A strategic approach for handling information security incidents in higher education
- Authors: Khamali, Rethabile
- Date: 2024-04
- Subjects: Computer security -- Management , Computer security , Information resources management , Corporate governance -- South Africa
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/64588 , vital:73769
- Description: Information Security Management System (ISMS) is a set of processes to protect institution information assets and information and to preserve confidentiality, integrity, and availability of institutional information. In the world of computers, it is known that there is no silver bullet when it comes to protecting an IT infrastructure. At some point, an organisation will face a security breach, and how it deals with the information security incident depending on the robustness of its processes and the strategy for handling incidents. In today’s world, information communication and technology (ICT) is integral in automating manual tasks that can take hours and even days to execute. The more institutions depend on technology, the more they become vulnerable to cyber threats. This could result in an institution losing its competitive edge, facing legal issues, loss of reputation, customer confidence and productivity, and lastly, financial loss. Various information security standards, frameworks, and methodologies can be applied to protect information assets. Many of these best practices define the ‘what’ and not the ‘how’ making it even more complex for institutions such as Higher Education to implement ISMS. The study aims is to develop a strategy for handling information security incidents that Higher Education Institutions can follow to improve how incidents, cyber threats and breaches are handled. The primary research objective is addressed through several secondary research objectives, namely, to investigate current strategies that Higher Education Institutions can utilise for the handling of information security incidents, to understand various challenges that Higher Education Institutions encounter when handling information security incidents, to assess the current capacity of relevant personnel in handling information security incidents through semi-structured interviews. A detailed literature review was undertaken to delve into existing various information security standards, frameworks, and methodologies. In addition, an investigation was conducted on ISMS adoption and implementation by institutions and Higher Education Institutions in general and how modern best practices such as ISO2700x, COBIT, ITIL, NIST, etc, relate to ISMS. Furthermore, semi-structured interviews were conducted to determine information security incidents at South African Higher Education Institutions. Expert interviews are utilised to evaluate the proposed strategy and provide input. The literature review findings, together with results obtained from semi-structured and expert interviews, are used to develop a strategy evaluated for its robustness, effectiveness, and suitability for the purpose. The developed strategy can be considered a beneficial tool for Higher Education Institutions in South Africa for handling information security incidents. This study’s findings significantly contribute to ISMS research in Higher Education Institutions in South Africa. In conclusion, findings of the study can be summarized as follows. The first chapter, which is also an introduction, sets out the scene for the entire research study undertaken by first highlighting information technology as an integral part of any business nowadays. Higher education institutions collect, process and store sensitive information of current and prospective students and employees, which might be of value to hackers. An information security management system (ISMS) can minimise damage by ensuring information assets are protected from a wide range of threats and business resilience in case of a breach or an incident. Chapter 2 reviews the existing literature for these frameworks, standards, and methods. In addition, various ISMS challenges and limitations within Higher Education Institutions were explored. The third chapter outlines the research design process and an emphasises that it must be based on real-world or tangible challenges. The fourth chapter presented and discussed results that were obtained from semi-structured interviews. The study’s analysis and findings vividly show that there is a need to implement a strategy to handle information security incidents for South African higher education institutions. The strategic management approach used to formulate a strategy to address the identified real problem is discussed in detail in chapter 5. The strategy is developed based on the information gathered from the literature review and semi-structured interviews. The results of the assessment of the proposed strategy carried out by the experts are presented in Chapter 6.The chapter also includes recommendations made by the experts to improve the proposedstrategy. , Thesis (MPhil) -- Faculty of Engineering, the Built Environment and Technology, School of Information Technology, 2024
- Full Text:
- Date Issued: 2024-04
- Authors: Khamali, Rethabile
- Date: 2024-04
- Subjects: Computer security -- Management , Computer security , Information resources management , Corporate governance -- South Africa
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/64588 , vital:73769
- Description: Information Security Management System (ISMS) is a set of processes to protect institution information assets and information and to preserve confidentiality, integrity, and availability of institutional information. In the world of computers, it is known that there is no silver bullet when it comes to protecting an IT infrastructure. At some point, an organisation will face a security breach, and how it deals with the information security incident depending on the robustness of its processes and the strategy for handling incidents. In today’s world, information communication and technology (ICT) is integral in automating manual tasks that can take hours and even days to execute. The more institutions depend on technology, the more they become vulnerable to cyber threats. This could result in an institution losing its competitive edge, facing legal issues, loss of reputation, customer confidence and productivity, and lastly, financial loss. Various information security standards, frameworks, and methodologies can be applied to protect information assets. Many of these best practices define the ‘what’ and not the ‘how’ making it even more complex for institutions such as Higher Education to implement ISMS. The study aims is to develop a strategy for handling information security incidents that Higher Education Institutions can follow to improve how incidents, cyber threats and breaches are handled. The primary research objective is addressed through several secondary research objectives, namely, to investigate current strategies that Higher Education Institutions can utilise for the handling of information security incidents, to understand various challenges that Higher Education Institutions encounter when handling information security incidents, to assess the current capacity of relevant personnel in handling information security incidents through semi-structured interviews. A detailed literature review was undertaken to delve into existing various information security standards, frameworks, and methodologies. In addition, an investigation was conducted on ISMS adoption and implementation by institutions and Higher Education Institutions in general and how modern best practices such as ISO2700x, COBIT, ITIL, NIST, etc, relate to ISMS. Furthermore, semi-structured interviews were conducted to determine information security incidents at South African Higher Education Institutions. Expert interviews are utilised to evaluate the proposed strategy and provide input. The literature review findings, together with results obtained from semi-structured and expert interviews, are used to develop a strategy evaluated for its robustness, effectiveness, and suitability for the purpose. The developed strategy can be considered a beneficial tool for Higher Education Institutions in South Africa for handling information security incidents. This study’s findings significantly contribute to ISMS research in Higher Education Institutions in South Africa. In conclusion, findings of the study can be summarized as follows. The first chapter, which is also an introduction, sets out the scene for the entire research study undertaken by first highlighting information technology as an integral part of any business nowadays. Higher education institutions collect, process and store sensitive information of current and prospective students and employees, which might be of value to hackers. An information security management system (ISMS) can minimise damage by ensuring information assets are protected from a wide range of threats and business resilience in case of a breach or an incident. Chapter 2 reviews the existing literature for these frameworks, standards, and methods. In addition, various ISMS challenges and limitations within Higher Education Institutions were explored. The third chapter outlines the research design process and an emphasises that it must be based on real-world or tangible challenges. The fourth chapter presented and discussed results that were obtained from semi-structured interviews. The study’s analysis and findings vividly show that there is a need to implement a strategy to handle information security incidents for South African higher education institutions. The strategic management approach used to formulate a strategy to address the identified real problem is discussed in detail in chapter 5. The strategy is developed based on the information gathered from the literature review and semi-structured interviews. The results of the assessment of the proposed strategy carried out by the experts are presented in Chapter 6.The chapter also includes recommendations made by the experts to improve the proposedstrategy. , Thesis (MPhil) -- Faculty of Engineering, the Built Environment and Technology, School of Information Technology, 2024
- Full Text:
- Date Issued: 2024-04
Cyber security compliance in South Africa’s maritime sector
- Authors: Steenberg, Wynand
- Date: 2024-04
- Subjects: Computer security -- Management , Computer networks -- Security measures , Cyberspace -- Security measures , Shipping -- Security measures
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/65445 , vital:74152
- Description: Globally, cyber attacks on the maritime industry have escalated exponentially, indicating that cyber security should be an international priority. The majority of maritime digital systems are connected to the cloud through information technologies, creating vulnerability to cyber attacks. Cyber security is critical to protect and ensure resiliency in the maritime industry’s operations. In July 2021, a cyber attack targeted the Transnet National Ports Authority (TNPA) and caused significant disruption to operations at multiple South African ports. Port operations were reduced to manual processes, which resulted in severe congestion. Transnet declared a force majeure during the two weeks it took to reinstate minimal operations. The TNPA cyber attack emphasised the need for effective strategies and procedures to prevent and recover from cyber attacks in the South African maritime industry. As maritime transport contributes significantly to South Africa’s gross domestic product (GDP), the incident had a detrimental effect on the country’s economy. It is, therefore, important to ensure that the South African maritime industry remains aware of the latest strategies and guidelines for cyber risk management. This study set out to establish if South Africa’s maritime industry complies with international standards for cyber risk management by analysing the International Maritime Organization’s (IMO) guidelines for cyber risk management. South Africa’s cyber risk management strategies were evaluated, and recommendations were made to improve the cyber risk management strategies and procedures currently employed in the South African maritime industry. , Thesis (MPhil) -- Faculty of Business and Economic Sciences, School of Economics, Development and Tourism, 2024
- Full Text:
- Date Issued: 2024-04
- Authors: Steenberg, Wynand
- Date: 2024-04
- Subjects: Computer security -- Management , Computer networks -- Security measures , Cyberspace -- Security measures , Shipping -- Security measures
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/65445 , vital:74152
- Description: Globally, cyber attacks on the maritime industry have escalated exponentially, indicating that cyber security should be an international priority. The majority of maritime digital systems are connected to the cloud through information technologies, creating vulnerability to cyber attacks. Cyber security is critical to protect and ensure resiliency in the maritime industry’s operations. In July 2021, a cyber attack targeted the Transnet National Ports Authority (TNPA) and caused significant disruption to operations at multiple South African ports. Port operations were reduced to manual processes, which resulted in severe congestion. Transnet declared a force majeure during the two weeks it took to reinstate minimal operations. The TNPA cyber attack emphasised the need for effective strategies and procedures to prevent and recover from cyber attacks in the South African maritime industry. As maritime transport contributes significantly to South Africa’s gross domestic product (GDP), the incident had a detrimental effect on the country’s economy. It is, therefore, important to ensure that the South African maritime industry remains aware of the latest strategies and guidelines for cyber risk management. This study set out to establish if South Africa’s maritime industry complies with international standards for cyber risk management by analysing the International Maritime Organization’s (IMO) guidelines for cyber risk management. South Africa’s cyber risk management strategies were evaluated, and recommendations were made to improve the cyber risk management strategies and procedures currently employed in the South African maritime industry. , Thesis (MPhil) -- Faculty of Business and Economic Sciences, School of Economics, Development and Tourism, 2024
- Full Text:
- Date Issued: 2024-04
- «
- ‹
- 1
- ›
- »