A model to address factors that could influence the information security behaviour of computing graduates
- Mabece, Thandolwethu, Thomson, Kerry-Lynn
- Authors: Mabece, Thandolwethu , Thomson, Kerry-Lynn
- Date: 2017
- Subjects: Information technology -- Security measures , Computer security , Cyber intelligence (Computer security)
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: http://hdl.handle.net/10948/7355 , vital:21339
- Description: The fact that information is ubiquitous throughout most modern organisations cannot be denied. Information is not merely used as an enabler in modern organisations today, but is also used to gain a competitive advantage over competitors. Thus, information has become one of the most important business assets. It is, therefore, imperative that organisations protect information assets as they would protect other business assets. This is typically achieved through implementing various security measures.Technological and procedural security measures are largely dependent on humans. However, the incorrect behaviour of humans poses a significant threat to the protection of these information assets. Thus, it is vital to understand how human behaviour may impact the protection of information assets. While the focus of much literature is on organisations, the focus of this research is on higher education institutions and the factors of information security, with a specific focus on influencing the information security behaviour of computing graduates. Typically, computing graduates would be employed in organisations in various careers such as software developers, network administrators, database administrators and information systems analysts. Employment in these careers means that they would be closely interacting with information assets and information systems. A real problem, as identified by this research, is that currently, many higher education institutions are not consciously doing enough to positively influence the information security behaviour of their computing graduates. This research presents a model to address various factors that could influence the information security behaviour of computing graduates. The aim of this model is to assist computing educators in influencing computing graduates to adopt more secure behaviour, such as security assurance behaviour. A literature review was conducted to identify the research problem. A number of theories such as the Theory of Planned Behaviour, Protection Motivation Theory and Social Cognitive Theory were identified as being relevant for this research as they provided a theoretical foundation for factors that could influence the information security behaviour of computing graduates. Additionally, a survey was conducted to gather the opinions and perceptions of computing educators relating to information security education in higher education institutions. Results indicated that information security is not pervasively integrated within the higher education institutions surveyed. Furthermore, results revealed that most computing students were perceived to not be behaving in a secure manner with regard to information security. This could negatively influence their information security behaviour as computing graduates employed within organisations. Computing educators therefore require assistance in influencing the information security behaviour of these computing students. The proposed model to provide this assistance was developed through argumentation and modelling.
- Full Text:
- Date Issued: 2017
- Authors: Mabece, Thandolwethu , Thomson, Kerry-Lynn
- Date: 2017
- Subjects: Information technology -- Security measures , Computer security , Cyber intelligence (Computer security)
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: http://hdl.handle.net/10948/7355 , vital:21339
- Description: The fact that information is ubiquitous throughout most modern organisations cannot be denied. Information is not merely used as an enabler in modern organisations today, but is also used to gain a competitive advantage over competitors. Thus, information has become one of the most important business assets. It is, therefore, imperative that organisations protect information assets as they would protect other business assets. This is typically achieved through implementing various security measures.Technological and procedural security measures are largely dependent on humans. However, the incorrect behaviour of humans poses a significant threat to the protection of these information assets. Thus, it is vital to understand how human behaviour may impact the protection of information assets. While the focus of much literature is on organisations, the focus of this research is on higher education institutions and the factors of information security, with a specific focus on influencing the information security behaviour of computing graduates. Typically, computing graduates would be employed in organisations in various careers such as software developers, network administrators, database administrators and information systems analysts. Employment in these careers means that they would be closely interacting with information assets and information systems. A real problem, as identified by this research, is that currently, many higher education institutions are not consciously doing enough to positively influence the information security behaviour of their computing graduates. This research presents a model to address various factors that could influence the information security behaviour of computing graduates. The aim of this model is to assist computing educators in influencing computing graduates to adopt more secure behaviour, such as security assurance behaviour. A literature review was conducted to identify the research problem. A number of theories such as the Theory of Planned Behaviour, Protection Motivation Theory and Social Cognitive Theory were identified as being relevant for this research as they provided a theoretical foundation for factors that could influence the information security behaviour of computing graduates. Additionally, a survey was conducted to gather the opinions and perceptions of computing educators relating to information security education in higher education institutions. Results indicated that information security is not pervasively integrated within the higher education institutions surveyed. Furthermore, results revealed that most computing students were perceived to not be behaving in a secure manner with regard to information security. This could negatively influence their information security behaviour as computing graduates employed within organisations. Computing educators therefore require assistance in influencing the information security behaviour of these computing students. The proposed model to provide this assistance was developed through argumentation and modelling.
- Full Text:
- Date Issued: 2017
Cybersecurity: reducing the attack surface
- Authors: Thomson, Kerry-Lynn
- Subjects: Computer security , Computer networks -- Security measures , f-sa
- Language: English
- Type: Lectures
- Identifier: http://hdl.handle.net/10948/52885 , vital:44319
- Description: Almost 60% of the world’s population has access to the internet and most organisations today rely on internet connectivity to conduct business and carry out daily operations. Further to this, it is estimated that concepts such as the Internet of Things (IoT) will facilitate the connections of over 125 billion ‘things’ by the year 2030. However, as people and devices are becoming more and more interconnected, and more data is being shared, the question that must be asked is – are we doing so securely? Each year, cybercriminals cost organisations and individuals millions of dollars, using techniques such as phishing, social engineering, malware and denial of service attacks. In particular, together with the Covid-19 pandemic, there has been a so-called ‘cybercrime pandemic’. Threat actors adapted their techniques to target people with Covid-19-themed cyberattacks and phishing campaigns to exploit their stress and anxiety during the pandemic. Cybersecurity and cybercrime exist in a symbiotic relationship in cyberspace, where, as cybersecurity gets stronger, so the cybercriminals need to become stronger to overcome those defenses. And, as the cybercriminals become stronger, so too must the defenses. Further, this symbiotic relationship plays out on what is called the attack surface. Attack surfaces are the exposed areas of an organisation that make systems more vulnerable to attacks and, essentially, is all the gaps in an organisation’s security that could be compromised by a threat actor. This attack surface is increased through organisations incorporating things such as IoT technologies, migrating to the cloud and decentralising its workforce, as happened during the pandemic with many people working from home. It is essential that organisations reduce the digital attack surface, and the vulnerabilities introduced through devices connected to the internet, with technical strategies and solutions. However, the focus of cybersecurity is often on the digital attack surface and technical solutions, with less of a focus on the human aspects of cybersecurity. The human attack surface encompasses all the vulnerabilities introduced through the actions and activities of employees. These employees should be given the necessary cybersecurity awareness, training and education to reduce the human attack surface of organisations. However, it is not only employees of organisations who are online. All individuals who interact online should be cybersecurity aware and know how to reduce their own digital and human attack surfaces, or digital footprints. This paper emphasises the importance of utilising people as part of the cybersecurity defense through the cultivation of cybersecurity cultures in organisations and a cybersecurity conscious society.
- Full Text:
- Authors: Thomson, Kerry-Lynn
- Subjects: Computer security , Computer networks -- Security measures , f-sa
- Language: English
- Type: Lectures
- Identifier: http://hdl.handle.net/10948/52885 , vital:44319
- Description: Almost 60% of the world’s population has access to the internet and most organisations today rely on internet connectivity to conduct business and carry out daily operations. Further to this, it is estimated that concepts such as the Internet of Things (IoT) will facilitate the connections of over 125 billion ‘things’ by the year 2030. However, as people and devices are becoming more and more interconnected, and more data is being shared, the question that must be asked is – are we doing so securely? Each year, cybercriminals cost organisations and individuals millions of dollars, using techniques such as phishing, social engineering, malware and denial of service attacks. In particular, together with the Covid-19 pandemic, there has been a so-called ‘cybercrime pandemic’. Threat actors adapted their techniques to target people with Covid-19-themed cyberattacks and phishing campaigns to exploit their stress and anxiety during the pandemic. Cybersecurity and cybercrime exist in a symbiotic relationship in cyberspace, where, as cybersecurity gets stronger, so the cybercriminals need to become stronger to overcome those defenses. And, as the cybercriminals become stronger, so too must the defenses. Further, this symbiotic relationship plays out on what is called the attack surface. Attack surfaces are the exposed areas of an organisation that make systems more vulnerable to attacks and, essentially, is all the gaps in an organisation’s security that could be compromised by a threat actor. This attack surface is increased through organisations incorporating things such as IoT technologies, migrating to the cloud and decentralising its workforce, as happened during the pandemic with many people working from home. It is essential that organisations reduce the digital attack surface, and the vulnerabilities introduced through devices connected to the internet, with technical strategies and solutions. However, the focus of cybersecurity is often on the digital attack surface and technical solutions, with less of a focus on the human aspects of cybersecurity. The human attack surface encompasses all the vulnerabilities introduced through the actions and activities of employees. These employees should be given the necessary cybersecurity awareness, training and education to reduce the human attack surface of organisations. However, it is not only employees of organisations who are online. All individuals who interact online should be cybersecurity aware and know how to reduce their own digital and human attack surfaces, or digital footprints. This paper emphasises the importance of utilising people as part of the cybersecurity defense through the cultivation of cybersecurity cultures in organisations and a cybersecurity conscious society.
- Full Text:
- «
- ‹
- 1
- ›
- »