A strategic approach for handling information security incidents in higher education
- Authors: Khamali, Rethabile
- Date: 2024-04
- Subjects: Computer security -- Management , Computer security , Information resources management , Corporate governance -- South Africa
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/64588 , vital:73769
- Description: Information Security Management System (ISMS) is a set of processes to protect institution information assets and information and to preserve confidentiality, integrity, and availability of institutional information. In the world of computers, it is known that there is no silver bullet when it comes to protecting an IT infrastructure. At some point, an organisation will face a security breach, and how it deals with the information security incident depending on the robustness of its processes and the strategy for handling incidents. In today’s world, information communication and technology (ICT) is integral in automating manual tasks that can take hours and even days to execute. The more institutions depend on technology, the more they become vulnerable to cyber threats. This could result in an institution losing its competitive edge, facing legal issues, loss of reputation, customer confidence and productivity, and lastly, financial loss. Various information security standards, frameworks, and methodologies can be applied to protect information assets. Many of these best practices define the ‘what’ and not the ‘how’ making it even more complex for institutions such as Higher Education to implement ISMS. The study aims is to develop a strategy for handling information security incidents that Higher Education Institutions can follow to improve how incidents, cyber threats and breaches are handled. The primary research objective is addressed through several secondary research objectives, namely, to investigate current strategies that Higher Education Institutions can utilise for the handling of information security incidents, to understand various challenges that Higher Education Institutions encounter when handling information security incidents, to assess the current capacity of relevant personnel in handling information security incidents through semi-structured interviews. A detailed literature review was undertaken to delve into existing various information security standards, frameworks, and methodologies. In addition, an investigation was conducted on ISMS adoption and implementation by institutions and Higher Education Institutions in general and how modern best practices such as ISO2700x, COBIT, ITIL, NIST, etc, relate to ISMS. Furthermore, semi-structured interviews were conducted to determine information security incidents at South African Higher Education Institutions. Expert interviews are utilised to evaluate the proposed strategy and provide input. The literature review findings, together with results obtained from semi-structured and expert interviews, are used to develop a strategy evaluated for its robustness, effectiveness, and suitability for the purpose. The developed strategy can be considered a beneficial tool for Higher Education Institutions in South Africa for handling information security incidents. This study’s findings significantly contribute to ISMS research in Higher Education Institutions in South Africa. In conclusion, findings of the study can be summarized as follows. The first chapter, which is also an introduction, sets out the scene for the entire research study undertaken by first highlighting information technology as an integral part of any business nowadays. Higher education institutions collect, process and store sensitive information of current and prospective students and employees, which might be of value to hackers. An information security management system (ISMS) can minimise damage by ensuring information assets are protected from a wide range of threats and business resilience in case of a breach or an incident. Chapter 2 reviews the existing literature for these frameworks, standards, and methods. In addition, various ISMS challenges and limitations within Higher Education Institutions were explored. The third chapter outlines the research design process and an emphasises that it must be based on real-world or tangible challenges. The fourth chapter presented and discussed results that were obtained from semi-structured interviews. The study’s analysis and findings vividly show that there is a need to implement a strategy to handle information security incidents for South African higher education institutions. The strategic management approach used to formulate a strategy to address the identified real problem is discussed in detail in chapter 5. The strategy is developed based on the information gathered from the literature review and semi-structured interviews. The results of the assessment of the proposed strategy carried out by the experts are presented in Chapter 6.The chapter also includes recommendations made by the experts to improve the proposedstrategy. , Thesis (MPhil) -- Faculty of Engineering, the Built Environment and Technology, School of Information Technology, 2024
- Full Text:
- Date Issued: 2024-04
An information services framework for commercial extension services
- Authors: Simpson, Antony Paul
- Date: 2014
- Subjects: Agricultural extension work , Business networks , Information resources management
- Language: English
- Type: Thesis , Doctoral , PhD
- Identifier: http://hdl.handle.net/10948/8575 , vital:26408
- Description: The first of the eight United Nations Millennium Development Goals for 2015 is to “Eradicate Extreme Poverty and Hunger”. Achieving this goal would be aided by having an effective and productive agricultural community. Agricultural organisations assist producers to be more effective in their operation through Commercial Extension Services (CES). Through CES, producers are advised and educated about new agricultural practices, techniques and products. A key component of CES is the provision of relevant information to producers. The problem this research addressed was that producers experience difficulty in accessing the information they require in a timeous, relevant and personalised manner. No suitable framework was found for agricultural organisations to use when designing and implementing an Information Services Platform. The main research objective was to develop and evaluate an Information Services Framework (ISF) for organisations offering information as a CES. The research methodology used to achieve this objective was Design Science Research (DSR). DSR is an iterative methodology with three cycles, namely the relevance, the design and the rigor cycles. The relevance cycle was used to acquire the information required to inform the design cycle. The information was collected by using literature research and empirical studies. The first study, the Producer Information Requirements Survey (PIRS) sought to determine the information requirements of grain producers and was conducted by interviewing grain producers in the Swartland region of South Africa. The second study, the Internet and Mobile Device Usage Survey (IMDUS) investigated the use of the Internet and mobile devices amongst South African producers by means of a national on-line survey. The quantitative and qualitative results of the analysis were used during the design phase to develop the ISF. The design phase of DSR process led to the creation of an ISF for providing Information as a Service (IaaS) in CES. The framework allows for information services to be provided in a manner and form customised to an individual producer’s preferences. The foundation of the framework is that information can be sourced from various sources, internal or external to the organisation and distributed to producers by using a unified platform. During the research, an agricultural organisation, BKB GrainCo used the proposed ISF to develop an Information Services Platform (ISP) to provide information to its producers. BKB GrainCo’s development process included two evaluations. The first evaluation, the Information Preferences Prototype Survey, was intended to test a key component of the framework, the nformation Preferences Profile. The Information Preferences Profile was conceptualized following the PIRS. In the PIRS it was determined that individual producers would prefer to specify what information they would receive, when they required it and have it delivered by using a medium of their choice. The second evaluation of the design phase was a Usability Study. The Usability Study was intended to test the functionality of the system across various technologies. The rigor cycle, following the implementation of BKB GrainCo’s ISP, contained the main evaluation, the Information Services Platform Evaluation. The evaluation was used to test the impact of BKB GrainCo’s ISP on perception of received service. The evaluation used a standardised version of the standardised SERVQUAL instrument specifically adapted in this research to measure the provision of IaaS. The results obtained during the evaluation indicated that the BKB GrainCo’s Information Services Platform was found to be valued by producers and improved the communication services of agricultural organisations. It was inferred from the successful implementation of BKB GrainCo’s ISP and the positive response from producers, after the evaluations, that the developed ISF was suitable for an agricultural organisation to provide CES. The theoretical contributions included underpinning the concept of CES in terms of stakeholder theory. Its underpinning provides justification for agricultural organisations to improve CES – including the provision of information. A second theoretical contribution was the extension of SERVQUAL as an IS theory by developing and validating a dimension designed to test the provision of IaaS. Providing producers with accurate and reliable personalised information has the capacity to improve producers’ ability to make informed decisions. Informed decision making will contribute to having an effective and productive agricultural community; resulting in improvement of agricultural output and contributing to food security and job creation. Improved agricultural output, better food security and job creation are aspects which will contribute toward the attainment of the first of eight United Nations Millennium Development Goals for 2015, which is to “Eradicate Extreme Poverty and Hunger”.
- Full Text:
- Date Issued: 2014
Fundamentals of Information Systems: IFS 121 & 121E
- Authors: Boucher, D , Wayi, N
- Date: 2011-02
- Subjects: Information resources management
- Language: English
- Type: Examination paper
- Identifier: vital:17476 , http://hdl.handle.net/10353/d1010344
- Description: Fundamentals of Information Systems: IFS 121 & 121E, Supplementary Examination February 2011.
- Full Text: false
- Date Issued: 2011-02
Fundamentals of Information Systems: IFS 121 & 121E
- Authors: Boucher, D , Wayi, N
- Date: 2010-11
- Subjects: Information resources management
- Language: English
- Type: Examination paper
- Identifier: vital:17479 , http://hdl.handle.net/10353/d1010347
- Description: Fundamentals of Information Systems: IFS 121 & 121E, Supplementary examination November 2010.
- Full Text: false
- Date Issued: 2010-11
Management of information systems: LIB 422
- Authors: Leach, A , Ondari-Okemwa, E M
- Date: 2010-01
- Subjects: Information resources management
- Language: English
- Type: Examination paper
- Identifier: vital:17997 , http://hdl.handle.net/10353/d1010571
- Description: Management of information systems: LIB 422, supplementary examination January 2010.
- Full Text: false
- Date Issued: 2010-01
Fundamentals of Information Systems: IFS 121 & 121E
- Authors: Boucher, D , Wayi, N , Piderit, R
- Date: 2009-11
- Subjects: Information resources management
- Language: English
- Type: Examination paper
- Identifier: vital:17478 , http://hdl.handle.net/10353/d1010346
- Description: Fundamentals of Information Systems: IFS 121 & 121E, examination paper November 2009.
- Full Text: false
- Date Issued: 2009-11
A model for user requirements elicitation specific to users in rural areas
- Authors: Isabirye, Naomi
- Date: 2009
- Subjects: Internet marketing , Electronic commerce , Land reform -- South Africa -- Eastern Cape , Sustainable development -- South Africa -- Eastern Cape , Rural poor -- South Africa -- Eastern Cape , Information resources management
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11130 , http://hdl.handle.net/10353/145 , Internet marketing , Electronic commerce , Land reform -- South Africa -- Eastern Cape , Sustainable development -- South Africa -- Eastern Cape , Rural poor -- South Africa -- Eastern Cape , Information resources management
- Description: Dwesa is a rural town situated in South Africa's Eastern Cape Province that has been selected as a testing site for an e-commerce project to address some of the challenges faced by the community. These challenges include difficulties stemming from poverty, poor access to public services, unemployment and low levels of literacy. The Siyakhula Living Lab project’s aim is to develop an e-commerce platform that will 'connect' the residents with the necessary access to services and markets by providing them with the necessary tools that can help in alleviating some of their challenges. In order for the project to achieve its objectives, a deeper understanding into the needs of the prospective users is required. User requirements elicitation deals with the process of interacting with the prospective users to understand and document their needs. This research aims at evaluating existing requirements elicitation techniques and methodologies in the context of rural information technology implementations. The primary objective is to develop a model for user requirements elicitation in Dwesa. Many requirements elicitation techniques and frameworks exist, but few have been evaluated in the context of rural software implementations. Requirements elicitation techniques should not be applied simply as steps to gather information. Instead this research project proposes a model that can be applied to assimilate the contribution of knowledge regarding the stakeholders, problem and solution characteristics, and other characteristics into the software development process for the effective elicitation of requirements.
- Full Text:
- Date Issued: 2009
Adoption of business information systems in an automotive manufacturing environment: a case study
- Authors: Dyer, Shirley
- Date: 2008
- Subjects: Management information systems , Technology -- Information services , Information resources management , Business -- Data processing
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9772 , http://hdl.handle.net/10948/892 , Management information systems , Technology -- Information services , Information resources management , Business -- Data processing
- Description: Dorbyl Automotive Technologies (DAT) is a manufacturing company that supplies parts and components to the local and international motor vehicle market. The automotive components’ market is very competitive and customers require more from the industry to stay competitive. Customers require full integration throughout the supply chain. DAT and its Information Systems Department have ensured that the necessary business information systems are available to assist the company in staying competitive. One problem, though, is that the users of these systems are not using and adopting the technologies available. This research examines the reasons for this by making use of a technology acceptance model called the UNIFIED THEORY OF ACCEPTANCE AND USE OF TECHNOLOGY (UTAUT), which is an integrated model based on eight different available acceptance models. The aim is to understand which factors influence the use of systems. The research also proposes a way forward by suggesting a model to assist DAT in new system implementations as well as correcting the current situation. The only way DAT will stay competitive is by ensuring that the company becomes lean. Customers demand this as more and more are moving to just-in-time delivery. This implies that the suppliers must react to changes real-time. The use of business information systems will become the main focus area to react to changes quickly and correctly. Effective and accurate systems depend on users making good use of these systems. Remaining competitive will depend on how effectively Information and Communication Technologies (ICT) are used.
- Full Text:
- Date Issued: 2008
Business process security maturity: a paradigm convergence
- Authors: Box, Debra
- Date: 2008
- Subjects: Management information systems , Reengineering (Management) , Organizational change , Systems engineering , Information resources management
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9785 , http://hdl.handle.net/10948/722 , Management information systems , Reengineering (Management) , Organizational change , Systems engineering , Information resources management
- Description: Information technology developments in software and hardware have enabled radical changes in information systems, culminating in the paradigm Business Process Management. There has been a concomitant rise in the importance of information security and security engineering due to the increased reliance by society on information. Information is seen as a critical success factor which needs protection. Information security is the response to increased hazards created through recent innovations in Web technology and the advent of intra and inter enterprise-wide systems. Security engineering is based on a variety of codes of practice and security metrics which aim at ameliorating these increased security hazards. Its aim is to produce a balanced set of security needs which are integrated into the system activities to establish confidence in the effectiveness of the security counter-measures. It is generally accepted that security should be applied in an integrated approach, for example, in Information Systems development. This has proved to be a noble thought but is the exception to the rule. Security, historically, is generally applied as an after-thought in an Information Technology implementation. This motivated the concept of formulating a model of integrating security inherently within the paradigm of BPM. The overarching requirements of the model are to align the overall organisational security initiatives and ensure continuous improvement through constant evaluation and adaptation of the security processes. It is the intention of this research to show that these requirements are achievable through aligning the process management methodology of BPM, with the security paradigms of Information Security Management (using the ISO 17799 standard) and security engineering (using the Systems Security Engineering Capability Maturity Model – SSE-CMM). The aim of the Business Process Security Maturity model as the output of this research, is to link the SSE-CMM, as the security metric and appraisal method, to the ISO 17799 security standard, which provides the guidance for the information security management framework and security control selection, within the Business Process Management environment. The SSE-CMM, as the security version of the Capability Maturity Model, provides the necessary strategy to control the security engineering processes that support the information systems and it maintains that as processes mature they become more predictable, effective and manageable. The aim of the model is to provide an integrated, mature security strategy within the business process and monitor and correct the security posture of the implemented counter-measures.
- Full Text:
- Date Issued: 2008
A methodology for measuring and monitoring IT risk
- Authors: Tansley, Natalie Vanessa
- Date: 2007
- Subjects: Electronic data processing departments -- Security measures , Business -- Data processing -- Security measures , Information resources management , Information technology -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9781 , http://hdl.handle.net/10948/772 , Electronic data processing departments -- Security measures , Business -- Data processing -- Security measures , Information resources management , Information technology -- Security measures
- Description: The primary objective of the research is to develop a methodology for monitoring and measuring IT risks, strictly focusing on internal controls. The research delivers a methodology whereby an organization can measure its system of internal controls, providing assurance that the risks are at an acceptable level. To achieve the primary objective a number of secondary objectives were addressed: What are the drivers forcing organizations to better corporate governance in managing risk? What is IT risk management, specifically focusing on operational risk. What is internal control and specifically focusing on COSO’s internal control process. Investigation of measurement methods, such as, Balance Scorecards, Critical Success Factors, Maturity Models, Key Performance Indicators and Key Goal Indicators. Investigation of various frameworks such as CobiT, COSO and ISO 17799, ITIL and BS 7799 as to how they manage IT risk relating to internal control.
- Full Text:
- Date Issued: 2007
Geographically distributed requirements elicitation
- Authors: Vat, Nicholas
- Date: 2000
- Subjects: Management information systems -- Management , Information resources management , System design , System analysis
- Language: English
- Type: Thesis , Masters , MCom
- Identifier: vital:1136 , http://hdl.handle.net/10962/d1002764 , Management information systems -- Management , Information resources management , System design , System analysis
- Description: The technology revolution has transformed the way in which many organisations do their business. The resultant information systems have increased the decision making powers of executives, leading to increased effectiveness and ultimately to improved product delivery. The process of information systems development is, however, complex. Furthermore, it has a poor track record in terms of on-time and within-budget delivery, but more significantly in terms of low user acceptance frequently attributable to poor user requirements specification. Consequently, much attention has been given to the process of requirements elicitation, with both researchers and businessmen seeking new, innovative and effective methods. These methods usually involve large numbers of participants who are drawn from within the client and developer organisations. This is a financially costly characteristic of the requirements elicitation process. Besides information systems, the technology revolution has also brought sophisticated communication technologies into the marketplace. These communication technologies allow people to communicate with one another in a variety of different time and space scenarios. An important spin-off of this is the ability for people located in significantly different geographical locations to work collaboratively on a project. It is claimed that this approach to work has significant cost and productivity advantages. This study draws the requirements elicitation process into the realm of collaborative work. Important project management, communication, and collaborative working principles are examined in detail, and a model is developed which represents these issues as they pertain to the requirements elicitation process. An empirical study (conducted in South Africa) is performed in order to examine the principles of the model and the relationships between its constituent elements. A model of geographically distributed requirements elicitation (GDRE) is developed on the basis of the findings of this investigation. The model of GDRE is presented as a 3-phased approach to requirements elicitation, namely planning, implementation, and termination. Significantly, the model suggests the use of interviews, structured workshops, and prototyping as the chief requirements elicitation methods to be adopted in appropriate conditions. Although a detailed study of communications technology was not performed, this thesis suggests that each individual GDRE implementation requires a different mix of communication technologies to support its implementation.
- Full Text:
- Date Issued: 2000