Gamification Recommendations to address the user experience of the security education and training course at the Nelson Mandela University
- Authors: Mdiniso, Thandokazi
- Date: 2023-04
- Subjects: Gamification , Human-computer interaction , Safety training programs, Nelson Mandela University
- Language: English
- Type: Master's theses , Thesis
- Identifier: http://hdl.handle.net/10948/65053 , vital:74012
- Description: The use of technology alone cannot ensure a secure environment for organisations. Consideration should be given to the human aspect of cybersecurity. User errors are rooted in a lack of awareness and ignorance. A security awareness programme allows organisations to equip employees with the knowledge required to safeguard their data. The Security Education and Training (SEAT) course provided at the Nelson Mandela University seeks to bridge the gap by providing the necessary tools to equip students to be better employees for their future employers. However, the SEAT course is fairly outdated and has a poor user experience. Gamification has therefore been considered to address the user experience of the SEAT course. Incorporating game elements can help to increase the positive user experience of a system. User experience designers use gamification and well-chosen game elements to improve user experience. People enjoy using systems that are full of excitement, and that challenge and encourage a competitive spirit. The primary objective of this study is to provide recommendations for the gamification of the user experience of the SEAT course at the Nelson Mandela University. The primary objective is further divided into several secondary objectives that aim to address the proposed problem. The secondary objectives are to investigate user experience, identifying the most common user experience evaluation methods; to understand gamification and to identify relevant game elements that could enhance the user experience of the SEAT course at the Nelson Mandela University; to evaluate the user experience of the Nelson Mandela University SEAT course and to identify opportunities to implement the identified game elements; to implement the identified game elements into the selected module of the SEAT course. A literature review was conducted to gather an understanding of user experience, user experience evaluation methods, gamification, and game elements. A prototype was created using the information gathered in the literature review, based on a component of the SEAT course. The prototype incorporates different game elements that foster motivation in users. The prototype is used as a proof-of-concept, demonstrating that gamification can address the user experience of the SEAT course. Self-evaluations were conducted on both the SEAT course and the prototype, as a first step in comparing the user experience of the original SEAT course with the proof-of-concept prototype. Finally, gamification recommendations were proposed to address the user experience of the SEAT course. , Thesis (MIT) -- Faculty of Engineering, the Built Environment and Information Technology, School of Information Techonology, 2023
- Full Text:
- Date Issued: 2023-04
- Authors: Mdiniso, Thandokazi
- Date: 2023-04
- Subjects: Gamification , Human-computer interaction , Safety training programs, Nelson Mandela University
- Language: English
- Type: Master's theses , Thesis
- Identifier: http://hdl.handle.net/10948/65053 , vital:74012
- Description: The use of technology alone cannot ensure a secure environment for organisations. Consideration should be given to the human aspect of cybersecurity. User errors are rooted in a lack of awareness and ignorance. A security awareness programme allows organisations to equip employees with the knowledge required to safeguard their data. The Security Education and Training (SEAT) course provided at the Nelson Mandela University seeks to bridge the gap by providing the necessary tools to equip students to be better employees for their future employers. However, the SEAT course is fairly outdated and has a poor user experience. Gamification has therefore been considered to address the user experience of the SEAT course. Incorporating game elements can help to increase the positive user experience of a system. User experience designers use gamification and well-chosen game elements to improve user experience. People enjoy using systems that are full of excitement, and that challenge and encourage a competitive spirit. The primary objective of this study is to provide recommendations for the gamification of the user experience of the SEAT course at the Nelson Mandela University. The primary objective is further divided into several secondary objectives that aim to address the proposed problem. The secondary objectives are to investigate user experience, identifying the most common user experience evaluation methods; to understand gamification and to identify relevant game elements that could enhance the user experience of the SEAT course at the Nelson Mandela University; to evaluate the user experience of the Nelson Mandela University SEAT course and to identify opportunities to implement the identified game elements; to implement the identified game elements into the selected module of the SEAT course. A literature review was conducted to gather an understanding of user experience, user experience evaluation methods, gamification, and game elements. A prototype was created using the information gathered in the literature review, based on a component of the SEAT course. The prototype incorporates different game elements that foster motivation in users. The prototype is used as a proof-of-concept, demonstrating that gamification can address the user experience of the SEAT course. Self-evaluations were conducted on both the SEAT course and the prototype, as a first step in comparing the user experience of the original SEAT course with the proof-of-concept prototype. Finally, gamification recommendations were proposed to address the user experience of the SEAT course. , Thesis (MIT) -- Faculty of Engineering, the Built Environment and Information Technology, School of Information Techonology, 2023
- Full Text:
- Date Issued: 2023-04
Guidelines for a job role based approach for Phishing awareness in an academic Institution
- Authors: Mahonga,Sandisiwe
- Date: 2021-12
- Subjects: Identity theft -- South Africa , Computer networks --Security measures
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/55855 , vital:54394
- Description: Phishing attacks have become a perpetual threat to organisations and internet users in general. Phishing websites and emails impersonating well-known entities are launched frequently, with the intent to trick unsuspecting employees to give out sensitive information such as login details to acquire access to corporate networks. Various solutions have been developed to combat Phishing emails from reaching employees and internet users. However, security experts and Phishing attackers are in a race as Phishing attacks are also refined as solutions are developed. Thus, this raises a critical need for security awareness. Reports and Phishing studies have noted that Phishing attacks targeted towards specific job roles have been on the rise. Even though research studies and industry reports provided by organisations dedicated to information security have taken note of this phenomenon, not much guidance, recommendations or guidelines are provided on how Phishing awareness can be provided for the job roles that are most vulnerable to Phishing attacks. Therefore, the problem identified within this research is that there is a need for guidelines for a job role based approach for Phishing awareness. The primary research objective of this study, therefore, is to develop guidelines to aid towards a job role based approach for Phishing awareness. In order to meet the primary research objective, secondary research objectives were defined and met, namely; To determine the current state of Phishing trends facing organisations in relation to the job role of employees; to determine the level of Phishing awareness employees have; to identify security awareness elements from security awareness standards, best practices and frameworks; to integrate the identified security awareness elements from standards, best practices and frameworks including themes identified from the questionnaire results to formulate the proposed guidelines for a Phishing awareness approach that is relevant for the job role of employees in order to the formulate guidelines. 5 Mixed methods were used to achieve this study’s research objectives. The research methods used included a literature review which was used to define and provide an indepth discussion relating to the domain in which this study is contained, namely: Social engineering, Phishing and information security awareness and training. Furthermore, a survey which took the form of a questionnaire, was used ascertain the level of Phishing awareness amongst employees within an academic institution in South Africa. Argumentation was used to argue towards the proposed guidelines. Finally, an elite interview was conducted, in the form of a questionnaire, to evaluate the proposed guidelines. It is envisaged that the guidelines proposed for a job role Phishing awareness approach could assist organisations to equip employees in job roles that are vulnerable Phishing attacks with adequate awareness and training. , Thesis (MIT) -- Faculty of Engineering, the Built Environment and Information Technology, School of Information and Communication Technology, 2021
- Full Text:
- Date Issued: 2021-12
- Authors: Mahonga,Sandisiwe
- Date: 2021-12
- Subjects: Identity theft -- South Africa , Computer networks --Security measures
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/55855 , vital:54394
- Description: Phishing attacks have become a perpetual threat to organisations and internet users in general. Phishing websites and emails impersonating well-known entities are launched frequently, with the intent to trick unsuspecting employees to give out sensitive information such as login details to acquire access to corporate networks. Various solutions have been developed to combat Phishing emails from reaching employees and internet users. However, security experts and Phishing attackers are in a race as Phishing attacks are also refined as solutions are developed. Thus, this raises a critical need for security awareness. Reports and Phishing studies have noted that Phishing attacks targeted towards specific job roles have been on the rise. Even though research studies and industry reports provided by organisations dedicated to information security have taken note of this phenomenon, not much guidance, recommendations or guidelines are provided on how Phishing awareness can be provided for the job roles that are most vulnerable to Phishing attacks. Therefore, the problem identified within this research is that there is a need for guidelines for a job role based approach for Phishing awareness. The primary research objective of this study, therefore, is to develop guidelines to aid towards a job role based approach for Phishing awareness. In order to meet the primary research objective, secondary research objectives were defined and met, namely; To determine the current state of Phishing trends facing organisations in relation to the job role of employees; to determine the level of Phishing awareness employees have; to identify security awareness elements from security awareness standards, best practices and frameworks; to integrate the identified security awareness elements from standards, best practices and frameworks including themes identified from the questionnaire results to formulate the proposed guidelines for a Phishing awareness approach that is relevant for the job role of employees in order to the formulate guidelines. 5 Mixed methods were used to achieve this study’s research objectives. The research methods used included a literature review which was used to define and provide an indepth discussion relating to the domain in which this study is contained, namely: Social engineering, Phishing and information security awareness and training. Furthermore, a survey which took the form of a questionnaire, was used ascertain the level of Phishing awareness amongst employees within an academic institution in South Africa. Argumentation was used to argue towards the proposed guidelines. Finally, an elite interview was conducted, in the form of a questionnaire, to evaluate the proposed guidelines. It is envisaged that the guidelines proposed for a job role Phishing awareness approach could assist organisations to equip employees in job roles that are vulnerable Phishing attacks with adequate awareness and training. , Thesis (MIT) -- Faculty of Engineering, the Built Environment and Information Technology, School of Information and Communication Technology, 2021
- Full Text:
- Date Issued: 2021-12
Mentoring candidate quantity surveyors in South Africa
- Authors: O’Connor, Nicole
- Date: 2023-04
- Subjects: Port Elizabeth (South Africa) , Eastern Cape (South Africa) , South Africa
- Language: English
- Type: Master's theses , Thesis
- Identifier: http://hdl.handle.net/10948/66172 , vital:74429
- Description: Abstract. , Thesis (MSc) -- Faculty of Engineering, the Built Environment and Information Technology, School of Built Environment Environmental, 2023
- Full Text:
- Date Issued: 2023-04
- Authors: O’Connor, Nicole
- Date: 2023-04
- Subjects: Port Elizabeth (South Africa) , Eastern Cape (South Africa) , South Africa
- Language: English
- Type: Master's theses , Thesis
- Identifier: http://hdl.handle.net/10948/66172 , vital:74429
- Description: Abstract. , Thesis (MSc) -- Faculty of Engineering, the Built Environment and Information Technology, School of Built Environment Environmental, 2023
- Full Text:
- Date Issued: 2023-04
Professional, personal and corporate ethics challenges during infrastructure delivery
- Authors: Dyariwe, Abongile
- Date: 2015-01
- Subjects: Port Elizabeth (South Africa) , Eastern Cape (South Africa) , South Africa
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/53300 , vital:45131
- Description: Purpose of this treatise: This study is aimed at investigating whether there is a lack of professional- and, personal ethics, and a lack of enforcing corporate ethics from the Built environment professionals working for Eskom ECOU. Design/methodology/approach: The research approach used for the study was mainly quantitative. The quantitative methods used were descriptive and non-parametric statistical methods (Kruskal- Wallis Test and Mann-Whitney U Test). The selected sample for the study was categorised as internal stakeholders (i.e. employees that are permanently employed by Eskom) and external stakeholders (i.e. people that are employed by Eskom on a contract basis as quantity surveying, project management and engineering consultants) The scope of the study was to determine whether there are professional-, personal- and corporate ethical challenges in client organisations. A literature review was conducted; and all the relevant literature relating to professional-, personal- and corporate ethics in client organisations was collated, and then used to develop a questionnaire. The questionnaires were distributed to internal and external stakeholders, who were involved during infrastructural delivery in client organisations, in order to acquire different views on ethical perceptions. The data obtained from the questionnaires were analysed, and used to test if the hypotheses were supported or not. Findings: The findings of this study revealed that the demographic profile does not have any significant influence on the ratings of internal and external stakeholders’ perceptions of the lack of professional and personal ethics – or on the enforcement of corporate ethics. Furthermore, this study also revealed that there is no significant difference in the ethical perceptions of internal and external stakeholders, on the enforcement of a professional and corporate ethical culture. Lastly, only in the personal ethics section there is a significant difference in ethical perception. In relation to the statement of the problem, the findings of this study revealed that internal and external stakeholders’ lack of professional- and personal ethics and the enforcement of corporate ethics are largely unknown. Research limitations: This study was limited to only Built environment professionals (including service providers) working for Eskom ECOU. Practical implications: The study revealed that there are ethical challenges in client organisations, even though they might be largely unknown. This clearly shows that construction industry professionals are all susceptible to unethical behaviour. Therefore, Eskom ECOU should refrain from only focusing on unethical behaviour by contractors and consulting firms; and it should also look at the client’s Built environment professionals; because there is evidence that they are also suspect during infrastructural delivery. , Thesis (MSc) -- Faculty of Engineering, the Built Environment and Information Technology, School of the Built Environment and Civil Engineering, 2021
- Full Text:
- Date Issued: 2015-01
- Authors: Dyariwe, Abongile
- Date: 2015-01
- Subjects: Port Elizabeth (South Africa) , Eastern Cape (South Africa) , South Africa
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/53300 , vital:45131
- Description: Purpose of this treatise: This study is aimed at investigating whether there is a lack of professional- and, personal ethics, and a lack of enforcing corporate ethics from the Built environment professionals working for Eskom ECOU. Design/methodology/approach: The research approach used for the study was mainly quantitative. The quantitative methods used were descriptive and non-parametric statistical methods (Kruskal- Wallis Test and Mann-Whitney U Test). The selected sample for the study was categorised as internal stakeholders (i.e. employees that are permanently employed by Eskom) and external stakeholders (i.e. people that are employed by Eskom on a contract basis as quantity surveying, project management and engineering consultants) The scope of the study was to determine whether there are professional-, personal- and corporate ethical challenges in client organisations. A literature review was conducted; and all the relevant literature relating to professional-, personal- and corporate ethics in client organisations was collated, and then used to develop a questionnaire. The questionnaires were distributed to internal and external stakeholders, who were involved during infrastructural delivery in client organisations, in order to acquire different views on ethical perceptions. The data obtained from the questionnaires were analysed, and used to test if the hypotheses were supported or not. Findings: The findings of this study revealed that the demographic profile does not have any significant influence on the ratings of internal and external stakeholders’ perceptions of the lack of professional and personal ethics – or on the enforcement of corporate ethics. Furthermore, this study also revealed that there is no significant difference in the ethical perceptions of internal and external stakeholders, on the enforcement of a professional and corporate ethical culture. Lastly, only in the personal ethics section there is a significant difference in ethical perception. In relation to the statement of the problem, the findings of this study revealed that internal and external stakeholders’ lack of professional- and personal ethics and the enforcement of corporate ethics are largely unknown. Research limitations: This study was limited to only Built environment professionals (including service providers) working for Eskom ECOU. Practical implications: The study revealed that there are ethical challenges in client organisations, even though they might be largely unknown. This clearly shows that construction industry professionals are all susceptible to unethical behaviour. Therefore, Eskom ECOU should refrain from only focusing on unethical behaviour by contractors and consulting firms; and it should also look at the client’s Built environment professionals; because there is evidence that they are also suspect during infrastructural delivery. , Thesis (MSc) -- Faculty of Engineering, the Built Environment and Information Technology, School of the Built Environment and Civil Engineering, 2021
- Full Text:
- Date Issued: 2015-01
The design of a youth activity Centre for Parkside, East London
- Authors: De Lange, Natasha
- Date: 2021-04
- Subjects: Youth centers -- South Africa -- East London -- Designs and plans , Community centers -- South Africa -- East London
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/57479 , vital:57880
- Description: The identity of youth is an important developmental pro - cess in young people’s lives. Youth Centres in South Africa mainly focus on reproductive health services and as a result thereof, are experiencing low visitor num - bers and failing to captivate the youth whom they aim to serve. The very nature in which this takes place today, opens the door for an architectural intervention that has the potential to facilitate and improve this process. This thesis aims to address the issues that today’s youth faces by looking at the metaphorical representa - tion of the ‘street’ as the current place where the youth of today spend their time testing and developing their identity. It aims to rethink the youth centre as a place that combines youth culture and architecture to create a space which provides adequate recreational opportu - nities, and through which youths can reconnect to their surroundings - giving them a much-needed sense of place and identity within the ever-changing city. The idea is ultimately to design a Youth Activity Centre for the Parkside neighbourhood in East London - a de - sign which can express how youth identity can impact architecture in a way that can benefit the development of youth’s identity, and which can re-animate the nature of the ‘street’ through architecture. , Thesis (MArch) -- Faculty of Engineering, the Built Environment and Information Technology, School of Architecture, 2021
- Full Text:
- Date Issued: 2021-04
- Authors: De Lange, Natasha
- Date: 2021-04
- Subjects: Youth centers -- South Africa -- East London -- Designs and plans , Community centers -- South Africa -- East London
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/57479 , vital:57880
- Description: The identity of youth is an important developmental pro - cess in young people’s lives. Youth Centres in South Africa mainly focus on reproductive health services and as a result thereof, are experiencing low visitor num - bers and failing to captivate the youth whom they aim to serve. The very nature in which this takes place today, opens the door for an architectural intervention that has the potential to facilitate and improve this process. This thesis aims to address the issues that today’s youth faces by looking at the metaphorical representa - tion of the ‘street’ as the current place where the youth of today spend their time testing and developing their identity. It aims to rethink the youth centre as a place that combines youth culture and architecture to create a space which provides adequate recreational opportu - nities, and through which youths can reconnect to their surroundings - giving them a much-needed sense of place and identity within the ever-changing city. The idea is ultimately to design a Youth Activity Centre for the Parkside neighbourhood in East London - a de - sign which can express how youth identity can impact architecture in a way that can benefit the development of youth’s identity, and which can re-animate the nature of the ‘street’ through architecture. , Thesis (MArch) -- Faculty of Engineering, the Built Environment and Information Technology, School of Architecture, 2021
- Full Text:
- Date Issued: 2021-04
The Effectiveness of Eskom’s transmission project team lationships in the delivery process
- Authors: Mpetshwa, Noninzi
- Date: 2015-04
- Subjects: Port Elizabeth (South Africa) , Eastern Cape (South Africa) , South Africa
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/53318 , vital:45137
- Description: Eskom Holding is a public limited liability company that supplies electricity. It supplies approximately ninety-nine percent of the electricity used in South Africa, and approximately forty-five percent of that used in Africa. Eskom generates, transmits and distributes electricity to its customers. The Project Execution Department is a department in the Transmission Division that executes the capital and refurbishment of projects. The objective of the study was to discover the opinion of the project team members, on whether there is a lack of project-team efficiency in delivering the projects on time, and within the budget. Descriptive research methodology was used to investigate the objectives of the research. The data were obtained through the structured questionnaires that were hand-delivered and emailed. The research is limited to the Project Execution and Procurement Department in the Transmission Division. The research excludes the Capital Expansion Department (CED) project (Medupi, Kusile and Power Development Projects). The findings of the study showed that, Eskom’s Transmission Project Execution and Commercial Departments need to work hand-in-hand. This will avoid any unnecessary procurement delays which would have an impact on project delivery time. Continuous communication among the project team members could improve the efficiency and serve to build good relationships. Currently, projects are delivered late and over budget. This situation could lead to the outsourcing of departments or even to the redeployment of Senior Management. It would also have a negative impact on the cost and supply of electricity to the country. , Thesis (MSc) -- Faculty of Engineering, the Built Environment and Information Technology, School of the Built Environment and Civil Engineering, 2021
- Full Text:
- Date Issued: 2015-04
- Authors: Mpetshwa, Noninzi
- Date: 2015-04
- Subjects: Port Elizabeth (South Africa) , Eastern Cape (South Africa) , South Africa
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/53318 , vital:45137
- Description: Eskom Holding is a public limited liability company that supplies electricity. It supplies approximately ninety-nine percent of the electricity used in South Africa, and approximately forty-five percent of that used in Africa. Eskom generates, transmits and distributes electricity to its customers. The Project Execution Department is a department in the Transmission Division that executes the capital and refurbishment of projects. The objective of the study was to discover the opinion of the project team members, on whether there is a lack of project-team efficiency in delivering the projects on time, and within the budget. Descriptive research methodology was used to investigate the objectives of the research. The data were obtained through the structured questionnaires that were hand-delivered and emailed. The research is limited to the Project Execution and Procurement Department in the Transmission Division. The research excludes the Capital Expansion Department (CED) project (Medupi, Kusile and Power Development Projects). The findings of the study showed that, Eskom’s Transmission Project Execution and Commercial Departments need to work hand-in-hand. This will avoid any unnecessary procurement delays which would have an impact on project delivery time. Continuous communication among the project team members could improve the efficiency and serve to build good relationships. Currently, projects are delivered late and over budget. This situation could lead to the outsourcing of departments or even to the redeployment of Senior Management. It would also have a negative impact on the cost and supply of electricity to the country. , Thesis (MSc) -- Faculty of Engineering, the Built Environment and Information Technology, School of the Built Environment and Civil Engineering, 2021
- Full Text:
- Date Issued: 2015-04
Towards a risk assessment matrix for information security workarounds associated with acceptable use policies
- Authors: Slabbert, Eugene
- Date: 2022-04
- Subjects: Information networks--security measures , Computer security--South africa
- Language: English
- Type: Master's theses
- Identifier: http://hdl.handle.net/10948/55533 , vital:52811
- Description: Acceptable Use Policies (AUPs) are used to influence employees’ information security behaviour. Some employees feel that the AUPs and related procedures interfere with their ability to work efficiently and may, therefore, choose not to comply by utilising information security workarounds associated with the AUP. An AUP workaround is a form of information security non compliance that may result in unnecessary information security risk exposure for an organisation. Some AUP workarounds may be useful as they identify more efficient ways to complete tasks that may not impact the information security of an organisation. However, these efficiencies should only be considered for incorporation into standard procedures when the information security risk exposure of an AUP workaround is known. This leads to the problem statement. Many organisations do not have a formal way in which to assess the information security risks posed by workarounds associated with their Acceptable Use Policies, and related procedures. This study provides a solution to the identified problem through the primary objective, to develop a Risk Assessment Matrix for Information Security Workarounds associated with Acceptable Use Policies, and related procedures. Four secondary research objectives were proposed to achieve the primary research objective. The first secondary objective determines the role of information security risk management and how it relates to information security governance through the utilisation of a literature review. The second secondary objective firstly utilises a literature review to determine the role that the AUP and its related procedures play within an organisation, followed by a content analysis which identifies the key content that should be considered in a comprehensive AUP. The third secondary objective determines the factors that influence the use of AUP workarounds within an organisation through the utilisation of a literature review. Lastly, the fourth secondary objective utilises a literature review to determine the key components required for the development of the risk assessment matrix for information security workarounds. In addition, critical reasoning is used to create the risk assessment matrix for information security workarounds. The solution to this study contributes to the body of knowledge by proposing a risk assessment matrix to assess the information security risk exposure of AUP workarounds and find possible efficiency gains while keeping information security risk exposure to a minimum. , Thesis (MTech) -- Faculty of Engineering, the Built Environment and Information Technology , Information Technology, 2022
- Full Text:
- Date Issued: 2022-04
- Authors: Slabbert, Eugene
- Date: 2022-04
- Subjects: Information networks--security measures , Computer security--South africa
- Language: English
- Type: Master's theses
- Identifier: http://hdl.handle.net/10948/55533 , vital:52811
- Description: Acceptable Use Policies (AUPs) are used to influence employees’ information security behaviour. Some employees feel that the AUPs and related procedures interfere with their ability to work efficiently and may, therefore, choose not to comply by utilising information security workarounds associated with the AUP. An AUP workaround is a form of information security non compliance that may result in unnecessary information security risk exposure for an organisation. Some AUP workarounds may be useful as they identify more efficient ways to complete tasks that may not impact the information security of an organisation. However, these efficiencies should only be considered for incorporation into standard procedures when the information security risk exposure of an AUP workaround is known. This leads to the problem statement. Many organisations do not have a formal way in which to assess the information security risks posed by workarounds associated with their Acceptable Use Policies, and related procedures. This study provides a solution to the identified problem through the primary objective, to develop a Risk Assessment Matrix for Information Security Workarounds associated with Acceptable Use Policies, and related procedures. Four secondary research objectives were proposed to achieve the primary research objective. The first secondary objective determines the role of information security risk management and how it relates to information security governance through the utilisation of a literature review. The second secondary objective firstly utilises a literature review to determine the role that the AUP and its related procedures play within an organisation, followed by a content analysis which identifies the key content that should be considered in a comprehensive AUP. The third secondary objective determines the factors that influence the use of AUP workarounds within an organisation through the utilisation of a literature review. Lastly, the fourth secondary objective utilises a literature review to determine the key components required for the development of the risk assessment matrix for information security workarounds. In addition, critical reasoning is used to create the risk assessment matrix for information security workarounds. The solution to this study contributes to the body of knowledge by proposing a risk assessment matrix to assess the information security risk exposure of AUP workarounds and find possible efficiency gains while keeping information security risk exposure to a minimum. , Thesis (MTech) -- Faculty of Engineering, the Built Environment and Information Technology , Information Technology, 2022
- Full Text:
- Date Issued: 2022-04
- «
- ‹
- 1
- ›
- »