Epirismm: an enterprise information risk management model
- Authors: Lategan, Neil
- Date: 2006
- Subjects: Risk management , Small business , Information technology -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9734 , http://hdl.handle.net/10948/541 , Risk management , Small business , Information technology -- Security measures
- Description: Today, information is considered a commodity and no enterprise can operate without it. Indeed, the information and the supporting technology are pivotal in all enterprises. However, a major problem being experienced in the business environment is that enterprise risk cannot be managed effectively because business and information-related risk are not congruently aligned with risk management terminology and practices. The business environment and information technology are bound together by information. For this reason, it is imperative that risk management is synergised in the business, ICT (Information and Communication Technology) and information environments. A thorough, all inclusive, risk analysis exercise needs to be conducted in business and supporting environments in order to develop an effective internal control system. Such an internal control system should reduce the exposure of risk and aid the safeguarding of assets. Indeed, in today’s so-called information age, where business processes integrate the business and ICT environments, it is imperative that a unary internal control system be established, based on a holistic risk management exercise. To ensure that the enterprise, information and ICT environments operate free of the risks that threaten them, the risks should be properly governed. A model, EPiRISMM (Enterprise Information Risk Management Model) is proposed that offers to combine risk management practices from an ICT, information, governance, and enterprise perspective because there are so many overlapping aspects inherent in them. EPiRISMM combines various well-known standards and frameworks into one coherent model. By employing EPiRISMM, an enterprise will be able to eliminate the traditional segmented approach of the ICT department and thus eliminate any previous discontinuity in risk management practices.
- Full Text:
- Date Issued: 2006
- Authors: Lategan, Neil
- Date: 2006
- Subjects: Risk management , Small business , Information technology -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9734 , http://hdl.handle.net/10948/541 , Risk management , Small business , Information technology -- Security measures
- Description: Today, information is considered a commodity and no enterprise can operate without it. Indeed, the information and the supporting technology are pivotal in all enterprises. However, a major problem being experienced in the business environment is that enterprise risk cannot be managed effectively because business and information-related risk are not congruently aligned with risk management terminology and practices. The business environment and information technology are bound together by information. For this reason, it is imperative that risk management is synergised in the business, ICT (Information and Communication Technology) and information environments. A thorough, all inclusive, risk analysis exercise needs to be conducted in business and supporting environments in order to develop an effective internal control system. Such an internal control system should reduce the exposure of risk and aid the safeguarding of assets. Indeed, in today’s so-called information age, where business processes integrate the business and ICT environments, it is imperative that a unary internal control system be established, based on a holistic risk management exercise. To ensure that the enterprise, information and ICT environments operate free of the risks that threaten them, the risks should be properly governed. A model, EPiRISMM (Enterprise Information Risk Management Model) is proposed that offers to combine risk management practices from an ICT, information, governance, and enterprise perspective because there are so many overlapping aspects inherent in them. EPiRISMM combines various well-known standards and frameworks into one coherent model. By employing EPiRISMM, an enterprise will be able to eliminate the traditional segmented approach of the ICT department and thus eliminate any previous discontinuity in risk management practices.
- Full Text:
- Date Issued: 2006
A fuzzy logic control system for a friction stir welding process
- Authors: Majara, Khotso Ernest
- Date: 2006
- Subjects: Friction welding , Fuzzy logic , Automatic control , Fuzzy systems
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9594 , http://hdl.handle.net/10948/405 , Friction welding , Fuzzy logic , Automatic control , Fuzzy systems
- Description: FSW is a welding technique invented and patented by The Welding Institute in 1991. This welding technique utilises the benefits of solid-state welding to materials regarded as difficult to weld by fusion processes. The productivity of the process was not optimised as the real-time dynamics of the material and tool changes were not considered. Furthermore, the process has a plastic weld region where no traditional modelling describing the interaction between the tool and work piece is available. Fuzzy logic technology is one of the artificial intelligent strategies used to improve the control of the dynamics of industrial processes. Fuzzy control was proposed as a viable solution to improve the productivity of the FSW process. The simulations indicated that FLC can use feed rate and welding speed to adaptively regulate the feed force and tool temperature respectively, irrespective of varying tool and material change. The simulations presented fuzzy logic technology to be robust enough to regulate FSW process in the absence of accurate mathematical models.
- Full Text:
- Date Issued: 2006
- Authors: Majara, Khotso Ernest
- Date: 2006
- Subjects: Friction welding , Fuzzy logic , Automatic control , Fuzzy systems
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9594 , http://hdl.handle.net/10948/405 , Friction welding , Fuzzy logic , Automatic control , Fuzzy systems
- Description: FSW is a welding technique invented and patented by The Welding Institute in 1991. This welding technique utilises the benefits of solid-state welding to materials regarded as difficult to weld by fusion processes. The productivity of the process was not optimised as the real-time dynamics of the material and tool changes were not considered. Furthermore, the process has a plastic weld region where no traditional modelling describing the interaction between the tool and work piece is available. Fuzzy logic technology is one of the artificial intelligent strategies used to improve the control of the dynamics of industrial processes. Fuzzy control was proposed as a viable solution to improve the productivity of the FSW process. The simulations indicated that FLC can use feed rate and welding speed to adaptively regulate the feed force and tool temperature respectively, irrespective of varying tool and material change. The simulations presented fuzzy logic technology to be robust enough to regulate FSW process in the absence of accurate mathematical models.
- Full Text:
- Date Issued: 2006
The cost of free instant messaging: an attack modelling perspective
- Authors: Du Preez, Riekert
- Date: 2006
- Subjects: Computer security , Instant messaging , Data protection
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9797 , http://hdl.handle.net/10948/499 , http://hdl.handle.net/10948/d1011921 , Computer security , Instant messaging , Data protection
- Description: Instant Messaging (IM) has grown tremendously over the last few years. Even though IM was originally developed as a social chat system, it has found a place in many companies, where it is being used as an essential business tool. However, many businesses rely on free IM and have not implemented a secure corporate IM solution. Most free IM clients were never intended for use in the workplace and, therefore, lack strong security features and administrative control. Consequently, free IM clients can provide attackers with an entry point for malicious code in an organization’s network that can ultimately lead to a company’s information assets being compromised. Therefore, even though free IM allows for better collaboration in the workplace, it comes at a cost, as the title of this dissertation suggests. This dissertation sets out to answer the question of how free IM can facilitate an attack on a company’s information assets. To answer the research question, the dissertation defines an IM attack model that models the ways in which an information system can be attacked when free IM is used within an organization. The IM attack model was created by categorising IM threats using the STRIDE threat classification scheme. The attacks that realize the categorised threats were then modelled using attack trees as the chosen attack modelling tool. Attack trees were chosen because of their ability to model the sequence of attacker actions during an attack. The author defined an enhanced graphical notation that was adopted for the attack trees used to create the IM attack model. The enhanced attack tree notation extends traditional attack trees to allow nodes in the trees to be of different classes and, therefore, allows attack trees to convey more information. During the process of defining the IM attack model, a number of experiments were conducted where IM vulnerabilities were exploited. Thereafter, a case study was constructed to document a simulated attack on an information system that involves the exploitation of IM vulnerabilities. The case study demonstrates how an attacker’s attack path relates to the IM attack model in a practical scenario. The IM attack model provides insight into how IM can facilitate an attack on a company’s information assets. The creation of the attack model for free IM lead to several realizations. The IM attack model revealed that even though the use of free IM clients may seem harmless, such IM clients can facilitate an attack on a company’s information assets. Furthermore, certain IM vulnerabilities may not pose a great risk by themselves, but when combined with the exploitation of other vulnerabilities, a much greater threat can be realized. These realizations hold true to what French playwright Jean Anouilh once said: “What you get free costs too much”.
- Full Text:
- Date Issued: 2006
- Authors: Du Preez, Riekert
- Date: 2006
- Subjects: Computer security , Instant messaging , Data protection
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9797 , http://hdl.handle.net/10948/499 , http://hdl.handle.net/10948/d1011921 , Computer security , Instant messaging , Data protection
- Description: Instant Messaging (IM) has grown tremendously over the last few years. Even though IM was originally developed as a social chat system, it has found a place in many companies, where it is being used as an essential business tool. However, many businesses rely on free IM and have not implemented a secure corporate IM solution. Most free IM clients were never intended for use in the workplace and, therefore, lack strong security features and administrative control. Consequently, free IM clients can provide attackers with an entry point for malicious code in an organization’s network that can ultimately lead to a company’s information assets being compromised. Therefore, even though free IM allows for better collaboration in the workplace, it comes at a cost, as the title of this dissertation suggests. This dissertation sets out to answer the question of how free IM can facilitate an attack on a company’s information assets. To answer the research question, the dissertation defines an IM attack model that models the ways in which an information system can be attacked when free IM is used within an organization. The IM attack model was created by categorising IM threats using the STRIDE threat classification scheme. The attacks that realize the categorised threats were then modelled using attack trees as the chosen attack modelling tool. Attack trees were chosen because of their ability to model the sequence of attacker actions during an attack. The author defined an enhanced graphical notation that was adopted for the attack trees used to create the IM attack model. The enhanced attack tree notation extends traditional attack trees to allow nodes in the trees to be of different classes and, therefore, allows attack trees to convey more information. During the process of defining the IM attack model, a number of experiments were conducted where IM vulnerabilities were exploited. Thereafter, a case study was constructed to document a simulated attack on an information system that involves the exploitation of IM vulnerabilities. The case study demonstrates how an attacker’s attack path relates to the IM attack model in a practical scenario. The IM attack model provides insight into how IM can facilitate an attack on a company’s information assets. The creation of the attack model for free IM lead to several realizations. The IM attack model revealed that even though the use of free IM clients may seem harmless, such IM clients can facilitate an attack on a company’s information assets. Furthermore, certain IM vulnerabilities may not pose a great risk by themselves, but when combined with the exploitation of other vulnerabilities, a much greater threat can be realized. These realizations hold true to what French playwright Jean Anouilh once said: “What you get free costs too much”.
- Full Text:
- Date Issued: 2006
Monitoring and intelligent control for complex curvature friction stir welding
- Hua, Tao
- Authors: Hua, Tao
- Date: 2006
- Subjects: Friction welding , Fuzzy systems
- Language: English
- Type: Thesis , Doctoral , DTech
- Identifier: vital:9612 , http://hdl.handle.net/10948/420 , Friction welding , Fuzzy systems
- Description: A multi-input multi-output system to implement on-line process monitoring and intelligent control of complex curvature friction stir welding was proposed. An extra rotation axis was added to the existing three translation axes to perform friction stir welding of complex curvature other than straight welding line. A clamping system was designed for locating and holding the workpieces to bear the large force involved in the process between the welding tool and workpieces. Process parameters (feed rate, spindle speed, tilt angle and plunge depth), and process conditions (parent material and curvature), were used as factors for the orthogonal array experiments to collect sensor data of force, torque and tool temperature using multiple sensors and telemetry system. Using statistic analysis of the experimental data, sensitive signal features were selected to train the feed-forward neural networks, which were used for mapping the relationships between process parameters, process conditions and sensor data. A fuzzy controller with initial input/output membership functions and fuzzy rules generated on-line from the trained neural network was applied to perceive process condition changes and make adjustment of process parameters to maintain tool/workpiece contact and energy input. Input/output scaling factors of the fuzzy controller were tuned on-line to improve output response to the amount and trend of control variable deviation from the reference value. Simulation results showed that the presented neuro-fuzzy control scheme has adaptability to process conditions such as parent material and curvature changes, and that the control variables were well regulated. The presented neuro-fuzzy control scheme can be also expected to be applied in other multi-input multi-output machining processes.
- Full Text:
- Date Issued: 2006
- Authors: Hua, Tao
- Date: 2006
- Subjects: Friction welding , Fuzzy systems
- Language: English
- Type: Thesis , Doctoral , DTech
- Identifier: vital:9612 , http://hdl.handle.net/10948/420 , Friction welding , Fuzzy systems
- Description: A multi-input multi-output system to implement on-line process monitoring and intelligent control of complex curvature friction stir welding was proposed. An extra rotation axis was added to the existing three translation axes to perform friction stir welding of complex curvature other than straight welding line. A clamping system was designed for locating and holding the workpieces to bear the large force involved in the process between the welding tool and workpieces. Process parameters (feed rate, spindle speed, tilt angle and plunge depth), and process conditions (parent material and curvature), were used as factors for the orthogonal array experiments to collect sensor data of force, torque and tool temperature using multiple sensors and telemetry system. Using statistic analysis of the experimental data, sensitive signal features were selected to train the feed-forward neural networks, which were used for mapping the relationships between process parameters, process conditions and sensor data. A fuzzy controller with initial input/output membership functions and fuzzy rules generated on-line from the trained neural network was applied to perceive process condition changes and make adjustment of process parameters to maintain tool/workpiece contact and energy input. Input/output scaling factors of the fuzzy controller were tuned on-line to improve output response to the amount and trend of control variable deviation from the reference value. Simulation results showed that the presented neuro-fuzzy control scheme has adaptability to process conditions such as parent material and curvature changes, and that the control variables were well regulated. The presented neuro-fuzzy control scheme can be also expected to be applied in other multi-input multi-output machining processes.
- Full Text:
- Date Issued: 2006
A holistic approach to network security in OGSA-based grid systems
- Authors: Loutsios, Demetrios
- Date: 2006
- Subjects: Computer networks -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9736 , http://hdl.handle.net/10948/550 , Computer networks -- Security measures
- Description: Grid computing technologies facilitate complex scientific collaborations between globally dispersed parties, which make use of heterogeneous technologies and computing systems. However, in recent years the commercial sector has developed a growing interest in Grid technologies. Prominent Grid researchers have predicted Grids will grow into the commercial mainstream, even though its origins were in scientific research. This is much the same way as the Internet started as a vehicle for research collaboration between universities and government institutions, and grew into a technology with large commercial applications. Grids facilitate complex trust relationships between globally dispersed business partners, research groups, and non-profit organizations. Almost any dispersed “virtual organization” willing to share computing resources can make use of Grid technologies. Grid computing facilitates the networking of shared services; the inter-connection of a potentially unlimited number of computing resources within a “Grid” is possible. Grid technologies leverage a range of open standards and technologies to provide interoperability between heterogeneous computing systems. Newer Grids build on key capabilities of Web-Service technologies to provide easy and dynamic publishing and discovery of Grid resources. Due to the inter-organisational nature of Grid systems, there is a need to provide adequate security to Grid users and to Grid resources. This research proposes a framework, using a specific brokered pattern, which addresses several common Grid security challenges, which include: Providing secure and consistent cross-site Authentication and Authorization; Single-sign on capabilities to Grid users; Abstract iii; Underlying platform and runtime security, and; Grid network communications and messaging security. These Grid security challenges can be viewed as comprising two (proposed) logical layers of a Grid. These layers are: a Common Grid Layer (higher level Grid interactions), and a Local Resource Layer (Lower level technology security concerns). This research is concerned with providing a generic and holistic security framework to secure both layers. This research makes extensive use of STRIDE - an acronym for Microsoft approach to addressing security threats - as part of a holistic Grid security framework. STRIDE and key Grid related standards, such as Open Grid Service Architecture (OGSA), Web-Service Resource Framework (WS-RF), and the Globus Toolkit are used to formulate the proposed framework.
- Full Text:
- Date Issued: 2006
- Authors: Loutsios, Demetrios
- Date: 2006
- Subjects: Computer networks -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9736 , http://hdl.handle.net/10948/550 , Computer networks -- Security measures
- Description: Grid computing technologies facilitate complex scientific collaborations between globally dispersed parties, which make use of heterogeneous technologies and computing systems. However, in recent years the commercial sector has developed a growing interest in Grid technologies. Prominent Grid researchers have predicted Grids will grow into the commercial mainstream, even though its origins were in scientific research. This is much the same way as the Internet started as a vehicle for research collaboration between universities and government institutions, and grew into a technology with large commercial applications. Grids facilitate complex trust relationships between globally dispersed business partners, research groups, and non-profit organizations. Almost any dispersed “virtual organization” willing to share computing resources can make use of Grid technologies. Grid computing facilitates the networking of shared services; the inter-connection of a potentially unlimited number of computing resources within a “Grid” is possible. Grid technologies leverage a range of open standards and technologies to provide interoperability between heterogeneous computing systems. Newer Grids build on key capabilities of Web-Service technologies to provide easy and dynamic publishing and discovery of Grid resources. Due to the inter-organisational nature of Grid systems, there is a need to provide adequate security to Grid users and to Grid resources. This research proposes a framework, using a specific brokered pattern, which addresses several common Grid security challenges, which include: Providing secure and consistent cross-site Authentication and Authorization; Single-sign on capabilities to Grid users; Abstract iii; Underlying platform and runtime security, and; Grid network communications and messaging security. These Grid security challenges can be viewed as comprising two (proposed) logical layers of a Grid. These layers are: a Common Grid Layer (higher level Grid interactions), and a Local Resource Layer (Lower level technology security concerns). This research is concerned with providing a generic and holistic security framework to secure both layers. This research makes extensive use of STRIDE - an acronym for Microsoft approach to addressing security threats - as part of a holistic Grid security framework. STRIDE and key Grid related standards, such as Open Grid Service Architecture (OGSA), Web-Service Resource Framework (WS-RF), and the Globus Toolkit are used to formulate the proposed framework.
- Full Text:
- Date Issued: 2006
A framework for secure mobility in wireless overlay networks
- Authors: Chen, Hejun
- Date: 2006
- Subjects: Wireless communication systems , Computer networks
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9778 , http://hdl.handle.net/10948/819 , Wireless communication systems , Computer networks
- Description: Various wireless networks are widely deployed world wide. Current technologies employed in these networks vary widely in terms of bandwidths, latencies, frequencies, and media access methods. Most existing wireless network technologies can be divided into two categories: those that provide a low-bandwidth service over a wide geographic area, for example UMTS, and those that provide a high bandwidth service over a narrow geographic area, for example 802.11. Although it would be desirable to provide a high- bandwidth service over a wide coverage region to mobile users all the time, no single wireless network technology simultaneously satisfies these require- ments. Wireless Overlay Networks, a hierarchical structure of wireless personal area, local area, and wide area data networks, is considered as an efficient and scalable way to solve this problem. Due to the wide deployment of UMTS and 802.11 WLAN, this study attempts to combine them to implement the concept of Wireless Overlay Net- works. Furthermore, the information transmitted over this Wireless Overlay Networks is protected in terms of authentication, integrity and confidentiality. To achieve this goal, this study aims to combine GPRS, Mobile IP and IPSec to propose a framework for secure mobility in Wireless Overlay Networks. The framework is developed in three steps: Firstly, this study addresses the problem of combining GPRS and Mo- bile IP, so that GPRS users are provided with Mobile IP service. This results in presenting a uniform Mobile IP interface to peers regardless of whether mobile users use UMTS or 802.11 WLAN. Secondly, this study discovers the existing problem when combining Mobile IP and IPSec, and proposes a Dual Home Agent Architecture to achieve secure mobility. Finally, based on the output of the previous two steps, a complete framework is proposed, which achieves secure mobility in Wireless Overlay Networks, specifically, in UMTS and 802.11 WLAN. The framework also implements seamless handover when mobile users switch between UMTS and 802.11. This results in UMTS and 802.11 WLAN looking like a single network when participating in this framework, and presents seamless and secure mobility.
- Full Text:
- Date Issued: 2006
- Authors: Chen, Hejun
- Date: 2006
- Subjects: Wireless communication systems , Computer networks
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9778 , http://hdl.handle.net/10948/819 , Wireless communication systems , Computer networks
- Description: Various wireless networks are widely deployed world wide. Current technologies employed in these networks vary widely in terms of bandwidths, latencies, frequencies, and media access methods. Most existing wireless network technologies can be divided into two categories: those that provide a low-bandwidth service over a wide geographic area, for example UMTS, and those that provide a high bandwidth service over a narrow geographic area, for example 802.11. Although it would be desirable to provide a high- bandwidth service over a wide coverage region to mobile users all the time, no single wireless network technology simultaneously satisfies these require- ments. Wireless Overlay Networks, a hierarchical structure of wireless personal area, local area, and wide area data networks, is considered as an efficient and scalable way to solve this problem. Due to the wide deployment of UMTS and 802.11 WLAN, this study attempts to combine them to implement the concept of Wireless Overlay Net- works. Furthermore, the information transmitted over this Wireless Overlay Networks is protected in terms of authentication, integrity and confidentiality. To achieve this goal, this study aims to combine GPRS, Mobile IP and IPSec to propose a framework for secure mobility in Wireless Overlay Networks. The framework is developed in three steps: Firstly, this study addresses the problem of combining GPRS and Mo- bile IP, so that GPRS users are provided with Mobile IP service. This results in presenting a uniform Mobile IP interface to peers regardless of whether mobile users use UMTS or 802.11 WLAN. Secondly, this study discovers the existing problem when combining Mobile IP and IPSec, and proposes a Dual Home Agent Architecture to achieve secure mobility. Finally, based on the output of the previous two steps, a complete framework is proposed, which achieves secure mobility in Wireless Overlay Networks, specifically, in UMTS and 802.11 WLAN. The framework also implements seamless handover when mobile users switch between UMTS and 802.11. This results in UMTS and 802.11 WLAN looking like a single network when participating in this framework, and presents seamless and secure mobility.
- Full Text:
- Date Issued: 2006
Towards a framework for corporate information governance
- Authors: Mears, Lynette May
- Date: 2006
- Subjects: Information technology -- Management
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9775 , http://hdl.handle.net/10948/820 , Information technology -- Management
- Description: Information is a critical asset without which an organisation could not survive. The adequate and effective governance of this asset is an essential function and is the direct responsibility of the board and senior management. The board and senior management have a responsibility to maintain the financial and material health of their enterprise and this includes setting the proper direction and governance of the information asset. Many organisations have, over the past few years, suffered severe losses and failures due to the inadequate governance and protection of this valuable asset. The reasons for the lack of corporate information governance need to be examined. The board and senior management need to direct and control their organisations effectively, with the appropriate delegation of responsibilities, to reduce the possibility of suffering similar losses and/or failures. The contribution made by this study is illustrated in the designing of a framework and activity plans to facilitate the board in practically implementing an improved corporate information governance process.
- Full Text:
- Date Issued: 2006
- Authors: Mears, Lynette May
- Date: 2006
- Subjects: Information technology -- Management
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9775 , http://hdl.handle.net/10948/820 , Information technology -- Management
- Description: Information is a critical asset without which an organisation could not survive. The adequate and effective governance of this asset is an essential function and is the direct responsibility of the board and senior management. The board and senior management have a responsibility to maintain the financial and material health of their enterprise and this includes setting the proper direction and governance of the information asset. Many organisations have, over the past few years, suffered severe losses and failures due to the inadequate governance and protection of this valuable asset. The reasons for the lack of corporate information governance need to be examined. The board and senior management need to direct and control their organisations effectively, with the appropriate delegation of responsibilities, to reduce the possibility of suffering similar losses and/or failures. The contribution made by this study is illustrated in the designing of a framework and activity plans to facilitate the board in practically implementing an improved corporate information governance process.
- Full Text:
- Date Issued: 2006
Restoring trust by verifying information integrity through continuous auditing
- Authors: Flowerday, Stephen
- Date: 2006
- Subjects: Auditing, Internal , Corporate governance
- Language: English
- Type: Thesis , Doctoral , DTech
- Identifier: vital:9796 , http://hdl.handle.net/10948/504 , http://hdl.handle.net/10948/d1011920 , Auditing, Internal , Corporate governance
- Description: Corporate scandals such as Enron, WorldCom and Parmalat, have focused recent governance efforts in the domain of financial reporting due to fraudulent and/or erroneous accounting practices. In addition, the ineffectiveness of the current system of controls has been highlighted, including that some directors have been weak and ineffective monitors of managers. This board of director ‘weakness’ has called for additional mechanisms for monitoring and controlling of management, focusing on financial reporting. This problem intensifies in that today companies function in real-time, and decisions are based on available realtime financial information. However, the assurances provided by traditional auditing take place months after the transactions have occurred and therefore, a trust problem arises because information is not verified in real-time. Consequently, the errors and fraud concealed within the financial information is not discovered until months later. To address this trust problem a conceptual causal model is proposed in this study based on the principles of systems theory. The emergent property of the causal model is increased trust and control. This study establishes that mutual assurances assist in building trust and that information security assists in safeguarding trust. Subsequently, in order to have a positive relationship between the company directors and various stakeholders, uncertainty needs to be contained, and the level of trust needs to surpass the perceived risks. The study concludes that assurances need to be provided in real-time to restore stakeholder confidence and trust in the domain of financial reporting. In order to provide assurances in real-time, continuous auditing is required to verify the integrity of financial information when it becomes available, and not months later. A continuous auditing process has its foundations grounded in information technology and attends to the challenges in real-time by addressing the standardisation of data to enable effective analysis, the validation of the accuracy of the data and the reliability of the system.
- Full Text:
- Date Issued: 2006
- Authors: Flowerday, Stephen
- Date: 2006
- Subjects: Auditing, Internal , Corporate governance
- Language: English
- Type: Thesis , Doctoral , DTech
- Identifier: vital:9796 , http://hdl.handle.net/10948/504 , http://hdl.handle.net/10948/d1011920 , Auditing, Internal , Corporate governance
- Description: Corporate scandals such as Enron, WorldCom and Parmalat, have focused recent governance efforts in the domain of financial reporting due to fraudulent and/or erroneous accounting practices. In addition, the ineffectiveness of the current system of controls has been highlighted, including that some directors have been weak and ineffective monitors of managers. This board of director ‘weakness’ has called for additional mechanisms for monitoring and controlling of management, focusing on financial reporting. This problem intensifies in that today companies function in real-time, and decisions are based on available realtime financial information. However, the assurances provided by traditional auditing take place months after the transactions have occurred and therefore, a trust problem arises because information is not verified in real-time. Consequently, the errors and fraud concealed within the financial information is not discovered until months later. To address this trust problem a conceptual causal model is proposed in this study based on the principles of systems theory. The emergent property of the causal model is increased trust and control. This study establishes that mutual assurances assist in building trust and that information security assists in safeguarding trust. Subsequently, in order to have a positive relationship between the company directors and various stakeholders, uncertainty needs to be contained, and the level of trust needs to surpass the perceived risks. The study concludes that assurances need to be provided in real-time to restore stakeholder confidence and trust in the domain of financial reporting. In order to provide assurances in real-time, continuous auditing is required to verify the integrity of financial information when it becomes available, and not months later. A continuous auditing process has its foundations grounded in information technology and attends to the challenges in real-time by addressing the standardisation of data to enable effective analysis, the validation of the accuracy of the data and the reliability of the system.
- Full Text:
- Date Issued: 2006
Corporate information risk : an information security governance framework
- Authors: Posthumus, Shaun Murray
- Date: 2006
- Subjects: Computer security , Business enterprises -- Computer networks -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9776 , http://hdl.handle.net/10948/814 , Computer security , Business enterprises -- Computer networks -- Security measures
- Description: Information Security is currently viewed from a technical point of view only. Some authors believe that Information Security is a process that involves more than merely Risk Management at the department level, as it is also a strategic and potentially legal issue. Hence, there is a need to elevate the importance of Information Security to a governance level through Information Security Governance and propose a framework to help guide the Board of Directors in their Information Security Governance efforts. IT is a major facilitator of organizational business processes and these processes manipulate and transmit sensitive customer and financial information. IT, which involves major risks, may threaten the security if corporate information assets. Therefore, IT requires attention at board level to ensure that technology-related information risks are within an organization’s accepted risk appetite. However, IT issues are a neglected topic at board level and this could bring about enronesque disasters. Therefore, there is a need for the Board of Directors to direct and control IT-related risks effectively to reduce the potential for Information Security breaches and bring about a stronger system of internal control. The IT Oversight Committee is a proven means of achieving this, and this study further motivates the necessity for such a committee to solidify an organization’s Information Security posture among other IT-related issues.
- Full Text:
- Date Issued: 2006
- Authors: Posthumus, Shaun Murray
- Date: 2006
- Subjects: Computer security , Business enterprises -- Computer networks -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9776 , http://hdl.handle.net/10948/814 , Computer security , Business enterprises -- Computer networks -- Security measures
- Description: Information Security is currently viewed from a technical point of view only. Some authors believe that Information Security is a process that involves more than merely Risk Management at the department level, as it is also a strategic and potentially legal issue. Hence, there is a need to elevate the importance of Information Security to a governance level through Information Security Governance and propose a framework to help guide the Board of Directors in their Information Security Governance efforts. IT is a major facilitator of organizational business processes and these processes manipulate and transmit sensitive customer and financial information. IT, which involves major risks, may threaten the security if corporate information assets. Therefore, IT requires attention at board level to ensure that technology-related information risks are within an organization’s accepted risk appetite. However, IT issues are a neglected topic at board level and this could bring about enronesque disasters. Therefore, there is a need for the Board of Directors to direct and control IT-related risks effectively to reduce the potential for Information Security breaches and bring about a stronger system of internal control. The IT Oversight Committee is a proven means of achieving this, and this study further motivates the necessity for such a committee to solidify an organization’s Information Security posture among other IT-related issues.
- Full Text:
- Date Issued: 2006
- «
- ‹
- 1
- ›
- »