A genetic algorithm to obtain optimum parameters for a halcon vision system
- Authors: Fulton, Dale Meares
- Date: 2017
- Subjects: Genetic algorithms , Artificial intelligence , Automation , User interfaces (Computer systems)
- Language: English
- Type: Thesis , Masters , MEng
- Identifier: http://hdl.handle.net/10948/29751 , vital:30774
- Description: This report discusses the optimisation of a HALCON vision system using artificial intelligence, specifically a genetic algorithm. Within industrial applications, vision systems are often used for automated part inspection and quality control. A number of vision system parameters are to be selected when setting up a vision system. Since each vision system application differs, there is no specific set of optimal parameters. Parameters are selected during installation using a trial and error method. As a result, there is a need for an automated process for obtaining suitable vision system parameters. Within this report, research was conducted on both vision systems, genetic algorithms and integration of the two. A physical vision system was designed and developed utilising HALCON vision software. A genetic algorithm was then developed and integrated with the vision system. After integration, experimental testing was performed on the genetic algorithm in order to determine the ideal genetic algorithm control parameters which yield ideal genetic algorithm performance. Once the ideal genetic algorithm was obtained, the genetic algorithm was applied to the vision system in order to obtain optimal vision system parameters. Results showed that applying the genetic algorithm to the vision system optimised the vision system performance well.
- Full Text:
- Date Issued: 2017
- Authors: Fulton, Dale Meares
- Date: 2017
- Subjects: Genetic algorithms , Artificial intelligence , Automation , User interfaces (Computer systems)
- Language: English
- Type: Thesis , Masters , MEng
- Identifier: http://hdl.handle.net/10948/29751 , vital:30774
- Description: This report discusses the optimisation of a HALCON vision system using artificial intelligence, specifically a genetic algorithm. Within industrial applications, vision systems are often used for automated part inspection and quality control. A number of vision system parameters are to be selected when setting up a vision system. Since each vision system application differs, there is no specific set of optimal parameters. Parameters are selected during installation using a trial and error method. As a result, there is a need for an automated process for obtaining suitable vision system parameters. Within this report, research was conducted on both vision systems, genetic algorithms and integration of the two. A physical vision system was designed and developed utilising HALCON vision software. A genetic algorithm was then developed and integrated with the vision system. After integration, experimental testing was performed on the genetic algorithm in order to determine the ideal genetic algorithm control parameters which yield ideal genetic algorithm performance. Once the ideal genetic algorithm was obtained, the genetic algorithm was applied to the vision system in order to obtain optimal vision system parameters. Results showed that applying the genetic algorithm to the vision system optimised the vision system performance well.
- Full Text:
- Date Issued: 2017
A holistic approach to network security in OGSA-based grid systems
- Authors: Loutsios, Demetrios
- Date: 2006
- Subjects: Computer networks -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9736 , http://hdl.handle.net/10948/550 , Computer networks -- Security measures
- Description: Grid computing technologies facilitate complex scientific collaborations between globally dispersed parties, which make use of heterogeneous technologies and computing systems. However, in recent years the commercial sector has developed a growing interest in Grid technologies. Prominent Grid researchers have predicted Grids will grow into the commercial mainstream, even though its origins were in scientific research. This is much the same way as the Internet started as a vehicle for research collaboration between universities and government institutions, and grew into a technology with large commercial applications. Grids facilitate complex trust relationships between globally dispersed business partners, research groups, and non-profit organizations. Almost any dispersed “virtual organization” willing to share computing resources can make use of Grid technologies. Grid computing facilitates the networking of shared services; the inter-connection of a potentially unlimited number of computing resources within a “Grid” is possible. Grid technologies leverage a range of open standards and technologies to provide interoperability between heterogeneous computing systems. Newer Grids build on key capabilities of Web-Service technologies to provide easy and dynamic publishing and discovery of Grid resources. Due to the inter-organisational nature of Grid systems, there is a need to provide adequate security to Grid users and to Grid resources. This research proposes a framework, using a specific brokered pattern, which addresses several common Grid security challenges, which include: Providing secure and consistent cross-site Authentication and Authorization; Single-sign on capabilities to Grid users; Abstract iii; Underlying platform and runtime security, and; Grid network communications and messaging security. These Grid security challenges can be viewed as comprising two (proposed) logical layers of a Grid. These layers are: a Common Grid Layer (higher level Grid interactions), and a Local Resource Layer (Lower level technology security concerns). This research is concerned with providing a generic and holistic security framework to secure both layers. This research makes extensive use of STRIDE - an acronym for Microsoft approach to addressing security threats - as part of a holistic Grid security framework. STRIDE and key Grid related standards, such as Open Grid Service Architecture (OGSA), Web-Service Resource Framework (WS-RF), and the Globus Toolkit are used to formulate the proposed framework.
- Full Text:
- Date Issued: 2006
- Authors: Loutsios, Demetrios
- Date: 2006
- Subjects: Computer networks -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9736 , http://hdl.handle.net/10948/550 , Computer networks -- Security measures
- Description: Grid computing technologies facilitate complex scientific collaborations between globally dispersed parties, which make use of heterogeneous technologies and computing systems. However, in recent years the commercial sector has developed a growing interest in Grid technologies. Prominent Grid researchers have predicted Grids will grow into the commercial mainstream, even though its origins were in scientific research. This is much the same way as the Internet started as a vehicle for research collaboration between universities and government institutions, and grew into a technology with large commercial applications. Grids facilitate complex trust relationships between globally dispersed business partners, research groups, and non-profit organizations. Almost any dispersed “virtual organization” willing to share computing resources can make use of Grid technologies. Grid computing facilitates the networking of shared services; the inter-connection of a potentially unlimited number of computing resources within a “Grid” is possible. Grid technologies leverage a range of open standards and technologies to provide interoperability between heterogeneous computing systems. Newer Grids build on key capabilities of Web-Service technologies to provide easy and dynamic publishing and discovery of Grid resources. Due to the inter-organisational nature of Grid systems, there is a need to provide adequate security to Grid users and to Grid resources. This research proposes a framework, using a specific brokered pattern, which addresses several common Grid security challenges, which include: Providing secure and consistent cross-site Authentication and Authorization; Single-sign on capabilities to Grid users; Abstract iii; Underlying platform and runtime security, and; Grid network communications and messaging security. These Grid security challenges can be viewed as comprising two (proposed) logical layers of a Grid. These layers are: a Common Grid Layer (higher level Grid interactions), and a Local Resource Layer (Lower level technology security concerns). This research is concerned with providing a generic and holistic security framework to secure both layers. This research makes extensive use of STRIDE - an acronym for Microsoft approach to addressing security threats - as part of a holistic Grid security framework. STRIDE and key Grid related standards, such as Open Grid Service Architecture (OGSA), Web-Service Resource Framework (WS-RF), and the Globus Toolkit are used to formulate the proposed framework.
- Full Text:
- Date Issued: 2006
A mathematics rendering model to support chat-based tutoring
- Authors: Haskins, Bertram Peter
- Date: 2014
- Subjects: Intelligent tutoring systems , Educational innovations , Tutors and tutoring
- Language: English
- Type: Thesis , Doctoral , PhD
- Identifier: vital:9822 , http://hdl.handle.net/10948/d1020567
- Description: Dr Math is a math tutoring service implemented on the chat application Mxit. The service allows school learners to use their mobile phones to discuss mathematicsrelated topics with human tutors. Using the broad user-base provided by Mxit, the Dr Math service has grown to consist of tens of thousands of registered school learners. The tutors on the service are all volunteers and the learners far outnumber the available tutors at any given time. School learners on the service use a shorthand language-form called microtext, to phrase their queries. Microtext is an informal form of language which consists of a variety of misspellings and symbolic representations, which emerge spontaneously as a result of the idiosyncrasies of a learner. The specific form of microtext found on the Dr Math service contains mathematical questions and example equations, pertaining to the tutoring process. Deciphering the queries, to discover their embedded mathematical content, slows down the tutoring process. This wastes time that could have been spent addressing more learner queries. The microtext language thus creates an unnecessary burden on the tutors. This study describes the development of an automated process for the translation of Dr Math microtext queries into mathematical equations. Using the design science research paradigm as a guide, three artefacts are developed. These artefacts take the form of a construct, a model and an instantiation. The construct represents the creation of new knowledge as it provides greater insight into the contents and structure of the language found on a mobile mathematics tutoring service. The construct serves as the basis for the creation of a model for the translation of microtext queries into mathematical equations, formatted for display in an electronic medium. No such technique currently exists and therefore, the model contributes new knowledge. To validate the model, an instantiation was created to serve as a proof-of-concept. The instantiation applies various concepts and techniques, such as those related to natural language processing, to the learner queries on the Dr Math service. These techniques are employed in order to translate an input microtext statement into a mathematical equation, structured by using mark-up language. The creation of the instantiation thus constitutes a knowledge contribution, as most of these techniques have never been applied to the problem of translating microtext into mathematical equations. For the automated process to have utility, it should perform on a level comparable to that of a human performing a similar translation task. To determine how closely related the results from the automated process are to those of a human, three human participants were asked to perform coding and translation tasks. The results of the human participants were compared to the results of the automated process, across a variety of metrics, including agreement, correlation, precision, recall and others. The results from the human participants served as the baseline values for comparison. The baseline results from the human participants were compared with those of the automated process. Krippendorff’s α was used to determine the level of agreement and Pearson’s correlation coefficient to determine the level of correlation between the results. The agreement between the human participants and the automated process was calculated at a level deemed satisfactory for exploratory research and the level of correlation was calculated as moderate. These values correspond with the calculations made as the human baseline. Furthermore, the automated process was able to meet or improve on all of the human baseline metrics. These results serve to validate that the automated process is able to perform the translation at a level comparable to that of a human. The automated process is available for integration into any requesting application, by means of a publicly accessible web service.
- Full Text:
- Date Issued: 2014
- Authors: Haskins, Bertram Peter
- Date: 2014
- Subjects: Intelligent tutoring systems , Educational innovations , Tutors and tutoring
- Language: English
- Type: Thesis , Doctoral , PhD
- Identifier: vital:9822 , http://hdl.handle.net/10948/d1020567
- Description: Dr Math is a math tutoring service implemented on the chat application Mxit. The service allows school learners to use their mobile phones to discuss mathematicsrelated topics with human tutors. Using the broad user-base provided by Mxit, the Dr Math service has grown to consist of tens of thousands of registered school learners. The tutors on the service are all volunteers and the learners far outnumber the available tutors at any given time. School learners on the service use a shorthand language-form called microtext, to phrase their queries. Microtext is an informal form of language which consists of a variety of misspellings and symbolic representations, which emerge spontaneously as a result of the idiosyncrasies of a learner. The specific form of microtext found on the Dr Math service contains mathematical questions and example equations, pertaining to the tutoring process. Deciphering the queries, to discover their embedded mathematical content, slows down the tutoring process. This wastes time that could have been spent addressing more learner queries. The microtext language thus creates an unnecessary burden on the tutors. This study describes the development of an automated process for the translation of Dr Math microtext queries into mathematical equations. Using the design science research paradigm as a guide, three artefacts are developed. These artefacts take the form of a construct, a model and an instantiation. The construct represents the creation of new knowledge as it provides greater insight into the contents and structure of the language found on a mobile mathematics tutoring service. The construct serves as the basis for the creation of a model for the translation of microtext queries into mathematical equations, formatted for display in an electronic medium. No such technique currently exists and therefore, the model contributes new knowledge. To validate the model, an instantiation was created to serve as a proof-of-concept. The instantiation applies various concepts and techniques, such as those related to natural language processing, to the learner queries on the Dr Math service. These techniques are employed in order to translate an input microtext statement into a mathematical equation, structured by using mark-up language. The creation of the instantiation thus constitutes a knowledge contribution, as most of these techniques have never been applied to the problem of translating microtext into mathematical equations. For the automated process to have utility, it should perform on a level comparable to that of a human performing a similar translation task. To determine how closely related the results from the automated process are to those of a human, three human participants were asked to perform coding and translation tasks. The results of the human participants were compared to the results of the automated process, across a variety of metrics, including agreement, correlation, precision, recall and others. The results from the human participants served as the baseline values for comparison. The baseline results from the human participants were compared with those of the automated process. Krippendorff’s α was used to determine the level of agreement and Pearson’s correlation coefficient to determine the level of correlation between the results. The agreement between the human participants and the automated process was calculated at a level deemed satisfactory for exploratory research and the level of correlation was calculated as moderate. These values correspond with the calculations made as the human baseline. Furthermore, the automated process was able to meet or improve on all of the human baseline metrics. These results serve to validate that the automated process is able to perform the translation at a level comparable to that of a human. The automated process is available for integration into any requesting application, by means of a publicly accessible web service.
- Full Text:
- Date Issued: 2014
A maturity grid-based method for assessing communication in business-IT alignment
- Authors: Coertze, Jacques Jacobus
- Date: 2016
- Subjects: Business communication , Management information systems
- Language: English
- Type: Thesis , Doctoral , DPhil
- Identifier: http://hdl.handle.net/10948/6740 , vital:21139
- Description: This thesis reports on the research undertaken to develop a method for organisations to assess human communication between their business and IT personnel as part of business–IT alignment. The research described in this thesis involves (i) a literature review in business–IT alignment and related fields, such as management studies and communication science; (ii) a Delphi study conducted among industry members, practitioners, and academics operating in the IT advisory, auditing and communication disciplines; and (iii) a case study of a public sector organisation in South Africa. By adopting a system-theoretic perspective on communication, this thesis proposes that communication in business–IT alignment can be seen as coordinating behaviour and a series of learning and reflection events, consequently culminating in increased mutual understanding. Various conceptualisations of communication are explored and, together with several industry elicited factors that influence communication in business–IT alignment, are incorporated into a conceptual model informing the assessment method. This research developed, applied, and tested a method whereby organisations can assess the quality of the human communication between their business and IT personnel as part of the business–IT alignment endeavour. The aim of this method is to trigger reflection on communication by considering communication philosophy and practices in business–IT alignment. The method, termed the ‘Business-IT Communication Alignment Maturity Improvement Communication Alignment Maturity Improvement (CAMI) method’, is based on a maturity grid-based approach, which stems originally from process improvement in software development and quality management. This thesis is most closely aligned with the research performed by Maier, Eckert, and Clarkson (2004, 2006), who successfully applied the maturity grid-based approach to investigate, audit and assess communication within the engineering design process. The question addressed in this thesis is whether this approach can be successfully extrapolated to the business–IT alignment context and whether it would yield similar benefits. Furthermore, the issue of whether it would offer a practical method for use in organisations is also addressed. Having applied the CAMI method at a public sector organisation, this thesis proposes that the maturity grid-based approach can indeed be extrapolated to iv the business–IT alignment context, consequently offering a viable and practical method for assessing communication in organisations. In particular, the CAMI method allows organisations to capture both their current and their desired communication situations and to expose discrepancies between the perceptions held by their business and IT personnel. These results form a basis for action planning, strategizing, and, ultimately, interventions for improvement. In conclusion, the thesis discusses further application and extension possibilities for the assessment method.
- Full Text:
- Date Issued: 2016
- Authors: Coertze, Jacques Jacobus
- Date: 2016
- Subjects: Business communication , Management information systems
- Language: English
- Type: Thesis , Doctoral , DPhil
- Identifier: http://hdl.handle.net/10948/6740 , vital:21139
- Description: This thesis reports on the research undertaken to develop a method for organisations to assess human communication between their business and IT personnel as part of business–IT alignment. The research described in this thesis involves (i) a literature review in business–IT alignment and related fields, such as management studies and communication science; (ii) a Delphi study conducted among industry members, practitioners, and academics operating in the IT advisory, auditing and communication disciplines; and (iii) a case study of a public sector organisation in South Africa. By adopting a system-theoretic perspective on communication, this thesis proposes that communication in business–IT alignment can be seen as coordinating behaviour and a series of learning and reflection events, consequently culminating in increased mutual understanding. Various conceptualisations of communication are explored and, together with several industry elicited factors that influence communication in business–IT alignment, are incorporated into a conceptual model informing the assessment method. This research developed, applied, and tested a method whereby organisations can assess the quality of the human communication between their business and IT personnel as part of the business–IT alignment endeavour. The aim of this method is to trigger reflection on communication by considering communication philosophy and practices in business–IT alignment. The method, termed the ‘Business-IT Communication Alignment Maturity Improvement Communication Alignment Maturity Improvement (CAMI) method’, is based on a maturity grid-based approach, which stems originally from process improvement in software development and quality management. This thesis is most closely aligned with the research performed by Maier, Eckert, and Clarkson (2004, 2006), who successfully applied the maturity grid-based approach to investigate, audit and assess communication within the engineering design process. The question addressed in this thesis is whether this approach can be successfully extrapolated to the business–IT alignment context and whether it would yield similar benefits. Furthermore, the issue of whether it would offer a practical method for use in organisations is also addressed. Having applied the CAMI method at a public sector organisation, this thesis proposes that the maturity grid-based approach can indeed be extrapolated to iv the business–IT alignment context, consequently offering a viable and practical method for assessing communication in organisations. In particular, the CAMI method allows organisations to capture both their current and their desired communication situations and to expose discrepancies between the perceptions held by their business and IT personnel. These results form a basis for action planning, strategizing, and, ultimately, interventions for improvement. In conclusion, the thesis discusses further application and extension possibilities for the assessment method.
- Full Text:
- Date Issued: 2016
A methodology for measuring and monitoring IT risk
- Authors: Tansley, Natalie Vanessa
- Date: 2007
- Subjects: Electronic data processing departments -- Security measures , Business -- Data processing -- Security measures , Information resources management , Information technology -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9781 , http://hdl.handle.net/10948/772 , Electronic data processing departments -- Security measures , Business -- Data processing -- Security measures , Information resources management , Information technology -- Security measures
- Description: The primary objective of the research is to develop a methodology for monitoring and measuring IT risks, strictly focusing on internal controls. The research delivers a methodology whereby an organization can measure its system of internal controls, providing assurance that the risks are at an acceptable level. To achieve the primary objective a number of secondary objectives were addressed: What are the drivers forcing organizations to better corporate governance in managing risk? What is IT risk management, specifically focusing on operational risk. What is internal control and specifically focusing on COSO’s internal control process. Investigation of measurement methods, such as, Balance Scorecards, Critical Success Factors, Maturity Models, Key Performance Indicators and Key Goal Indicators. Investigation of various frameworks such as CobiT, COSO and ISO 17799, ITIL and BS 7799 as to how they manage IT risk relating to internal control.
- Full Text:
- Date Issued: 2007
- Authors: Tansley, Natalie Vanessa
- Date: 2007
- Subjects: Electronic data processing departments -- Security measures , Business -- Data processing -- Security measures , Information resources management , Information technology -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9781 , http://hdl.handle.net/10948/772 , Electronic data processing departments -- Security measures , Business -- Data processing -- Security measures , Information resources management , Information technology -- Security measures
- Description: The primary objective of the research is to develop a methodology for monitoring and measuring IT risks, strictly focusing on internal controls. The research delivers a methodology whereby an organization can measure its system of internal controls, providing assurance that the risks are at an acceptable level. To achieve the primary objective a number of secondary objectives were addressed: What are the drivers forcing organizations to better corporate governance in managing risk? What is IT risk management, specifically focusing on operational risk. What is internal control and specifically focusing on COSO’s internal control process. Investigation of measurement methods, such as, Balance Scorecards, Critical Success Factors, Maturity Models, Key Performance Indicators and Key Goal Indicators. Investigation of various frameworks such as CobiT, COSO and ISO 17799, ITIL and BS 7799 as to how they manage IT risk relating to internal control.
- Full Text:
- Date Issued: 2007
A model for assessing and reporting network performance measurement in SANReN
- Authors: Draai, Kevin
- Date: 2017
- Subjects: Computer networks -- Evaluation Network performance (Telecommunication) , Computer networks -- Management
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: http://hdl.handle.net/10948/16131 , vital:28326
- Description: The performance measurement of a service provider network is an important activity. It is required for the smooth operation of the network as well as for reporting and planning. SANReN is a service provider tasked with serving the research and education network of South Africa. It currently has no structure or process for determining network performance metrics to measure the performance of its network. The objective of this study is to determine, through a process or structure, which metrics are best suited to the SANReN environment. This study is conducted in 3 phases in order to discover and verify the solution to this problem. The phases are "Contextualisation", "Design",and "Verification". The "Contextualisation" phase includes the literature review. This provides the context for the problem area but also serves as a search function for the solution. This study adopts the design science research paradigm which requires the creation of an artefact. The "Design" phase involves the creation of the conceptual network performance measurement model. This is the artefact and a generalised model for determining the network performance metrics for an NREN. To prove the utility of the model it is implemented in the SANReN environment. This is done in the "Verification" phase. The network performance measurement model proposes a process to determine network performance metrics. This process includes getting NREN requirements and goals, defining the NRENs network design goals through these requirements, define network performance metrics from these goals, evaluating the NRENs monitoring capability, and measuring what is possible. This model provides a starting point for NRENs to determine network performance metrics tailored to its environment. This is done in the SANReN environment as a proof of concept. The utility of the model is shown through the implementation in the SANReN environment thus it can be said that it is generic.The tools that monitor the performance of the SANReN network are used to retrieve network performance data from. Through understanding the requirements, determining network design goals and performance metrics, and determining the gap the retrieving of results took place. These results are analysed and finally aggregated to provide information that feeds into SANReN reporting and planning processes. A template is provided to do the aggregation of metric results. This template provides the structure to enable metrics results aggregation but leaves the categories or labels for the reporting and planning sections blank. These categories are specific to each NREN. At this point SANReN has the aggregated information to use for planning and reporting. The model is verified and thus the study’s main research objective is satisfied.
- Full Text:
- Date Issued: 2017
- Authors: Draai, Kevin
- Date: 2017
- Subjects: Computer networks -- Evaluation Network performance (Telecommunication) , Computer networks -- Management
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: http://hdl.handle.net/10948/16131 , vital:28326
- Description: The performance measurement of a service provider network is an important activity. It is required for the smooth operation of the network as well as for reporting and planning. SANReN is a service provider tasked with serving the research and education network of South Africa. It currently has no structure or process for determining network performance metrics to measure the performance of its network. The objective of this study is to determine, through a process or structure, which metrics are best suited to the SANReN environment. This study is conducted in 3 phases in order to discover and verify the solution to this problem. The phases are "Contextualisation", "Design",and "Verification". The "Contextualisation" phase includes the literature review. This provides the context for the problem area but also serves as a search function for the solution. This study adopts the design science research paradigm which requires the creation of an artefact. The "Design" phase involves the creation of the conceptual network performance measurement model. This is the artefact and a generalised model for determining the network performance metrics for an NREN. To prove the utility of the model it is implemented in the SANReN environment. This is done in the "Verification" phase. The network performance measurement model proposes a process to determine network performance metrics. This process includes getting NREN requirements and goals, defining the NRENs network design goals through these requirements, define network performance metrics from these goals, evaluating the NRENs monitoring capability, and measuring what is possible. This model provides a starting point for NRENs to determine network performance metrics tailored to its environment. This is done in the SANReN environment as a proof of concept. The utility of the model is shown through the implementation in the SANReN environment thus it can be said that it is generic.The tools that monitor the performance of the SANReN network are used to retrieve network performance data from. Through understanding the requirements, determining network design goals and performance metrics, and determining the gap the retrieving of results took place. These results are analysed and finally aggregated to provide information that feeds into SANReN reporting and planning processes. A template is provided to do the aggregation of metric results. This template provides the structure to enable metrics results aggregation but leaves the categories or labels for the reporting and planning sections blank. These categories are specific to each NREN. At this point SANReN has the aggregated information to use for planning and reporting. The model is verified and thus the study’s main research objective is satisfied.
- Full Text:
- Date Issued: 2017
A model for automated topic spotting in a mobile chat based mathematics tutoring environment
- Authors: Butgereit, Laura Lee
- Date: 2012
- Subjects: Mobile communication systems in education , Mathematics -- Study and teaching , Tutors and tutoring -- Mathematics
- Language: English
- Type: Thesis , Doctoral , PhD
- Identifier: vital:9809 , http://hdl.handle.net/10948/d1013741
- Description: Systems of writing have existed for thousands of years. The history of civilisation and the history of writing are so intertwined that it is hard to separate the one from the other. These systems of writing, however, are not static. They change. One of the latest developments in systems of writing is short electronic messages such as seen on Twitter and in MXit. One novel application which uses these short electronic messages is the Dr Math® project. Dr Math is a mobile online tutoring system where pupils can use MXit on their cell phones and receive help with their mathematics homework from volunteer tutors around the world. These conversations between pupils and tutors are held in MXit lingo or MXit language – this cryptic, abbreviated system 0f ryting w1ch l0ks lyk dis. Project μ (pronounced mu and indicating MXit Understander) investigated how topics could be determined in MXit lingo and Project μ's research outputs spot mathematics topics in conversations between Dr Math tutors and pupils. Once the topics are determined, supporting documentation can be presented to the tutors to assist them in helping pupils with their mathematics homework. Project μ made the following contributions to new knowledge: a statistical and linguistic analysis of MXit lingo provides letter frequencies, word frequencies, message length statistics as well as linguistic bases for new spelling conventions seen in MXit based conversations; a post-stemmer for use with MXit lingo removes suffixes from the ends of words taking into account MXit spelling conventions allowing words such as equashun and equation to be reduced to the same root stem; a list of over ten thousand stop words for MXit lingo appropriate for the domain of mathematics; a misspelling corrector for MXit lingo which corrects words such as acount and equates it to account; and a model for spotting mathematical topics in MXit lingo. The model was instantiated and integrated into the Dr Math tutoring platform. Empirical evidence as to the effectiveness of the μ Topic Spotter and the other contributions is also presented. The empirical evidence includes specific statistical tests with MXit lingo, specific tests of the misspelling corrector, stemmer, and feedback mechanism, and an extensive exercise of content analysis with respect to mathematics topics.
- Full Text:
- Date Issued: 2012
- Authors: Butgereit, Laura Lee
- Date: 2012
- Subjects: Mobile communication systems in education , Mathematics -- Study and teaching , Tutors and tutoring -- Mathematics
- Language: English
- Type: Thesis , Doctoral , PhD
- Identifier: vital:9809 , http://hdl.handle.net/10948/d1013741
- Description: Systems of writing have existed for thousands of years. The history of civilisation and the history of writing are so intertwined that it is hard to separate the one from the other. These systems of writing, however, are not static. They change. One of the latest developments in systems of writing is short electronic messages such as seen on Twitter and in MXit. One novel application which uses these short electronic messages is the Dr Math® project. Dr Math is a mobile online tutoring system where pupils can use MXit on their cell phones and receive help with their mathematics homework from volunteer tutors around the world. These conversations between pupils and tutors are held in MXit lingo or MXit language – this cryptic, abbreviated system 0f ryting w1ch l0ks lyk dis. Project μ (pronounced mu and indicating MXit Understander) investigated how topics could be determined in MXit lingo and Project μ's research outputs spot mathematics topics in conversations between Dr Math tutors and pupils. Once the topics are determined, supporting documentation can be presented to the tutors to assist them in helping pupils with their mathematics homework. Project μ made the following contributions to new knowledge: a statistical and linguistic analysis of MXit lingo provides letter frequencies, word frequencies, message length statistics as well as linguistic bases for new spelling conventions seen in MXit based conversations; a post-stemmer for use with MXit lingo removes suffixes from the ends of words taking into account MXit spelling conventions allowing words such as equashun and equation to be reduced to the same root stem; a list of over ten thousand stop words for MXit lingo appropriate for the domain of mathematics; a misspelling corrector for MXit lingo which corrects words such as acount and equates it to account; and a model for spotting mathematical topics in MXit lingo. The model was instantiated and integrated into the Dr Math tutoring platform. Empirical evidence as to the effectiveness of the μ Topic Spotter and the other contributions is also presented. The empirical evidence includes specific statistical tests with MXit lingo, specific tests of the misspelling corrector, stemmer, and feedback mechanism, and an extensive exercise of content analysis with respect to mathematics topics.
- Full Text:
- Date Issued: 2012
A model for cultivating resistance to social engineering attacks
- Authors: Jansson, Kenny
- Date: 2011
- Subjects: Computer security , Data protection , Human-computer interaction
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9744 , http://hdl.handle.net/10948/1588 , Computer security , Data protection , Human-computer interaction
- Description: The human being is commonly considered as being the weakest link in information security. Subsequently, as information is one of the most critical assets in an organization today, it is essential that the human element is considered in deployments of information security countermeasures. However, the human element is often neglected in this regard. Consequently, many criminals are now targeting the user directly to obtain sensitive information instead of spending days or even months trying to hack through systems. Some criminals are targeting users by utilizing various social engineering techniques to deceive the user into disclosing information. For this reason, the users of the Internet and ICT-related technologies are nowadays very vulnerable to various social engineering attacks. As a contribution to increase users’ social engineering awareness, a model – called SERUM – was devised. SERUM aims to cultivate social engineering resistance within a community through exposing the users of the community to ‘fake’ social engineering attacks. The users that react incorrectly to these attacks are instantly notified and requested to participate in an online social engineering awareness program. Thus, users are educated on-demand. The model was implemented as a software system and was utilized to conduct a phishing exercise on all the students of the Nelson Mandela Metropolitan University. The aim of the phishing exercise was to determine whether SERUM is effective in cultivating social engineering resistant behaviour within a community. This phishing exercise proved to be successful and positive results emanated. This indicated that a model like SERUM can indeed be used to educate users regarding phishing attacks.
- Full Text:
- Date Issued: 2011
- Authors: Jansson, Kenny
- Date: 2011
- Subjects: Computer security , Data protection , Human-computer interaction
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9744 , http://hdl.handle.net/10948/1588 , Computer security , Data protection , Human-computer interaction
- Description: The human being is commonly considered as being the weakest link in information security. Subsequently, as information is one of the most critical assets in an organization today, it is essential that the human element is considered in deployments of information security countermeasures. However, the human element is often neglected in this regard. Consequently, many criminals are now targeting the user directly to obtain sensitive information instead of spending days or even months trying to hack through systems. Some criminals are targeting users by utilizing various social engineering techniques to deceive the user into disclosing information. For this reason, the users of the Internet and ICT-related technologies are nowadays very vulnerable to various social engineering attacks. As a contribution to increase users’ social engineering awareness, a model – called SERUM – was devised. SERUM aims to cultivate social engineering resistance within a community through exposing the users of the community to ‘fake’ social engineering attacks. The users that react incorrectly to these attacks are instantly notified and requested to participate in an online social engineering awareness program. Thus, users are educated on-demand. The model was implemented as a software system and was utilized to conduct a phishing exercise on all the students of the Nelson Mandela Metropolitan University. The aim of the phishing exercise was to determine whether SERUM is effective in cultivating social engineering resistant behaviour within a community. This phishing exercise proved to be successful and positive results emanated. This indicated that a model like SERUM can indeed be used to educate users regarding phishing attacks.
- Full Text:
- Date Issued: 2011
A model for enhancing presence handling in instant messaging
- Authors: Victor, Rudi
- Date: 2009
- Subjects: Instant messaging , Mobile communication systems , Data transmission systems
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9774 , http://hdl.handle.net/10948/877 , Instant messaging , Mobile communication systems , Data transmission systems
- Description: Instant Messaging (IM) is becoming increasingly popular in social as well as workplace environments. In fact, many employees use the same IM client to communicate with both colleagues and social contacts. Thus, there are valid concerns about the impact of IM on employee productivity. One of the major advantages of IM over other workplace communication tools such as e-mail and the telephone is the implementation of presence information. In particular, presence awareness is used to determine the avail- ability and willingness of a contact to engage in communication. A current problem with IM is the one-for-all approach to presence: all contacts receive the same set of presence information. However, presence is rooted in social psychology where it is known that the awareness of another person changes the behavior of oneself. Therefore the identity of a contact affects the availability and willingness directed towards that contact. In order for presence information to be provided to contacts, it must be represented in some type of data format. The Internet Engineering Task Force (IETF) has done much work in standardizing IM and presence systems. In particular their data format for presence describes a rich set of presence information including, but not limited to, location, activity, awareness, and mood information. Such information may be sensitive and access to it needs to be controlled to ensure privacy. As with access control policies, managing the information as the number of contacts increases becomes cumbersome and complex. This dissertation draws on the theoretical foundations of presence, current standards in the domain of IM, and lessons from access control to present an enhanced presence handling model for IM. The model is developed in stages, with each stage providing a specific improvement. The first stage of the model is grounded on the current work of the IETF. As such it distributes presence on a per-watcher basis. In the second stage of the model watchers fulfill a specific role and based on this role they receive only the entrusted presence information. In practice, it implies that a "friend" may get more (or less) information than a "colleague". The third stage of the model introduces the concept of availability profiles by drawing on social awareness principles. Availability profiles add the ability to transform presence and change the presentity's behavior to incoming messages according to the provided presence information. Finally the dissertation reports on the development of the RoBIM (Role- Based Instant Messenger) prototype. RoBIM is a standards-based IM system that conforms to the IETF SIMPLE protocol and provides various standard IM features. Here, RoBIM serves as a proof-of-concept for the proposed model. This study contributed to the domain of IM and presence by addressing some of the current presence handling issues. Most importantly, the proposed model takes into account the interpersonal effects of individualizing presence information for different contacts. Thus, the model challenges conventional thought and implementation of presence in IM.
- Full Text:
- Date Issued: 2009
- Authors: Victor, Rudi
- Date: 2009
- Subjects: Instant messaging , Mobile communication systems , Data transmission systems
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9774 , http://hdl.handle.net/10948/877 , Instant messaging , Mobile communication systems , Data transmission systems
- Description: Instant Messaging (IM) is becoming increasingly popular in social as well as workplace environments. In fact, many employees use the same IM client to communicate with both colleagues and social contacts. Thus, there are valid concerns about the impact of IM on employee productivity. One of the major advantages of IM over other workplace communication tools such as e-mail and the telephone is the implementation of presence information. In particular, presence awareness is used to determine the avail- ability and willingness of a contact to engage in communication. A current problem with IM is the one-for-all approach to presence: all contacts receive the same set of presence information. However, presence is rooted in social psychology where it is known that the awareness of another person changes the behavior of oneself. Therefore the identity of a contact affects the availability and willingness directed towards that contact. In order for presence information to be provided to contacts, it must be represented in some type of data format. The Internet Engineering Task Force (IETF) has done much work in standardizing IM and presence systems. In particular their data format for presence describes a rich set of presence information including, but not limited to, location, activity, awareness, and mood information. Such information may be sensitive and access to it needs to be controlled to ensure privacy. As with access control policies, managing the information as the number of contacts increases becomes cumbersome and complex. This dissertation draws on the theoretical foundations of presence, current standards in the domain of IM, and lessons from access control to present an enhanced presence handling model for IM. The model is developed in stages, with each stage providing a specific improvement. The first stage of the model is grounded on the current work of the IETF. As such it distributes presence on a per-watcher basis. In the second stage of the model watchers fulfill a specific role and based on this role they receive only the entrusted presence information. In practice, it implies that a "friend" may get more (or less) information than a "colleague". The third stage of the model introduces the concept of availability profiles by drawing on social awareness principles. Availability profiles add the ability to transform presence and change the presentity's behavior to incoming messages according to the provided presence information. Finally the dissertation reports on the development of the RoBIM (Role- Based Instant Messenger) prototype. RoBIM is a standards-based IM system that conforms to the IETF SIMPLE protocol and provides various standard IM features. Here, RoBIM serves as a proof-of-concept for the proposed model. This study contributed to the domain of IM and presence by addressing some of the current presence handling issues. Most importantly, the proposed model takes into account the interpersonal effects of individualizing presence information for different contacts. Thus, the model challenges conventional thought and implementation of presence in IM.
- Full Text:
- Date Issued: 2009
A model for enhancing trust in South African automotive supply chains through information technology
- Authors: Piderit, Roxanne
- Date: 2012
- Subjects: Automobile supplies industry -- South Africa , Automobiles -- Technological innovations , Business logistics -- South Africa
- Language: English
- Type: Thesis , Doctoral , DPhil
- Identifier: vital:9793 , http://hdl.handle.net/10948/d1011851 , Automobile supplies industry -- South Africa , Automobiles -- Technological innovations , Business logistics -- South Africa
- Description: The South African automotive industry is recognised as an important sector for the economy and has thus been prioritised by the South African government. The success of the automotive manufacturers depends on the efficiency and effectiveness of their supply chain. Due to the large number of suppliers involved in these supply chains, enhancing trust in the inter-organisational relationships can ensure the competitiveness of the supply chain. Additionally, insufficient trust can disrupt information sharing between supply chain partners which further impacts on supply chain operations and hence supply chain competitiveness. Thus, both insufficient trust and insufficient information sharing are viewed as contributing factors to the inefficiency and ineffectiveness of a supply chain’s operations. The use of Information Technology to facilitate inter-organisational relationships, in particular in terms of improving information sharing, is an important consideration in this research project. As in the Prisoner’s Dilemma, when supply chain members share information freely, trust levels are increased, hence supply chain effectiveness and efficiency is achieved and therefore the competitiveness of the supply chain is optimised. This study addresses the problem of enhancing trust in automotive supply chains using Information Technology. Previous studies have recognised the importance of trust and information sharing in supply chain relationships. These previous studies have also considered the effect of trust on information sharing, or the effect of information sharing on trust in a single direction. Thus, to address this research problem, a cyclical relationship between trust and information sharing is proposed. In this respect, Information Technology should be used to nurture this cyclical relationship between trust and information sharing. A model for the enhancement of trust in automotive supply chains through Information Technology is proposed to achieve the objectives of this research project. This model includes risk perception; information sharing as a means of enhancing trust; a trust area that consists of both supply chain partner trustworthiness and system trust; the resultant trusting behaviour; and the resultant improved information sharing. As this study is concerned with the use of IT to enhance trust, the inclusion of system trust as a component of the model is a significant contribution of this study which is complementary to the proposed cyclical relationship between trust and information sharing.
- Full Text:
- Date Issued: 2012
A model for enhancing trust in South African automotive supply chains through information technology
- Authors: Piderit, Roxanne
- Date: 2012
- Subjects: Automobile supplies industry -- South Africa , Automobiles -- Technological innovations , Business logistics -- South Africa
- Language: English
- Type: Thesis , Doctoral , DPhil
- Identifier: vital:9793 , http://hdl.handle.net/10948/d1011851 , Automobile supplies industry -- South Africa , Automobiles -- Technological innovations , Business logistics -- South Africa
- Description: The South African automotive industry is recognised as an important sector for the economy and has thus been prioritised by the South African government. The success of the automotive manufacturers depends on the efficiency and effectiveness of their supply chain. Due to the large number of suppliers involved in these supply chains, enhancing trust in the inter-organisational relationships can ensure the competitiveness of the supply chain. Additionally, insufficient trust can disrupt information sharing between supply chain partners which further impacts on supply chain operations and hence supply chain competitiveness. Thus, both insufficient trust and insufficient information sharing are viewed as contributing factors to the inefficiency and ineffectiveness of a supply chain’s operations. The use of Information Technology to facilitate inter-organisational relationships, in particular in terms of improving information sharing, is an important consideration in this research project. As in the Prisoner’s Dilemma, when supply chain members share information freely, trust levels are increased, hence supply chain effectiveness and efficiency is achieved and therefore the competitiveness of the supply chain is optimised. This study addresses the problem of enhancing trust in automotive supply chains using Information Technology. Previous studies have recognised the importance of trust and information sharing in supply chain relationships. These previous studies have also considered the effect of trust on information sharing, or the effect of information sharing on trust in a single direction. Thus, to address this research problem, a cyclical relationship between trust and information sharing is proposed. In this respect, Information Technology should be used to nurture this cyclical relationship between trust and information sharing. A model for the enhancement of trust in automotive supply chains through Information Technology is proposed to achieve the objectives of this research project. This model includes risk perception; information sharing as a means of enhancing trust; a trust area that consists of both supply chain partner trustworthiness and system trust; the resultant trusting behaviour; and the resultant improved information sharing. As this study is concerned with the use of IT to enhance trust, the inclusion of system trust as a component of the model is a significant contribution of this study which is complementary to the proposed cyclical relationship between trust and information sharing.
- Full Text:
- Date Issued: 2012
A model for information security control audit for small to mid-sized organisations
- Authors: Deysel, Natasha
- Date: 2009
- Subjects: Data protection , Computer networks -- Information technology
- Language: English
- Type: Thesis , Masters , MA
- Identifier: vital:9760 , http://hdl.handle.net/10948/940 , Data protection , Computer networks -- Information technology
- Description: Organisations are increasingly dependent on their information. Compromise to this information in terms of loss, inaccuracy or competitors gaining unauthorised access could have devastating consequences for the organisation. Therefore, information security governance has become a major concern for all organisations, large and small. Information security governance is based on a set of policies and internal controls by which organisations direct and manage their information security. An effective information security governance programme should be based on a recognised framework, such as the Control Objectives for Information and related Technology (COBIT). COBIT focuses on what control objectives must be achieved in order to effectively manage the information technology environment. It has become very clear that if a company is serious about information security governance, it needs to apply the COBIT framework that deals with information security. The problem in some medium-sized organisations is that they do not realise the importance of information security governance and are either unaware of the risks or choose to ignore these risks as they do not have the expertise or resources available to provide them with assurance that they have the right information security controls in place to protect their organisation against threats.
- Full Text:
- Date Issued: 2009
- Authors: Deysel, Natasha
- Date: 2009
- Subjects: Data protection , Computer networks -- Information technology
- Language: English
- Type: Thesis , Masters , MA
- Identifier: vital:9760 , http://hdl.handle.net/10948/940 , Data protection , Computer networks -- Information technology
- Description: Organisations are increasingly dependent on their information. Compromise to this information in terms of loss, inaccuracy or competitors gaining unauthorised access could have devastating consequences for the organisation. Therefore, information security governance has become a major concern for all organisations, large and small. Information security governance is based on a set of policies and internal controls by which organisations direct and manage their information security. An effective information security governance programme should be based on a recognised framework, such as the Control Objectives for Information and related Technology (COBIT). COBIT focuses on what control objectives must be achieved in order to effectively manage the information technology environment. It has become very clear that if a company is serious about information security governance, it needs to apply the COBIT framework that deals with information security. The problem in some medium-sized organisations is that they do not realise the importance of information security governance and are either unaware of the risks or choose to ignore these risks as they do not have the expertise or resources available to provide them with assurance that they have the right information security controls in place to protect their organisation against threats.
- Full Text:
- Date Issued: 2009
A model for information security management and regulatory compliance in the South African health sector
- Authors: Tuyikeze, Tite
- Date: 2005
- Subjects: Computer networks -- Security measures , Public health -- South Africa
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9740 , http://hdl.handle.net/10948/425 , Computer networks -- Security measures , Public health -- South Africa
- Description: Information Security is becoming a part of the core business processes in every organization. Companies are faced with contradictory requirements to ensure open systems and accessible information while maintaining high protection standards. In addition, the contemporary management of Information Security requires a variety of approaches in different areas, ranging from technological to organizational issues and legislation. These approaches are often isolated while Security Management requires an integrated approach. Information Technology promises many benefits to healthcare organizations. It helps to make accurate information more readily available to healthcare providers and workers, researchers and patients and advanced computing and communication technology can improve the quality and lower the costs of healthcare. However, the prospect of storing health information in an electronic form raises concerns about patient privacy and security. Healthcare organizations are required to establish formal Information Security program, for example through the adoption of the ISO 17799 standard, to ensure an appropriate and consistent level of information security for computer-based patient records, both within individual healthcare organizations and throughout the entire healthcare delivery system. However, proper Information Security Management practices, alone, do not necessarily ensure regulatory compliance. South African healthcare organizations must comply with the South African National Health Act (SANHA) and the Electronic Communication Transaction Act (ECTA). It is necessary to consider compliance with the Health Insurance Portability and Accountability Act (HIPAA) to meet healthcare international industry standards. The main purpose of this project is to propose a compliance strategy, which ensures full compliance with regulatory requirements and at the same time assures customers that international industry standards are being used. This is preceded by a comparative analysis of the requirements posed by the ISO 17799 standard and the HIPAA, SANHA and ECTA regulations.
- Full Text:
- Date Issued: 2005
- Authors: Tuyikeze, Tite
- Date: 2005
- Subjects: Computer networks -- Security measures , Public health -- South Africa
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9740 , http://hdl.handle.net/10948/425 , Computer networks -- Security measures , Public health -- South Africa
- Description: Information Security is becoming a part of the core business processes in every organization. Companies are faced with contradictory requirements to ensure open systems and accessible information while maintaining high protection standards. In addition, the contemporary management of Information Security requires a variety of approaches in different areas, ranging from technological to organizational issues and legislation. These approaches are often isolated while Security Management requires an integrated approach. Information Technology promises many benefits to healthcare organizations. It helps to make accurate information more readily available to healthcare providers and workers, researchers and patients and advanced computing and communication technology can improve the quality and lower the costs of healthcare. However, the prospect of storing health information in an electronic form raises concerns about patient privacy and security. Healthcare organizations are required to establish formal Information Security program, for example through the adoption of the ISO 17799 standard, to ensure an appropriate and consistent level of information security for computer-based patient records, both within individual healthcare organizations and throughout the entire healthcare delivery system. However, proper Information Security Management practices, alone, do not necessarily ensure regulatory compliance. South African healthcare organizations must comply with the South African National Health Act (SANHA) and the Electronic Communication Transaction Act (ECTA). It is necessary to consider compliance with the Health Insurance Portability and Accountability Act (HIPAA) to meet healthcare international industry standards. The main purpose of this project is to propose a compliance strategy, which ensures full compliance with regulatory requirements and at the same time assures customers that international industry standards are being used. This is preceded by a comparative analysis of the requirements posed by the ISO 17799 standard and the HIPAA, SANHA and ECTA regulations.
- Full Text:
- Date Issued: 2005
A model for integrating information security into the software development life cycle
- Authors: Futcher, Lynn Ann
- Date: 2007
- Subjects: Computer security , Software maintenance
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9737 , http://hdl.handle.net/10948/506 , Computer security , Software maintenance
- Description: It is within highly integrated technology environments that information security is becoming a focal point for designing, developing and deploying software applications. Ensuring a high level of trust in the security and quality of these applications is crucial to their ultimate success. Therefore, information security has become a core requirement for software applications, driven by the need to protect critical assets and the need to build and preserve widespread trust in computing. However, a common weakness that is inherent in the traditional software development methodologies is the lack of attention given to the security aspects of software development. Most of these methodologies do not explicitly include a standardised method for incorporating information security into their life cycles. Meaningful security can be achieved when information security issues are considered as part of a routine development process, and security safeguards are integrated into the software application throughout its life cycle. This, in turn, will lead to users being more confident to use software applications, and to entrust today's computer systems with their personal information. To build better or more secure software, an improved software development process is required. Security of a software application must be based on the risk associated with the application. In order to understand this risk, the relevant information assets need to be identified together with their threats and vulnerabilities. Therefore, security considerations provide input into every phase of the Software Development Life Cycle (SDLC), from requirements gathering to design, implementation, testing and deployment. This research project presents a Secure Software Development Model (SecSDM) for incorporating information security into all phases of the SDLC, from requirements gathering to systems maintenance. The SecSDM is based on many of the recommendations provided by relevant international standards and best practices, for example, the ISO 7498-2 (1989) standard which addresses the underlying security services and mechanisms that form an integral part of the model.
- Full Text:
- Date Issued: 2007
- Authors: Futcher, Lynn Ann
- Date: 2007
- Subjects: Computer security , Software maintenance
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9737 , http://hdl.handle.net/10948/506 , Computer security , Software maintenance
- Description: It is within highly integrated technology environments that information security is becoming a focal point for designing, developing and deploying software applications. Ensuring a high level of trust in the security and quality of these applications is crucial to their ultimate success. Therefore, information security has become a core requirement for software applications, driven by the need to protect critical assets and the need to build and preserve widespread trust in computing. However, a common weakness that is inherent in the traditional software development methodologies is the lack of attention given to the security aspects of software development. Most of these methodologies do not explicitly include a standardised method for incorporating information security into their life cycles. Meaningful security can be achieved when information security issues are considered as part of a routine development process, and security safeguards are integrated into the software application throughout its life cycle. This, in turn, will lead to users being more confident to use software applications, and to entrust today's computer systems with their personal information. To build better or more secure software, an improved software development process is required. Security of a software application must be based on the risk associated with the application. In order to understand this risk, the relevant information assets need to be identified together with their threats and vulnerabilities. Therefore, security considerations provide input into every phase of the Software Development Life Cycle (SDLC), from requirements gathering to design, implementation, testing and deployment. This research project presents a Secure Software Development Model (SecSDM) for incorporating information security into all phases of the SDLC, from requirements gathering to systems maintenance. The SecSDM is based on many of the recommendations provided by relevant international standards and best practices, for example, the ISO 7498-2 (1989) standard which addresses the underlying security services and mechanisms that form an integral part of the model.
- Full Text:
- Date Issued: 2007
A model for legal compliance in the South African banking sector : an information security perspective
- Maphakela, Madidimalo Rabbie
- Authors: Maphakela, Madidimalo Rabbie
- Date: 2008
- Subjects: Database security -- South Africa , Computer security -- South Africa , Computer networks -- Security measures -- South Africa
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9783 , http://hdl.handle.net/10948/725 , Database security -- South Africa , Computer security -- South Africa , Computer networks -- Security measures -- South Africa
- Description: In the past, many organisations used to keep their information on paper, which resulted in the loss of important information. In today’s knowledge era the information super-highway facilitates highly connected electronic environments where business applications can communicate on an intra- as well as inter-organizational level. As business expanded more into the cyber-world, so did the need to protect the information they have. Technology advances did not only bring benefits, it also increased the vulnerability of companies’ information. Information, the lifeblood of an organization, must be protected from threats such as hackers and fraud, amongst others. In the highly regulated financial sector, the protection of information is not only a best practice, but a legal obligation carrying penalties for non-compliance. From a positive aspect, organisations can identify security controls that can help them to secure their information, with the aid of legal sources. But organisations find themselves burdened by a burgeoning number of legal sources and requirements, which require vast resources and often become unmanageable. This research focuses on finding a solution for South African banks to comply with multiple legal sources, as seen from an information security perspective.
- Full Text:
- Date Issued: 2008
- Authors: Maphakela, Madidimalo Rabbie
- Date: 2008
- Subjects: Database security -- South Africa , Computer security -- South Africa , Computer networks -- Security measures -- South Africa
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9783 , http://hdl.handle.net/10948/725 , Database security -- South Africa , Computer security -- South Africa , Computer networks -- Security measures -- South Africa
- Description: In the past, many organisations used to keep their information on paper, which resulted in the loss of important information. In today’s knowledge era the information super-highway facilitates highly connected electronic environments where business applications can communicate on an intra- as well as inter-organizational level. As business expanded more into the cyber-world, so did the need to protect the information they have. Technology advances did not only bring benefits, it also increased the vulnerability of companies’ information. Information, the lifeblood of an organization, must be protected from threats such as hackers and fraud, amongst others. In the highly regulated financial sector, the protection of information is not only a best practice, but a legal obligation carrying penalties for non-compliance. From a positive aspect, organisations can identify security controls that can help them to secure their information, with the aid of legal sources. But organisations find themselves burdened by a burgeoning number of legal sources and requirements, which require vast resources and often become unmanageable. This research focuses on finding a solution for South African banks to comply with multiple legal sources, as seen from an information security perspective.
- Full Text:
- Date Issued: 2008
A model for managing user experience
- Authors: Mashapa, Job
- Date: 2013
- Subjects: Technological innovations -- Management , User interfaces (Computer systems)
- Language: English
- Type: Thesis , Doctoral , PhD
- Identifier: vital:9826 , http://hdl.handle.net/10948/d1020765
- Description: New innovative products are being designed while the user interface of existing products is constantly being revamped to give them a new look. All this is an effort to bring a satisfactory interacting experience for the user. However, in most cases users do not feel that they experience that benefit. The introduction of a new product, or the enhancement of the functionality and user interface of an existing product, often faces criticism and brings resistance to the acceptance and usage of the product by the users. Therefore, the change in user interface or introduction of new products does not only affect the business processes but also the lifestyles of the users, as well as their overall user experience. One of the most important components for the success of any product is a positive user experience. User experience refers to the subjective feeling of the user that results from their interaction or intention to interact with a product in order to perform a specific task in a specific environment. When the user interface and functionality of a product match the expectations of the users and make the users effective and efficient, feel safe and attain some level of self-worth from using or possessing the product, their interaction with the product becomes more satisfactory. User experience practitioners are in agreement that a change to the user interface influences the user experience of the people when interacting with the product; hence it affects change in the user experience of the people. A vast body of literature exists on the methods for evaluating user experience as well as on the principles that are aimed at guiding the design of products for a positive user experience. However, there is a lack of a means to manage this change in user experience that results from the changes in the features of the user interface or the product functionalities. This inadequacy opens up the potential for integrating change management principles in order to manage user experience. However, existing change management principles do not address the user experience aspects when managing change. Following the above premise, this study focused on the development of a model for managing user experience: the User Experience Management Model (UXM2). The UXM2 infers its components from the disciplines of user experience and change management. Its uniqueness is seated in its people-centred approach that aims to effect a free-will change in the individuals towards a long-term positive user experience. The proposed model further aims to promote the voluntary acceptance of a product, which is contrary to the mandatory change that is guided by the policies of the organization, as discussed in the study. The UXM2 was developed from a thorough argumentation of literature on user experience and change management. The components that were required for development of the model were identified from literature, and were evaluated for their relevance by means of academic publications in subject domain international conferences. The academic publications underwent double-blind peer review with subject domain experts. The model was evaluated for its relevance and potential applicability through interviews and discussions with subject domain experts. The subject domain experts consist of user experience practitioners and academic professionals in the domain of HCI. The subject domain experts also evaluated the model by means of an evaluation tool comprising of a Likert scale rating of the proposed components and related activities for managing user experience. The target users of the UXM2 are user experience practitioners and product developers who aim to promote a sustainable long-term positive user experience for the people interacting with their products. The UXM2 is aimed at being used for the design of products that are meant for institutional use, personal use, mandatory use and optional use. It is believed that adoption of the UXM2 will promote acceptance of the product by users, with an associated sustainable positive long-term user experience.
- Full Text:
- Date Issued: 2013
- Authors: Mashapa, Job
- Date: 2013
- Subjects: Technological innovations -- Management , User interfaces (Computer systems)
- Language: English
- Type: Thesis , Doctoral , PhD
- Identifier: vital:9826 , http://hdl.handle.net/10948/d1020765
- Description: New innovative products are being designed while the user interface of existing products is constantly being revamped to give them a new look. All this is an effort to bring a satisfactory interacting experience for the user. However, in most cases users do not feel that they experience that benefit. The introduction of a new product, or the enhancement of the functionality and user interface of an existing product, often faces criticism and brings resistance to the acceptance and usage of the product by the users. Therefore, the change in user interface or introduction of new products does not only affect the business processes but also the lifestyles of the users, as well as their overall user experience. One of the most important components for the success of any product is a positive user experience. User experience refers to the subjective feeling of the user that results from their interaction or intention to interact with a product in order to perform a specific task in a specific environment. When the user interface and functionality of a product match the expectations of the users and make the users effective and efficient, feel safe and attain some level of self-worth from using or possessing the product, their interaction with the product becomes more satisfactory. User experience practitioners are in agreement that a change to the user interface influences the user experience of the people when interacting with the product; hence it affects change in the user experience of the people. A vast body of literature exists on the methods for evaluating user experience as well as on the principles that are aimed at guiding the design of products for a positive user experience. However, there is a lack of a means to manage this change in user experience that results from the changes in the features of the user interface or the product functionalities. This inadequacy opens up the potential for integrating change management principles in order to manage user experience. However, existing change management principles do not address the user experience aspects when managing change. Following the above premise, this study focused on the development of a model for managing user experience: the User Experience Management Model (UXM2). The UXM2 infers its components from the disciplines of user experience and change management. Its uniqueness is seated in its people-centred approach that aims to effect a free-will change in the individuals towards a long-term positive user experience. The proposed model further aims to promote the voluntary acceptance of a product, which is contrary to the mandatory change that is guided by the policies of the organization, as discussed in the study. The UXM2 was developed from a thorough argumentation of literature on user experience and change management. The components that were required for development of the model were identified from literature, and were evaluated for their relevance by means of academic publications in subject domain international conferences. The academic publications underwent double-blind peer review with subject domain experts. The model was evaluated for its relevance and potential applicability through interviews and discussions with subject domain experts. The subject domain experts consist of user experience practitioners and academic professionals in the domain of HCI. The subject domain experts also evaluated the model by means of an evaluation tool comprising of a Likert scale rating of the proposed components and related activities for managing user experience. The target users of the UXM2 are user experience practitioners and product developers who aim to promote a sustainable long-term positive user experience for the people interacting with their products. The UXM2 is aimed at being used for the design of products that are meant for institutional use, personal use, mandatory use and optional use. It is believed that adoption of the UXM2 will promote acceptance of the product by users, with an associated sustainable positive long-term user experience.
- Full Text:
- Date Issued: 2013
A model for privacy-aware presence management in mobile communications
- Authors: Ophoff, Jacobus Albertus
- Date: 2011
- Subjects: Mobile communications systems , Mobile communication systems -- Management
- Language: English
- Type: Thesis , Doctoral , PhD
- Identifier: vital:9757 , http://hdl.handle.net/10948/1354 , Mobile communications systems , Mobile communication systems -- Management
- Description: As humans we find communicating natural and compelling. Over the centuries we have created many innovations which enable and improve communication between people; during the past decade mobile phone networks have brought about a technological revolution in this area. Never before have people been so connected to one another. Today we have the ability to communicate with almost anyone, anytime, anywhere. Our increased connectivity and reachability also leads to new issues and challenges that we need to deal with. When we phone someone we expect an instant connection, and when this does not occur it can be frustrating. On the other hand it is equally disruptive to receive a call when one is busy with an important task or in a situation where communication is inappropriate. Social protocol dictates that we try to minimize such situations for the benefit of others nearby and for ourselves. This management of communications is a constant and difficult task. Using presence – which signals a person’s availability and willingness to communicate – is a solution to this problem. Such information can benefit communication partners by increasing the likelihood of a successful connection and decreasing disruptions. This research addresses the problem of staying connected while keeping control over mobile communications. It adopts a design-science research paradigm, with the primary research artifact being a model for privacy-aware presence management in mobile communications. As part of the model development knowledge contributions are made in several ways. Existing knowledge about the problem area is extended through a quantitative analysis of mobile communications management. This analysis uses a novel survey, collecting useful empirical data for future research. This includes how people currently manage their communications and what features they expect from a potential “call management” system. The examination and use of presence standards, as a foundation for the model, provides a comparison of the main presence technologies available today. A focus on privacy features identifies several shortcomings in standards which, if addressed, can help to improve and make these standards more complete. The model stresses the privacy of potentially sensitive presence information. A unique perspective based on social relationship theories is adopted. The use of relationship groups not only makes logical sense but also assists in the management of presence information and extends existing standards. Finally, the evaluation of the model demonstrates the feasibility of a practical implementation as well the ability to extend the model in next generation mobile networks. Thus the model presents a solid foundation for the development of future services. In these ways the proposed model contributes positively towards balancing efficient mobile communications with the need for privacy-awareness.
- Full Text:
- Date Issued: 2011
- Authors: Ophoff, Jacobus Albertus
- Date: 2011
- Subjects: Mobile communications systems , Mobile communication systems -- Management
- Language: English
- Type: Thesis , Doctoral , PhD
- Identifier: vital:9757 , http://hdl.handle.net/10948/1354 , Mobile communications systems , Mobile communication systems -- Management
- Description: As humans we find communicating natural and compelling. Over the centuries we have created many innovations which enable and improve communication between people; during the past decade mobile phone networks have brought about a technological revolution in this area. Never before have people been so connected to one another. Today we have the ability to communicate with almost anyone, anytime, anywhere. Our increased connectivity and reachability also leads to new issues and challenges that we need to deal with. When we phone someone we expect an instant connection, and when this does not occur it can be frustrating. On the other hand it is equally disruptive to receive a call when one is busy with an important task or in a situation where communication is inappropriate. Social protocol dictates that we try to minimize such situations for the benefit of others nearby and for ourselves. This management of communications is a constant and difficult task. Using presence – which signals a person’s availability and willingness to communicate – is a solution to this problem. Such information can benefit communication partners by increasing the likelihood of a successful connection and decreasing disruptions. This research addresses the problem of staying connected while keeping control over mobile communications. It adopts a design-science research paradigm, with the primary research artifact being a model for privacy-aware presence management in mobile communications. As part of the model development knowledge contributions are made in several ways. Existing knowledge about the problem area is extended through a quantitative analysis of mobile communications management. This analysis uses a novel survey, collecting useful empirical data for future research. This includes how people currently manage their communications and what features they expect from a potential “call management” system. The examination and use of presence standards, as a foundation for the model, provides a comparison of the main presence technologies available today. A focus on privacy features identifies several shortcomings in standards which, if addressed, can help to improve and make these standards more complete. The model stresses the privacy of potentially sensitive presence information. A unique perspective based on social relationship theories is adopted. The use of relationship groups not only makes logical sense but also assists in the management of presence information and extends existing standards. Finally, the evaluation of the model demonstrates the feasibility of a practical implementation as well the ability to extend the model in next generation mobile networks. Thus the model presents a solid foundation for the development of future services. In these ways the proposed model contributes positively towards balancing efficient mobile communications with the need for privacy-awareness.
- Full Text:
- Date Issued: 2011
A model for role-based security education, training and awareness in the South African healthcare environment
- Authors: Maseti, Ophola S
- Date: 2008
- Subjects: Medical care -- South Africa -- Data processing
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9784 , http://hdl.handle.net/10948/724 , Medical care -- South Africa -- Data processing
- Description: It is generally accepted that a business operates more efficiently when it is able to consolidate information from a variety of sources. This principle applies as much in the healthcare environment. Although limited in the South African context, the use of electronic systems to access information is advancing rapidly. Many aspects have to be considered in regards to such a high availability of information, for example, training people how to access and protect information, motivating them to use the systems and information extensively and effectively, ensuring adequate levels of security, confronting ethical issues and maintaining the availability of information at crucial times. This is especially true in the healthcare sector, where access to critical data is often vital. This data must be accessed by different kinds of people with different levels of access. However, accessibility often leads to vulnerabilities. The healthcare sector deals with very sensitive data. People’s medical records need to be kept confidential; hence, security is very important. Information of a very sensitive nature is exposed to human intervention on various levels (e.g. nurses, administrative staff, general practitioners and specialists). In this scenario, it is important for each person to be aware of the requirements in terms of security and privacy, especially from a legal perspective. Because of the large dependence on the human factor in maintaining information security, organisations must employ mechanisms that address this at the staff level. One such mechanism is information security education, training and awareness programmes. As the learner is the recipient of information in such a programme, it is increasingly important that it targets the audience that it is intended for. This will maximize the benefits achieved from such a programme. This can be achieved through following a role-based approach in the design and development of the SETA programme. This research therefore proposes a model for a role-based SETA programme, with the area of application being in the South African healthcare environment.
- Full Text:
- Date Issued: 2008
- Authors: Maseti, Ophola S
- Date: 2008
- Subjects: Medical care -- South Africa -- Data processing
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9784 , http://hdl.handle.net/10948/724 , Medical care -- South Africa -- Data processing
- Description: It is generally accepted that a business operates more efficiently when it is able to consolidate information from a variety of sources. This principle applies as much in the healthcare environment. Although limited in the South African context, the use of electronic systems to access information is advancing rapidly. Many aspects have to be considered in regards to such a high availability of information, for example, training people how to access and protect information, motivating them to use the systems and information extensively and effectively, ensuring adequate levels of security, confronting ethical issues and maintaining the availability of information at crucial times. This is especially true in the healthcare sector, where access to critical data is often vital. This data must be accessed by different kinds of people with different levels of access. However, accessibility often leads to vulnerabilities. The healthcare sector deals with very sensitive data. People’s medical records need to be kept confidential; hence, security is very important. Information of a very sensitive nature is exposed to human intervention on various levels (e.g. nurses, administrative staff, general practitioners and specialists). In this scenario, it is important for each person to be aware of the requirements in terms of security and privacy, especially from a legal perspective. Because of the large dependence on the human factor in maintaining information security, organisations must employ mechanisms that address this at the staff level. One such mechanism is information security education, training and awareness programmes. As the learner is the recipient of information in such a programme, it is increasingly important that it targets the audience that it is intended for. This will maximize the benefits achieved from such a programme. This can be achieved through following a role-based approach in the design and development of the SETA programme. This research therefore proposes a model for a role-based SETA programme, with the area of application being in the South African healthcare environment.
- Full Text:
- Date Issued: 2008
A model for security incident response in the South African National Research and Education network
- Authors: Mooi, Roderick David
- Date: 2014
- Subjects: Information networks -- South Africa , Internet -- Security measures , Computer networks -- Security measures -- South Africa , National Research and Education Network (Computer network)
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9813 , http://hdl.handle.net/10948/d1017598
- Description: This dissertation addresses the problem of a lack of a formal incident response capability in the South African National Research and Education Network (SA NREN). While investigating alternatives it was found that no clear method exists to solve this problem. Therefore, a second problem is identified: the lack of a definitive method for establishing a Computer Security Incident Response Team (CSIRT) or Computer Emergency Response Team (CERT) in general. Solving the second problem is important as we then have a means of knowing how to start when building a CSIRT. This will set the basis for addressing the initial problem, resulting in a prepared, improved and coordinated response to IT security incidents affecting the SANREN. To commence, the requirements for establishing a CSIRT are identified via a comprehensive literature review. These requirements are categorized into five areas, namely, the basic business requirements followed by the four Ps of the IT Infrastructure Library (ITIL). That is, People, Processes, Product and Partners, adapted to suit the CSIRT context. Through the use of argumentation, the relationships between the areas are uncovered and explored. Thereafter, a Design Science Research-based process is utilised to develop a generic model for establishing a CSIRT. The model is based on the interactions uncovered between the business requirements and the adapted four Ps. These are summarised through two views -- strategic and tactical -- together forming an holistic model for establishing a CSIRT. The model highlights the decisions required for the business requirements, services, team model and staff, policies and processes, tools and technologies, and partners of a CSIRT respectively. Finally, to address the primary objective, the generic model is applied to the SANREN environment. Thus, the second artefact is an instantiation, a specific model, which can be implemented to create a CSIRT for the SA NREN. To produce the specific model, insight into the nature of the SANREN environment was required. The status quo was revealed through the use of a survey and argumentative analysis of the results. The specific decisions in each area required to establish an SA NREN CSIRT are explored throughout the development of the model. The result is a comprehensive framework for implementing a CSIRT in the SA NREN, detailing the decisions required in each of the areas. This model additionally acts as a demonstration of the utility of the generic model. The implications of this research are twofold. Firstly, the generic model is useful as a basis for anyone wanting to establish a CSIRT. It helps to ensure that all factors are considered and that no important decisions are neglected, thereby enabling an holistic view. Secondly, the specific model for the SA NREN CSIRT serves as a foundation for implementing the CSIRT going forward. It accelerates the process by addressing the important considerations and highlighting the concerns that must be addressed while establishing the CSIRT.
- Full Text:
- Date Issued: 2014
- Authors: Mooi, Roderick David
- Date: 2014
- Subjects: Information networks -- South Africa , Internet -- Security measures , Computer networks -- Security measures -- South Africa , National Research and Education Network (Computer network)
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9813 , http://hdl.handle.net/10948/d1017598
- Description: This dissertation addresses the problem of a lack of a formal incident response capability in the South African National Research and Education Network (SA NREN). While investigating alternatives it was found that no clear method exists to solve this problem. Therefore, a second problem is identified: the lack of a definitive method for establishing a Computer Security Incident Response Team (CSIRT) or Computer Emergency Response Team (CERT) in general. Solving the second problem is important as we then have a means of knowing how to start when building a CSIRT. This will set the basis for addressing the initial problem, resulting in a prepared, improved and coordinated response to IT security incidents affecting the SANREN. To commence, the requirements for establishing a CSIRT are identified via a comprehensive literature review. These requirements are categorized into five areas, namely, the basic business requirements followed by the four Ps of the IT Infrastructure Library (ITIL). That is, People, Processes, Product and Partners, adapted to suit the CSIRT context. Through the use of argumentation, the relationships between the areas are uncovered and explored. Thereafter, a Design Science Research-based process is utilised to develop a generic model for establishing a CSIRT. The model is based on the interactions uncovered between the business requirements and the adapted four Ps. These are summarised through two views -- strategic and tactical -- together forming an holistic model for establishing a CSIRT. The model highlights the decisions required for the business requirements, services, team model and staff, policies and processes, tools and technologies, and partners of a CSIRT respectively. Finally, to address the primary objective, the generic model is applied to the SANREN environment. Thus, the second artefact is an instantiation, a specific model, which can be implemented to create a CSIRT for the SA NREN. To produce the specific model, insight into the nature of the SANREN environment was required. The status quo was revealed through the use of a survey and argumentative analysis of the results. The specific decisions in each area required to establish an SA NREN CSIRT are explored throughout the development of the model. The result is a comprehensive framework for implementing a CSIRT in the SA NREN, detailing the decisions required in each of the areas. This model additionally acts as a demonstration of the utility of the generic model. The implications of this research are twofold. Firstly, the generic model is useful as a basis for anyone wanting to establish a CSIRT. It helps to ensure that all factors are considered and that no important decisions are neglected, thereby enabling an holistic view. Secondly, the specific model for the SA NREN CSIRT serves as a foundation for implementing the CSIRT going forward. It accelerates the process by addressing the important considerations and highlighting the concerns that must be addressed while establishing the CSIRT.
- Full Text:
- Date Issued: 2014
A model to address factors that could influence the information security behaviour of computing graduates
- Mabece, Thandolwethu, Thomson, Kerry-Lynn
- Authors: Mabece, Thandolwethu , Thomson, Kerry-Lynn
- Date: 2017
- Subjects: Information technology -- Security measures , Computer security , Cyber intelligence (Computer security)
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: http://hdl.handle.net/10948/7355 , vital:21339
- Description: The fact that information is ubiquitous throughout most modern organisations cannot be denied. Information is not merely used as an enabler in modern organisations today, but is also used to gain a competitive advantage over competitors. Thus, information has become one of the most important business assets. It is, therefore, imperative that organisations protect information assets as they would protect other business assets. This is typically achieved through implementing various security measures.Technological and procedural security measures are largely dependent on humans. However, the incorrect behaviour of humans poses a significant threat to the protection of these information assets. Thus, it is vital to understand how human behaviour may impact the protection of information assets. While the focus of much literature is on organisations, the focus of this research is on higher education institutions and the factors of information security, with a specific focus on influencing the information security behaviour of computing graduates. Typically, computing graduates would be employed in organisations in various careers such as software developers, network administrators, database administrators and information systems analysts. Employment in these careers means that they would be closely interacting with information assets and information systems. A real problem, as identified by this research, is that currently, many higher education institutions are not consciously doing enough to positively influence the information security behaviour of their computing graduates. This research presents a model to address various factors that could influence the information security behaviour of computing graduates. The aim of this model is to assist computing educators in influencing computing graduates to adopt more secure behaviour, such as security assurance behaviour. A literature review was conducted to identify the research problem. A number of theories such as the Theory of Planned Behaviour, Protection Motivation Theory and Social Cognitive Theory were identified as being relevant for this research as they provided a theoretical foundation for factors that could influence the information security behaviour of computing graduates. Additionally, a survey was conducted to gather the opinions and perceptions of computing educators relating to information security education in higher education institutions. Results indicated that information security is not pervasively integrated within the higher education institutions surveyed. Furthermore, results revealed that most computing students were perceived to not be behaving in a secure manner with regard to information security. This could negatively influence their information security behaviour as computing graduates employed within organisations. Computing educators therefore require assistance in influencing the information security behaviour of these computing students. The proposed model to provide this assistance was developed through argumentation and modelling.
- Full Text:
- Date Issued: 2017
- Authors: Mabece, Thandolwethu , Thomson, Kerry-Lynn
- Date: 2017
- Subjects: Information technology -- Security measures , Computer security , Cyber intelligence (Computer security)
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: http://hdl.handle.net/10948/7355 , vital:21339
- Description: The fact that information is ubiquitous throughout most modern organisations cannot be denied. Information is not merely used as an enabler in modern organisations today, but is also used to gain a competitive advantage over competitors. Thus, information has become one of the most important business assets. It is, therefore, imperative that organisations protect information assets as they would protect other business assets. This is typically achieved through implementing various security measures.Technological and procedural security measures are largely dependent on humans. However, the incorrect behaviour of humans poses a significant threat to the protection of these information assets. Thus, it is vital to understand how human behaviour may impact the protection of information assets. While the focus of much literature is on organisations, the focus of this research is on higher education institutions and the factors of information security, with a specific focus on influencing the information security behaviour of computing graduates. Typically, computing graduates would be employed in organisations in various careers such as software developers, network administrators, database administrators and information systems analysts. Employment in these careers means that they would be closely interacting with information assets and information systems. A real problem, as identified by this research, is that currently, many higher education institutions are not consciously doing enough to positively influence the information security behaviour of their computing graduates. This research presents a model to address various factors that could influence the information security behaviour of computing graduates. The aim of this model is to assist computing educators in influencing computing graduates to adopt more secure behaviour, such as security assurance behaviour. A literature review was conducted to identify the research problem. A number of theories such as the Theory of Planned Behaviour, Protection Motivation Theory and Social Cognitive Theory were identified as being relevant for this research as they provided a theoretical foundation for factors that could influence the information security behaviour of computing graduates. Additionally, a survey was conducted to gather the opinions and perceptions of computing educators relating to information security education in higher education institutions. Results indicated that information security is not pervasively integrated within the higher education institutions surveyed. Furthermore, results revealed that most computing students were perceived to not be behaving in a secure manner with regard to information security. This could negatively influence their information security behaviour as computing graduates employed within organisations. Computing educators therefore require assistance in influencing the information security behaviour of these computing students. The proposed model to provide this assistance was developed through argumentation and modelling.
- Full Text:
- Date Issued: 2017
A model to improve the effectiveness of the Occupational Health and Safety Inspectorate function relative to South African construction
- Authors: Geminiani, Franco Luciano
- Date: 2008
- Subjects: Construction industry -- Safety measures
- Language: English
- Type: Thesis , Doctoral , DTech
- Identifier: vital:9695 , http://hdl.handle.net/10948/719 , Construction industry -- Safety measures
- Description: Irrespective of all the efforts made by the Department of Labour (DoL) and other relevant stakeholders to improve the performance of Occupational Health and Safety (OH&S) in construction. In the Construction Industry, there is still a very high level of accidents and fatalities in South Africa. Injuries and accidents to workers do not help a community in any nation. The construction industry in South Africa is generally known to be one of the most hazardous and has one of the most dismal OH&S records among all industrial segments with an unacceptably high level of injuries and fatalities resulting in considerable human suffering. A doctoral study was recently conducted with the aim of investigating the effectiveness and performance of the DoL OH&S Inspectorate in South Africa. The empirical study was conducted among a range of stakeholders: civil engineering and building contractors; OH&S consultants; project managers; DoL inspectors; and designers by means of a questionnaire survey. The methodology adopted in this study included the exploratory and descriptive methods, which entails the technique of observation including the use of questionnaires and data analysis. The salient findings of the study are presented and elucidate that the DoL OH&S Inspectorate is not effective in terms of OH&S relative to the construction industry in South Africa. Conclusions and recommendations included expound that the DoL OH&S Inspectorate is not effectively conducting their duties reinforcing the need for a reviewed OH&S Inspectorate model framework. The proposed structured normative model consists of fundamental elements which would improve the effectiveness of the DoL OH&S Inspectorate. The findings of the study with recommendations are included.
- Full Text:
- Date Issued: 2008
- Authors: Geminiani, Franco Luciano
- Date: 2008
- Subjects: Construction industry -- Safety measures
- Language: English
- Type: Thesis , Doctoral , DTech
- Identifier: vital:9695 , http://hdl.handle.net/10948/719 , Construction industry -- Safety measures
- Description: Irrespective of all the efforts made by the Department of Labour (DoL) and other relevant stakeholders to improve the performance of Occupational Health and Safety (OH&S) in construction. In the Construction Industry, there is still a very high level of accidents and fatalities in South Africa. Injuries and accidents to workers do not help a community in any nation. The construction industry in South Africa is generally known to be one of the most hazardous and has one of the most dismal OH&S records among all industrial segments with an unacceptably high level of injuries and fatalities resulting in considerable human suffering. A doctoral study was recently conducted with the aim of investigating the effectiveness and performance of the DoL OH&S Inspectorate in South Africa. The empirical study was conducted among a range of stakeholders: civil engineering and building contractors; OH&S consultants; project managers; DoL inspectors; and designers by means of a questionnaire survey. The methodology adopted in this study included the exploratory and descriptive methods, which entails the technique of observation including the use of questionnaires and data analysis. The salient findings of the study are presented and elucidate that the DoL OH&S Inspectorate is not effective in terms of OH&S relative to the construction industry in South Africa. Conclusions and recommendations included expound that the DoL OH&S Inspectorate is not effectively conducting their duties reinforcing the need for a reviewed OH&S Inspectorate model framework. The proposed structured normative model consists of fundamental elements which would improve the effectiveness of the DoL OH&S Inspectorate. The findings of the study with recommendations are included.
- Full Text:
- Date Issued: 2008