A code of practice for practitioners in private healthcare: a privacy perspective
- Authors: Harvey, Brett D
- Date: 2007
- Subjects: Information storage and retrieval systems -- Medical care , Medical records -- Data processing , Privacy, Right of Comparative studies
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9735 , http://hdl.handle.net/10948/521 , Information storage and retrieval systems -- Medical care , Medical records -- Data processing , Privacy, Right of Comparative studies
- Description: Whereas there are various initiatives to standardize the storage, processing and use of electronic patient information in the South African health sector, the sector is fragmented through the adoption of various approaches on national, provincial and district levels. Divergent IT systems are used in the public and private health sectors (“Recommendations of the Committee on …” 2003). Furthermore, general practitioners in some parts of the country still use paper as a primary means of documentation and storage. Nonetheless, the use of computerized systems is increasing, even in the most remote rural areas. This leads to the exposure of patient information to various threats that are perpetuated through the use of information technology. Irrespective of the level of technology adoption by practitioners in private healthcare practice, the security and privacy of patient information remains of critical importance. The disclosure of patient information whether intentional or not, can have dire consequences for a patient. In general, the requirements pertaining to the privacy of patient information are controlled and enforced through the adoption of legislation by the governing body of a country. Compared with developed nations, South Africa has limited legislation to help enforce privacy in the health sector. Conversely, Australia, New Zealand and Canada have some of the most advanced legislative frameworks when it comes to the privacy of patient information. In this dissertation, the Australian, New Zealand, Canadian and South African health sectors and the legislation they have in place to ensure the privacy of health information, will be investigated. Additionally, codes of practice and guidelines on privacy of patient information for GPs, in the afore-mentioned countries, will be investigated to form an idea as to what is needed in creating and formulating a new code of practice for the South African GP, as well as a pragmatic tool (checklist) to check adherence to privacy requirements.
- Full Text:
- Date Issued: 2007
A COP optimized control system for a CO₂ based automotive A/C-system
- Authors: Rapp, Tobias
- Date: 2007
- Subjects: Automobiles -- Air conditioning , Motor vehicles -- Automatic control
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9624 , http://hdl.handle.net/10948/773 , Automobiles -- Air conditioning , Motor vehicles -- Automatic control
- Description: In the last few years carbon dioxide received increasing attention as a possible replacement for fluorocarbon-based refrigerants used within present automotive A/C system technology. R-134a is harmless to the ozone layer but the greenhouse effect is more than 1300 times higher than that of an equivalent amount of CO2. Alternative refrigerants are natural gasses such as propane and butane, however these gasses are considered explosive. With many objections raised it appears if CO2 will be the future refrigrant for automotive use. One concern with R-744 is its high operating pressure and suction/discharge pressure difference when compared to common refrigeration processes. A major problem with the CO2 cycle is the loss of effciency at high ambient temperatures. With a COP optimized control system for the expansion value based on pressure, temperature and mass flow of the refrigerant, an effective A/C system for CO2 could be deleloped. This resrach offers basic knowledge of refrigerant cycles and gives an overall view of the refrigerant change-over problem. With the results obtained from the experimental work a better understanding of the CO2 cycle and a better understanding towards effective A/C systems have been realized.
- Full Text:
- Date Issued: 2007
A critical review of the IFIP TC11 Security Conference Series
- Authors: Gaadingwe, Tshepo Gaadingwe
- Date: 2007
- Subjects: Database security , Data protection , Computers -- Access control
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9795 , http://hdl.handle.net/10948/507 , Database security , Data protection , Computers -- Access control
- Description: Over the past few decades the field of computing has grown and evolved. In this time, information security research has experienced the same type of growth. The increase in importance and interest in information security research is reflected by the sheer number of research efforts being produced by different type of organizations around the world. One such organization is the International Federation for Information Processing (IFIP), more specifically the IFIP Technical Committee 11 (IFIP TC11). The IFIP TC11 community has had a rich history in producing high quality information security specific articles for over 20 years now. Therefore, IFIP TC11 found it necessary to reflect on this history, mainly to try and discover where it came from and where it may be going. Its 20th anniversary of its main conference presented an opportunity to begin such a study of its history. The core belief driving the study being that the future can only be realized and appreciated if the past is well understood. The main area of interest was to find out topics which may have had prevalence in the past or could be considered as "hot" topics. To achieve this, the author developed a systematic process for the study. The underpinning element being the creation of a classification scheme which was used to aid the analysis of the IFIP TC11 20 year's worth of articles. Major themes were identified and trends in the series highlighted. Further discussion and reflection on these trends were given. It was found that, not surprisingly, the series covered a wide variety of topics in the 20 years. However, it was discovered that there has been a notable move towards technically focused papers. Furthermore, topics such as business continuity had just about disappeared in the series while topics which are related to networking and cryptography continue to gain more prevalence.
- Full Text:
- Date Issued: 2007
A framework for secure mobile computing in healthcare
- Authors: Thomas, Godwin Dogara Ayenajeh
- Date: 2007
- Subjects: Mobile computing
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9789 , http://hdl.handle.net/10948/618 , Mobile computing
- Description: Mobile computing is rapidly becoming part of healthcare’s electronic landscape, helping to provide better quality of care and reduced cost. While the technology provides numerous advantages to the healthcare industry, it is not without risk. The size and portable nature of mobile computing devices present a highly vulnerable environment, which threaten the privacy and security of health information. Since these devices continually access possibly sensitive healthcare information, it is imperative that these devices are considered for security in order to meet regulatory compliance. In fact, the increase in government and industry regulation to ensure the privacy and security of health information, makes mobile security no longer just desirable, but mandatory. In addition, as healthcare becomes more aware of the need to reinforce patient confidence to gain competitive advantage, it makes mobile security desirable. Several guidelines regarding security best practices exist. Healthcare institutions are thus faced with matching the guidelines offered by best practices, with the legal and regulatory requirements. While this is a valuable question in general, this research focuses on the aspect of considering this question when considering the introduction of mobile computing into the healthcare environment. As a result, this research proposes a framework that will aid IT administrators in healthcare to ensure that privacy and security of health information is extended to mobile devices. The research uses a comparison between the best practices in ISO 17799:2005 and the regulatory requirements stipulated in HIPAA to provide a baseline for the mobile computing security model. The comparison ensures that the model meets healthcare specific industry requirement and international information security standard. In addition, the framework engages the Information Security Management System (ISMS) model based on the ISO 27000 standard. The framework, furthermore, points to existing technical security measurers associated with mobile computing. It is believed that the framework can assist in achieving mobile computing security that is compliant with the requirements in the healthcare industry.
- Full Text:
- Date Issued: 2007
A general genetic algorithm for one and two dimensional cutting and packing problems
- Authors: Mancapa, Vusisizwe
- Date: 2007
- Subjects: Packaging -- Data processing , Genetic algorithms , Cutting stock problem , Packing for shipment , Manufacturing processes -- Planning
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9602 , http://hdl.handle.net/10948/555 , http://hdl.handle.net/10948/d1011727 , Packaging -- Data processing , Genetic algorithms , Cutting stock problem , Packing for shipment , Manufacturing processes -- Planning
- Description: Cutting and packing problems are combinatorial optimisation problems. The major interest in these problems is their practical significance, in manufacturing and other business sectors. In most manufacturing situations a raw material usually in some standard size has to be divided or be cut into smaller items to complete the production of some product. Since the cost of this raw material usually forms a significant portion of the input costs, it is therefore desirable that this resource be used efficiently. A hybrid general genetic algorithm is presented in this work to solve one and two dimensional problems of this nature. The novelties with this algorithm are: A novel placement heuristic hybridised with a Genetic Algorithm is introduced and a general solution encoding scheme which is used to encode one dimensional and two dimensional problems is also introduced.
- Full Text:
- Date Issued: 2007
A methodology for measuring and monitoring IT risk
- Authors: Tansley, Natalie Vanessa
- Date: 2007
- Subjects: Electronic data processing departments -- Security measures , Business -- Data processing -- Security measures , Information resources management , Information technology -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9781 , http://hdl.handle.net/10948/772 , Electronic data processing departments -- Security measures , Business -- Data processing -- Security measures , Information resources management , Information technology -- Security measures
- Description: The primary objective of the research is to develop a methodology for monitoring and measuring IT risks, strictly focusing on internal controls. The research delivers a methodology whereby an organization can measure its system of internal controls, providing assurance that the risks are at an acceptable level. To achieve the primary objective a number of secondary objectives were addressed: What are the drivers forcing organizations to better corporate governance in managing risk? What is IT risk management, specifically focusing on operational risk. What is internal control and specifically focusing on COSO’s internal control process. Investigation of measurement methods, such as, Balance Scorecards, Critical Success Factors, Maturity Models, Key Performance Indicators and Key Goal Indicators. Investigation of various frameworks such as CobiT, COSO and ISO 17799, ITIL and BS 7799 as to how they manage IT risk relating to internal control.
- Full Text:
- Date Issued: 2007
A model for integrating information security into the software development life cycle
- Authors: Futcher, Lynn Ann
- Date: 2007
- Subjects: Computer security , Software maintenance
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9737 , http://hdl.handle.net/10948/506 , Computer security , Software maintenance
- Description: It is within highly integrated technology environments that information security is becoming a focal point for designing, developing and deploying software applications. Ensuring a high level of trust in the security and quality of these applications is crucial to their ultimate success. Therefore, information security has become a core requirement for software applications, driven by the need to protect critical assets and the need to build and preserve widespread trust in computing. However, a common weakness that is inherent in the traditional software development methodologies is the lack of attention given to the security aspects of software development. Most of these methodologies do not explicitly include a standardised method for incorporating information security into their life cycles. Meaningful security can be achieved when information security issues are considered as part of a routine development process, and security safeguards are integrated into the software application throughout its life cycle. This, in turn, will lead to users being more confident to use software applications, and to entrust today's computer systems with their personal information. To build better or more secure software, an improved software development process is required. Security of a software application must be based on the risk associated with the application. In order to understand this risk, the relevant information assets need to be identified together with their threats and vulnerabilities. Therefore, security considerations provide input into every phase of the Software Development Life Cycle (SDLC), from requirements gathering to design, implementation, testing and deployment. This research project presents a Secure Software Development Model (SecSDM) for incorporating information security into all phases of the SDLC, from requirements gathering to systems maintenance. The SecSDM is based on many of the recommendations provided by relevant international standards and best practices, for example, the ISO 7498-2 (1989) standard which addresses the underlying security services and mechanisms that form an integral part of the model.
- Full Text:
- Date Issued: 2007
An appraisal of secure, wireless grid-enabled data warehousing
- Authors: Seelo, Gaolathe
- Date: 2007
- Subjects: Data warehousing , Computer security
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9790 , http://hdl.handle.net/10948/602 , http://hdl.handle.net/10948/d1011700 , Data warehousing , Computer security
- Description: In most research, appropriate collections of data play a significant role in aiding decision-making processes. This is more critical if the data is being accessed across organisational barriers. Further, for the data to be mined and analysed efficiently, to aid decision-making processes, it must be harnessed in a suitably-structured fashion. There is, for example, a need to perform diverse data analyses and interpretation of structured (non-personal) HIV/AIDS patient-data from various quarters in South Africa. Although this data does exist, to some extent, it is autonomously owned and stored in disparate data storages, and not readily available to all interested parties. In order to put this data to meaningful use, it is imperative to integrate and store this data in a manner in which it can be better utilized by all those involved in the ontological field. This implies integration of (and hence, interoperability), and appropriate accessibility to, the information systems of the autonomous organizations providing data and data-processing. This is a typical problem-scenario for a Virtual Inter-Organisational Information System (VIOIS), proposed in this study. The VIOIS envisaged is a hypothetical, secure, Wireless Grid-enabled Data Warehouse (WGDW) that enables IOIS interaction, such as the storage and processing of HIV/AIDS patient-data to be utilized for HIV/AIDS-specific research. The proposed WDGW offers a methodical approach for arriving at such a collaborative (HIV/AIDS research) integrated system. The proposed WDGW is virtual community that consists mainly of data-providers, service-providers and information-consumers. The WGDW-basis resulted from systematic literaturesurvey that covered a variety of technologies and standards that support datastorage, data-management, computation and connectivity between virtual community members in Grid computing contexts. A Grid computing paradigm is proposed for data-storage, data management and computation in the WGDW. Informational or analytical processing will be enabled through data warehousing while connectivity will be attained wirelessly (for addressing the paucity of connectivity infrastructure in rural parts of developing countries, like South Africa).
- Full Text:
- Date Issued: 2007
Analysing the effect of FSP on MIG-laser hybrid welded 6082-T6 AA joints
- Authors: Mjali, Kadephi Vuyolwethu
- Date: 2007
- Subjects: Friction stir welding
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9610 , http://hdl.handle.net/10948/563 , Friction stir welding
- Description: Friction Stir Processing (FSP) of aluminium alloys has been used to modify and improve the microstructure and relevant properties of fusion welded aluminium alloys. The effect of FSP on MIG-Laser Hybrid (MLH) welded aluminium alloy 6082-T6 mechanical and microstructural properties has been studied in this research. The FSP process was used on 6mm thick aluminium alloy plates and a tool was designed specifically for FSP, and the effect of varying speeds was analysed before the final FSP welds were made. The effect of FSP was analysed by optical microscopy, tensile, microhardness and fatigue testing. The aim of the study was to determine whether the FSP process has a beneficial influence on the mechanical properties and metallurgical integrity of MIG-Laser Hybrid welded 6082-T6 aluminium alloy with varying gap tolerances. Three welding processes were compared, namely combined Friction Stir Processing on MIG-Laser hybrid process (FSP-MLH), MLH and Friction Stir Welding (FSW) as part of the analysis. (FSP was carried out on MLH components when it was found that FSP is not an entirely complete welding process but rather a finishing process per se.) The aim of this dissertation is to investigate the effects of the FSP process on the weld quality of MLH welded joints and also to compare this to individual processes like FSW and MLH. This investigation was undertaken in order to gain an understanding of the effect of these processes on fatigue performance and microhardness distribution on aluminium alloy 6082-T6 weld joints.
- Full Text:
- Date Issued: 2007
Analysis of fuel consumption reduction potential through the use of an electrically driven air conditioning compressor
- Authors: Marais, Charel
- Date: 2007
- Subjects: Automobiles -- Air conditioning , Electric vehicles -- Power supply , Automobiles -- Fuel systems , Electric automobiles
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9623 , http://hdl.handle.net/10948/774 , Automobiles -- Air conditioning , Electric vehicles -- Power supply , Automobiles -- Fuel systems , Electric automobiles
- Description: The disturbing current situation regarding the world climate has initiated a major wave of urgent developments towards decreasing the overall impact of human activities on the living environment. A major role player in this development is the automobile industry that is inherently connected to pollution of various types, be it air, water or noise pollution. There have been drastic changes not only in the technologies employed in producing vehicles and components, but also in the construction and technologies built into modern automobiles to lessen the overall environmental impact of the industry. Noxious emissions have been decreased, overall efficiencies increased and vehicles are becoming more economical with each new generation. Stricter laws dictate that the level of acceptable vehicle emissions is to be decreased ever further and all manufacturers are developing various possibilities to achieve this. With the emergence of hybrid vehicle technology, there was also a sudden development of different electrical systems that were made viable by the higher onboard voltage systems employed in hybrid vehicles. One of these developments was the electrical air conditioning compressor for use in automobile applications. Although it is designed to operate with a higher voltage than the traditional 12V onboard vehicle systems, it is theoretically possible to incorporate it into a 12V system by making use of a DC-DC converter to step up the supply voltage of the electrical compressor sufficiently to allow for its successful operation. The question therefore arises whether it would be feasible and sensible to employ an electrical air conditioning system in conventional combustion engine vehicles from an overall fuel consumption and vehicle emissions point of view. A modelling approach was taken where an overall vehicle driving simulation was created to represent an average modern production vehicle. The simulation was then extended to include the options of incorporating models for both mechanically and electrically driven air conditioning systems. This provides insight into the influences of the air conditioning system on the vehicle’s overall fuel consumption and an opportunity to compare the influences from the two different systems. This study attempted to provide answers to some of the viability questions regarding the incorporation of electrically driven air conditioning systems into vehicles that use standard 12V onboard voltage systems. It was found that the electrical system has definite potential as a viable replacement option for the conventional system should it be combined with an appropriate alternator and equipped with an efficient control system.
- Full Text:
- Date Issued: 2007
Clients' views on construction and design team competencies
- Authors: Crafford, Gerrit Jacobus
- Date: 2007
- Subjects: Construction industry -- Employees , Core competencies
- Language: English
- Type: Thesis , Doctoral , PhD
- Identifier: vital:9679 , http://hdl.handle.net/10948/490 , Construction industry -- Employees , Core competencies
- Description: The effectiveness of the design and construction team in meeting clients’ requirements entirely depends on the competency proficiency of the design and construction teams. This research presents a model of the important competencies required by the design and construction teams in order to provide a competent service as seen by the client. A review of related literature followed by interviews by selected practitioners yielded 29 architectural competencies, 31 civil engineering competencies, 32 construction management competencies, 31 project management competencies, and 33 quantity surveying competencies that were presented in a structured questionnaire. The questionnaire was completed by 52 developers from a census of developers and municipality managers in South Africa. Respondents were asked to rank or rate: the level of importance of each competency for a career in that specific discipline; how evident that competency is in the specific discipline in South Africa; the level of importance of the performance parameters to clients, and the extent to which the various disciplines realise client satisfaction relative to the various performance parameters. The techniques of re-scaling, principal component analysis, content analysis, ranking and quadrant analysis were applied to the data. Results showed a high degree of consistency among respondents in all disciplines, regardless of the demographic differences in the importance of the competencies. A factor solution was obtained for every discipline using principal component analysis on the important competencies of each discipline. The various factor solutions were in turn used to formulate a simplified model. The model shows that the factors are interdependent and interacting. The model indicates that primary competencies for each profession are supported by mostly secondary competencies. These factors v are in turn influenced by the inter-relationships between the practitioners, continued professional development/ research and universities, which are then in turn, influenced the governing bodies. The local and global environment then ultimately influences the governing bodies. An Importance-Evidence quadrant analysis was undertaken in order to integrate the rankings of the current importance levels and current proficiency levels for each discipline’s competencies, which helped to identify areas in which education and training is immediately needed. Respondents ranked all nine performance parameters above average which indicates that there are more than the traditional performance parameters of cost, quality, and time involved in satisfying clients. The research concluded that vital feedback from clients regarding the competencies required by the respective professionals in the design and construction team was obtained.
- Full Text:
- Date Issued: 2007
Continuous auditing technologies and models
- Authors: Blundell, Adrian Wesley
- Date: 2007
- Subjects: Auditing , Auditing -- Data processing
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9798 , http://hdl.handle.net/10948/476 , http://hdl.handle.net/10948/d1011922 , Auditing , Auditing -- Data processing
- Description: Continuous auditing is not a totally new concept, but it has not been widely implemented, and has existed mostly as a point of debate amongst the auditing fraternity. This may soon change, as continuous auditing has become a topic of great interest, especially in the last decade. This may be due to a combination of reasons. In the last decade, much of the confidence in auditors’ reports was lost due to corporate governance scandals. This also brought about a greater desire for faster, more reliable reporting on which to base decisions. This desire has been transposed into regulations such as the Sarbanes-Oxley act in the United States, which encourages real-time auditing activities, which would benefit from continuous auditing. A second, possible contributing factor to the heightened interest in continuous auditing is that much of the requisite technology has matured to a point where it can be successfully used to implement continuous auditing. It is the technologies which form the focus of this research. It is therefore, the primary objective of this research to investigate and identify the essential technologies, and identify and define their roles within a continuous auditing solution. To explore this area, three models of continuous auditing are compared according to the roles of the technologies within them. The roots of some auditing technologies which can be adapted to the paradigm of continuous auditing are explored, as well as new technologies, such as XML-based reporting languages. In order to fully explore these technologies, the concepts of data integrity and data quality are first defined and discussed, and some security measures which contribute to integrity are identified. An obstacle to implementing a continuous model is that even with the newly available technologies, the multitudes of systems which are used in organisations, produce data in a plethora of data formats. In performing an audit the continuous auditing system needs to first gather this data and then needs to be able to compare “apples with apples”. Therefore, the technologies which can be used to acquire and standardise the data are identified.
- Full Text:
- Date Issued: 2007
Establishing the benefits of implementing an I.T. project management office in the Nelson Mandela Metropolitan area
- Authors: Martin, Michael Ronald Charles
- Date: 2007
- Subjects: Project management -- South Africa -- Port Elizabeth -- Computer network resources , Information technology -- South Africa -- Port Elizabeth -- Management
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9266 , http://hdl.handle.net/10948/558 , Project management -- South Africa -- Port Elizabeth -- Computer network resources , Information technology -- South Africa -- Port Elizabeth -- Management
- Description: The well-known concept of a Project Manager managing an I.T. project in relative isolation is no longer a viable option for organisations that are running numerous projects simultaneously. Due to the enormous costs and risks involved in many of these projects, there needs to be a means to ensure success. This has led to the establishment of the concept of a Project Management Office (PMO). An autonomous business unit that is responsible for managing all projects within an organisation. The need for a Project Management Office (PMO) to effectively manage multiple projects is becoming more and more accepted worldwide. The benefits of a PMO are well documented, but whether these benefits will apply to organisations within the NMM area needed to be investigated. A detailed analysis of the benefits of Project Management and in particular a PMO, have been investigated by means of a literature study. An investigation into the effectiveness of PMO’s in South Africa in general, was conducted by means of a survey targeted at a group of I.T. Project Managers located in all the major centres. A further survey was conducted among local I.T. managers to determine their current level of success and their expectations for the future. When reviewing the expectations of local I.T. management against the performance of Project Managers that are currently operating within PMOs, it is clear that organisations within the NMM area are in need of PMO’s and would certainly benefit from their establishment.
- Full Text:
- Date Issued: 2007
Evolving a secure grid-enabled, distributed data warehouse : a standards-based perspective
- Authors: Li, Xiao-Yu
- Date: 2007
- Subjects: Computational grids (Computer systems) , Computer networks -- Security measures , Electronic data processing -- Distributed processing
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9738 , http://hdl.handle.net/10948/544 , Computational grids (Computer systems) , Computer networks -- Security measures , Electronic data processing -- Distributed processing
- Description: As digital data-collection has increased in scale and number, it becomes an important type of resource serving a wide community of researchers. Cross-institutional data-sharing and collaboration introduce a suitable approach to facilitate those research institutions that are suffering the lack of data and related IT infrastructures. Grid computing has become a widely adopted approach to enable cross-institutional resource-sharing and collaboration. It integrates a distributed and heterogeneous collection of locally managed users and resources. This project proposes a distributed data warehouse system, which uses Grid technology to enable data-access and integration, and collaborative operations across multi-distributed institutions in the context of HV/AIDS research. This study is based on wider research into OGSA-based Grid services architecture, comprising a data-analysis system which utilizes a data warehouse, data marts, and near-line operational database that are hosted by distributed institutions. Within this framework, specific patterns for collaboration, interoperability, resource virtualization and security are included. The heterogeneous and dynamic nature of the Grid environment introduces a number of security challenges. This study also concerns a set of particular security aspects, including PKI-based authentication, single sign-on, dynamic delegation, and attribute-based authorization. These mechanisms, as supported by the Globus Toolkit’s Grid Security Infrastructure, are used to enable interoperability and establish trust relationship between various security mechanisms and policies within different institutions; manage credentials; and ensure secure interactions.
- Full Text:
- Date Issued: 2007
Governing information security using organisational information security profiles
- Authors: Tyukala, Mkhululi
- Date: 2007
- Subjects: Data protection , Computer security -- Management , Computer networks -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9788 , http://hdl.handle.net/10948/626 , Data protection , Computer security -- Management , Computer networks -- Security measures
- Description: The corporate scandals of the last few years have changed the face of information security and its governance. Information security has been elevated to the board of director level due to legislation and corporate governance regulations resulting from the scandals. Now boards of directors have corporate responsibility to ensure that the information assets of an organisation are secure. They are forced to embrace information security and make it part of business strategies. The new support from the board of directors gives information security weight and the voice from the top as well as the financial muscle that other business activities experience. However, as an area that is made up of specialist activities, information security may not easily be comprehended at board level like other business related activities. Yet the board of directors needs to provide oversight of information security. That is, put an information security programme in place to ensure that information is adequately protected. This raises a number of challenges. One of the challenges is how can information security be understood and well informed decisions about it be made at the board level? This dissertation provides a mechanism to present information at board level on how information security is implemented according to the vision of the board of directors. This mechanism is built upon well accepted and documented concepts of information security. The mechanism (termed An Organisational Information Security Profile or OISP) will assist organisations with the initialisation, monitoring, measuring, reporting and reviewing of information security programmes. Ultimately, the OISP will make it possible to know if the information security endeavours of the organisation are effective or not. If the information security programme is found to be ineffective, The OISP will facilitate the pointing out of areas that are ineffective and what caused the ineffectiveness. This dissertation also presents how the effectiveness or ineffctiveness of information security can be presented at board level using well known visualisation methods. Finally the contribution, limits and areas that need more investigation are provided.
- Full Text:
- Date Issued: 2007
Improving construction planning through 4D planning
- Authors: Allen, Christopher James
- Date: 2007
- Subjects: Construction industry -- Management , Construction industry -- Computer-aided design
- Language: English
- Type: Thesis , Masters , MSc
- Identifier: vital:9698 , http://hdl.handle.net/10948/467 , http://hdl.handle.net/10948/d1011923 , Construction industry -- Management , Construction industry -- Computer-aided design
- Description: Construction Planning will increasingly play a more critical role within the realm of the Built Environment. Existing practices used to plan and communicate the construction process to be undertaken are failing to deliver the desired results for construction companies and clients alike. At a time of unprecedented growth in the industry around the world, which is leading to a general skills shortage, especially in management positions, construction planners are increasingly being asked to deal with more responsibility. As with other industries, technological improvement in the tools at their disposal is one way to address the inadequacies of the present situation. Increasingly, three dimensional design packages are being used to generate construction information which can then be used for quantities calculations, automated manufacturing processes and construction simulation. The latter forms the basis for their use in the process of planning, through new technologies being developed as virtual construction tools or 4D planning, the addition of time to the 3D model environment, but using the elements within the model as the basis for the construction programme. The benefit of using the design information to form the basis of the programme is that the interface tasks and logistical activities, as well as location related constraints, can be identified and then communicated to all levels within the construction team through a time based visual image. The purpose of this study is therefore to establish a scientifically analysed alternative method for the creation, review and delivery of construction programmes. In order to achieve the research objectives, three methodologies have been employed. Firstly, the literature review in the fields of planning including existing methodologies and previous research of 4D related techniques has been analysed. An overview of the perceived weaknesses to current practises and proposed solution will be explored and best case scenarios outlined and further investigated. Secondly, the 51 Lime Street project provides an environment in which the proposed 4D planning techniques have been implemented and the benefits of the process can, through observation / participation methodology, be validated. Thirdly, through interview questionnaires, with Lime St contractors and management, and e-mail questionnaires to a broader sample stratum, data on the ability of the tools, the techniques employed on 51 Lime Street and similar projects have been collated and statistically analysed to validate the reliability and relevance for future implementation. The result of the research will provide management teams with a practical alternative to existing planning methodologies. Construction planners will have alternative technique that can further enhance their role within the project team whilst increasing their ability to communicate the team’s vision to a wider audience, making them and the project more efficient and effective in the process. It has been proposed that clients insist on the use of 3D from the commencement of the design process so that this information can be passed downstream through the construction process and onto facilities management. Planners need to be able to communicate their requirements better and the 4D planning models provide both a more inclusive way of planning alongside a better communications medium in the form of moving images. A picture tells a thousand words.
- Full Text:
- Date Issued: 2007
Information security awareness: generic content, tools and techniques
- Authors: Mauwa, Hope
- Date: 2007
- Subjects: Computer security , Data protection , Computers -- Safety measures , Information technology -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9733 , http://hdl.handle.net/10948/560 , Computer security , Data protection , Computers -- Safety measures , Information technology -- Security measures
- Description: In today’s computing environment, awareness programmes play a much more important role in organizations’ complete information security programmes. Information security awareness programmes are there to change behaviour or reinforce good security practices, and provide a baseline of security knowledge for all information users. Security awareness is a learning process, which changes individual and organizational attitudes and perceptions so that the importance of security and the adverse consequences of its failure are realized. Therefore, with proper awareness, employees become the most effective layer in an organization’s security defence. With the important role that these awareness programmes play in organizations’ complete information security programmes, it is a must that all organizations that are serious about information security must implement it. But though awareness programmes have become increasing important, the level of awareness in most organizations is still low. It seems that the current approach of developing these programmes does not satisfy the needs of most organizations. Therefore, another approach, which tries to meet the needs of most organizations, is proposed in this project as part of the solution of raising the level of awareness programmes in organizations.
- Full Text:
- Date Issued: 2007
MISSTEV : model for information security shared tacit espoused values
- Authors: Thomson, Kerry-Lynn
- Date: 2007
- Subjects: Computer security -- Management , Management information systems -- Security measures , Data protection
- Language: English
- Type: Thesis , Doctoral , DTech
- Identifier: vital:9787 , http://hdl.handle.net/10948/717 , Computer security -- Management , Management information systems -- Security measures , Data protection
- Description: One of the most critical assets in most organisations is information. It is often described as the lifeblood of an organisation. For this reason, it is vital that this asset is protected through sound information security practices. However, the incorrect and indifferent behaviour of employees often leads to information assets becoming vulnerable. Incorrect employee behaviour could have an extremely negative impact on the protection of information. An information security solution should be a fundamental component in most organisations. It is, however, possible for an organisation to have the most comprehensive physical and technical information security controls in place, but the operational controls, and associated employee behaviour, have not received much consideration. Therefore, the issue of employee behaviour must be addressed in an organisation to assist in ensuring the protection of information assets. The corporate culture of an organisation is largely responsible for the actions and behaviour of employees. Therefore, to address operational information security controls, the corporate culture of an organisation should be considered. To ensure the integration of information security into the corporate culture of an organisation, the protection of information should become part of the way the employees conduct their everyday tasks – from senior management, right throughout the entire organisation. Therefore, information security should become an integral component of the corporate culture of the organisation. To address the integration of information security into the corporate culture of an organisation, a model was developed which depicted the learning stages and modes of knowledge creation necessary to transform the corporate culture into one that is information security aware.
- Full Text:
- Date Issued: 2007
Multi-income level investment in golf estates
- Authors: Ngubeni, Steven Piet
- Date: 2007
- Subjects: Real estate development , Sustainable development -- South Africa , Housing development -- South Africa , Planned communities
- Language: English
- Type: Thesis , Masters , MSc
- Identifier: vital:9694 , http://hdl.handle.net/10948/771 , Real estate development , Sustainable development -- South Africa , Housing development -- South Africa , Planned communities
- Description: The government of South African has stated its intentions to enforce a policy which will compel developers of upmarket residential properties to set aside 20 percent of their upmarket residential developments to accommodate affordable housing. The developers on the other hand, have expressed concerns about this approach. The principal aim of this study and of the research was to investigate the desirability of the concept of multi-income-level investment approach to the development of golf estates. A phenomenological strand of qualitative research method was used in the research. The following formed the focal point of the research: • An investigation into the perceptions of the stakeholders, especially the buyers of up-market properties, about mixed-income-level investments in golf estates. • The potential effect of the implementation of including affordable housing in the development of golf estates • An investigation of the perceived effect on the profitability of investments by the inclusion of affordable housing in golf estate properties. • The extent of the contribution of including affordable housing in golf estate developments to the reduction of the current backlog
- Full Text:
- Date Issued: 2007
The application of quality models and techniques in selected SMMEs in the Eastern Cape
- Authors: Murray, Andrew Thomas
- Date: 2007
- Subjects: Business enterprises -- South Africa -- Eastern Cape , Quality management -- South Africa -- Eastern Cape
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9608 , http://hdl.handle.net/10948/832 , Business enterprises -- South Africa -- Eastern Cape , Quality management -- South Africa -- Eastern Cape
- Description: With the increase of imports from China and more pressure being put on the Small, Medium and Micro enterprises (SMME’s) from their larger customers, survival has become more and more difficult, quality is no longer being a choise but a prerequisite if the companies want to survive. This research evaluates the use of quality and productivity or the lack thereof in selected SMMEs in the Eastern Cape environment from both the SMME and Larger companies’ point of view. The research has focused on the effectiveness and understanding of what has been put in place by the SMMEs, what is available for the SMMEs to use, governmental support, and the requirements of the customers. Certain shortcomings have been highlighted as to the use and benefits of the processes that have been implemented. The researcher made use of both quantitative and qualitative data to determine the outcome of the research. The thesis concludes that the SMME sector knows the importance of the use of quality; it is the effectiveness and management thereof that is the concern.
- Full Text:
- Date Issued: 2007