A cyber security strategy to mitigate cloud computing risks within the investment management sector in Cape Town
- Authors: Monareng, Glacier Jamela
- Date: 2024-04
- Subjects: Cloud computing , Computer security , Computer science
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/64717 , vital:73866
- Description: Adoption of cloud computing has become a transformative force in modern information technology, revolutionizing how organisations procure, manage, and deliver IT resources as well as IT services. This treatise explores the implementation of cloud computing in the investment management sector. It focuses on potential cloud security risks, broader implications for businesses and IT ecosystems, and subsequently the treatise conceptualises a strategy that may help in responding to these security risks. The study began by surveying the motivations behind cloud adoption in the investment sector, emphasising the potential cost savings, scalability, and flexibility cloud services offer. It then delves into the challenges faced during implementation, including security concerns, data privacy, compliance issues, and the intricacies of transitioning legacy systems to cloud environments. In response to these challenges, the treatise outlines strategies for successful cloud implementation within the investment sector, in Cape Town, South Africa. It highlights the significance of selecting appropriate cloud service models (for example, IaaS, PaaS, or SaaS) and deployment options (for example, public, private, hybrid, or multi-cloud) to align with organisational needs and objectives. The study followed a qualitative research study. In collecting data an open-ended online survey was sent to participants. The participants were from an investment company in Cape Town. The study employed the design science research paradigm with the aim of developing an artefact. The methodology used was the Nelson Mandela University-Design Science Strategy Methodology (NMU-DSSM) In conclusion, this treatise conceptualises a strategy that may help companies investing in cloud computing technologies to mitigate cyber security and cloud risks. It recommends practices that underscore cloud computing's transformative potential while acknowledging its complexity and challenges. The strategy may serve as a valuable resource for IT professionals, decision-makers, and organisations embarking on the cloud journey, offering guidance and perspectives to navigate the complexities and to realise the potential benefits of cloud technology. , Thesis (MPhil) -- Faculty of Engineering, the Built Environment and Technology, School of Information Technology, 2024
- Full Text:
- Date Issued: 2024-04
- Authors: Monareng, Glacier Jamela
- Date: 2024-04
- Subjects: Cloud computing , Computer security , Computer science
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/64717 , vital:73866
- Description: Adoption of cloud computing has become a transformative force in modern information technology, revolutionizing how organisations procure, manage, and deliver IT resources as well as IT services. This treatise explores the implementation of cloud computing in the investment management sector. It focuses on potential cloud security risks, broader implications for businesses and IT ecosystems, and subsequently the treatise conceptualises a strategy that may help in responding to these security risks. The study began by surveying the motivations behind cloud adoption in the investment sector, emphasising the potential cost savings, scalability, and flexibility cloud services offer. It then delves into the challenges faced during implementation, including security concerns, data privacy, compliance issues, and the intricacies of transitioning legacy systems to cloud environments. In response to these challenges, the treatise outlines strategies for successful cloud implementation within the investment sector, in Cape Town, South Africa. It highlights the significance of selecting appropriate cloud service models (for example, IaaS, PaaS, or SaaS) and deployment options (for example, public, private, hybrid, or multi-cloud) to align with organisational needs and objectives. The study followed a qualitative research study. In collecting data an open-ended online survey was sent to participants. The participants were from an investment company in Cape Town. The study employed the design science research paradigm with the aim of developing an artefact. The methodology used was the Nelson Mandela University-Design Science Strategy Methodology (NMU-DSSM) In conclusion, this treatise conceptualises a strategy that may help companies investing in cloud computing technologies to mitigate cyber security and cloud risks. It recommends practices that underscore cloud computing's transformative potential while acknowledging its complexity and challenges. The strategy may serve as a valuable resource for IT professionals, decision-makers, and organisations embarking on the cloud journey, offering guidance and perspectives to navigate the complexities and to realise the potential benefits of cloud technology. , Thesis (MPhil) -- Faculty of Engineering, the Built Environment and Technology, School of Information Technology, 2024
- Full Text:
- Date Issued: 2024-04
A strategic approach for handling information security incidents in higher education
- Authors: Khamali, Rethabile
- Date: 2024-04
- Subjects: Computer security -- Management , Computer security , Information resources management , Corporate governance -- South Africa
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/64588 , vital:73769
- Description: Information Security Management System (ISMS) is a set of processes to protect institution information assets and information and to preserve confidentiality, integrity, and availability of institutional information. In the world of computers, it is known that there is no silver bullet when it comes to protecting an IT infrastructure. At some point, an organisation will face a security breach, and how it deals with the information security incident depending on the robustness of its processes and the strategy for handling incidents. In today’s world, information communication and technology (ICT) is integral in automating manual tasks that can take hours and even days to execute. The more institutions depend on technology, the more they become vulnerable to cyber threats. This could result in an institution losing its competitive edge, facing legal issues, loss of reputation, customer confidence and productivity, and lastly, financial loss. Various information security standards, frameworks, and methodologies can be applied to protect information assets. Many of these best practices define the ‘what’ and not the ‘how’ making it even more complex for institutions such as Higher Education to implement ISMS. The study aims is to develop a strategy for handling information security incidents that Higher Education Institutions can follow to improve how incidents, cyber threats and breaches are handled. The primary research objective is addressed through several secondary research objectives, namely, to investigate current strategies that Higher Education Institutions can utilise for the handling of information security incidents, to understand various challenges that Higher Education Institutions encounter when handling information security incidents, to assess the current capacity of relevant personnel in handling information security incidents through semi-structured interviews. A detailed literature review was undertaken to delve into existing various information security standards, frameworks, and methodologies. In addition, an investigation was conducted on ISMS adoption and implementation by institutions and Higher Education Institutions in general and how modern best practices such as ISO2700x, COBIT, ITIL, NIST, etc, relate to ISMS. Furthermore, semi-structured interviews were conducted to determine information security incidents at South African Higher Education Institutions. Expert interviews are utilised to evaluate the proposed strategy and provide input. The literature review findings, together with results obtained from semi-structured and expert interviews, are used to develop a strategy evaluated for its robustness, effectiveness, and suitability for the purpose. The developed strategy can be considered a beneficial tool for Higher Education Institutions in South Africa for handling information security incidents. This study’s findings significantly contribute to ISMS research in Higher Education Institutions in South Africa. In conclusion, findings of the study can be summarized as follows. The first chapter, which is also an introduction, sets out the scene for the entire research study undertaken by first highlighting information technology as an integral part of any business nowadays. Higher education institutions collect, process and store sensitive information of current and prospective students and employees, which might be of value to hackers. An information security management system (ISMS) can minimise damage by ensuring information assets are protected from a wide range of threats and business resilience in case of a breach or an incident. Chapter 2 reviews the existing literature for these frameworks, standards, and methods. In addition, various ISMS challenges and limitations within Higher Education Institutions were explored. The third chapter outlines the research design process and an emphasises that it must be based on real-world or tangible challenges. The fourth chapter presented and discussed results that were obtained from semi-structured interviews. The study’s analysis and findings vividly show that there is a need to implement a strategy to handle information security incidents for South African higher education institutions. The strategic management approach used to formulate a strategy to address the identified real problem is discussed in detail in chapter 5. The strategy is developed based on the information gathered from the literature review and semi-structured interviews. The results of the assessment of the proposed strategy carried out by the experts are presented in Chapter 6.The chapter also includes recommendations made by the experts to improve the proposedstrategy. , Thesis (MPhil) -- Faculty of Engineering, the Built Environment and Technology, School of Information Technology, 2024
- Full Text:
- Date Issued: 2024-04
- Authors: Khamali, Rethabile
- Date: 2024-04
- Subjects: Computer security -- Management , Computer security , Information resources management , Corporate governance -- South Africa
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/64588 , vital:73769
- Description: Information Security Management System (ISMS) is a set of processes to protect institution information assets and information and to preserve confidentiality, integrity, and availability of institutional information. In the world of computers, it is known that there is no silver bullet when it comes to protecting an IT infrastructure. At some point, an organisation will face a security breach, and how it deals with the information security incident depending on the robustness of its processes and the strategy for handling incidents. In today’s world, information communication and technology (ICT) is integral in automating manual tasks that can take hours and even days to execute. The more institutions depend on technology, the more they become vulnerable to cyber threats. This could result in an institution losing its competitive edge, facing legal issues, loss of reputation, customer confidence and productivity, and lastly, financial loss. Various information security standards, frameworks, and methodologies can be applied to protect information assets. Many of these best practices define the ‘what’ and not the ‘how’ making it even more complex for institutions such as Higher Education to implement ISMS. The study aims is to develop a strategy for handling information security incidents that Higher Education Institutions can follow to improve how incidents, cyber threats and breaches are handled. The primary research objective is addressed through several secondary research objectives, namely, to investigate current strategies that Higher Education Institutions can utilise for the handling of information security incidents, to understand various challenges that Higher Education Institutions encounter when handling information security incidents, to assess the current capacity of relevant personnel in handling information security incidents through semi-structured interviews. A detailed literature review was undertaken to delve into existing various information security standards, frameworks, and methodologies. In addition, an investigation was conducted on ISMS adoption and implementation by institutions and Higher Education Institutions in general and how modern best practices such as ISO2700x, COBIT, ITIL, NIST, etc, relate to ISMS. Furthermore, semi-structured interviews were conducted to determine information security incidents at South African Higher Education Institutions. Expert interviews are utilised to evaluate the proposed strategy and provide input. The literature review findings, together with results obtained from semi-structured and expert interviews, are used to develop a strategy evaluated for its robustness, effectiveness, and suitability for the purpose. The developed strategy can be considered a beneficial tool for Higher Education Institutions in South Africa for handling information security incidents. This study’s findings significantly contribute to ISMS research in Higher Education Institutions in South Africa. In conclusion, findings of the study can be summarized as follows. The first chapter, which is also an introduction, sets out the scene for the entire research study undertaken by first highlighting information technology as an integral part of any business nowadays. Higher education institutions collect, process and store sensitive information of current and prospective students and employees, which might be of value to hackers. An information security management system (ISMS) can minimise damage by ensuring information assets are protected from a wide range of threats and business resilience in case of a breach or an incident. Chapter 2 reviews the existing literature for these frameworks, standards, and methods. In addition, various ISMS challenges and limitations within Higher Education Institutions were explored. The third chapter outlines the research design process and an emphasises that it must be based on real-world or tangible challenges. The fourth chapter presented and discussed results that were obtained from semi-structured interviews. The study’s analysis and findings vividly show that there is a need to implement a strategy to handle information security incidents for South African higher education institutions. The strategic management approach used to formulate a strategy to address the identified real problem is discussed in detail in chapter 5. The strategy is developed based on the information gathered from the literature review and semi-structured interviews. The results of the assessment of the proposed strategy carried out by the experts are presented in Chapter 6.The chapter also includes recommendations made by the experts to improve the proposedstrategy. , Thesis (MPhil) -- Faculty of Engineering, the Built Environment and Technology, School of Information Technology, 2024
- Full Text:
- Date Issued: 2024-04
A strategy for cybersecurity vulnerability management in the South African retail sector
- Authors: Madotyeni,Hlalanathi
- Date: 2022-04
- Subjects: Computer security , Computer networks -- Security measures , Data protection
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/68714 , vital:77084
- Description: Retail organisations have a vision and strategic objectives, and achieving these objectives relies heavily on the use of technology. This shift has sparked greater global public adoption of technology and compelled retailers to create strategies that set this transformation in motion. The retail industry is rapidly evolving as the real and digital worlds intersect, creating new business opportunities and challenges that were unthinkable years ago. Fresh, rapid global development is propelling the retail sector, intensifying its already fierce competition. The main reasons retailers have embraced technology are to cut expenses and improve operations. Customer satisfaction, e-commerce sites, augmented reality, customer feedback, inventory control, and price auditing are ways that technology improves retail business operations. Although technology offers the retail sector many advantages, it also brings challenges, notably growing cybersecurity threats, cybersecurity vulnerabilities, and cybersecurity risks. These cybersecurity concerns are increasingly severe, impacting the business operations of retail organisations negatively. Cybercrimes, commonly known as vulnerabilities and cyberthreats, expose the retail sector to unexpected cybersecurity events. Experts predict that cybercrime will cost corporations approximately USD 10.5 billion by 2025. Since South Africa has the most developed retail industry in sub-Saharan Africa, cybercrime is more likely to affect its retailers, making effective cybersecurity vulnerability management strategies imperative. A South African retail giant fell victim to cybercrimes that compromised data totalling more than 3.6 million records, resulting in a potential fine of up to R10 million issued by the Information Regulator. Data breach costs and loss of customer confidence are additional negative impacts suffered by retailers. To address these issues effectively, a cybersecurity vulnerability management strategy must be developed. Developing a cybersecurity vulnerability management strategy is the primary objective of this study, it will help the retailers in South Africa better manage cybersecurity vulnerabilities. The research paradigm used in the study is the Nelson Mandela University Design Science Strategy Methodology (NMU-DSSM). To comprehend the present state of a retail organisation's approach and activities linked to cybersecurity vulnerability management, a qualitative research methodology was used. The outcomes of the semi-structured research interviews and the literature study were utilised to develop a cybersecurity vulnerability strategy for the retail industry in South Africa. Future studies will assess the implementation strategy's usefulness and efficacy. The research on cybersecurity vulnerability management in relation to South African retail organisations is enhanced by this study's findings. , Thesis (MPhil) -- Faculty of Engineering, the Built Environment, and Technology, School of Information Technology, 2024
- Full Text:
- Date Issued: 2022-04
- Authors: Madotyeni,Hlalanathi
- Date: 2022-04
- Subjects: Computer security , Computer networks -- Security measures , Data protection
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/68714 , vital:77084
- Description: Retail organisations have a vision and strategic objectives, and achieving these objectives relies heavily on the use of technology. This shift has sparked greater global public adoption of technology and compelled retailers to create strategies that set this transformation in motion. The retail industry is rapidly evolving as the real and digital worlds intersect, creating new business opportunities and challenges that were unthinkable years ago. Fresh, rapid global development is propelling the retail sector, intensifying its already fierce competition. The main reasons retailers have embraced technology are to cut expenses and improve operations. Customer satisfaction, e-commerce sites, augmented reality, customer feedback, inventory control, and price auditing are ways that technology improves retail business operations. Although technology offers the retail sector many advantages, it also brings challenges, notably growing cybersecurity threats, cybersecurity vulnerabilities, and cybersecurity risks. These cybersecurity concerns are increasingly severe, impacting the business operations of retail organisations negatively. Cybercrimes, commonly known as vulnerabilities and cyberthreats, expose the retail sector to unexpected cybersecurity events. Experts predict that cybercrime will cost corporations approximately USD 10.5 billion by 2025. Since South Africa has the most developed retail industry in sub-Saharan Africa, cybercrime is more likely to affect its retailers, making effective cybersecurity vulnerability management strategies imperative. A South African retail giant fell victim to cybercrimes that compromised data totalling more than 3.6 million records, resulting in a potential fine of up to R10 million issued by the Information Regulator. Data breach costs and loss of customer confidence are additional negative impacts suffered by retailers. To address these issues effectively, a cybersecurity vulnerability management strategy must be developed. Developing a cybersecurity vulnerability management strategy is the primary objective of this study, it will help the retailers in South Africa better manage cybersecurity vulnerabilities. The research paradigm used in the study is the Nelson Mandela University Design Science Strategy Methodology (NMU-DSSM). To comprehend the present state of a retail organisation's approach and activities linked to cybersecurity vulnerability management, a qualitative research methodology was used. The outcomes of the semi-structured research interviews and the literature study were utilised to develop a cybersecurity vulnerability strategy for the retail industry in South Africa. Future studies will assess the implementation strategy's usefulness and efficacy. The research on cybersecurity vulnerability management in relation to South African retail organisations is enhanced by this study's findings. , Thesis (MPhil) -- Faculty of Engineering, the Built Environment, and Technology, School of Information Technology, 2024
- Full Text:
- Date Issued: 2022-04
A framework to guide cybersecurity governance efforts in non-profit organisations
- Authors: le Roux, Wickus
- Date: 2019
- Subjects: Computer security , Information technology Nonprofit organizations -- security measures
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/44918 , vital:38188
- Description: The average non-profit organisation is faced with the same cybersecurity challenges as an international multi-corporation that generates income. However, it may lack the competencies or resources to fully utilise, implement, monitor, or evaluate cybersecurity governance to a satisfactory or acceptable level. A literature review revealed limited publicly accessible documents to guide NPOs in particular in the task of cybersecurity governance. Therefore, the problem addressed by this research is the lack of a framework to guide cybersecurity governance efforts in non-profit organisations. This real-world problem was approached using the design science paradigm. It was important to identify, firstly, factors unique to the general context of non-profit organisations, including the constraints and limitations faced by non-profit organisations. Secondly, the key cyber risks for non-profit organisations and how they can materialise through the use of emails, social media, and BYODs in the NPO context, were identified. As a third step, available cybersecurity governance guidelines were analysed to determine best practices. This investigation also revealed the people, process, and technology elements as the pillars of information security. This resulted in the development of a framework (the PotLer framework) to guide cybersecurity governance efforts in non-profit organisations based on the input of the three points mentioned above. The framework was constructed around four conceptual elements, namely information security governance; people, process, and technology; governance elements; and key risks. The PotLer framework expands the high-level generic constructs beyond the conceptual space and provides implementation guidance in the form of a questionnaire to be completed by NPOs. The questionnaire was developed as an interactive spreadsheet that requires “Yes” or “No” responses from participants and generates a recommendation based on these answers. To evaluate the PotLer framework, the aforementioned questionnaire was completed by four NPOs. An additional questionnaire obtained their input on the utility and comprehensiveness of the framework.
- Full Text:
- Date Issued: 2019
- Authors: le Roux, Wickus
- Date: 2019
- Subjects: Computer security , Information technology Nonprofit organizations -- security measures
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/44918 , vital:38188
- Description: The average non-profit organisation is faced with the same cybersecurity challenges as an international multi-corporation that generates income. However, it may lack the competencies or resources to fully utilise, implement, monitor, or evaluate cybersecurity governance to a satisfactory or acceptable level. A literature review revealed limited publicly accessible documents to guide NPOs in particular in the task of cybersecurity governance. Therefore, the problem addressed by this research is the lack of a framework to guide cybersecurity governance efforts in non-profit organisations. This real-world problem was approached using the design science paradigm. It was important to identify, firstly, factors unique to the general context of non-profit organisations, including the constraints and limitations faced by non-profit organisations. Secondly, the key cyber risks for non-profit organisations and how they can materialise through the use of emails, social media, and BYODs in the NPO context, were identified. As a third step, available cybersecurity governance guidelines were analysed to determine best practices. This investigation also revealed the people, process, and technology elements as the pillars of information security. This resulted in the development of a framework (the PotLer framework) to guide cybersecurity governance efforts in non-profit organisations based on the input of the three points mentioned above. The framework was constructed around four conceptual elements, namely information security governance; people, process, and technology; governance elements; and key risks. The PotLer framework expands the high-level generic constructs beyond the conceptual space and provides implementation guidance in the form of a questionnaire to be completed by NPOs. The questionnaire was developed as an interactive spreadsheet that requires “Yes” or “No” responses from participants and generates a recommendation based on these answers. To evaluate the PotLer framework, the aforementioned questionnaire was completed by four NPOs. An additional questionnaire obtained their input on the utility and comprehensiveness of the framework.
- Full Text:
- Date Issued: 2019
A framework to implement information security awareness, education and training within the Limpopo economic development agency group
- Authors: Mokobane, Ntsewa Benjamin
- Date: 2019
- Subjects: Computer security , Computer networks -- Security measures Data protection
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/42063 , vital:36622
- Description: Cybersecurity awareness, education and training of employees is key in reducing and preventing cyber-attack opportunities. The ignorance and/or lack of understanding of employees about the information security risks around them might expose the LEDA Group to cyber-attacks. This led to the problem that the level of awareness of employees regarding information security was not known. The implication of this not knowing was that an argument for the nature of an intervention to ensure awareness, as well as to educate and train employees regarding information security was not possible. The aim of this treatise was to develop a framework as an effective guideline for the implementation of cybersecurity awareness, education and training of employees. In the study, the LEDA Group employees were surveyed to determine their cybersecurity knowledge gap. An online questionnaire was randomly sent to 314 LEDA Group employees. The survey was voluntary and confidential. One hundred and thirty seven (137) employees completed the survey. The results of the survey were analysed to determine the gap between the current cybersecurity knowledge of the LEDA Group employees and state-of-the-art cybersecurity knowledge. The gap was used in the development of the framework for the implementation of the cybersecurity awareness, education and training (F-CSAET). Central to F-CSAET is the governance principles guided by best practices such as King IV, COBIT5, ISO27001, ISO27005, ISO27008 and ISO27032 and the compliance requirements to POPIA, the Copyright Act and the Cybercrimes and Cybersecurity Bill. The F-CSAET has six steps, namely Assess, Analyse, Create, Plan, Implement and Reinforce. The framework was evaluated for applicability by the team called the cyber security interest team, which was established specifically for the purpose of the F-CSAET.
- Full Text:
- Date Issued: 2019
- Authors: Mokobane, Ntsewa Benjamin
- Date: 2019
- Subjects: Computer security , Computer networks -- Security measures Data protection
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/42063 , vital:36622
- Description: Cybersecurity awareness, education and training of employees is key in reducing and preventing cyber-attack opportunities. The ignorance and/or lack of understanding of employees about the information security risks around them might expose the LEDA Group to cyber-attacks. This led to the problem that the level of awareness of employees regarding information security was not known. The implication of this not knowing was that an argument for the nature of an intervention to ensure awareness, as well as to educate and train employees regarding information security was not possible. The aim of this treatise was to develop a framework as an effective guideline for the implementation of cybersecurity awareness, education and training of employees. In the study, the LEDA Group employees were surveyed to determine their cybersecurity knowledge gap. An online questionnaire was randomly sent to 314 LEDA Group employees. The survey was voluntary and confidential. One hundred and thirty seven (137) employees completed the survey. The results of the survey were analysed to determine the gap between the current cybersecurity knowledge of the LEDA Group employees and state-of-the-art cybersecurity knowledge. The gap was used in the development of the framework for the implementation of the cybersecurity awareness, education and training (F-CSAET). Central to F-CSAET is the governance principles guided by best practices such as King IV, COBIT5, ISO27001, ISO27005, ISO27008 and ISO27032 and the compliance requirements to POPIA, the Copyright Act and the Cybercrimes and Cybersecurity Bill. The F-CSAET has six steps, namely Assess, Analyse, Create, Plan, Implement and Reinforce. The framework was evaluated for applicability by the team called the cyber security interest team, which was established specifically for the purpose of the F-CSAET.
- Full Text:
- Date Issued: 2019
Guidelines for the protection of stored sensitive information assets within small, medium and micro enterprises
- Authors: Scharnick, Nicholas
- Date: 2018
- Subjects: Computer security , Information technology -- Security measures Data protection Business -- Data processing -- Security measures Small business -- Data processing -- Security measures -- South Africa
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/34799 , vital:33452
- Description: Technology has become important in the business environment as it ensures that a business is competitive and it also drives the business processes. However, in the era of mobile devices, easy access to the internet and a wide variety of other communication mechanisms; the security of the business from a technological perspective is constantly under threat. Thus, the problem that this research aims to address is that there is currently a lack of understanding by SMMEs in protecting their stored sensitive information assets. This study intends to assist small businesses, such as those within the Small Medium and Micro Enterprises (SMME) on how to protect and secure information while it is in storage. SMMEs usually do not have available resources to fully address information security related concerns that could pose a threat to the well being and success of the business. In order to address the problem identified, and assist SMMEs with better protecting their stored information assets, the outcomes of this research is to develop guidelines to assist SMMEs in protecting stored sensitive information assets. Through the use of a qualitative content analysis, a literature review, a number of information security standards, best practices, and frameworks, including the ISO27000 series of standards, COBIT, ITIL, and various NIST publications were analysed to determine how these security approaches address security concerns that arise when considering the storage of sensitive information. Following the literature analysis, a survey was developed and distributed to a wide variety of SMMEs in order to determine what their information security requirements might be, as well as how they address information security. The results obtained from this, coupled with the literature analysis, served as input for the development of a number of guidelines that can assist SMMEs in protecting stored sensitive information assets.
- Full Text:
- Date Issued: 2018
- Authors: Scharnick, Nicholas
- Date: 2018
- Subjects: Computer security , Information technology -- Security measures Data protection Business -- Data processing -- Security measures Small business -- Data processing -- Security measures -- South Africa
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/34799 , vital:33452
- Description: Technology has become important in the business environment as it ensures that a business is competitive and it also drives the business processes. However, in the era of mobile devices, easy access to the internet and a wide variety of other communication mechanisms; the security of the business from a technological perspective is constantly under threat. Thus, the problem that this research aims to address is that there is currently a lack of understanding by SMMEs in protecting their stored sensitive information assets. This study intends to assist small businesses, such as those within the Small Medium and Micro Enterprises (SMME) on how to protect and secure information while it is in storage. SMMEs usually do not have available resources to fully address information security related concerns that could pose a threat to the well being and success of the business. In order to address the problem identified, and assist SMMEs with better protecting their stored information assets, the outcomes of this research is to develop guidelines to assist SMMEs in protecting stored sensitive information assets. Through the use of a qualitative content analysis, a literature review, a number of information security standards, best practices, and frameworks, including the ISO27000 series of standards, COBIT, ITIL, and various NIST publications were analysed to determine how these security approaches address security concerns that arise when considering the storage of sensitive information. Following the literature analysis, a survey was developed and distributed to a wide variety of SMMEs in order to determine what their information security requirements might be, as well as how they address information security. The results obtained from this, coupled with the literature analysis, served as input for the development of a number of guidelines that can assist SMMEs in protecting stored sensitive information assets.
- Full Text:
- Date Issued: 2018
Cybersecurity: reducing the attack surface
- Authors: Thomson, Kerry-Lynn
- Subjects: Computer security , Computer networks -- Security measures , f-sa
- Language: English
- Type: Lectures
- Identifier: http://hdl.handle.net/10948/52885 , vital:44319
- Description: Almost 60% of the world’s population has access to the internet and most organisations today rely on internet connectivity to conduct business and carry out daily operations. Further to this, it is estimated that concepts such as the Internet of Things (IoT) will facilitate the connections of over 125 billion ‘things’ by the year 2030. However, as people and devices are becoming more and more interconnected, and more data is being shared, the question that must be asked is – are we doing so securely? Each year, cybercriminals cost organisations and individuals millions of dollars, using techniques such as phishing, social engineering, malware and denial of service attacks. In particular, together with the Covid-19 pandemic, there has been a so-called ‘cybercrime pandemic’. Threat actors adapted their techniques to target people with Covid-19-themed cyberattacks and phishing campaigns to exploit their stress and anxiety during the pandemic. Cybersecurity and cybercrime exist in a symbiotic relationship in cyberspace, where, as cybersecurity gets stronger, so the cybercriminals need to become stronger to overcome those defenses. And, as the cybercriminals become stronger, so too must the defenses. Further, this symbiotic relationship plays out on what is called the attack surface. Attack surfaces are the exposed areas of an organisation that make systems more vulnerable to attacks and, essentially, is all the gaps in an organisation’s security that could be compromised by a threat actor. This attack surface is increased through organisations incorporating things such as IoT technologies, migrating to the cloud and decentralising its workforce, as happened during the pandemic with many people working from home. It is essential that organisations reduce the digital attack surface, and the vulnerabilities introduced through devices connected to the internet, with technical strategies and solutions. However, the focus of cybersecurity is often on the digital attack surface and technical solutions, with less of a focus on the human aspects of cybersecurity. The human attack surface encompasses all the vulnerabilities introduced through the actions and activities of employees. These employees should be given the necessary cybersecurity awareness, training and education to reduce the human attack surface of organisations. However, it is not only employees of organisations who are online. All individuals who interact online should be cybersecurity aware and know how to reduce their own digital and human attack surfaces, or digital footprints. This paper emphasises the importance of utilising people as part of the cybersecurity defense through the cultivation of cybersecurity cultures in organisations and a cybersecurity conscious society.
- Full Text:
- Authors: Thomson, Kerry-Lynn
- Subjects: Computer security , Computer networks -- Security measures , f-sa
- Language: English
- Type: Lectures
- Identifier: http://hdl.handle.net/10948/52885 , vital:44319
- Description: Almost 60% of the world’s population has access to the internet and most organisations today rely on internet connectivity to conduct business and carry out daily operations. Further to this, it is estimated that concepts such as the Internet of Things (IoT) will facilitate the connections of over 125 billion ‘things’ by the year 2030. However, as people and devices are becoming more and more interconnected, and more data is being shared, the question that must be asked is – are we doing so securely? Each year, cybercriminals cost organisations and individuals millions of dollars, using techniques such as phishing, social engineering, malware and denial of service attacks. In particular, together with the Covid-19 pandemic, there has been a so-called ‘cybercrime pandemic’. Threat actors adapted their techniques to target people with Covid-19-themed cyberattacks and phishing campaigns to exploit their stress and anxiety during the pandemic. Cybersecurity and cybercrime exist in a symbiotic relationship in cyberspace, where, as cybersecurity gets stronger, so the cybercriminals need to become stronger to overcome those defenses. And, as the cybercriminals become stronger, so too must the defenses. Further, this symbiotic relationship plays out on what is called the attack surface. Attack surfaces are the exposed areas of an organisation that make systems more vulnerable to attacks and, essentially, is all the gaps in an organisation’s security that could be compromised by a threat actor. This attack surface is increased through organisations incorporating things such as IoT technologies, migrating to the cloud and decentralising its workforce, as happened during the pandemic with many people working from home. It is essential that organisations reduce the digital attack surface, and the vulnerabilities introduced through devices connected to the internet, with technical strategies and solutions. However, the focus of cybersecurity is often on the digital attack surface and technical solutions, with less of a focus on the human aspects of cybersecurity. The human attack surface encompasses all the vulnerabilities introduced through the actions and activities of employees. These employees should be given the necessary cybersecurity awareness, training and education to reduce the human attack surface of organisations. However, it is not only employees of organisations who are online. All individuals who interact online should be cybersecurity aware and know how to reduce their own digital and human attack surfaces, or digital footprints. This paper emphasises the importance of utilising people as part of the cybersecurity defense through the cultivation of cybersecurity cultures in organisations and a cybersecurity conscious society.
- Full Text:
- «
- ‹
- 1
- ›
- »