A model for information security management and regulatory compliance in the South African health sector
- Authors: Tuyikeze, Tite
- Date: 2005
- Subjects: Computer networks -- Security measures , Public health -- South Africa
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9740 , http://hdl.handle.net/10948/425 , Computer networks -- Security measures , Public health -- South Africa
- Description: Information Security is becoming a part of the core business processes in every organization. Companies are faced with contradictory requirements to ensure open systems and accessible information while maintaining high protection standards. In addition, the contemporary management of Information Security requires a variety of approaches in different areas, ranging from technological to organizational issues and legislation. These approaches are often isolated while Security Management requires an integrated approach. Information Technology promises many benefits to healthcare organizations. It helps to make accurate information more readily available to healthcare providers and workers, researchers and patients and advanced computing and communication technology can improve the quality and lower the costs of healthcare. However, the prospect of storing health information in an electronic form raises concerns about patient privacy and security. Healthcare organizations are required to establish formal Information Security program, for example through the adoption of the ISO 17799 standard, to ensure an appropriate and consistent level of information security for computer-based patient records, both within individual healthcare organizations and throughout the entire healthcare delivery system. However, proper Information Security Management practices, alone, do not necessarily ensure regulatory compliance. South African healthcare organizations must comply with the South African National Health Act (SANHA) and the Electronic Communication Transaction Act (ECTA). It is necessary to consider compliance with the Health Insurance Portability and Accountability Act (HIPAA) to meet healthcare international industry standards. The main purpose of this project is to propose a compliance strategy, which ensures full compliance with regulatory requirements and at the same time assures customers that international industry standards are being used. This is preceded by a comparative analysis of the requirements posed by the ISO 17799 standard and the HIPAA, SANHA and ECTA regulations.
- Full Text:
- Date Issued: 2005
- Authors: Tuyikeze, Tite
- Date: 2005
- Subjects: Computer networks -- Security measures , Public health -- South Africa
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9740 , http://hdl.handle.net/10948/425 , Computer networks -- Security measures , Public health -- South Africa
- Description: Information Security is becoming a part of the core business processes in every organization. Companies are faced with contradictory requirements to ensure open systems and accessible information while maintaining high protection standards. In addition, the contemporary management of Information Security requires a variety of approaches in different areas, ranging from technological to organizational issues and legislation. These approaches are often isolated while Security Management requires an integrated approach. Information Technology promises many benefits to healthcare organizations. It helps to make accurate information more readily available to healthcare providers and workers, researchers and patients and advanced computing and communication technology can improve the quality and lower the costs of healthcare. However, the prospect of storing health information in an electronic form raises concerns about patient privacy and security. Healthcare organizations are required to establish formal Information Security program, for example through the adoption of the ISO 17799 standard, to ensure an appropriate and consistent level of information security for computer-based patient records, both within individual healthcare organizations and throughout the entire healthcare delivery system. However, proper Information Security Management practices, alone, do not necessarily ensure regulatory compliance. South African healthcare organizations must comply with the South African National Health Act (SANHA) and the Electronic Communication Transaction Act (ECTA). It is necessary to consider compliance with the Health Insurance Portability and Accountability Act (HIPAA) to meet healthcare international industry standards. The main purpose of this project is to propose a compliance strategy, which ensures full compliance with regulatory requirements and at the same time assures customers that international industry standards are being used. This is preceded by a comparative analysis of the requirements posed by the ISO 17799 standard and the HIPAA, SANHA and ECTA regulations.
- Full Text:
- Date Issued: 2005
A SOAP-based Model for secure messaging in a global context
- Authors: Van Eeden, Johannes Jurie
- Date: 2005
- Subjects: Telecommunication systems -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9777 , http://hdl.handle.net/10948/817 , Telecommunication systems -- Security measures
- Description: For integration between application-systems in a global context, interoperability needs to be established on a global level; global interoperability, in turn, is based on a global common application-interface. This is achieved through resolving differences in, inter alia, protocol profiles, among participants in the global network. ebXML is used as the point of departure. A messaging framework, which is based on existing Web technology and standards, is proposed. Certain security and Web service standards are examined to determine specific parameters for an interoperable secure messaging environment. A security based framework comprising a predefined message format and architecture is investigated for a secure interoperable global electronic marketspace.
- Full Text:
- Date Issued: 2005
- Authors: Van Eeden, Johannes Jurie
- Date: 2005
- Subjects: Telecommunication systems -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9777 , http://hdl.handle.net/10948/817 , Telecommunication systems -- Security measures
- Description: For integration between application-systems in a global context, interoperability needs to be established on a global level; global interoperability, in turn, is based on a global common application-interface. This is achieved through resolving differences in, inter alia, protocol profiles, among participants in the global network. ebXML is used as the point of departure. A messaging framework, which is based on existing Web technology and standards, is proposed. Certain security and Web service standards are examined to determine specific parameters for an interoperable secure messaging environment. A security based framework comprising a predefined message format and architecture is investigated for a secure interoperable global electronic marketspace.
- Full Text:
- Date Issued: 2005
Applying a framework for IT governance in South African higher education institutions
- Authors: Viljoen, Stephen
- Date: 2005
- Subjects: Computer security , Universities and colleges -- Computer networks -- Security measures -- South Africa , Data protection
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9739 , http://hdl.handle.net/10948/416 , Computer security , Universities and colleges -- Computer networks -- Security measures -- South Africa , Data protection
- Description: Background: Higher Education (HE), through HE Institutions, plays a very important role in society. There is thus a need for this sector to be well managed, especially with regards to planning, organising, and controlling. Corporate Governance has received a lot of attention in recent times, especially to engender trust on the part of the stakeholders. There are many similarities, but also significant differences in the governance of HE institutions and public companies. Information Technology (IT) plays an extremely important role in the modern organisation, creating huge opportunities, but also increasing the risk to the organisation. Therefore, effective governance of IT in HE Institutions is of great importance.
- Full Text:
- Date Issued: 2005
- Authors: Viljoen, Stephen
- Date: 2005
- Subjects: Computer security , Universities and colleges -- Computer networks -- Security measures -- South Africa , Data protection
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9739 , http://hdl.handle.net/10948/416 , Computer security , Universities and colleges -- Computer networks -- Security measures -- South Africa , Data protection
- Description: Background: Higher Education (HE), through HE Institutions, plays a very important role in society. There is thus a need for this sector to be well managed, especially with regards to planning, organising, and controlling. Corporate Governance has received a lot of attention in recent times, especially to engender trust on the part of the stakeholders. There are many similarities, but also significant differences in the governance of HE institutions and public companies. Information Technology (IT) plays an extremely important role in the modern organisation, creating huge opportunities, but also increasing the risk to the organisation. Therefore, effective governance of IT in HE Institutions is of great importance.
- Full Text:
- Date Issued: 2005
Development and analysis of a friction stir spot welding process for aluminium
- Authors: Stephen, Michael George
- Date: 2005
- Subjects: Friction welding , Electric welding , Aluminum alloys -- Welding
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9631 , http://hdl.handle.net/10948/1351 , Friction welding , Electric welding , Aluminum alloys -- Welding
- Description: Friction Stir Spot Welding (FSSW) has been developed from the conventional Friction Stir Welding (FSW) process, developed at The Welding Institute (TWI). FSSWs have been done without the keyhole being eliminated. Elimination of the keyhole would result in the process being more commercially viable. This dissertation focuses on an attempt of eliminating the keyhole using a retractable pin tool as well as a comparison of the weld integrity of a FSSW to that of a conventional Resistance Spot Weld (RSW). Welds were conducted on aluminium alloy 6063 T4. Comparisons between different weld procedures were done. Further analysis of the weld integrity between FSSW and RSW were conducted, comparing tensile strengths, microstructure and hardness. For the above welding procedure to take place, the current retractable pin tool, patented by PE Technikon, was redesigned. Problems associated during the welding process and the results obtained are documented. Reasons for the keyhole not being eliminated as well as recommendations for future work in the attempt to remove the keyhole are discussed.
- Full Text:
- Date Issued: 2005
- Authors: Stephen, Michael George
- Date: 2005
- Subjects: Friction welding , Electric welding , Aluminum alloys -- Welding
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9631 , http://hdl.handle.net/10948/1351 , Friction welding , Electric welding , Aluminum alloys -- Welding
- Description: Friction Stir Spot Welding (FSSW) has been developed from the conventional Friction Stir Welding (FSW) process, developed at The Welding Institute (TWI). FSSWs have been done without the keyhole being eliminated. Elimination of the keyhole would result in the process being more commercially viable. This dissertation focuses on an attempt of eliminating the keyhole using a retractable pin tool as well as a comparison of the weld integrity of a FSSW to that of a conventional Resistance Spot Weld (RSW). Welds were conducted on aluminium alloy 6063 T4. Comparisons between different weld procedures were done. Further analysis of the weld integrity between FSSW and RSW were conducted, comparing tensile strengths, microstructure and hardness. For the above welding procedure to take place, the current retractable pin tool, patented by PE Technikon, was redesigned. Problems associated during the welding process and the results obtained are documented. Reasons for the keyhole not being eliminated as well as recommendations for future work in the attempt to remove the keyhole are discussed.
- Full Text:
- Date Issued: 2005
Establishing an information security culture in organizations : an outcomes based education approach
- Van Niekerk, Johannes Frederick
- Authors: Van Niekerk, Johannes Frederick
- Date: 2005
- Subjects: Computer security , Management information systems -- Security measures , Competency-based education
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9742 , http://hdl.handle.net/10948/164 , Computer security , Management information systems -- Security measures , Competency-based education
- Description: Information security is crucial to the continuous well-being of modern orga- nizations. Humans play a signfiicant role in the processes needed to secure an organization's information resources. Without an adequate level of user co-operation and knowledge, many security techniques are liable to be misused or misinterpreted by users. This may result in an adequate security measure becoming inadequate. It is therefor necessary to educate the orga- nization's employees regarding information security and also to establish a corporate sub-culture of information security in the organization, which will ensure that the employees have the correct attitude towards their security responsibilities. Current information security education programs fails to pay su±cient attention to the behavioral sciences. There also exist a lack of knowledge regarding the principles, and processes, that would be needed for the establishment of an corporate sub-culture, specific to information security. Without both the necessary knowledge, and the desired attitude amongst the employee, it will be impossible to guarantee that the organi- zation's information resources are secure. It would therefor make sense to address both these dimensions to the human factor in information security, using a single integrated, holistic approach. This dissertation presents such an approach, which is based on an integration of sound behavioral theories.
- Full Text:
- Date Issued: 2005
Establishing an information security culture in organizations : an outcomes based education approach
- Authors: Van Niekerk, Johannes Frederick
- Date: 2005
- Subjects: Computer security , Management information systems -- Security measures , Competency-based education
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9742 , http://hdl.handle.net/10948/164 , Computer security , Management information systems -- Security measures , Competency-based education
- Description: Information security is crucial to the continuous well-being of modern orga- nizations. Humans play a signfiicant role in the processes needed to secure an organization's information resources. Without an adequate level of user co-operation and knowledge, many security techniques are liable to be misused or misinterpreted by users. This may result in an adequate security measure becoming inadequate. It is therefor necessary to educate the orga- nization's employees regarding information security and also to establish a corporate sub-culture of information security in the organization, which will ensure that the employees have the correct attitude towards their security responsibilities. Current information security education programs fails to pay su±cient attention to the behavioral sciences. There also exist a lack of knowledge regarding the principles, and processes, that would be needed for the establishment of an corporate sub-culture, specific to information security. Without both the necessary knowledge, and the desired attitude amongst the employee, it will be impossible to guarantee that the organi- zation's information resources are secure. It would therefor make sense to address both these dimensions to the human factor in information security, using a single integrated, holistic approach. This dissertation presents such an approach, which is based on an integration of sound behavioral theories.
- Full Text:
- Date Issued: 2005
Introducing hippocratic log files for personal privacy control
- Authors: Rutherford, Andrew
- Date: 2005
- Subjects: Computer security , Internet -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9743 , http://hdl.handle.net/10948/171 , Computer security , Internet -- Security measures
- Description: The rapid growth of the Internet has served to intensify existing privacy concerns of the individual, to the point that privacy is the number one concern amongst Internet users today. Tools exist that can provide users with a choice of anonymity or pseudonymity. However, many Web transactions require the release of personally identifying information, thus rendering such tools infeasible in many instances. Since it is then a given that users are often required to release personal information, which could be recorded, it follows that they require a greater degree of control over the information they release. Hippocratic databases, designed by Agrawal, Kiernan, Srikant, and Xu (2002), aim to give users greater control over information stored in a data- base. Their design was inspired by the medical Hippocratic oath, and makes data privacy protection a fundamental responsibility of the database itself. To achieve the privacy of data, Hippocratic databases are governed by 10 key privacy principles. This dissertation argues, that asides from a few challenges, the 10 prin- ciples of Hippocratic databases can be applied to log ¯les. This argument is supported by presenting a high-level functional view of a Hippocratic log file architecture. This architecture focuses on issues that highlight the con- trol users gain over their personal information that is collected in log files. By presenting a layered view of the aforementioned architecture, it was, fur- thermore, possible to provide greater insight into the major processes that would be at work in a Hippocratic log file implementation. An exploratory prototype served to understand and demonstrate certain of the architectural components of Hippocratic log files. This dissertation, thus, makes a contribution to the ideal of providing users with greater control over their personal information, by proposing the use of Hippocratic logfiles.
- Full Text:
- Date Issued: 2005
- Authors: Rutherford, Andrew
- Date: 2005
- Subjects: Computer security , Internet -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9743 , http://hdl.handle.net/10948/171 , Computer security , Internet -- Security measures
- Description: The rapid growth of the Internet has served to intensify existing privacy concerns of the individual, to the point that privacy is the number one concern amongst Internet users today. Tools exist that can provide users with a choice of anonymity or pseudonymity. However, many Web transactions require the release of personally identifying information, thus rendering such tools infeasible in many instances. Since it is then a given that users are often required to release personal information, which could be recorded, it follows that they require a greater degree of control over the information they release. Hippocratic databases, designed by Agrawal, Kiernan, Srikant, and Xu (2002), aim to give users greater control over information stored in a data- base. Their design was inspired by the medical Hippocratic oath, and makes data privacy protection a fundamental responsibility of the database itself. To achieve the privacy of data, Hippocratic databases are governed by 10 key privacy principles. This dissertation argues, that asides from a few challenges, the 10 prin- ciples of Hippocratic databases can be applied to log ¯les. This argument is supported by presenting a high-level functional view of a Hippocratic log file architecture. This architecture focuses on issues that highlight the con- trol users gain over their personal information that is collected in log files. By presenting a layered view of the aforementioned architecture, it was, fur- thermore, possible to provide greater insight into the major processes that would be at work in a Hippocratic log file implementation. An exploratory prototype served to understand and demonstrate certain of the architectural components of Hippocratic log files. This dissertation, thus, makes a contribution to the ideal of providing users with greater control over their personal information, by proposing the use of Hippocratic logfiles.
- Full Text:
- Date Issued: 2005
Investigation of the effect of selected polypropylene fibres and ultra-fine aggregate on plastic shrinkage cracks on South African roads
- Authors: Kluyts, Grant
- Date: 2005
- Subjects: Concrete roads -- South Africa -- Design and construction , Fiber-reinforced concrete , Reinforced concrete -- Cracking , Concrete -- Expansion and contraction , Polypropylene fibers
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9592 , http://hdl.handle.net/10948/174 , Concrete roads -- South Africa -- Design and construction , Fiber-reinforced concrete , Reinforced concrete -- Cracking , Concrete -- Expansion and contraction , Polypropylene fibers
- Description: Plastic shrinkage cracks, although not inherently structurally debilitating, expose the reinforcement in low-volume reinforced concrete roads to deleterious substances, which may reduce its effectiveness leading ultimately to structural failure. In un-reinforced low-volume concrete road these cracks appear unsightly and cause the road user an unpleasant riding experience. Many researchers believe that plastic shrinkage crack development remains a concern to the concrete industry, occurring in particularly large–area pours such as low-volume concrete roads, and therefore requires further research to understand their formation and minimization. This study reports findings on the effectiveness of oxyfluorinated polypropylene fibres to control plastic shrinkage cracks, and the effect the addition of ultra-fine material has on the formation and/or propagation of these cracks. Findings indicate that low volume dosages (2 kg/m³), of oxyfluorinated polypropylene fibre significantly reduced the formation of plastic shrinkage cracks under test conditions. Furthermore, that the addition of ultra-fine material in excess of 63 kg/m³ increased the formation and/or development of plastic shrinkage cracks.
- Full Text:
- Date Issued: 2005
- Authors: Kluyts, Grant
- Date: 2005
- Subjects: Concrete roads -- South Africa -- Design and construction , Fiber-reinforced concrete , Reinforced concrete -- Cracking , Concrete -- Expansion and contraction , Polypropylene fibers
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9592 , http://hdl.handle.net/10948/174 , Concrete roads -- South Africa -- Design and construction , Fiber-reinforced concrete , Reinforced concrete -- Cracking , Concrete -- Expansion and contraction , Polypropylene fibers
- Description: Plastic shrinkage cracks, although not inherently structurally debilitating, expose the reinforcement in low-volume reinforced concrete roads to deleterious substances, which may reduce its effectiveness leading ultimately to structural failure. In un-reinforced low-volume concrete road these cracks appear unsightly and cause the road user an unpleasant riding experience. Many researchers believe that plastic shrinkage crack development remains a concern to the concrete industry, occurring in particularly large–area pours such as low-volume concrete roads, and therefore requires further research to understand their formation and minimization. This study reports findings on the effectiveness of oxyfluorinated polypropylene fibres to control plastic shrinkage cracks, and the effect the addition of ultra-fine material has on the formation and/or propagation of these cracks. Findings indicate that low volume dosages (2 kg/m³), of oxyfluorinated polypropylene fibre significantly reduced the formation of plastic shrinkage cracks under test conditions. Furthermore, that the addition of ultra-fine material in excess of 63 kg/m³ increased the formation and/or development of plastic shrinkage cracks.
- Full Text:
- Date Issued: 2005
A framework for secure mobility in wireless overlay networks
- Authors: Chen, Hejun
- Date: 2006
- Subjects: Wireless communication systems , Computer networks
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9778 , http://hdl.handle.net/10948/819 , Wireless communication systems , Computer networks
- Description: Various wireless networks are widely deployed world wide. Current technologies employed in these networks vary widely in terms of bandwidths, latencies, frequencies, and media access methods. Most existing wireless network technologies can be divided into two categories: those that provide a low-bandwidth service over a wide geographic area, for example UMTS, and those that provide a high bandwidth service over a narrow geographic area, for example 802.11. Although it would be desirable to provide a high- bandwidth service over a wide coverage region to mobile users all the time, no single wireless network technology simultaneously satisfies these require- ments. Wireless Overlay Networks, a hierarchical structure of wireless personal area, local area, and wide area data networks, is considered as an efficient and scalable way to solve this problem. Due to the wide deployment of UMTS and 802.11 WLAN, this study attempts to combine them to implement the concept of Wireless Overlay Net- works. Furthermore, the information transmitted over this Wireless Overlay Networks is protected in terms of authentication, integrity and confidentiality. To achieve this goal, this study aims to combine GPRS, Mobile IP and IPSec to propose a framework for secure mobility in Wireless Overlay Networks. The framework is developed in three steps: Firstly, this study addresses the problem of combining GPRS and Mo- bile IP, so that GPRS users are provided with Mobile IP service. This results in presenting a uniform Mobile IP interface to peers regardless of whether mobile users use UMTS or 802.11 WLAN. Secondly, this study discovers the existing problem when combining Mobile IP and IPSec, and proposes a Dual Home Agent Architecture to achieve secure mobility. Finally, based on the output of the previous two steps, a complete framework is proposed, which achieves secure mobility in Wireless Overlay Networks, specifically, in UMTS and 802.11 WLAN. The framework also implements seamless handover when mobile users switch between UMTS and 802.11. This results in UMTS and 802.11 WLAN looking like a single network when participating in this framework, and presents seamless and secure mobility.
- Full Text:
- Date Issued: 2006
- Authors: Chen, Hejun
- Date: 2006
- Subjects: Wireless communication systems , Computer networks
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9778 , http://hdl.handle.net/10948/819 , Wireless communication systems , Computer networks
- Description: Various wireless networks are widely deployed world wide. Current technologies employed in these networks vary widely in terms of bandwidths, latencies, frequencies, and media access methods. Most existing wireless network technologies can be divided into two categories: those that provide a low-bandwidth service over a wide geographic area, for example UMTS, and those that provide a high bandwidth service over a narrow geographic area, for example 802.11. Although it would be desirable to provide a high- bandwidth service over a wide coverage region to mobile users all the time, no single wireless network technology simultaneously satisfies these require- ments. Wireless Overlay Networks, a hierarchical structure of wireless personal area, local area, and wide area data networks, is considered as an efficient and scalable way to solve this problem. Due to the wide deployment of UMTS and 802.11 WLAN, this study attempts to combine them to implement the concept of Wireless Overlay Net- works. Furthermore, the information transmitted over this Wireless Overlay Networks is protected in terms of authentication, integrity and confidentiality. To achieve this goal, this study aims to combine GPRS, Mobile IP and IPSec to propose a framework for secure mobility in Wireless Overlay Networks. The framework is developed in three steps: Firstly, this study addresses the problem of combining GPRS and Mo- bile IP, so that GPRS users are provided with Mobile IP service. This results in presenting a uniform Mobile IP interface to peers regardless of whether mobile users use UMTS or 802.11 WLAN. Secondly, this study discovers the existing problem when combining Mobile IP and IPSec, and proposes a Dual Home Agent Architecture to achieve secure mobility. Finally, based on the output of the previous two steps, a complete framework is proposed, which achieves secure mobility in Wireless Overlay Networks, specifically, in UMTS and 802.11 WLAN. The framework also implements seamless handover when mobile users switch between UMTS and 802.11. This results in UMTS and 802.11 WLAN looking like a single network when participating in this framework, and presents seamless and secure mobility.
- Full Text:
- Date Issued: 2006
A fuzzy logic control system for a friction stir welding process
- Authors: Majara, Khotso Ernest
- Date: 2006
- Subjects: Friction welding , Fuzzy logic , Automatic control , Fuzzy systems
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9594 , http://hdl.handle.net/10948/405 , Friction welding , Fuzzy logic , Automatic control , Fuzzy systems
- Description: FSW is a welding technique invented and patented by The Welding Institute in 1991. This welding technique utilises the benefits of solid-state welding to materials regarded as difficult to weld by fusion processes. The productivity of the process was not optimised as the real-time dynamics of the material and tool changes were not considered. Furthermore, the process has a plastic weld region where no traditional modelling describing the interaction between the tool and work piece is available. Fuzzy logic technology is one of the artificial intelligent strategies used to improve the control of the dynamics of industrial processes. Fuzzy control was proposed as a viable solution to improve the productivity of the FSW process. The simulations indicated that FLC can use feed rate and welding speed to adaptively regulate the feed force and tool temperature respectively, irrespective of varying tool and material change. The simulations presented fuzzy logic technology to be robust enough to regulate FSW process in the absence of accurate mathematical models.
- Full Text:
- Date Issued: 2006
- Authors: Majara, Khotso Ernest
- Date: 2006
- Subjects: Friction welding , Fuzzy logic , Automatic control , Fuzzy systems
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9594 , http://hdl.handle.net/10948/405 , Friction welding , Fuzzy logic , Automatic control , Fuzzy systems
- Description: FSW is a welding technique invented and patented by The Welding Institute in 1991. This welding technique utilises the benefits of solid-state welding to materials regarded as difficult to weld by fusion processes. The productivity of the process was not optimised as the real-time dynamics of the material and tool changes were not considered. Furthermore, the process has a plastic weld region where no traditional modelling describing the interaction between the tool and work piece is available. Fuzzy logic technology is one of the artificial intelligent strategies used to improve the control of the dynamics of industrial processes. Fuzzy control was proposed as a viable solution to improve the productivity of the FSW process. The simulations indicated that FLC can use feed rate and welding speed to adaptively regulate the feed force and tool temperature respectively, irrespective of varying tool and material change. The simulations presented fuzzy logic technology to be robust enough to regulate FSW process in the absence of accurate mathematical models.
- Full Text:
- Date Issued: 2006
A holistic approach to network security in OGSA-based grid systems
- Authors: Loutsios, Demetrios
- Date: 2006
- Subjects: Computer networks -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9736 , http://hdl.handle.net/10948/550 , Computer networks -- Security measures
- Description: Grid computing technologies facilitate complex scientific collaborations between globally dispersed parties, which make use of heterogeneous technologies and computing systems. However, in recent years the commercial sector has developed a growing interest in Grid technologies. Prominent Grid researchers have predicted Grids will grow into the commercial mainstream, even though its origins were in scientific research. This is much the same way as the Internet started as a vehicle for research collaboration between universities and government institutions, and grew into a technology with large commercial applications. Grids facilitate complex trust relationships between globally dispersed business partners, research groups, and non-profit organizations. Almost any dispersed “virtual organization” willing to share computing resources can make use of Grid technologies. Grid computing facilitates the networking of shared services; the inter-connection of a potentially unlimited number of computing resources within a “Grid” is possible. Grid technologies leverage a range of open standards and technologies to provide interoperability between heterogeneous computing systems. Newer Grids build on key capabilities of Web-Service technologies to provide easy and dynamic publishing and discovery of Grid resources. Due to the inter-organisational nature of Grid systems, there is a need to provide adequate security to Grid users and to Grid resources. This research proposes a framework, using a specific brokered pattern, which addresses several common Grid security challenges, which include: Providing secure and consistent cross-site Authentication and Authorization; Single-sign on capabilities to Grid users; Abstract iii; Underlying platform and runtime security, and; Grid network communications and messaging security. These Grid security challenges can be viewed as comprising two (proposed) logical layers of a Grid. These layers are: a Common Grid Layer (higher level Grid interactions), and a Local Resource Layer (Lower level technology security concerns). This research is concerned with providing a generic and holistic security framework to secure both layers. This research makes extensive use of STRIDE - an acronym for Microsoft approach to addressing security threats - as part of a holistic Grid security framework. STRIDE and key Grid related standards, such as Open Grid Service Architecture (OGSA), Web-Service Resource Framework (WS-RF), and the Globus Toolkit are used to formulate the proposed framework.
- Full Text:
- Date Issued: 2006
- Authors: Loutsios, Demetrios
- Date: 2006
- Subjects: Computer networks -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9736 , http://hdl.handle.net/10948/550 , Computer networks -- Security measures
- Description: Grid computing technologies facilitate complex scientific collaborations between globally dispersed parties, which make use of heterogeneous technologies and computing systems. However, in recent years the commercial sector has developed a growing interest in Grid technologies. Prominent Grid researchers have predicted Grids will grow into the commercial mainstream, even though its origins were in scientific research. This is much the same way as the Internet started as a vehicle for research collaboration between universities and government institutions, and grew into a technology with large commercial applications. Grids facilitate complex trust relationships between globally dispersed business partners, research groups, and non-profit organizations. Almost any dispersed “virtual organization” willing to share computing resources can make use of Grid technologies. Grid computing facilitates the networking of shared services; the inter-connection of a potentially unlimited number of computing resources within a “Grid” is possible. Grid technologies leverage a range of open standards and technologies to provide interoperability between heterogeneous computing systems. Newer Grids build on key capabilities of Web-Service technologies to provide easy and dynamic publishing and discovery of Grid resources. Due to the inter-organisational nature of Grid systems, there is a need to provide adequate security to Grid users and to Grid resources. This research proposes a framework, using a specific brokered pattern, which addresses several common Grid security challenges, which include: Providing secure and consistent cross-site Authentication and Authorization; Single-sign on capabilities to Grid users; Abstract iii; Underlying platform and runtime security, and; Grid network communications and messaging security. These Grid security challenges can be viewed as comprising two (proposed) logical layers of a Grid. These layers are: a Common Grid Layer (higher level Grid interactions), and a Local Resource Layer (Lower level technology security concerns). This research is concerned with providing a generic and holistic security framework to secure both layers. This research makes extensive use of STRIDE - an acronym for Microsoft approach to addressing security threats - as part of a holistic Grid security framework. STRIDE and key Grid related standards, such as Open Grid Service Architecture (OGSA), Web-Service Resource Framework (WS-RF), and the Globus Toolkit are used to formulate the proposed framework.
- Full Text:
- Date Issued: 2006
Corporate information risk : an information security governance framework
- Authors: Posthumus, Shaun Murray
- Date: 2006
- Subjects: Computer security , Business enterprises -- Computer networks -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9776 , http://hdl.handle.net/10948/814 , Computer security , Business enterprises -- Computer networks -- Security measures
- Description: Information Security is currently viewed from a technical point of view only. Some authors believe that Information Security is a process that involves more than merely Risk Management at the department level, as it is also a strategic and potentially legal issue. Hence, there is a need to elevate the importance of Information Security to a governance level through Information Security Governance and propose a framework to help guide the Board of Directors in their Information Security Governance efforts. IT is a major facilitator of organizational business processes and these processes manipulate and transmit sensitive customer and financial information. IT, which involves major risks, may threaten the security if corporate information assets. Therefore, IT requires attention at board level to ensure that technology-related information risks are within an organization’s accepted risk appetite. However, IT issues are a neglected topic at board level and this could bring about enronesque disasters. Therefore, there is a need for the Board of Directors to direct and control IT-related risks effectively to reduce the potential for Information Security breaches and bring about a stronger system of internal control. The IT Oversight Committee is a proven means of achieving this, and this study further motivates the necessity for such a committee to solidify an organization’s Information Security posture among other IT-related issues.
- Full Text:
- Date Issued: 2006
- Authors: Posthumus, Shaun Murray
- Date: 2006
- Subjects: Computer security , Business enterprises -- Computer networks -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9776 , http://hdl.handle.net/10948/814 , Computer security , Business enterprises -- Computer networks -- Security measures
- Description: Information Security is currently viewed from a technical point of view only. Some authors believe that Information Security is a process that involves more than merely Risk Management at the department level, as it is also a strategic and potentially legal issue. Hence, there is a need to elevate the importance of Information Security to a governance level through Information Security Governance and propose a framework to help guide the Board of Directors in their Information Security Governance efforts. IT is a major facilitator of organizational business processes and these processes manipulate and transmit sensitive customer and financial information. IT, which involves major risks, may threaten the security if corporate information assets. Therefore, IT requires attention at board level to ensure that technology-related information risks are within an organization’s accepted risk appetite. However, IT issues are a neglected topic at board level and this could bring about enronesque disasters. Therefore, there is a need for the Board of Directors to direct and control IT-related risks effectively to reduce the potential for Information Security breaches and bring about a stronger system of internal control. The IT Oversight Committee is a proven means of achieving this, and this study further motivates the necessity for such a committee to solidify an organization’s Information Security posture among other IT-related issues.
- Full Text:
- Date Issued: 2006
Epirismm: an enterprise information risk management model
- Authors: Lategan, Neil
- Date: 2006
- Subjects: Risk management , Small business , Information technology -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9734 , http://hdl.handle.net/10948/541 , Risk management , Small business , Information technology -- Security measures
- Description: Today, information is considered a commodity and no enterprise can operate without it. Indeed, the information and the supporting technology are pivotal in all enterprises. However, a major problem being experienced in the business environment is that enterprise risk cannot be managed effectively because business and information-related risk are not congruently aligned with risk management terminology and practices. The business environment and information technology are bound together by information. For this reason, it is imperative that risk management is synergised in the business, ICT (Information and Communication Technology) and information environments. A thorough, all inclusive, risk analysis exercise needs to be conducted in business and supporting environments in order to develop an effective internal control system. Such an internal control system should reduce the exposure of risk and aid the safeguarding of assets. Indeed, in today’s so-called information age, where business processes integrate the business and ICT environments, it is imperative that a unary internal control system be established, based on a holistic risk management exercise. To ensure that the enterprise, information and ICT environments operate free of the risks that threaten them, the risks should be properly governed. A model, EPiRISMM (Enterprise Information Risk Management Model) is proposed that offers to combine risk management practices from an ICT, information, governance, and enterprise perspective because there are so many overlapping aspects inherent in them. EPiRISMM combines various well-known standards and frameworks into one coherent model. By employing EPiRISMM, an enterprise will be able to eliminate the traditional segmented approach of the ICT department and thus eliminate any previous discontinuity in risk management practices.
- Full Text:
- Date Issued: 2006
- Authors: Lategan, Neil
- Date: 2006
- Subjects: Risk management , Small business , Information technology -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9734 , http://hdl.handle.net/10948/541 , Risk management , Small business , Information technology -- Security measures
- Description: Today, information is considered a commodity and no enterprise can operate without it. Indeed, the information and the supporting technology are pivotal in all enterprises. However, a major problem being experienced in the business environment is that enterprise risk cannot be managed effectively because business and information-related risk are not congruently aligned with risk management terminology and practices. The business environment and information technology are bound together by information. For this reason, it is imperative that risk management is synergised in the business, ICT (Information and Communication Technology) and information environments. A thorough, all inclusive, risk analysis exercise needs to be conducted in business and supporting environments in order to develop an effective internal control system. Such an internal control system should reduce the exposure of risk and aid the safeguarding of assets. Indeed, in today’s so-called information age, where business processes integrate the business and ICT environments, it is imperative that a unary internal control system be established, based on a holistic risk management exercise. To ensure that the enterprise, information and ICT environments operate free of the risks that threaten them, the risks should be properly governed. A model, EPiRISMM (Enterprise Information Risk Management Model) is proposed that offers to combine risk management practices from an ICT, information, governance, and enterprise perspective because there are so many overlapping aspects inherent in them. EPiRISMM combines various well-known standards and frameworks into one coherent model. By employing EPiRISMM, an enterprise will be able to eliminate the traditional segmented approach of the ICT department and thus eliminate any previous discontinuity in risk management practices.
- Full Text:
- Date Issued: 2006
Monitoring and intelligent control for complex curvature friction stir welding
- Hua, Tao
- Authors: Hua, Tao
- Date: 2006
- Subjects: Friction welding , Fuzzy systems
- Language: English
- Type: Thesis , Doctoral , DTech
- Identifier: vital:9612 , http://hdl.handle.net/10948/420 , Friction welding , Fuzzy systems
- Description: A multi-input multi-output system to implement on-line process monitoring and intelligent control of complex curvature friction stir welding was proposed. An extra rotation axis was added to the existing three translation axes to perform friction stir welding of complex curvature other than straight welding line. A clamping system was designed for locating and holding the workpieces to bear the large force involved in the process between the welding tool and workpieces. Process parameters (feed rate, spindle speed, tilt angle and plunge depth), and process conditions (parent material and curvature), were used as factors for the orthogonal array experiments to collect sensor data of force, torque and tool temperature using multiple sensors and telemetry system. Using statistic analysis of the experimental data, sensitive signal features were selected to train the feed-forward neural networks, which were used for mapping the relationships between process parameters, process conditions and sensor data. A fuzzy controller with initial input/output membership functions and fuzzy rules generated on-line from the trained neural network was applied to perceive process condition changes and make adjustment of process parameters to maintain tool/workpiece contact and energy input. Input/output scaling factors of the fuzzy controller were tuned on-line to improve output response to the amount and trend of control variable deviation from the reference value. Simulation results showed that the presented neuro-fuzzy control scheme has adaptability to process conditions such as parent material and curvature changes, and that the control variables were well regulated. The presented neuro-fuzzy control scheme can be also expected to be applied in other multi-input multi-output machining processes.
- Full Text:
- Date Issued: 2006
- Authors: Hua, Tao
- Date: 2006
- Subjects: Friction welding , Fuzzy systems
- Language: English
- Type: Thesis , Doctoral , DTech
- Identifier: vital:9612 , http://hdl.handle.net/10948/420 , Friction welding , Fuzzy systems
- Description: A multi-input multi-output system to implement on-line process monitoring and intelligent control of complex curvature friction stir welding was proposed. An extra rotation axis was added to the existing three translation axes to perform friction stir welding of complex curvature other than straight welding line. A clamping system was designed for locating and holding the workpieces to bear the large force involved in the process between the welding tool and workpieces. Process parameters (feed rate, spindle speed, tilt angle and plunge depth), and process conditions (parent material and curvature), were used as factors for the orthogonal array experiments to collect sensor data of force, torque and tool temperature using multiple sensors and telemetry system. Using statistic analysis of the experimental data, sensitive signal features were selected to train the feed-forward neural networks, which were used for mapping the relationships between process parameters, process conditions and sensor data. A fuzzy controller with initial input/output membership functions and fuzzy rules generated on-line from the trained neural network was applied to perceive process condition changes and make adjustment of process parameters to maintain tool/workpiece contact and energy input. Input/output scaling factors of the fuzzy controller were tuned on-line to improve output response to the amount and trend of control variable deviation from the reference value. Simulation results showed that the presented neuro-fuzzy control scheme has adaptability to process conditions such as parent material and curvature changes, and that the control variables were well regulated. The presented neuro-fuzzy control scheme can be also expected to be applied in other multi-input multi-output machining processes.
- Full Text:
- Date Issued: 2006
Restoring trust by verifying information integrity through continuous auditing
- Authors: Flowerday, Stephen
- Date: 2006
- Subjects: Auditing, Internal , Corporate governance
- Language: English
- Type: Thesis , Doctoral , DTech
- Identifier: vital:9796 , http://hdl.handle.net/10948/504 , http://hdl.handle.net/10948/d1011920 , Auditing, Internal , Corporate governance
- Description: Corporate scandals such as Enron, WorldCom and Parmalat, have focused recent governance efforts in the domain of financial reporting due to fraudulent and/or erroneous accounting practices. In addition, the ineffectiveness of the current system of controls has been highlighted, including that some directors have been weak and ineffective monitors of managers. This board of director ‘weakness’ has called for additional mechanisms for monitoring and controlling of management, focusing on financial reporting. This problem intensifies in that today companies function in real-time, and decisions are based on available realtime financial information. However, the assurances provided by traditional auditing take place months after the transactions have occurred and therefore, a trust problem arises because information is not verified in real-time. Consequently, the errors and fraud concealed within the financial information is not discovered until months later. To address this trust problem a conceptual causal model is proposed in this study based on the principles of systems theory. The emergent property of the causal model is increased trust and control. This study establishes that mutual assurances assist in building trust and that information security assists in safeguarding trust. Subsequently, in order to have a positive relationship between the company directors and various stakeholders, uncertainty needs to be contained, and the level of trust needs to surpass the perceived risks. The study concludes that assurances need to be provided in real-time to restore stakeholder confidence and trust in the domain of financial reporting. In order to provide assurances in real-time, continuous auditing is required to verify the integrity of financial information when it becomes available, and not months later. A continuous auditing process has its foundations grounded in information technology and attends to the challenges in real-time by addressing the standardisation of data to enable effective analysis, the validation of the accuracy of the data and the reliability of the system.
- Full Text:
- Date Issued: 2006
- Authors: Flowerday, Stephen
- Date: 2006
- Subjects: Auditing, Internal , Corporate governance
- Language: English
- Type: Thesis , Doctoral , DTech
- Identifier: vital:9796 , http://hdl.handle.net/10948/504 , http://hdl.handle.net/10948/d1011920 , Auditing, Internal , Corporate governance
- Description: Corporate scandals such as Enron, WorldCom and Parmalat, have focused recent governance efforts in the domain of financial reporting due to fraudulent and/or erroneous accounting practices. In addition, the ineffectiveness of the current system of controls has been highlighted, including that some directors have been weak and ineffective monitors of managers. This board of director ‘weakness’ has called for additional mechanisms for monitoring and controlling of management, focusing on financial reporting. This problem intensifies in that today companies function in real-time, and decisions are based on available realtime financial information. However, the assurances provided by traditional auditing take place months after the transactions have occurred and therefore, a trust problem arises because information is not verified in real-time. Consequently, the errors and fraud concealed within the financial information is not discovered until months later. To address this trust problem a conceptual causal model is proposed in this study based on the principles of systems theory. The emergent property of the causal model is increased trust and control. This study establishes that mutual assurances assist in building trust and that information security assists in safeguarding trust. Subsequently, in order to have a positive relationship between the company directors and various stakeholders, uncertainty needs to be contained, and the level of trust needs to surpass the perceived risks. The study concludes that assurances need to be provided in real-time to restore stakeholder confidence and trust in the domain of financial reporting. In order to provide assurances in real-time, continuous auditing is required to verify the integrity of financial information when it becomes available, and not months later. A continuous auditing process has its foundations grounded in information technology and attends to the challenges in real-time by addressing the standardisation of data to enable effective analysis, the validation of the accuracy of the data and the reliability of the system.
- Full Text:
- Date Issued: 2006
The cost of free instant messaging: an attack modelling perspective
- Authors: Du Preez, Riekert
- Date: 2006
- Subjects: Computer security , Instant messaging , Data protection
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9797 , http://hdl.handle.net/10948/499 , http://hdl.handle.net/10948/d1011921 , Computer security , Instant messaging , Data protection
- Description: Instant Messaging (IM) has grown tremendously over the last few years. Even though IM was originally developed as a social chat system, it has found a place in many companies, where it is being used as an essential business tool. However, many businesses rely on free IM and have not implemented a secure corporate IM solution. Most free IM clients were never intended for use in the workplace and, therefore, lack strong security features and administrative control. Consequently, free IM clients can provide attackers with an entry point for malicious code in an organization’s network that can ultimately lead to a company’s information assets being compromised. Therefore, even though free IM allows for better collaboration in the workplace, it comes at a cost, as the title of this dissertation suggests. This dissertation sets out to answer the question of how free IM can facilitate an attack on a company’s information assets. To answer the research question, the dissertation defines an IM attack model that models the ways in which an information system can be attacked when free IM is used within an organization. The IM attack model was created by categorising IM threats using the STRIDE threat classification scheme. The attacks that realize the categorised threats were then modelled using attack trees as the chosen attack modelling tool. Attack trees were chosen because of their ability to model the sequence of attacker actions during an attack. The author defined an enhanced graphical notation that was adopted for the attack trees used to create the IM attack model. The enhanced attack tree notation extends traditional attack trees to allow nodes in the trees to be of different classes and, therefore, allows attack trees to convey more information. During the process of defining the IM attack model, a number of experiments were conducted where IM vulnerabilities were exploited. Thereafter, a case study was constructed to document a simulated attack on an information system that involves the exploitation of IM vulnerabilities. The case study demonstrates how an attacker’s attack path relates to the IM attack model in a practical scenario. The IM attack model provides insight into how IM can facilitate an attack on a company’s information assets. The creation of the attack model for free IM lead to several realizations. The IM attack model revealed that even though the use of free IM clients may seem harmless, such IM clients can facilitate an attack on a company’s information assets. Furthermore, certain IM vulnerabilities may not pose a great risk by themselves, but when combined with the exploitation of other vulnerabilities, a much greater threat can be realized. These realizations hold true to what French playwright Jean Anouilh once said: “What you get free costs too much”.
- Full Text:
- Date Issued: 2006
- Authors: Du Preez, Riekert
- Date: 2006
- Subjects: Computer security , Instant messaging , Data protection
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9797 , http://hdl.handle.net/10948/499 , http://hdl.handle.net/10948/d1011921 , Computer security , Instant messaging , Data protection
- Description: Instant Messaging (IM) has grown tremendously over the last few years. Even though IM was originally developed as a social chat system, it has found a place in many companies, where it is being used as an essential business tool. However, many businesses rely on free IM and have not implemented a secure corporate IM solution. Most free IM clients were never intended for use in the workplace and, therefore, lack strong security features and administrative control. Consequently, free IM clients can provide attackers with an entry point for malicious code in an organization’s network that can ultimately lead to a company’s information assets being compromised. Therefore, even though free IM allows for better collaboration in the workplace, it comes at a cost, as the title of this dissertation suggests. This dissertation sets out to answer the question of how free IM can facilitate an attack on a company’s information assets. To answer the research question, the dissertation defines an IM attack model that models the ways in which an information system can be attacked when free IM is used within an organization. The IM attack model was created by categorising IM threats using the STRIDE threat classification scheme. The attacks that realize the categorised threats were then modelled using attack trees as the chosen attack modelling tool. Attack trees were chosen because of their ability to model the sequence of attacker actions during an attack. The author defined an enhanced graphical notation that was adopted for the attack trees used to create the IM attack model. The enhanced attack tree notation extends traditional attack trees to allow nodes in the trees to be of different classes and, therefore, allows attack trees to convey more information. During the process of defining the IM attack model, a number of experiments were conducted where IM vulnerabilities were exploited. Thereafter, a case study was constructed to document a simulated attack on an information system that involves the exploitation of IM vulnerabilities. The case study demonstrates how an attacker’s attack path relates to the IM attack model in a practical scenario. The IM attack model provides insight into how IM can facilitate an attack on a company’s information assets. The creation of the attack model for free IM lead to several realizations. The IM attack model revealed that even though the use of free IM clients may seem harmless, such IM clients can facilitate an attack on a company’s information assets. Furthermore, certain IM vulnerabilities may not pose a great risk by themselves, but when combined with the exploitation of other vulnerabilities, a much greater threat can be realized. These realizations hold true to what French playwright Jean Anouilh once said: “What you get free costs too much”.
- Full Text:
- Date Issued: 2006
Towards a framework for corporate information governance
- Authors: Mears, Lynette May
- Date: 2006
- Subjects: Information technology -- Management
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9775 , http://hdl.handle.net/10948/820 , Information technology -- Management
- Description: Information is a critical asset without which an organisation could not survive. The adequate and effective governance of this asset is an essential function and is the direct responsibility of the board and senior management. The board and senior management have a responsibility to maintain the financial and material health of their enterprise and this includes setting the proper direction and governance of the information asset. Many organisations have, over the past few years, suffered severe losses and failures due to the inadequate governance and protection of this valuable asset. The reasons for the lack of corporate information governance need to be examined. The board and senior management need to direct and control their organisations effectively, with the appropriate delegation of responsibilities, to reduce the possibility of suffering similar losses and/or failures. The contribution made by this study is illustrated in the designing of a framework and activity plans to facilitate the board in practically implementing an improved corporate information governance process.
- Full Text:
- Date Issued: 2006
- Authors: Mears, Lynette May
- Date: 2006
- Subjects: Information technology -- Management
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9775 , http://hdl.handle.net/10948/820 , Information technology -- Management
- Description: Information is a critical asset without which an organisation could not survive. The adequate and effective governance of this asset is an essential function and is the direct responsibility of the board and senior management. The board and senior management have a responsibility to maintain the financial and material health of their enterprise and this includes setting the proper direction and governance of the information asset. Many organisations have, over the past few years, suffered severe losses and failures due to the inadequate governance and protection of this valuable asset. The reasons for the lack of corporate information governance need to be examined. The board and senior management need to direct and control their organisations effectively, with the appropriate delegation of responsibilities, to reduce the possibility of suffering similar losses and/or failures. The contribution made by this study is illustrated in the designing of a framework and activity plans to facilitate the board in practically implementing an improved corporate information governance process.
- Full Text:
- Date Issued: 2006
A code of practice for practitioners in private healthcare: a privacy perspective
- Authors: Harvey, Brett D
- Date: 2007
- Subjects: Information storage and retrieval systems -- Medical care , Medical records -- Data processing , Privacy, Right of Comparative studies
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9735 , http://hdl.handle.net/10948/521 , Information storage and retrieval systems -- Medical care , Medical records -- Data processing , Privacy, Right of Comparative studies
- Description: Whereas there are various initiatives to standardize the storage, processing and use of electronic patient information in the South African health sector, the sector is fragmented through the adoption of various approaches on national, provincial and district levels. Divergent IT systems are used in the public and private health sectors (“Recommendations of the Committee on …” 2003). Furthermore, general practitioners in some parts of the country still use paper as a primary means of documentation and storage. Nonetheless, the use of computerized systems is increasing, even in the most remote rural areas. This leads to the exposure of patient information to various threats that are perpetuated through the use of information technology. Irrespective of the level of technology adoption by practitioners in private healthcare practice, the security and privacy of patient information remains of critical importance. The disclosure of patient information whether intentional or not, can have dire consequences for a patient. In general, the requirements pertaining to the privacy of patient information are controlled and enforced through the adoption of legislation by the governing body of a country. Compared with developed nations, South Africa has limited legislation to help enforce privacy in the health sector. Conversely, Australia, New Zealand and Canada have some of the most advanced legislative frameworks when it comes to the privacy of patient information. In this dissertation, the Australian, New Zealand, Canadian and South African health sectors and the legislation they have in place to ensure the privacy of health information, will be investigated. Additionally, codes of practice and guidelines on privacy of patient information for GPs, in the afore-mentioned countries, will be investigated to form an idea as to what is needed in creating and formulating a new code of practice for the South African GP, as well as a pragmatic tool (checklist) to check adherence to privacy requirements.
- Full Text:
- Date Issued: 2007
- Authors: Harvey, Brett D
- Date: 2007
- Subjects: Information storage and retrieval systems -- Medical care , Medical records -- Data processing , Privacy, Right of Comparative studies
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9735 , http://hdl.handle.net/10948/521 , Information storage and retrieval systems -- Medical care , Medical records -- Data processing , Privacy, Right of Comparative studies
- Description: Whereas there are various initiatives to standardize the storage, processing and use of electronic patient information in the South African health sector, the sector is fragmented through the adoption of various approaches on national, provincial and district levels. Divergent IT systems are used in the public and private health sectors (“Recommendations of the Committee on …” 2003). Furthermore, general practitioners in some parts of the country still use paper as a primary means of documentation and storage. Nonetheless, the use of computerized systems is increasing, even in the most remote rural areas. This leads to the exposure of patient information to various threats that are perpetuated through the use of information technology. Irrespective of the level of technology adoption by practitioners in private healthcare practice, the security and privacy of patient information remains of critical importance. The disclosure of patient information whether intentional or not, can have dire consequences for a patient. In general, the requirements pertaining to the privacy of patient information are controlled and enforced through the adoption of legislation by the governing body of a country. Compared with developed nations, South Africa has limited legislation to help enforce privacy in the health sector. Conversely, Australia, New Zealand and Canada have some of the most advanced legislative frameworks when it comes to the privacy of patient information. In this dissertation, the Australian, New Zealand, Canadian and South African health sectors and the legislation they have in place to ensure the privacy of health information, will be investigated. Additionally, codes of practice and guidelines on privacy of patient information for GPs, in the afore-mentioned countries, will be investigated to form an idea as to what is needed in creating and formulating a new code of practice for the South African GP, as well as a pragmatic tool (checklist) to check adherence to privacy requirements.
- Full Text:
- Date Issued: 2007
A COP optimized control system for a CO₂ based automotive A/C-system
- Authors: Rapp, Tobias
- Date: 2007
- Subjects: Automobiles -- Air conditioning , Motor vehicles -- Automatic control
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9624 , http://hdl.handle.net/10948/773 , Automobiles -- Air conditioning , Motor vehicles -- Automatic control
- Description: In the last few years carbon dioxide received increasing attention as a possible replacement for fluorocarbon-based refrigerants used within present automotive A/C system technology. R-134a is harmless to the ozone layer but the greenhouse effect is more than 1300 times higher than that of an equivalent amount of CO2. Alternative refrigerants are natural gasses such as propane and butane, however these gasses are considered explosive. With many objections raised it appears if CO2 will be the future refrigrant for automotive use. One concern with R-744 is its high operating pressure and suction/discharge pressure difference when compared to common refrigeration processes. A major problem with the CO2 cycle is the loss of effciency at high ambient temperatures. With a COP optimized control system for the expansion value based on pressure, temperature and mass flow of the refrigerant, an effective A/C system for CO2 could be deleloped. This resrach offers basic knowledge of refrigerant cycles and gives an overall view of the refrigerant change-over problem. With the results obtained from the experimental work a better understanding of the CO2 cycle and a better understanding towards effective A/C systems have been realized.
- Full Text:
- Date Issued: 2007
- Authors: Rapp, Tobias
- Date: 2007
- Subjects: Automobiles -- Air conditioning , Motor vehicles -- Automatic control
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9624 , http://hdl.handle.net/10948/773 , Automobiles -- Air conditioning , Motor vehicles -- Automatic control
- Description: In the last few years carbon dioxide received increasing attention as a possible replacement for fluorocarbon-based refrigerants used within present automotive A/C system technology. R-134a is harmless to the ozone layer but the greenhouse effect is more than 1300 times higher than that of an equivalent amount of CO2. Alternative refrigerants are natural gasses such as propane and butane, however these gasses are considered explosive. With many objections raised it appears if CO2 will be the future refrigrant for automotive use. One concern with R-744 is its high operating pressure and suction/discharge pressure difference when compared to common refrigeration processes. A major problem with the CO2 cycle is the loss of effciency at high ambient temperatures. With a COP optimized control system for the expansion value based on pressure, temperature and mass flow of the refrigerant, an effective A/C system for CO2 could be deleloped. This resrach offers basic knowledge of refrigerant cycles and gives an overall view of the refrigerant change-over problem. With the results obtained from the experimental work a better understanding of the CO2 cycle and a better understanding towards effective A/C systems have been realized.
- Full Text:
- Date Issued: 2007
A critical review of the IFIP TC11 Security Conference Series
- Authors: Gaadingwe, Tshepo Gaadingwe
- Date: 2007
- Subjects: Database security , Data protection , Computers -- Access control
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9795 , http://hdl.handle.net/10948/507 , Database security , Data protection , Computers -- Access control
- Description: Over the past few decades the field of computing has grown and evolved. In this time, information security research has experienced the same type of growth. The increase in importance and interest in information security research is reflected by the sheer number of research efforts being produced by different type of organizations around the world. One such organization is the International Federation for Information Processing (IFIP), more specifically the IFIP Technical Committee 11 (IFIP TC11). The IFIP TC11 community has had a rich history in producing high quality information security specific articles for over 20 years now. Therefore, IFIP TC11 found it necessary to reflect on this history, mainly to try and discover where it came from and where it may be going. Its 20th anniversary of its main conference presented an opportunity to begin such a study of its history. The core belief driving the study being that the future can only be realized and appreciated if the past is well understood. The main area of interest was to find out topics which may have had prevalence in the past or could be considered as "hot" topics. To achieve this, the author developed a systematic process for the study. The underpinning element being the creation of a classification scheme which was used to aid the analysis of the IFIP TC11 20 year's worth of articles. Major themes were identified and trends in the series highlighted. Further discussion and reflection on these trends were given. It was found that, not surprisingly, the series covered a wide variety of topics in the 20 years. However, it was discovered that there has been a notable move towards technically focused papers. Furthermore, topics such as business continuity had just about disappeared in the series while topics which are related to networking and cryptography continue to gain more prevalence.
- Full Text:
- Date Issued: 2007
- Authors: Gaadingwe, Tshepo Gaadingwe
- Date: 2007
- Subjects: Database security , Data protection , Computers -- Access control
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9795 , http://hdl.handle.net/10948/507 , Database security , Data protection , Computers -- Access control
- Description: Over the past few decades the field of computing has grown and evolved. In this time, information security research has experienced the same type of growth. The increase in importance and interest in information security research is reflected by the sheer number of research efforts being produced by different type of organizations around the world. One such organization is the International Federation for Information Processing (IFIP), more specifically the IFIP Technical Committee 11 (IFIP TC11). The IFIP TC11 community has had a rich history in producing high quality information security specific articles for over 20 years now. Therefore, IFIP TC11 found it necessary to reflect on this history, mainly to try and discover where it came from and where it may be going. Its 20th anniversary of its main conference presented an opportunity to begin such a study of its history. The core belief driving the study being that the future can only be realized and appreciated if the past is well understood. The main area of interest was to find out topics which may have had prevalence in the past or could be considered as "hot" topics. To achieve this, the author developed a systematic process for the study. The underpinning element being the creation of a classification scheme which was used to aid the analysis of the IFIP TC11 20 year's worth of articles. Major themes were identified and trends in the series highlighted. Further discussion and reflection on these trends were given. It was found that, not surprisingly, the series covered a wide variety of topics in the 20 years. However, it was discovered that there has been a notable move towards technically focused papers. Furthermore, topics such as business continuity had just about disappeared in the series while topics which are related to networking and cryptography continue to gain more prevalence.
- Full Text:
- Date Issued: 2007
A framework for secure mobile computing in healthcare
- Thomas, Godwin Dogara Ayenajeh
- Authors: Thomas, Godwin Dogara Ayenajeh
- Date: 2007
- Subjects: Mobile computing
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9789 , http://hdl.handle.net/10948/618 , Mobile computing
- Description: Mobile computing is rapidly becoming part of healthcare’s electronic landscape, helping to provide better quality of care and reduced cost. While the technology provides numerous advantages to the healthcare industry, it is not without risk. The size and portable nature of mobile computing devices present a highly vulnerable environment, which threaten the privacy and security of health information. Since these devices continually access possibly sensitive healthcare information, it is imperative that these devices are considered for security in order to meet regulatory compliance. In fact, the increase in government and industry regulation to ensure the privacy and security of health information, makes mobile security no longer just desirable, but mandatory. In addition, as healthcare becomes more aware of the need to reinforce patient confidence to gain competitive advantage, it makes mobile security desirable. Several guidelines regarding security best practices exist. Healthcare institutions are thus faced with matching the guidelines offered by best practices, with the legal and regulatory requirements. While this is a valuable question in general, this research focuses on the aspect of considering this question when considering the introduction of mobile computing into the healthcare environment. As a result, this research proposes a framework that will aid IT administrators in healthcare to ensure that privacy and security of health information is extended to mobile devices. The research uses a comparison between the best practices in ISO 17799:2005 and the regulatory requirements stipulated in HIPAA to provide a baseline for the mobile computing security model. The comparison ensures that the model meets healthcare specific industry requirement and international information security standard. In addition, the framework engages the Information Security Management System (ISMS) model based on the ISO 27000 standard. The framework, furthermore, points to existing technical security measurers associated with mobile computing. It is believed that the framework can assist in achieving mobile computing security that is compliant with the requirements in the healthcare industry.
- Full Text:
- Date Issued: 2007
- Authors: Thomas, Godwin Dogara Ayenajeh
- Date: 2007
- Subjects: Mobile computing
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9789 , http://hdl.handle.net/10948/618 , Mobile computing
- Description: Mobile computing is rapidly becoming part of healthcare’s electronic landscape, helping to provide better quality of care and reduced cost. While the technology provides numerous advantages to the healthcare industry, it is not without risk. The size and portable nature of mobile computing devices present a highly vulnerable environment, which threaten the privacy and security of health information. Since these devices continually access possibly sensitive healthcare information, it is imperative that these devices are considered for security in order to meet regulatory compliance. In fact, the increase in government and industry regulation to ensure the privacy and security of health information, makes mobile security no longer just desirable, but mandatory. In addition, as healthcare becomes more aware of the need to reinforce patient confidence to gain competitive advantage, it makes mobile security desirable. Several guidelines regarding security best practices exist. Healthcare institutions are thus faced with matching the guidelines offered by best practices, with the legal and regulatory requirements. While this is a valuable question in general, this research focuses on the aspect of considering this question when considering the introduction of mobile computing into the healthcare environment. As a result, this research proposes a framework that will aid IT administrators in healthcare to ensure that privacy and security of health information is extended to mobile devices. The research uses a comparison between the best practices in ISO 17799:2005 and the regulatory requirements stipulated in HIPAA to provide a baseline for the mobile computing security model. The comparison ensures that the model meets healthcare specific industry requirement and international information security standard. In addition, the framework engages the Information Security Management System (ISMS) model based on the ISO 27000 standard. The framework, furthermore, points to existing technical security measurers associated with mobile computing. It is believed that the framework can assist in achieving mobile computing security that is compliant with the requirements in the healthcare industry.
- Full Text:
- Date Issued: 2007