Towards a Risk Assessment Matrix for Information Security Workarounds Associated with Acceptable Use Policies
- Authors: Slabbert, Eugene
- Date: 2022-04
- Subjects: Information technology -- Security measures
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/58473 , vital:59519
- Description: Acceptable Use Policies (AUPs) are used to influence employees’ information security behaviour. Some employees feel that the AUPs and related procedures interfere with their ability to work efficiently and may, therefore, choose not to comply by utilising information security workarounds associated with the AUP. An AUP workaround is a form of information security non-compliance that may result in unnecessary information security risk exposure for an organisation. Some AUP workarounds may be useful as they identify more efficient ways to complete tasks that may not impact the information security of an organisation. However, these efficiencies should only be considered for incorporation into standard procedures when the information security risk exposure of an AUP workaround is known. This leads to the problem statement. Many organisations do not have a formal way in which to assess the information security risks posed by workarounds associated with their Acceptable Use Policies, and related procedures. This study provides a solution to the identified problem through the primary objective, to develop a Risk Assessment Matrix for Information Security Workarounds associated with Acceptable Use Policies, and related procedures. Four secondary research objectives were proposed to achieve the primary research objective. The first secondary objective determines the role of information security risk management and how it relates to information security governance through the utilisation of a literature review. The second secondary objective firstly utilises a literature review to determine the role that the AUP and its related procedures play within an organisation, followed by a content analysis which identifies the key content that should be considered in a comprehensive AUP. The third secondary objective determines the factors that influence the use of AUP workarounds within an organisation through the utilisation of a literature review. Lastly, the fourth secondary objective utilises a literature review to determine the key components required for the development of the risk assessment matrix for information security workarounds. In addition, critical reasoning is used to create the risk assessment matrix for information security workarounds. The solution to this study contributes to the body of knowledge by proposing a risk assessment matrix to assess the information security risk exposure of AUP workarounds and find possible efficiency gains while keeping information security risk exposure to a minimum. , Thesis (MA) -- Faculty of Engineering, the Built Environment, and Technology, 2022
- Full Text:
- Date Issued: 2022-04
- Authors: Slabbert, Eugene
- Date: 2022-04
- Subjects: Information technology -- Security measures
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/58473 , vital:59519
- Description: Acceptable Use Policies (AUPs) are used to influence employees’ information security behaviour. Some employees feel that the AUPs and related procedures interfere with their ability to work efficiently and may, therefore, choose not to comply by utilising information security workarounds associated with the AUP. An AUP workaround is a form of information security non-compliance that may result in unnecessary information security risk exposure for an organisation. Some AUP workarounds may be useful as they identify more efficient ways to complete tasks that may not impact the information security of an organisation. However, these efficiencies should only be considered for incorporation into standard procedures when the information security risk exposure of an AUP workaround is known. This leads to the problem statement. Many organisations do not have a formal way in which to assess the information security risks posed by workarounds associated with their Acceptable Use Policies, and related procedures. This study provides a solution to the identified problem through the primary objective, to develop a Risk Assessment Matrix for Information Security Workarounds associated with Acceptable Use Policies, and related procedures. Four secondary research objectives were proposed to achieve the primary research objective. The first secondary objective determines the role of information security risk management and how it relates to information security governance through the utilisation of a literature review. The second secondary objective firstly utilises a literature review to determine the role that the AUP and its related procedures play within an organisation, followed by a content analysis which identifies the key content that should be considered in a comprehensive AUP. The third secondary objective determines the factors that influence the use of AUP workarounds within an organisation through the utilisation of a literature review. Lastly, the fourth secondary objective utilises a literature review to determine the key components required for the development of the risk assessment matrix for information security workarounds. In addition, critical reasoning is used to create the risk assessment matrix for information security workarounds. The solution to this study contributes to the body of knowledge by proposing a risk assessment matrix to assess the information security risk exposure of AUP workarounds and find possible efficiency gains while keeping information security risk exposure to a minimum. , Thesis (MA) -- Faculty of Engineering, the Built Environment, and Technology, 2022
- Full Text:
- Date Issued: 2022-04
Usable Security Heuristics for Instant Messaging Application Development
- Authors: Van Niekerk, Craig Michael
- Date: 2022-04
- Subjects: Application software -- Development
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/58506 , vital:59655
- Description: As instant messaging (IM) applications have become more popular, the privacy and security concerns associated with their usage has become ever more relevant. As with many software programs, IM applications have a history of security vulnerabilities. Although IM application usage is globally increasing, it has been found that currently no generally recognised standards exist to aid IM application developers when developing the usability of the security features they implement. The problem is further exacerbated as research suggests that typical users have neither the requisite understanding of the available IM security features, nor the capacity to make full use of those protection features. The primary objective of this study is to create a set of usable security heuristics to assist developers of instant messaging applications to consider the usability of the security features implemented in these applications. This primary objective is further divided into several secondary objectives, which collectively aim to address the proposed problem. Therefore, the secondary objectives are to determine IM security risks and their related implications on users; to identify and investigate existing security and usability heuristics, guidelines, standards and best practices for mobile application development; to map the identified security and usability heuristics, guidelines, standards and best practices to IM applications; and to develop a prototype to demonstrate the applicability of the proposed usable security heuristics to a typical IM application. First, a comprehensive literature study is used to determine and understand the information security threats relevant to IM applications, how IM applications operate, the security features implemented by IM applications and the potential impact the relevant information security threats could have on IM application users. Thereafter, a further literature review and content analysis are used to identify and investigate existing heuristics, guidelines, standards, and best practices for mobile application development. The findings from the content analysis, in combination with the previously identified threats to IM applications, are then mapped to IM applications, and a preliminary set of usable security heuristics for IM application development is established. This preliminary set of usable security heuristics undergoes multiple iterations of refinement to establish the proposed set of usable security heuristics for IM application development. Furthermore, an expert review is conducted to validate the proposed set of usable security heuristics from the perspectives of security, usability, and mobile application development. In addition, the expert review was also used to determine the efficacy, utility, and quality of the proposed usable security heuristics. To further validate the proposed heuristics, a proof-of-concept prototype is used, in addition to the expert review, to demonstrate the applicability of the proposed set of usable security heuristics to a typical IM application. Such a set of usable security heuristics would be useful for IM application developers and would result in the vi improved implementation of usable security, leading to an improvement in the security of IM applications. The proposed set of usable security heuristics therefore adds a further contribution to this research area, providing a solid foundation for future research. , Thesis (MA) -- Faculty of Engineering, the Built Environment, and Technology, 2022
- Full Text:
- Date Issued: 2022-04
- Authors: Van Niekerk, Craig Michael
- Date: 2022-04
- Subjects: Application software -- Development
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/58506 , vital:59655
- Description: As instant messaging (IM) applications have become more popular, the privacy and security concerns associated with their usage has become ever more relevant. As with many software programs, IM applications have a history of security vulnerabilities. Although IM application usage is globally increasing, it has been found that currently no generally recognised standards exist to aid IM application developers when developing the usability of the security features they implement. The problem is further exacerbated as research suggests that typical users have neither the requisite understanding of the available IM security features, nor the capacity to make full use of those protection features. The primary objective of this study is to create a set of usable security heuristics to assist developers of instant messaging applications to consider the usability of the security features implemented in these applications. This primary objective is further divided into several secondary objectives, which collectively aim to address the proposed problem. Therefore, the secondary objectives are to determine IM security risks and their related implications on users; to identify and investigate existing security and usability heuristics, guidelines, standards and best practices for mobile application development; to map the identified security and usability heuristics, guidelines, standards and best practices to IM applications; and to develop a prototype to demonstrate the applicability of the proposed usable security heuristics to a typical IM application. First, a comprehensive literature study is used to determine and understand the information security threats relevant to IM applications, how IM applications operate, the security features implemented by IM applications and the potential impact the relevant information security threats could have on IM application users. Thereafter, a further literature review and content analysis are used to identify and investigate existing heuristics, guidelines, standards, and best practices for mobile application development. The findings from the content analysis, in combination with the previously identified threats to IM applications, are then mapped to IM applications, and a preliminary set of usable security heuristics for IM application development is established. This preliminary set of usable security heuristics undergoes multiple iterations of refinement to establish the proposed set of usable security heuristics for IM application development. Furthermore, an expert review is conducted to validate the proposed set of usable security heuristics from the perspectives of security, usability, and mobile application development. In addition, the expert review was also used to determine the efficacy, utility, and quality of the proposed usable security heuristics. To further validate the proposed heuristics, a proof-of-concept prototype is used, in addition to the expert review, to demonstrate the applicability of the proposed set of usable security heuristics to a typical IM application. Such a set of usable security heuristics would be useful for IM application developers and would result in the vi improved implementation of usable security, leading to an improvement in the security of IM applications. The proposed set of usable security heuristics therefore adds a further contribution to this research area, providing a solid foundation for future research. , Thesis (MA) -- Faculty of Engineering, the Built Environment, and Technology, 2022
- Full Text:
- Date Issued: 2022-04
- «
- ‹
- 1
- ›
- »