing the human factor in the SANReN beneficiary institutions. Therefore, the aim of this study is to provide the guidelines for addressing the human factor threats in the SANReN beneficiary institutions.
- Full Text:
- Date Issued: 2014
SecMVC : a model for secure software design based on the model-view-controller pattern
- Authors: Colesky, Michael Robert
- Date: 2014
- Subjects: Computer networks -- Security measures -- Software , Computer software -- Development , Model-driven software architecture
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9823 , http://hdl.handle.net/10948/d1020614
- Description: Current advances in the software development industry are growing more ubiquitous by the day. This has caused for security, not only in the broader sense, but specifically within the design and overall development of software itself, to become all the more important. An evidently prevalent problem in the domain of software development is that software security is not consistently addressed during design, which undermines core security concerns, and leads to the development of insecure software. This research seeks to address this issue via a model for secure software design, which is based on a software design pattern, namely, the Model-View-Controller (MVC) pattern. The use of a pattern to convey knowledge is not a new notion. However, the ability of software design patterns to convey secure software design is an idea worth investigating. Following identification of secure software design principles and concepts, as well as software design patterns, specifically those relating to the MVC pattern, a model was designed and developed. With the MVC pattern argued as being a suitable foundation for the model, the security conscious MVC (SecMVC) combines secure software design principles and concepts into the MVC pattern. Together herewith, the MVC pattern’s components in the MVC Compound pattern, namely: the Observer pattern, the Strategy pattern, and the Composite pattern, have provided further sub-models for less abstraction and greater detail. These sub-models were developed, as a result of the SecMVC model’s evaluation in the validation for this study, an expert review. Argued in the light of similar research methods, the expert review was chosen – along with a process that included the use of two expert participants to validate the SecMVC model. It was determined through the expert review that the SecMVC model is of sufficient utility, quality, and efficacy to constitute research value. The research methodology process followed was design science, in which the SecMVC model, which includes its related sub-models, serves as the artefact and research output of this study. This research study contributes evidence of the feasibility for integrating knowledge into software design patterns. This includes the SecMVC model itself. In addition, it argues for the use of an expert review, as an evaluative research method for such an artifact.
- Full Text:
- Date Issued: 2014
- Authors: Colesky, Michael Robert
- Date: 2014
- Subjects: Computer networks -- Security measures -- Software , Computer software -- Development , Model-driven software architecture
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9823 , http://hdl.handle.net/10948/d1020614
- Description: Current advances in the software development industry are growing more ubiquitous by the day. This has caused for security, not only in the broader sense, but specifically within the design and overall development of software itself, to become all the more important. An evidently prevalent problem in the domain of software development is that software security is not consistently addressed during design, which undermines core security concerns, and leads to the development of insecure software. This research seeks to address this issue via a model for secure software design, which is based on a software design pattern, namely, the Model-View-Controller (MVC) pattern. The use of a pattern to convey knowledge is not a new notion. However, the ability of software design patterns to convey secure software design is an idea worth investigating. Following identification of secure software design principles and concepts, as well as software design patterns, specifically those relating to the MVC pattern, a model was designed and developed. With the MVC pattern argued as being a suitable foundation for the model, the security conscious MVC (SecMVC) combines secure software design principles and concepts into the MVC pattern. Together herewith, the MVC pattern’s components in the MVC Compound pattern, namely: the Observer pattern, the Strategy pattern, and the Composite pattern, have provided further sub-models for less abstraction and greater detail. These sub-models were developed, as a result of the SecMVC model’s evaluation in the validation for this study, an expert review. Argued in the light of similar research methods, the expert review was chosen – along with a process that included the use of two expert participants to validate the SecMVC model. It was determined through the expert review that the SecMVC model is of sufficient utility, quality, and efficacy to constitute research value. The research methodology process followed was design science, in which the SecMVC model, which includes its related sub-models, serves as the artefact and research output of this study. This research study contributes evidence of the feasibility for integrating knowledge into software design patterns. This includes the SecMVC model itself. In addition, it argues for the use of an expert review, as an evaluative research method for such an artifact.
- Full Text:
- Date Issued: 2014
The effects of shot peening on low cycle fatigue life of 7075-T6 aluminium alloy round bar
- Authors: Peters, Donald Michael Dirk
- Date: 2014
- Subjects: Shot peening , Aluminum alloys -- Fatigue , Metals -- Fatigue
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: http://hdl.handle.net/10948/2929 , vital:20364
- Description: The aim in this dissertation was to improve our understanding of the effectiveness of shot peening in prolonging fatigue life, of 7075-T6 Aluminium Alloy round bar, taking into consideration surface residual stress, microstructural and micro-hardness parameters. Three point bending, high stress, moderately low cycle, fatigue tests were conducted to study the effects of shot peening and associated surface residual compressive stresses on fatigue life. The influence of shot peening on the microstructure was explored, including the application of mechanical small plastic straining and surface skimming, to vary the surface residual compressive stresses and induce strain hardening. Tests were performed to measure residual stress-depth distribution, plastic straining, micro-hardness, and the microstructure analysed on scanning electron microscopy (SEM) fractographs. The Juvinall and Marshek life prediction model was used in conjunction with the Gerber equation for non-zero mean stress applications to generate a proposed life prediction model for this material which is user-friendly. The proposed life prediction model has a linear equation format with the flexibility to conservatively accommodate most of the various types, and combinations, of treatments applied in this research by the use of customised constants. The results show that there was good correlation between actual and predicted fatigue life as well as useful insights into the role of the microstructure in explaining fatigue life behaviour.
- Full Text:
- Date Issued: 2014
- Authors: Peters, Donald Michael Dirk
- Date: 2014
- Subjects: Shot peening , Aluminum alloys -- Fatigue , Metals -- Fatigue
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: http://hdl.handle.net/10948/2929 , vital:20364
- Description: The aim in this dissertation was to improve our understanding of the effectiveness of shot peening in prolonging fatigue life, of 7075-T6 Aluminium Alloy round bar, taking into consideration surface residual stress, microstructural and micro-hardness parameters. Three point bending, high stress, moderately low cycle, fatigue tests were conducted to study the effects of shot peening and associated surface residual compressive stresses on fatigue life. The influence of shot peening on the microstructure was explored, including the application of mechanical small plastic straining and surface skimming, to vary the surface residual compressive stresses and induce strain hardening. Tests were performed to measure residual stress-depth distribution, plastic straining, micro-hardness, and the microstructure analysed on scanning electron microscopy (SEM) fractographs. The Juvinall and Marshek life prediction model was used in conjunction with the Gerber equation for non-zero mean stress applications to generate a proposed life prediction model for this material which is user-friendly. The proposed life prediction model has a linear equation format with the flexibility to conservatively accommodate most of the various types, and combinations, of treatments applied in this research by the use of customised constants. The results show that there was good correlation between actual and predicted fatigue life as well as useful insights into the role of the microstructure in explaining fatigue life behaviour.
- Full Text:
- Date Issued: 2014
- «
- ‹
- 1
- ›
- »