An enterprise information security model for a micro finance company: a case study
- Authors: Owen, Morné
- Date: 2009
- Subjects: Computer security -- South Africa -- Management , Computers -- Access control -- South Africa , Computer networks -- Security measures -- Standards -- South Africa , Data protection -- Management -- Standards , Management information systems -- Security measures -- South Africa
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9763 , http://hdl.handle.net/10948/1151 , Computer security -- South Africa -- Management , Computers -- Access control -- South Africa , Computer networks -- Security measures -- Standards -- South Africa , Data protection -- Management -- Standards , Management information systems -- Security measures -- South Africa
- Description: The world has entered the information age. How the information is used within an organization will determine success or failure of the organisation. This study aims to provide a model, that once implemented, will provide the required protection for the information assets. The model is based on ISO 27002, an international security standard. The primary objective is to build a model that will provide a holistic security system specifically for a South African Micro Finance Company (MFC). The secondary objectives focuses on successful implementation of such a model, the uniqueness of the MFC that should be taken into account, and the maintenance of the model once implemented to ensure ongoing relevance. A questionnaire conducted at the MFC provided insight into the perceived understanding of information security. The questionnaire results were used to ensure the model solution addressed current information security shortcomings within the MFC. This study found that the information security controls in ISO 27002 should be applicable to any industry. The uniqueness for the MFC is not in the security controls, but rather in the regulations and laws applicable to it.
- Full Text:
- Date Issued: 2009
- Authors: Owen, Morné
- Date: 2009
- Subjects: Computer security -- South Africa -- Management , Computers -- Access control -- South Africa , Computer networks -- Security measures -- Standards -- South Africa , Data protection -- Management -- Standards , Management information systems -- Security measures -- South Africa
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9763 , http://hdl.handle.net/10948/1151 , Computer security -- South Africa -- Management , Computers -- Access control -- South Africa , Computer networks -- Security measures -- Standards -- South Africa , Data protection -- Management -- Standards , Management information systems -- Security measures -- South Africa
- Description: The world has entered the information age. How the information is used within an organization will determine success or failure of the organisation. This study aims to provide a model, that once implemented, will provide the required protection for the information assets. The model is based on ISO 27002, an international security standard. The primary objective is to build a model that will provide a holistic security system specifically for a South African Micro Finance Company (MFC). The secondary objectives focuses on successful implementation of such a model, the uniqueness of the MFC that should be taken into account, and the maintenance of the model once implemented to ensure ongoing relevance. A questionnaire conducted at the MFC provided insight into the perceived understanding of information security. The questionnaire results were used to ensure the model solution addressed current information security shortcomings within the MFC. This study found that the information security controls in ISO 27002 should be applicable to any industry. The uniqueness for the MFC is not in the security controls, but rather in the regulations and laws applicable to it.
- Full Text:
- Date Issued: 2009
The ISO/IEC 27002 and ISO/IEC 27799 information security management standards : a comparative analysis from a healthcare perspective
- Authors: Ngqondi, Tembisa Grace
- Date: 2009
- Subjects: Computer security , Computer networks -- Security measures -- Standards , Data protection -- Management -- Standards
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9765 , http://hdl.handle.net/10948/1066 , Computer security , Computer networks -- Security measures -- Standards , Data protection -- Management -- Standards
- Description: Technological shift has become significant and an area of concern in the health sector with regard to securing health information assets. Health information systems hosting personal health information expose these information assets to ever-evolving threats. This information includes aspects of an extremely sensitive nature, for example, a particular patient may have a history of drug abuse, which would be reflected in the patient’s medical record. The private nature of patient information places a higher demand on the need to ensure privacy. Ensuring that the security and privacy of health information remain intact is therefore vital in the healthcare environment. In order to protect information appropriately and effectively, good information security management practices should be followed. To this end, the International Organization for Standardization (ISO) published a code of practice for information security management, namely the ISO 27002 (2005). This standard is widely used in industry but is a generic standard aimed at all industries. Therefore it does not consider the unique security needs of a particular environment. Because of the unique nature of personal health information and its security and privacy requirements, the need to introduce a healthcare sector-specific standard for information security management was identified. The ISO 27799 was therefore published as an industry-specific variant of the ISO 27002 which is geared towards addressing security requirements in health informatics. It serves as an implementation guide for the ISO 27002 when implemented in the health sector. The publication of the ISO 27799 is considered as a positive development in the quest to improve health information security. However, the question arises whether the ISO 27799 addresses the security needs of the healthcare domain sufficiently. The extensive use of the ISO 27002 implies that many proponents of this standard (in healthcare), now have to ensure that they meet the (assumed) increased requirements of the ISO 27799. The purpose of this research is therefore to conduct a comprehensive comparison of the ISO 27002 and ISO 27799 standards to determine whether the ISO 27799 serves the specific needs of the health sector from an information security management point of view.
- Full Text:
- Date Issued: 2009
- Authors: Ngqondi, Tembisa Grace
- Date: 2009
- Subjects: Computer security , Computer networks -- Security measures -- Standards , Data protection -- Management -- Standards
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9765 , http://hdl.handle.net/10948/1066 , Computer security , Computer networks -- Security measures -- Standards , Data protection -- Management -- Standards
- Description: Technological shift has become significant and an area of concern in the health sector with regard to securing health information assets. Health information systems hosting personal health information expose these information assets to ever-evolving threats. This information includes aspects of an extremely sensitive nature, for example, a particular patient may have a history of drug abuse, which would be reflected in the patient’s medical record. The private nature of patient information places a higher demand on the need to ensure privacy. Ensuring that the security and privacy of health information remain intact is therefore vital in the healthcare environment. In order to protect information appropriately and effectively, good information security management practices should be followed. To this end, the International Organization for Standardization (ISO) published a code of practice for information security management, namely the ISO 27002 (2005). This standard is widely used in industry but is a generic standard aimed at all industries. Therefore it does not consider the unique security needs of a particular environment. Because of the unique nature of personal health information and its security and privacy requirements, the need to introduce a healthcare sector-specific standard for information security management was identified. The ISO 27799 was therefore published as an industry-specific variant of the ISO 27002 which is geared towards addressing security requirements in health informatics. It serves as an implementation guide for the ISO 27002 when implemented in the health sector. The publication of the ISO 27799 is considered as a positive development in the quest to improve health information security. However, the question arises whether the ISO 27799 addresses the security needs of the healthcare domain sufficiently. The extensive use of the ISO 27002 implies that many proponents of this standard (in healthcare), now have to ensure that they meet the (assumed) increased requirements of the ISO 27799. The purpose of this research is therefore to conduct a comprehensive comparison of the ISO 27002 and ISO 27799 standards to determine whether the ISO 27799 serves the specific needs of the health sector from an information security management point of view.
- Full Text:
- Date Issued: 2009
A standards-based security model for health information systems
- Authors: Thomson, Steven Michael
- Date: 2008
- Subjects: Computer networks -- Security measures -- Standards -- South Africa , Data protection -- Management -- Standards , Computer security -- South Africa -- Management , Computers -- Access control -- South Africa , Management information systems -- Security measures -- South Africa
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9786 , http://hdl.handle.net/10948/718 , Computer networks -- Security measures -- Standards -- South Africa , Data protection -- Management -- Standards , Computer security -- South Africa -- Management , Computers -- Access control -- South Africa , Management information systems -- Security measures -- South Africa
- Description: In the healthcare environment, various types of patient information are stored in electronic format. This prevents the re-entering of information that was captured previously. In the past this information was stored on paper and kept in large filing cabinets. However, with the technology advancements that have occurred over the years, the idea of storing patient information in electronic systems arose. This led to a number of electronic health information systems being created, which in turn led to an increase in possible security risks. Any organization that stores information of a sensitive nature must apply information security principles in order to ensure that the stored information is kept secure. At a basic level, this entails ensuring the confidentiality, integrity and availability of the information, which is not an easy feat in today’s distributed and networked environments. This paved the way for organized standardization activities in the areas of information security and information security management. Throughout history, there have been practices that were created to help “standardize” industries of all areas, to the extent that there are professional organizations whose main objective it is to create such standards to help connect industries all over the world. This applies equally to the healthcare environment, where standardization took off in the late eighties. Healthcare organizations must follow standardized security measures to ensure that patient information stored in health information systems is kept secure. However, the proliferation in standards makes it difficult to understand, adopt and deploy these standards in a coherent manner. This research, therefore, proposes a standards-based security model for health information systems to ensure that such standards are applied in a manner that contributes to securing the healthcare environment as a whole, rather than in a piecemeal fashion.
- Full Text:
- Date Issued: 2008
- Authors: Thomson, Steven Michael
- Date: 2008
- Subjects: Computer networks -- Security measures -- Standards -- South Africa , Data protection -- Management -- Standards , Computer security -- South Africa -- Management , Computers -- Access control -- South Africa , Management information systems -- Security measures -- South Africa
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9786 , http://hdl.handle.net/10948/718 , Computer networks -- Security measures -- Standards -- South Africa , Data protection -- Management -- Standards , Computer security -- South Africa -- Management , Computers -- Access control -- South Africa , Management information systems -- Security measures -- South Africa
- Description: In the healthcare environment, various types of patient information are stored in electronic format. This prevents the re-entering of information that was captured previously. In the past this information was stored on paper and kept in large filing cabinets. However, with the technology advancements that have occurred over the years, the idea of storing patient information in electronic systems arose. This led to a number of electronic health information systems being created, which in turn led to an increase in possible security risks. Any organization that stores information of a sensitive nature must apply information security principles in order to ensure that the stored information is kept secure. At a basic level, this entails ensuring the confidentiality, integrity and availability of the information, which is not an easy feat in today’s distributed and networked environments. This paved the way for organized standardization activities in the areas of information security and information security management. Throughout history, there have been practices that were created to help “standardize” industries of all areas, to the extent that there are professional organizations whose main objective it is to create such standards to help connect industries all over the world. This applies equally to the healthcare environment, where standardization took off in the late eighties. Healthcare organizations must follow standardized security measures to ensure that patient information stored in health information systems is kept secure. However, the proliferation in standards makes it difficult to understand, adopt and deploy these standards in a coherent manner. This research, therefore, proposes a standards-based security model for health information systems to ensure that such standards are applied in a manner that contributes to securing the healthcare environment as a whole, rather than in a piecemeal fashion.
- Full Text:
- Date Issued: 2008
- «
- ‹
- 1
- ›
- »