A framework for digital signature implementations for e-government services
- Authors: Kumalo, Mmaphefo Octavia
- Date: 2020
- Subjects: Electronic government information , Internet in public administration Municipal government -- Data processing
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/46086 , vital:39490
- Description: The advent of the Internet has brought with it new innovations, new ways of doing business, new ways of working, new ways of engaging, and new forms of business models. It has ultimately disrupted the traditional ways in which we communicate, socialise, and live life in general. This era has heralded the requirement for digitization and has brought about the digital economy and the Fourth Industrial Revolution. The fundamental ways in which companies and governments do business are changing due to the increased innovation, and the cost efficiencies that this era has brought with it. Like most governments worldwide, the South African government has responded to the Internet revolution and is taking advantage of it through e-government initiatives. The direct effects of e-government include cost savings, efficiencies, improved and continuous interactions and communications with citizens, better public procurement, and improved tax collection. The area of digitization has the potential to improve how the South African government delivers services to citizens and those that reside within the borders of the country. Amongst the five elements of successful e-government transformation, process reform is at the top of the list. e-Government is not just about the automation of existing processes and inefficiencies. It is also about the creation of new processes and new relationships between all the stakeholders involved. In the South African context, the lack of optimised, automated, and digitalised processes within various government departments has impeded crossfunctional processes’ effectiveness and efficiencies. Manual interventions in processing and transactions occur to comply with the legal requirement to manually sign documents. This poses difficulties in integrating processes within government departments to achieve a seamless experience for the citizen. As a result, this treatise sets out to answer the question of what needs to be in place to allow for the utilisation of digital signatures in automating the processing of e-government services for a seamless experience for citizens and businesses. The resulting Digital Signature Framework can be used by government departments to implement digital signatures and provides providing guidance, facilitating understanding, and providing ease of use, scalability, and agility.
- Full Text:
- Date Issued: 2020
- Authors: Kumalo, Mmaphefo Octavia
- Date: 2020
- Subjects: Electronic government information , Internet in public administration Municipal government -- Data processing
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/46086 , vital:39490
- Description: The advent of the Internet has brought with it new innovations, new ways of doing business, new ways of working, new ways of engaging, and new forms of business models. It has ultimately disrupted the traditional ways in which we communicate, socialise, and live life in general. This era has heralded the requirement for digitization and has brought about the digital economy and the Fourth Industrial Revolution. The fundamental ways in which companies and governments do business are changing due to the increased innovation, and the cost efficiencies that this era has brought with it. Like most governments worldwide, the South African government has responded to the Internet revolution and is taking advantage of it through e-government initiatives. The direct effects of e-government include cost savings, efficiencies, improved and continuous interactions and communications with citizens, better public procurement, and improved tax collection. The area of digitization has the potential to improve how the South African government delivers services to citizens and those that reside within the borders of the country. Amongst the five elements of successful e-government transformation, process reform is at the top of the list. e-Government is not just about the automation of existing processes and inefficiencies. It is also about the creation of new processes and new relationships between all the stakeholders involved. In the South African context, the lack of optimised, automated, and digitalised processes within various government departments has impeded crossfunctional processes’ effectiveness and efficiencies. Manual interventions in processing and transactions occur to comply with the legal requirement to manually sign documents. This poses difficulties in integrating processes within government departments to achieve a seamless experience for the citizen. As a result, this treatise sets out to answer the question of what needs to be in place to allow for the utilisation of digital signatures in automating the processing of e-government services for a seamless experience for citizens and businesses. The resulting Digital Signature Framework can be used by government departments to implement digital signatures and provides providing guidance, facilitating understanding, and providing ease of use, scalability, and agility.
- Full Text:
- Date Issued: 2020
A framework to enhance Information and Communication Technology (ICT) readiness for business continuity at the South African Revenue Services (SARS)
- Authors: Mathase, Euphodia
- Date: 2020
- Subjects: Internet in public administration -- Taxation -- South Africa Electronic commerce -- Government policy -- South Africa
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/49496 , vital:41726
- Description: Many organisations, especially public sector organisations, are required to ensure that they are able to continue with their operation in cases of major disasters that affect the organisations. In the same light, the South African Revenue Services (SARS), being a quasi-government organisation, faces a similar phenomenon. The main purpose of conducting this research was to explore a problem in depth that was identified at the SARS. SARS does not have a comprehensive business continuity plan. The study therefore examined possible techniques or actions for ensuring information and communication technology (ICT) readiness and business continuity, explored various frameworks and policy documents which will assist public entities with readiness for business continuity, and identified frameworks that will assist SARS in implementing an effective ICT readiness for business continuity. The study adopted the design science research approach and aspects of design science research in information systems. Data gathered through the questionnaire instrument was used to design a framework that can be adopted at SARS to enhance ICT readiness for business continuity. The research findings show the importance of effective business continuity management (BCM) and a framework that can be used to implement an effective BCM.
- Full Text:
- Date Issued: 2020
- Authors: Mathase, Euphodia
- Date: 2020
- Subjects: Internet in public administration -- Taxation -- South Africa Electronic commerce -- Government policy -- South Africa
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/49496 , vital:41726
- Description: Many organisations, especially public sector organisations, are required to ensure that they are able to continue with their operation in cases of major disasters that affect the organisations. In the same light, the South African Revenue Services (SARS), being a quasi-government organisation, faces a similar phenomenon. The main purpose of conducting this research was to explore a problem in depth that was identified at the SARS. SARS does not have a comprehensive business continuity plan. The study therefore examined possible techniques or actions for ensuring information and communication technology (ICT) readiness and business continuity, explored various frameworks and policy documents which will assist public entities with readiness for business continuity, and identified frameworks that will assist SARS in implementing an effective ICT readiness for business continuity. The study adopted the design science research approach and aspects of design science research in information systems. Data gathered through the questionnaire instrument was used to design a framework that can be adopted at SARS to enhance ICT readiness for business continuity. The research findings show the importance of effective business continuity management (BCM) and a framework that can be used to implement an effective BCM.
- Full Text:
- Date Issued: 2020
A framework to measure the degree of alignment between corporate and IT/IS objectives at Randwater
- Authors: Sigasa, Moshane Lydia
- Date: 2020
- Subjects: Business enterprises -- Computer networks -- Security measures , Data protection Information technology -- Security measures
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/47156 , vital:39818
- Description: The South African Government has institutionalised a Corporate Governance of ICT Policy Framework which was developed by Department of Public Service and Administration (DPSA). The framework has adopted some elements of KING III, ISO 38500 and COBIT. Consequently, it is now a requirement by the South African Government that all its entities must adopt this framework. Nevertheless, it is not clear how government has emphasised this alignment in such entities. The problem statement in this study was that Randwater is unable to realise full value of the investment in IT/IS because there is misalignment between IT objectives or deliverables and the corporate objectives. This study sought to identify a suitable framework which meets the ICT policy criteria as set out by the DPSA, which will facilitate the alignment between corporate objectives and IT/IS objectives at Randwater. This was achieved through the development and refinement of the artefact through the various iteration phases. Additionally, an online survey was used to collect data from a focus group comprising IT experts and senior management at Randwater. The Information Technology Governance Institute Framework was employed to assist in the development of the questions. The survey results were utilised during the validation of the artefact produced by this research study in a workshop. The findings were then linked with the related literature which either supported or rejected the findings through discussions on the literature and thereafter conclusions were made based on these findings. Furthermore, a literature review was conducted to gain a better understanding of what has been done in the field of research in order to assist in defining the problem that this research seeks to solve so as to inform the development of design characteristics. The research process employed the Nelson Mandela University – Design Science Strategy Methodology referred to as (NMU – DSSM) with the goal of developing an artefact in the form of a framework. The research process entailed studying the existing literature and analysing the aspects relating to corporate governance, IT governance, frameworks, and strategies to be able to measure the degree of alignment. The phases of designing the artefact were analysis, design, evaluate, validate and diffuse phases. The final artefact developed was a framework that incorporated the principles of King IV and ISO 38500 in corporate governance and ICT goals alignment. The final artefact also embedded transparency, accountability and security as important elements in the implementation of the artefact. The survey findings were instrumental in the development of the artefact that brings alignment between business strategy and IT objectives at Randwater. From the findings, in terms of IT flexibility, it was revealed that the interrelated parts of the system at Randwater were modular. It was also concluded that there is lack of communication about the manner in which the components of the information systems are organised and integrated in order to allow for rapid changes and that the organisational IT infrastructure and applications were loosely coupled. The findings further revealed that the business had established corporate rules and standards for hardware and operating systems to ensure platform compatibility. It was also revealed that organisational IT applications were developed based on compliance guidelines. In terms of IT-enabled dynamic capabilities, it was revealed that IT systems at Randwater are not capable of scanning the environment and identifying new business opportunities and are not capable of anticipating discontinuities arising in the business domain by developing greater reactive and proactive strength. It was also revealed that it was concluded that IT systems were capable of achieving strategic alignment between IT flexibility and dynamic capabilities. Therefore, design science was the ideal research paradigm towards addressing the research problem and the artefact designed was a viable research contribution. The significance of the study was that it contributed to the development of technology-based solutions to an important and relevant business problem of alignment of business strategy to IT goals. The design evaluation, the utility, quality, and efficacy of the final design artefact was rigorously demonstrated via well-executed evaluation methods. The study also contributed to the literature
- Full Text:
- Date Issued: 2020
- Authors: Sigasa, Moshane Lydia
- Date: 2020
- Subjects: Business enterprises -- Computer networks -- Security measures , Data protection Information technology -- Security measures
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/47156 , vital:39818
- Description: The South African Government has institutionalised a Corporate Governance of ICT Policy Framework which was developed by Department of Public Service and Administration (DPSA). The framework has adopted some elements of KING III, ISO 38500 and COBIT. Consequently, it is now a requirement by the South African Government that all its entities must adopt this framework. Nevertheless, it is not clear how government has emphasised this alignment in such entities. The problem statement in this study was that Randwater is unable to realise full value of the investment in IT/IS because there is misalignment between IT objectives or deliverables and the corporate objectives. This study sought to identify a suitable framework which meets the ICT policy criteria as set out by the DPSA, which will facilitate the alignment between corporate objectives and IT/IS objectives at Randwater. This was achieved through the development and refinement of the artefact through the various iteration phases. Additionally, an online survey was used to collect data from a focus group comprising IT experts and senior management at Randwater. The Information Technology Governance Institute Framework was employed to assist in the development of the questions. The survey results were utilised during the validation of the artefact produced by this research study in a workshop. The findings were then linked with the related literature which either supported or rejected the findings through discussions on the literature and thereafter conclusions were made based on these findings. Furthermore, a literature review was conducted to gain a better understanding of what has been done in the field of research in order to assist in defining the problem that this research seeks to solve so as to inform the development of design characteristics. The research process employed the Nelson Mandela University – Design Science Strategy Methodology referred to as (NMU – DSSM) with the goal of developing an artefact in the form of a framework. The research process entailed studying the existing literature and analysing the aspects relating to corporate governance, IT governance, frameworks, and strategies to be able to measure the degree of alignment. The phases of designing the artefact were analysis, design, evaluate, validate and diffuse phases. The final artefact developed was a framework that incorporated the principles of King IV and ISO 38500 in corporate governance and ICT goals alignment. The final artefact also embedded transparency, accountability and security as important elements in the implementation of the artefact. The survey findings were instrumental in the development of the artefact that brings alignment between business strategy and IT objectives at Randwater. From the findings, in terms of IT flexibility, it was revealed that the interrelated parts of the system at Randwater were modular. It was also concluded that there is lack of communication about the manner in which the components of the information systems are organised and integrated in order to allow for rapid changes and that the organisational IT infrastructure and applications were loosely coupled. The findings further revealed that the business had established corporate rules and standards for hardware and operating systems to ensure platform compatibility. It was also revealed that organisational IT applications were developed based on compliance guidelines. In terms of IT-enabled dynamic capabilities, it was revealed that IT systems at Randwater are not capable of scanning the environment and identifying new business opportunities and are not capable of anticipating discontinuities arising in the business domain by developing greater reactive and proactive strength. It was also revealed that it was concluded that IT systems were capable of achieving strategic alignment between IT flexibility and dynamic capabilities. Therefore, design science was the ideal research paradigm towards addressing the research problem and the artefact designed was a viable research contribution. The significance of the study was that it contributed to the development of technology-based solutions to an important and relevant business problem of alignment of business strategy to IT goals. The design evaluation, the utility, quality, and efficacy of the final design artefact was rigorously demonstrated via well-executed evaluation methods. The study also contributed to the literature
- Full Text:
- Date Issued: 2020
A strategic approach towards the successful implementation of corporate governance of Information and Communication Technology in the Kwazulu-Natal Department of Social Development
- Authors: Siziba, Makabongwe Johnson
- Date: 2020
- Subjects: Corporate governance -- South Africa -- KwaZulu-Natal -- Management Information technology -- Management -- South Africa -- KwaZulu-Natal
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/49617 , vital:41741
- Description: Information is a critical asset in any organisation and its management, including the associated technological channels, requires the attention of decision-makers to ensure that information assets are utilised for the intended purposes. Therefore, decision-makers need to have appropriate governance oversight on technology that produces information and information itself. Over the years, the governance of ICT has been adopted in the public sector given the fact that state funding received from tax collections is utilised to invest in IT solutions with the intention of expediting service delivery and increase productivity. The purpose of this treatise was to identify the root causes of why the department is not implementing Corporate Governance of ICT successfully despite the fact that most good controls do exist. The research revealed that there is insufficient budget to implement ICT projects coupled with inadequate ICT staff to implement ICT strategy. Furthermore, it cited a lack of ICT governance skills with ICT Strategic Committee members who are tasked with pioneering ICT governance. This weakness relates directly to other identified weaknesses such as end-user resistance to adopt ICT projects and a lack of project management function in the department.
- Full Text:
- Date Issued: 2020
- Authors: Siziba, Makabongwe Johnson
- Date: 2020
- Subjects: Corporate governance -- South Africa -- KwaZulu-Natal -- Management Information technology -- Management -- South Africa -- KwaZulu-Natal
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/49617 , vital:41741
- Description: Information is a critical asset in any organisation and its management, including the associated technological channels, requires the attention of decision-makers to ensure that information assets are utilised for the intended purposes. Therefore, decision-makers need to have appropriate governance oversight on technology that produces information and information itself. Over the years, the governance of ICT has been adopted in the public sector given the fact that state funding received from tax collections is utilised to invest in IT solutions with the intention of expediting service delivery and increase productivity. The purpose of this treatise was to identify the root causes of why the department is not implementing Corporate Governance of ICT successfully despite the fact that most good controls do exist. The research revealed that there is insufficient budget to implement ICT projects coupled with inadequate ICT staff to implement ICT strategy. Furthermore, it cited a lack of ICT governance skills with ICT Strategic Committee members who are tasked with pioneering ICT governance. This weakness relates directly to other identified weaknesses such as end-user resistance to adopt ICT projects and a lack of project management function in the department.
- Full Text:
- Date Issued: 2020
A strategy to motivate continued instructor usage of learning management systems (LMSS) in higher learning institutions of Zimbabwe
- Authors: Siwela, Ndukuyenkosi
- Date: 2020
- Subjects: Web-based instruction , Computer systems Organizational learning -- Zimbabwe Internet in education
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/47259 , vital:39837
- Description: The purpose of this study was to develop a strategy to motivate continued usage of Learning Management Systems in higher learning institutions of Zimbabwe. A related goal was to identify unique challenges experienced by instructors in their use of LMSs. The use of LMSs is now global and has been fairly successful in developed countries even though past research shows that instructors tend to discontinue usage over a period of time. Whereas most LMSs research is carried in the context of the developed world, the candidate demonstrates that Vantankesh's IS Success Model and Davis' Technology Acceptance Model can be successfully replicated into the developing world on condition that local environment is taken into context. The results showed that LMSs in Zimbabwe higher learning institutions hold a promise of success even though challenges exist. The findings have wider implications on the need to invest in neccessary infrustructure and future predictions on learner interests. The study demonstrates that shared success can be achieved if the local conditions are taken into context when developing a strategy to motivate instructor continued LMS usage. The study holds the practical implication that institutions can motivate instructors to continue with usage of LMSs to deliver quality output in their daily duties.
- Full Text:
- Date Issued: 2020
- Authors: Siwela, Ndukuyenkosi
- Date: 2020
- Subjects: Web-based instruction , Computer systems Organizational learning -- Zimbabwe Internet in education
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/47259 , vital:39837
- Description: The purpose of this study was to develop a strategy to motivate continued usage of Learning Management Systems in higher learning institutions of Zimbabwe. A related goal was to identify unique challenges experienced by instructors in their use of LMSs. The use of LMSs is now global and has been fairly successful in developed countries even though past research shows that instructors tend to discontinue usage over a period of time. Whereas most LMSs research is carried in the context of the developed world, the candidate demonstrates that Vantankesh's IS Success Model and Davis' Technology Acceptance Model can be successfully replicated into the developing world on condition that local environment is taken into context. The results showed that LMSs in Zimbabwe higher learning institutions hold a promise of success even though challenges exist. The findings have wider implications on the need to invest in neccessary infrustructure and future predictions on learner interests. The study demonstrates that shared success can be achieved if the local conditions are taken into context when developing a strategy to motivate instructor continued LMS usage. The study holds the practical implication that institutions can motivate instructors to continue with usage of LMSs to deliver quality output in their daily duties.
- Full Text:
- Date Issued: 2020
An internal audit expectation gap: South African Revenue Services project audit engagements
- Authors: Sekhwela, Mmanapo Bella
- Date: 2020
- Subjects: Electronic data processing -- Auditing , Business enterprises -- Computer networks -- Security measures Information technology -- Security measures Computer security
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/47139 , vital:39815
- Description: South African Revenue Services (SARS) was established as a quasi-government organisation with a mandate to efficiently and effectively collect revenue based on the export, import, movement, manufacture and storage of specific goods. Information Technology (IT) governance is strategically important to SARS in that its business processes are technology driven and that technology projects are implemented to support the SARS strategic objectives. In alignment to the King code for corporate governance and ethical business practices, an Internal Audit Function (IAF) as a regulatory requirement of all public sector entities in South Africa exists at SARS. The aim of the research was to evaluate the perspectives of SARS stakeholders regarding the organisation’s IT project auditing process. The study focused on gathering data from various SARS stakeholders involved in the delivery of IT projects and IT projects auditing. Through a qualitative research approach, interviews were conducted with practitioners such as Internal Auditors, Internal Audit managers, and executives as well as project managers and ownersso asto obtain a holistic understanding of stakeholder expectations of an IT project audit. An analysis of the data collected led to the deduction of recommendations meant to enhance stakeholder perceptions of the IT audit function within SARS. The study found that there is a perceived value derived from IA reviews of IT projects. The findings also revealed that rather than lack of resources and expertise, skill set deficiencies were the major setback in achieving IA goals. The findings further revealed that there are deficiencies in the quality of IA reports. Some of the main recommendations were to expand the scope of the Internal Audit roles, intensify engagements of Internal Audits by the Enterprise Project Management Office (EPMO), improve the quality of reports, and capacitate Internal Auditors with reporting skills. This study presents a modest contribution that is expected to enrich knowledge on how to audit IT projects. Moreover, the study contributes towards a methodological position of design science by producing results from a smaller sample augmented by interview results in an environment characterised by smaller populations so that inferences can be made.
- Full Text:
- Date Issued: 2020
- Authors: Sekhwela, Mmanapo Bella
- Date: 2020
- Subjects: Electronic data processing -- Auditing , Business enterprises -- Computer networks -- Security measures Information technology -- Security measures Computer security
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/47139 , vital:39815
- Description: South African Revenue Services (SARS) was established as a quasi-government organisation with a mandate to efficiently and effectively collect revenue based on the export, import, movement, manufacture and storage of specific goods. Information Technology (IT) governance is strategically important to SARS in that its business processes are technology driven and that technology projects are implemented to support the SARS strategic objectives. In alignment to the King code for corporate governance and ethical business practices, an Internal Audit Function (IAF) as a regulatory requirement of all public sector entities in South Africa exists at SARS. The aim of the research was to evaluate the perspectives of SARS stakeholders regarding the organisation’s IT project auditing process. The study focused on gathering data from various SARS stakeholders involved in the delivery of IT projects and IT projects auditing. Through a qualitative research approach, interviews were conducted with practitioners such as Internal Auditors, Internal Audit managers, and executives as well as project managers and ownersso asto obtain a holistic understanding of stakeholder expectations of an IT project audit. An analysis of the data collected led to the deduction of recommendations meant to enhance stakeholder perceptions of the IT audit function within SARS. The study found that there is a perceived value derived from IA reviews of IT projects. The findings also revealed that rather than lack of resources and expertise, skill set deficiencies were the major setback in achieving IA goals. The findings further revealed that there are deficiencies in the quality of IA reports. Some of the main recommendations were to expand the scope of the Internal Audit roles, intensify engagements of Internal Audits by the Enterprise Project Management Office (EPMO), improve the quality of reports, and capacitate Internal Auditors with reporting skills. This study presents a modest contribution that is expected to enrich knowledge on how to audit IT projects. Moreover, the study contributes towards a methodological position of design science by producing results from a smaller sample augmented by interview results in an environment characterised by smaller populations so that inferences can be made.
- Full Text:
- Date Issued: 2020
An IT Risk Management Framework for provincial business entities : a case study for Limpopo Economic Development Agency, Limpopo Province, South Africa
- Authors: Mabitsela, Ngoakoana Unity
- Date: 2020
- Subjects: Risk management -- South Africa -- Limpopo Business enterprises -- Computer networks -- Security measures -- South Africa -- Limpopo , Information technology -- Security measures -- South Africa -- Limpopo
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/49463 , vital:41723
- Description: This study focused on a lack of an Information Technology Risk Management (ITRM) framework tailored for provincial business entities to assist with the management of IT risks. The research was aimed at developing a tailored IT risk management framework that would assist provincial business entities with an effective ITRM process. This was achieved through identifying factors that constitute an ITRM framework, determining the current IT risk management methods used in provincial business entities and assessing the IT risk culture. This research study was conducted at the Limpopo Economic Development Agency (LEDA), which is a provincial business entity in the Limpopo province. The objectives of the study were accomplished using a design science research approach which involved the creation of an artefact and design theory as a means to improve the current state of practice as well as existing research knowledge about provincial business entities and their management of IT risks. The Nelson Mandela University Design Science Methodology Framework (NMU-DSFM) was identified as the methodology to be followed to devise the contribution in the form of an artefact. It was found that the organisation does not have a positive IT risk culture. From the study of the data analysis performed, it was evident that provincial business entities have challenges associated with adequately identifying IT risks. The findings highlighted that for the proper management of risks, risk governance should be effective by ensuring that the board of directors takes the responsibility of IT risk management, and the essentials of risk governance were discussed at length. The research output for this study was a framework. The adoption of this framework may positively contribute to strengthening governance of IT risk management in the provincial business entities. Best practices were highlighted for ease of reference to determine what is required and how to implement this regarding IT risk management.
- Full Text:
- Date Issued: 2020
- Authors: Mabitsela, Ngoakoana Unity
- Date: 2020
- Subjects: Risk management -- South Africa -- Limpopo Business enterprises -- Computer networks -- Security measures -- South Africa -- Limpopo , Information technology -- Security measures -- South Africa -- Limpopo
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/49463 , vital:41723
- Description: This study focused on a lack of an Information Technology Risk Management (ITRM) framework tailored for provincial business entities to assist with the management of IT risks. The research was aimed at developing a tailored IT risk management framework that would assist provincial business entities with an effective ITRM process. This was achieved through identifying factors that constitute an ITRM framework, determining the current IT risk management methods used in provincial business entities and assessing the IT risk culture. This research study was conducted at the Limpopo Economic Development Agency (LEDA), which is a provincial business entity in the Limpopo province. The objectives of the study were accomplished using a design science research approach which involved the creation of an artefact and design theory as a means to improve the current state of practice as well as existing research knowledge about provincial business entities and their management of IT risks. The Nelson Mandela University Design Science Methodology Framework (NMU-DSFM) was identified as the methodology to be followed to devise the contribution in the form of an artefact. It was found that the organisation does not have a positive IT risk culture. From the study of the data analysis performed, it was evident that provincial business entities have challenges associated with adequately identifying IT risks. The findings highlighted that for the proper management of risks, risk governance should be effective by ensuring that the board of directors takes the responsibility of IT risk management, and the essentials of risk governance were discussed at length. The research output for this study was a framework. The adoption of this framework may positively contribute to strengthening governance of IT risk management in the provincial business entities. Best practices were highlighted for ease of reference to determine what is required and how to implement this regarding IT risk management.
- Full Text:
- Date Issued: 2020
Establishment of an information technology risk management framework within food manufacturing enterprises in South Africa
- Authors: Sandi, Siyabulela
- Date: 2020
- Subjects: Business enterprises -- Computer networks -- Security measures , Information technology -- Security measures Computer security Risk management
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/47128 , vital:39812
- Description: Enterprises of all kinds, regardless of the sector, are directly or indirectly dependent on Information Technology (IT) to carry out their daily activities. With this in mind, and correlated with the problem statement that it is “the lack of IT governance principles that lead to exposing enterprises to IT-related threats, vulnerabilities, and risks”, the objective of this study was to establish an Information Technology Risk Management Framework for enterprises within the Food manufacturing industry in South Africa that will ensure that IT-related threats, vulnerabilities, and risks are properly managed. In order to accomplish this, the research followed a process called design science research. The design science research paradigm was used to create a design artificial artefact in the form of a framework. The Nelson Mandela University – Design Science Framework Methodology (NMU-DSFM) was adopted since the objective of the study was to develop a framework. The study has revealed that enterprises within the sector are indeed lagging behind in terms of IT governance principles, hence an artefact called the IT Risk Management Framework for Enterprises within Food Manufacturing Industries in South Africa was developed.
- Full Text:
- Date Issued: 2020
- Authors: Sandi, Siyabulela
- Date: 2020
- Subjects: Business enterprises -- Computer networks -- Security measures , Information technology -- Security measures Computer security Risk management
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/47128 , vital:39812
- Description: Enterprises of all kinds, regardless of the sector, are directly or indirectly dependent on Information Technology (IT) to carry out their daily activities. With this in mind, and correlated with the problem statement that it is “the lack of IT governance principles that lead to exposing enterprises to IT-related threats, vulnerabilities, and risks”, the objective of this study was to establish an Information Technology Risk Management Framework for enterprises within the Food manufacturing industry in South Africa that will ensure that IT-related threats, vulnerabilities, and risks are properly managed. In order to accomplish this, the research followed a process called design science research. The design science research paradigm was used to create a design artificial artefact in the form of a framework. The Nelson Mandela University – Design Science Framework Methodology (NMU-DSFM) was adopted since the objective of the study was to develop a framework. The study has revealed that enterprises within the sector are indeed lagging behind in terms of IT governance principles, hence an artefact called the IT Risk Management Framework for Enterprises within Food Manufacturing Industries in South Africa was developed.
- Full Text:
- Date Issued: 2020
A framework to guide cybersecurity governance efforts in non-profit organisations
- Authors: le Roux, Wickus
- Date: 2019
- Subjects: Computer security , Information technology Nonprofit organizations -- security measures
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/44918 , vital:38188
- Description: The average non-profit organisation is faced with the same cybersecurity challenges as an international multi-corporation that generates income. However, it may lack the competencies or resources to fully utilise, implement, monitor, or evaluate cybersecurity governance to a satisfactory or acceptable level. A literature review revealed limited publicly accessible documents to guide NPOs in particular in the task of cybersecurity governance. Therefore, the problem addressed by this research is the lack of a framework to guide cybersecurity governance efforts in non-profit organisations. This real-world problem was approached using the design science paradigm. It was important to identify, firstly, factors unique to the general context of non-profit organisations, including the constraints and limitations faced by non-profit organisations. Secondly, the key cyber risks for non-profit organisations and how they can materialise through the use of emails, social media, and BYODs in the NPO context, were identified. As a third step, available cybersecurity governance guidelines were analysed to determine best practices. This investigation also revealed the people, process, and technology elements as the pillars of information security. This resulted in the development of a framework (the PotLer framework) to guide cybersecurity governance efforts in non-profit organisations based on the input of the three points mentioned above. The framework was constructed around four conceptual elements, namely information security governance; people, process, and technology; governance elements; and key risks. The PotLer framework expands the high-level generic constructs beyond the conceptual space and provides implementation guidance in the form of a questionnaire to be completed by NPOs. The questionnaire was developed as an interactive spreadsheet that requires “Yes” or “No” responses from participants and generates a recommendation based on these answers. To evaluate the PotLer framework, the aforementioned questionnaire was completed by four NPOs. An additional questionnaire obtained their input on the utility and comprehensiveness of the framework.
- Full Text:
- Date Issued: 2019
- Authors: le Roux, Wickus
- Date: 2019
- Subjects: Computer security , Information technology Nonprofit organizations -- security measures
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/44918 , vital:38188
- Description: The average non-profit organisation is faced with the same cybersecurity challenges as an international multi-corporation that generates income. However, it may lack the competencies or resources to fully utilise, implement, monitor, or evaluate cybersecurity governance to a satisfactory or acceptable level. A literature review revealed limited publicly accessible documents to guide NPOs in particular in the task of cybersecurity governance. Therefore, the problem addressed by this research is the lack of a framework to guide cybersecurity governance efforts in non-profit organisations. This real-world problem was approached using the design science paradigm. It was important to identify, firstly, factors unique to the general context of non-profit organisations, including the constraints and limitations faced by non-profit organisations. Secondly, the key cyber risks for non-profit organisations and how they can materialise through the use of emails, social media, and BYODs in the NPO context, were identified. As a third step, available cybersecurity governance guidelines were analysed to determine best practices. This investigation also revealed the people, process, and technology elements as the pillars of information security. This resulted in the development of a framework (the PotLer framework) to guide cybersecurity governance efforts in non-profit organisations based on the input of the three points mentioned above. The framework was constructed around four conceptual elements, namely information security governance; people, process, and technology; governance elements; and key risks. The PotLer framework expands the high-level generic constructs beyond the conceptual space and provides implementation guidance in the form of a questionnaire to be completed by NPOs. The questionnaire was developed as an interactive spreadsheet that requires “Yes” or “No” responses from participants and generates a recommendation based on these answers. To evaluate the PotLer framework, the aforementioned questionnaire was completed by four NPOs. An additional questionnaire obtained their input on the utility and comprehensiveness of the framework.
- Full Text:
- Date Issued: 2019
- «
- ‹
- 1
- ›
- »