A cyber security strategy to mitigate cloud computing risks within the investment management sector in Cape Town
- Authors: Monareng, Glacier Jamela
- Date: 2024-04
- Subjects: Cloud computing , Computer security , Computer science
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/64717 , vital:73866
- Description: Adoption of cloud computing has become a transformative force in modern information technology, revolutionizing how organisations procure, manage, and deliver IT resources as well as IT services. This treatise explores the implementation of cloud computing in the investment management sector. It focuses on potential cloud security risks, broader implications for businesses and IT ecosystems, and subsequently the treatise conceptualises a strategy that may help in responding to these security risks. The study began by surveying the motivations behind cloud adoption in the investment sector, emphasising the potential cost savings, scalability, and flexibility cloud services offer. It then delves into the challenges faced during implementation, including security concerns, data privacy, compliance issues, and the intricacies of transitioning legacy systems to cloud environments. In response to these challenges, the treatise outlines strategies for successful cloud implementation within the investment sector, in Cape Town, South Africa. It highlights the significance of selecting appropriate cloud service models (for example, IaaS, PaaS, or SaaS) and deployment options (for example, public, private, hybrid, or multi-cloud) to align with organisational needs and objectives. The study followed a qualitative research study. In collecting data an open-ended online survey was sent to participants. The participants were from an investment company in Cape Town. The study employed the design science research paradigm with the aim of developing an artefact. The methodology used was the Nelson Mandela University-Design Science Strategy Methodology (NMU-DSSM) In conclusion, this treatise conceptualises a strategy that may help companies investing in cloud computing technologies to mitigate cyber security and cloud risks. It recommends practices that underscore cloud computing's transformative potential while acknowledging its complexity and challenges. The strategy may serve as a valuable resource for IT professionals, decision-makers, and organisations embarking on the cloud journey, offering guidance and perspectives to navigate the complexities and to realise the potential benefits of cloud technology. , Thesis (MPhil) -- Faculty of Engineering, the Built Environment and Technology, School of Information Technology, 2024
- Full Text:
- Date Issued: 2024-04
- Authors: Monareng, Glacier Jamela
- Date: 2024-04
- Subjects: Cloud computing , Computer security , Computer science
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/64717 , vital:73866
- Description: Adoption of cloud computing has become a transformative force in modern information technology, revolutionizing how organisations procure, manage, and deliver IT resources as well as IT services. This treatise explores the implementation of cloud computing in the investment management sector. It focuses on potential cloud security risks, broader implications for businesses and IT ecosystems, and subsequently the treatise conceptualises a strategy that may help in responding to these security risks. The study began by surveying the motivations behind cloud adoption in the investment sector, emphasising the potential cost savings, scalability, and flexibility cloud services offer. It then delves into the challenges faced during implementation, including security concerns, data privacy, compliance issues, and the intricacies of transitioning legacy systems to cloud environments. In response to these challenges, the treatise outlines strategies for successful cloud implementation within the investment sector, in Cape Town, South Africa. It highlights the significance of selecting appropriate cloud service models (for example, IaaS, PaaS, or SaaS) and deployment options (for example, public, private, hybrid, or multi-cloud) to align with organisational needs and objectives. The study followed a qualitative research study. In collecting data an open-ended online survey was sent to participants. The participants were from an investment company in Cape Town. The study employed the design science research paradigm with the aim of developing an artefact. The methodology used was the Nelson Mandela University-Design Science Strategy Methodology (NMU-DSSM) In conclusion, this treatise conceptualises a strategy that may help companies investing in cloud computing technologies to mitigate cyber security and cloud risks. It recommends practices that underscore cloud computing's transformative potential while acknowledging its complexity and challenges. The strategy may serve as a valuable resource for IT professionals, decision-makers, and organisations embarking on the cloud journey, offering guidance and perspectives to navigate the complexities and to realise the potential benefits of cloud technology. , Thesis (MPhil) -- Faculty of Engineering, the Built Environment and Technology, School of Information Technology, 2024
- Full Text:
- Date Issued: 2024-04
A strategic approach for handling information security incidents in higher education
- Authors: Khamali, Rethabile
- Date: 2024-04
- Subjects: Computer security -- Management , Computer security , Information resources management , Corporate governance -- South Africa
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/64588 , vital:73769
- Description: Information Security Management System (ISMS) is a set of processes to protect institution information assets and information and to preserve confidentiality, integrity, and availability of institutional information. In the world of computers, it is known that there is no silver bullet when it comes to protecting an IT infrastructure. At some point, an organisation will face a security breach, and how it deals with the information security incident depending on the robustness of its processes and the strategy for handling incidents. In today’s world, information communication and technology (ICT) is integral in automating manual tasks that can take hours and even days to execute. The more institutions depend on technology, the more they become vulnerable to cyber threats. This could result in an institution losing its competitive edge, facing legal issues, loss of reputation, customer confidence and productivity, and lastly, financial loss. Various information security standards, frameworks, and methodologies can be applied to protect information assets. Many of these best practices define the ‘what’ and not the ‘how’ making it even more complex for institutions such as Higher Education to implement ISMS. The study aims is to develop a strategy for handling information security incidents that Higher Education Institutions can follow to improve how incidents, cyber threats and breaches are handled. The primary research objective is addressed through several secondary research objectives, namely, to investigate current strategies that Higher Education Institutions can utilise for the handling of information security incidents, to understand various challenges that Higher Education Institutions encounter when handling information security incidents, to assess the current capacity of relevant personnel in handling information security incidents through semi-structured interviews. A detailed literature review was undertaken to delve into existing various information security standards, frameworks, and methodologies. In addition, an investigation was conducted on ISMS adoption and implementation by institutions and Higher Education Institutions in general and how modern best practices such as ISO2700x, COBIT, ITIL, NIST, etc, relate to ISMS. Furthermore, semi-structured interviews were conducted to determine information security incidents at South African Higher Education Institutions. Expert interviews are utilised to evaluate the proposed strategy and provide input. The literature review findings, together with results obtained from semi-structured and expert interviews, are used to develop a strategy evaluated for its robustness, effectiveness, and suitability for the purpose. The developed strategy can be considered a beneficial tool for Higher Education Institutions in South Africa for handling information security incidents. This study’s findings significantly contribute to ISMS research in Higher Education Institutions in South Africa. In conclusion, findings of the study can be summarized as follows. The first chapter, which is also an introduction, sets out the scene for the entire research study undertaken by first highlighting information technology as an integral part of any business nowadays. Higher education institutions collect, process and store sensitive information of current and prospective students and employees, which might be of value to hackers. An information security management system (ISMS) can minimise damage by ensuring information assets are protected from a wide range of threats and business resilience in case of a breach or an incident. Chapter 2 reviews the existing literature for these frameworks, standards, and methods. In addition, various ISMS challenges and limitations within Higher Education Institutions were explored. The third chapter outlines the research design process and an emphasises that it must be based on real-world or tangible challenges. The fourth chapter presented and discussed results that were obtained from semi-structured interviews. The study’s analysis and findings vividly show that there is a need to implement a strategy to handle information security incidents for South African higher education institutions. The strategic management approach used to formulate a strategy to address the identified real problem is discussed in detail in chapter 5. The strategy is developed based on the information gathered from the literature review and semi-structured interviews. The results of the assessment of the proposed strategy carried out by the experts are presented in Chapter 6.The chapter also includes recommendations made by the experts to improve the proposedstrategy. , Thesis (MPhil) -- Faculty of Engineering, the Built Environment and Technology, School of Information Technology, 2024
- Full Text:
- Date Issued: 2024-04
- Authors: Khamali, Rethabile
- Date: 2024-04
- Subjects: Computer security -- Management , Computer security , Information resources management , Corporate governance -- South Africa
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/64588 , vital:73769
- Description: Information Security Management System (ISMS) is a set of processes to protect institution information assets and information and to preserve confidentiality, integrity, and availability of institutional information. In the world of computers, it is known that there is no silver bullet when it comes to protecting an IT infrastructure. At some point, an organisation will face a security breach, and how it deals with the information security incident depending on the robustness of its processes and the strategy for handling incidents. In today’s world, information communication and technology (ICT) is integral in automating manual tasks that can take hours and even days to execute. The more institutions depend on technology, the more they become vulnerable to cyber threats. This could result in an institution losing its competitive edge, facing legal issues, loss of reputation, customer confidence and productivity, and lastly, financial loss. Various information security standards, frameworks, and methodologies can be applied to protect information assets. Many of these best practices define the ‘what’ and not the ‘how’ making it even more complex for institutions such as Higher Education to implement ISMS. The study aims is to develop a strategy for handling information security incidents that Higher Education Institutions can follow to improve how incidents, cyber threats and breaches are handled. The primary research objective is addressed through several secondary research objectives, namely, to investigate current strategies that Higher Education Institutions can utilise for the handling of information security incidents, to understand various challenges that Higher Education Institutions encounter when handling information security incidents, to assess the current capacity of relevant personnel in handling information security incidents through semi-structured interviews. A detailed literature review was undertaken to delve into existing various information security standards, frameworks, and methodologies. In addition, an investigation was conducted on ISMS adoption and implementation by institutions and Higher Education Institutions in general and how modern best practices such as ISO2700x, COBIT, ITIL, NIST, etc, relate to ISMS. Furthermore, semi-structured interviews were conducted to determine information security incidents at South African Higher Education Institutions. Expert interviews are utilised to evaluate the proposed strategy and provide input. The literature review findings, together with results obtained from semi-structured and expert interviews, are used to develop a strategy evaluated for its robustness, effectiveness, and suitability for the purpose. The developed strategy can be considered a beneficial tool for Higher Education Institutions in South Africa for handling information security incidents. This study’s findings significantly contribute to ISMS research in Higher Education Institutions in South Africa. In conclusion, findings of the study can be summarized as follows. The first chapter, which is also an introduction, sets out the scene for the entire research study undertaken by first highlighting information technology as an integral part of any business nowadays. Higher education institutions collect, process and store sensitive information of current and prospective students and employees, which might be of value to hackers. An information security management system (ISMS) can minimise damage by ensuring information assets are protected from a wide range of threats and business resilience in case of a breach or an incident. Chapter 2 reviews the existing literature for these frameworks, standards, and methods. In addition, various ISMS challenges and limitations within Higher Education Institutions were explored. The third chapter outlines the research design process and an emphasises that it must be based on real-world or tangible challenges. The fourth chapter presented and discussed results that were obtained from semi-structured interviews. The study’s analysis and findings vividly show that there is a need to implement a strategy to handle information security incidents for South African higher education institutions. The strategic management approach used to formulate a strategy to address the identified real problem is discussed in detail in chapter 5. The strategy is developed based on the information gathered from the literature review and semi-structured interviews. The results of the assessment of the proposed strategy carried out by the experts are presented in Chapter 6.The chapter also includes recommendations made by the experts to improve the proposedstrategy. , Thesis (MPhil) -- Faculty of Engineering, the Built Environment and Technology, School of Information Technology, 2024
- Full Text:
- Date Issued: 2024-04
- «
- ‹
- 1
- ›
- »