The role of optimism bias in susceptibility to phishing attacks in a financial services organisation
- Authors: Owen, Morné
- Date: 2023-03-31
- Subjects: Mixed methods research , Phishing , Optimism bias , Information security , Information storage and retrieval systems Financial services industry , Risk perception
- Language: English
- Type: Academic theses , Doctoral theses , text
- Identifier: http://hdl.handle.net/10962/419257 , vital:71629 , DOI 10.21504/10962/419257
- Description: Researchers looking for ways to change the insecure behaviour that results in successful phishing have considered multiple possible reasons for such behaviour. Therefore, the purpose of this study is to understand the role of optimism bias (OB – defined as a cognitive bias), which characterises overly optimistic or unrealistic individuals, in order to ensure secure behaviour. Research is considered that has focused on issues such as personality traits, trust, attitude and information security awareness training (ISAT). We used a mixed methods design to investigate OB behaviour, building on a recontextualised version of the theory of planned behaviour to evaluate the influence that OB has on phishing susceptibility. To model the data, an analysis was performed on 226 survey responses (systematic random sampling method) from the employees of a financial services organisation using partial least squares (PLS) path modelling. To evaluate OB behaviour, we conducted an experiment consisting of three ISAT sessions and three simulated phishing attacks. After each phishing experiment, we conducted interviews to gain a better understanding of why people succumbed to the attacks. It was subsequently found that overly optimistic individuals are inclined to behave insecurely, while factors such as attitude and trust significantly influence the intention to behave securely. Our contribution to practice is to enhance the effectiveness of ISAT by identifying and addressing the OB weakness to deliver a more successful training outcome. Our contribution to theory enriches the Information Systems literature by evaluating the effect of a cognitive bias on phishing susceptibility and, through research, offering a contextual explanation of the resultant behaviour. , Thesis (PhD) -- Faculty of Commerce, Information Systems, 2023 , Navorsers op soek na ‘n antwoord om onveilige gedrag te verander wat lei na uitvissing het verskeie moontlike redes oorweeg vir sulke gedrag. Daarom is die doel van hierdie verhandeling om die rol van optimistiese vooroordeel (OB - gedefinieer as 'n kognitiewe vooroordeel) te verstaan, wat te optimistiese of onrealistiese individue kenmerk om veilige gedrag te verseker. Navorsing was oorweeg wat gefokus het op kwessies soos persoonlikheidseienskappe, vertroue, gesindheid en inligtingsekuriteitsbewustheidsopleiding (ISAT). Die navorser het gemengde metodes gebruik om OB-gedrag te ondersoek. Daar was voortgebou op 'n gerekontekstualiseerde weergawe van die theory of planned behaviour om die invloed wat OB op uitvissing-vatbaarheid het, te evalueer. Om die data te modelleer, is 'n analise gedoen waar 226 opname antwoorde verkry is van 'n finansiële dienste organisasie en is partial least squares (PLS) path modelling gebruik. Om OB-gedrag te evalueer, het ons 'n eksperiment uitgevoer wat bestaan uit drie ISAT-sessies en drie gesimuleerde uitvissing-aanvalle. Na elke uitvissing-eksperiment het ons onderhoude gevoer om 'n beter begrip te kry waarom mense aan die aanvalle geswig het. Te optimistiese individue is geneig om onveilig op te tree, terwyl faktore soos gesindheid en vertroue die voorneme om veilig op te tree, aansienlik beïnvloed het. Die studie se bydrae tot die praktyk is om die doeltreffendheid van ISAT te verbeter deur die OBswakheid te identifiseer en aan te spreek om 'n meer suksesvolle opleidingsuitkoms te lewer. Verder verryk die studie die Inligtingstelsels-literatuur deur die effek van 'n kognitiewe vooroordeel op uitvissing-vatbaarheid te evalueer en deur navorsing bied dit 'n kontekstuele verduideliking van die gevolglike gedrag.
- Full Text:
- Date Issued: 2023-03-31
The role of optimism bias in susceptibility to phishing attacks in a financial services organisation
- Authors: Owen, Morné
- Date: 2023-03-31
- Subjects: Mixed methods research , Phishing , Optimism bias , Information security , Information storage and retrieval systems Financial services industry , Risk perception
- Language: English
- Type: Academic theses , Doctoral theses , text
- Identifier: http://hdl.handle.net/10962/419257 , vital:71629 , DOI 10.21504/10962/419257
- Description: Researchers looking for ways to change the insecure behaviour that results in successful phishing have considered multiple possible reasons for such behaviour. Therefore, the purpose of this study is to understand the role of optimism bias (OB – defined as a cognitive bias), which characterises overly optimistic or unrealistic individuals, in order to ensure secure behaviour. Research is considered that has focused on issues such as personality traits, trust, attitude and information security awareness training (ISAT). We used a mixed methods design to investigate OB behaviour, building on a recontextualised version of the theory of planned behaviour to evaluate the influence that OB has on phishing susceptibility. To model the data, an analysis was performed on 226 survey responses (systematic random sampling method) from the employees of a financial services organisation using partial least squares (PLS) path modelling. To evaluate OB behaviour, we conducted an experiment consisting of three ISAT sessions and three simulated phishing attacks. After each phishing experiment, we conducted interviews to gain a better understanding of why people succumbed to the attacks. It was subsequently found that overly optimistic individuals are inclined to behave insecurely, while factors such as attitude and trust significantly influence the intention to behave securely. Our contribution to practice is to enhance the effectiveness of ISAT by identifying and addressing the OB weakness to deliver a more successful training outcome. Our contribution to theory enriches the Information Systems literature by evaluating the effect of a cognitive bias on phishing susceptibility and, through research, offering a contextual explanation of the resultant behaviour. , Thesis (PhD) -- Faculty of Commerce, Information Systems, 2023 , Navorsers op soek na ‘n antwoord om onveilige gedrag te verander wat lei na uitvissing het verskeie moontlike redes oorweeg vir sulke gedrag. Daarom is die doel van hierdie verhandeling om die rol van optimistiese vooroordeel (OB - gedefinieer as 'n kognitiewe vooroordeel) te verstaan, wat te optimistiese of onrealistiese individue kenmerk om veilige gedrag te verseker. Navorsing was oorweeg wat gefokus het op kwessies soos persoonlikheidseienskappe, vertroue, gesindheid en inligtingsekuriteitsbewustheidsopleiding (ISAT). Die navorser het gemengde metodes gebruik om OB-gedrag te ondersoek. Daar was voortgebou op 'n gerekontekstualiseerde weergawe van die theory of planned behaviour om die invloed wat OB op uitvissing-vatbaarheid het, te evalueer. Om die data te modelleer, is 'n analise gedoen waar 226 opname antwoorde verkry is van 'n finansiële dienste organisasie en is partial least squares (PLS) path modelling gebruik. Om OB-gedrag te evalueer, het ons 'n eksperiment uitgevoer wat bestaan uit drie ISAT-sessies en drie gesimuleerde uitvissing-aanvalle. Na elke uitvissing-eksperiment het ons onderhoude gevoer om 'n beter begrip te kry waarom mense aan die aanvalle geswig het. Te optimistiese individue is geneig om onveilig op te tree, terwyl faktore soos gesindheid en vertroue die voorneme om veilig op te tree, aansienlik beïnvloed het. Die studie se bydrae tot die praktyk is om die doeltreffendheid van ISAT te verbeter deur die OBswakheid te identifiseer en aan te spreek om 'n meer suksesvolle opleidingsuitkoms te lewer. Verder verryk die studie die Inligtingstelsels-literatuur deur die effek van 'n kognitiewe vooroordeel op uitvissing-vatbaarheid te evalueer en deur navorsing bied dit 'n kontekstuele verduideliking van die gevolglike gedrag.
- Full Text:
- Date Issued: 2023-03-31
A personality-based behavioural model: Susceptibility to phishing on social networking sites
- Authors: Frauenstein, Edwin Donald
- Date: 2021-10-29
- Subjects: Phishing , Social networks , Personality , Self-presentation in mass media , Internet fraud , Internet users Habits and behavior , Big Five model , Human information processing , Heuristic-Systematic Model (HSM)
- Language: English
- Type: Doctoral theses , text
- Identifier: http://hdl.handle.net/10962/190306 , vital:44982 , 10.21504/10962/190306
- Description: The worldwide popularity of social networking sites (SNSs) and the technical features they offer users have created many opportunities for malicious individuals to exploit the behavioral tendencies of their users via social engineering tactics. The self-representation and social interactions on SNSs encourage users to reveal their personalities in a way which characterises their behaviour. Frequent engagement on SNSs may also reinforce the performance of certain activities, such as sharing and clicking on links, at a “habitual” level on these sites. Subsequently, this may also influence users to overlook phishing posts and messages on SNSs and thus not apply sufficient cognitive effort in their decision-making. As users do not expect phishing threats on these sites, they may become accustomed to behaving in this manner which may consequently put them at risk of such attacks. Using an online survey, primary data was collected from 215 final-year undergraduate students. Employing structural equation modelling techniques, the associations between the Big Five personality traits, habits and information processing were examined with the aim to identify users susceptible to phishing on SNSs. Moreover, other behavioural factors such as social norms, computer self-efficacy and perceived risk were examined in terms of their influence on phishing susceptibility. The results of the analysis revealed the following key findings: 1) users with the personality traits of extraversion, agreeableness and neuroticism are more likely to perform habitual behaviour, while conscientious users are least likely; 2) users who perform certain behaviours out of habit are directly susceptible to phishing attacks; 3) users who behave out of habit are likely to apply a heuristic mode of processing and are therefore more susceptible to phishing attacks on SNSs than those who apply systematic processing; 4) users with higher computer self-efficacy are less susceptible to phishing; and 5) users who are influenced by social norms are at greater risk of phishing. This study makes a contribution to scholarship and to practice, as it is the first empirical study to investigate, in one comprehensive model, the relationship between personality traits, habit and their effect on information processing which may influence susceptibility to phishing on SNSs. The findings of this study may assist organisations in the customisation of an individual anti-phishing training programme to target specific dispositional factors in vulnerable users. By using a similar instrument to the one used in this study, pre-assessments could determine and classify certain risk profiles that make users vulnerable to phishing attacks. , Thesis (PhD) -- Faculty of Commerce, Information Systems, 2021
- Full Text:
- Date Issued: 2021-10-29
- Authors: Frauenstein, Edwin Donald
- Date: 2021-10-29
- Subjects: Phishing , Social networks , Personality , Self-presentation in mass media , Internet fraud , Internet users Habits and behavior , Big Five model , Human information processing , Heuristic-Systematic Model (HSM)
- Language: English
- Type: Doctoral theses , text
- Identifier: http://hdl.handle.net/10962/190306 , vital:44982 , 10.21504/10962/190306
- Description: The worldwide popularity of social networking sites (SNSs) and the technical features they offer users have created many opportunities for malicious individuals to exploit the behavioral tendencies of their users via social engineering tactics. The self-representation and social interactions on SNSs encourage users to reveal their personalities in a way which characterises their behaviour. Frequent engagement on SNSs may also reinforce the performance of certain activities, such as sharing and clicking on links, at a “habitual” level on these sites. Subsequently, this may also influence users to overlook phishing posts and messages on SNSs and thus not apply sufficient cognitive effort in their decision-making. As users do not expect phishing threats on these sites, they may become accustomed to behaving in this manner which may consequently put them at risk of such attacks. Using an online survey, primary data was collected from 215 final-year undergraduate students. Employing structural equation modelling techniques, the associations between the Big Five personality traits, habits and information processing were examined with the aim to identify users susceptible to phishing on SNSs. Moreover, other behavioural factors such as social norms, computer self-efficacy and perceived risk were examined in terms of their influence on phishing susceptibility. The results of the analysis revealed the following key findings: 1) users with the personality traits of extraversion, agreeableness and neuroticism are more likely to perform habitual behaviour, while conscientious users are least likely; 2) users who perform certain behaviours out of habit are directly susceptible to phishing attacks; 3) users who behave out of habit are likely to apply a heuristic mode of processing and are therefore more susceptible to phishing attacks on SNSs than those who apply systematic processing; 4) users with higher computer self-efficacy are less susceptible to phishing; and 5) users who are influenced by social norms are at greater risk of phishing. This study makes a contribution to scholarship and to practice, as it is the first empirical study to investigate, in one comprehensive model, the relationship between personality traits, habit and their effect on information processing which may influence susceptibility to phishing on SNSs. The findings of this study may assist organisations in the customisation of an individual anti-phishing training programme to target specific dispositional factors in vulnerable users. By using a similar instrument to the one used in this study, pre-assessments could determine and classify certain risk profiles that make users vulnerable to phishing attacks. , Thesis (PhD) -- Faculty of Commerce, Information Systems, 2021
- Full Text:
- Date Issued: 2021-10-29
An online information security Aaareness model: the disclosure of personal data
- Authors: Parker, Heather Joubert
- Date: 2021
- Subjects: Social media -- Psychological aspects , Social media -- Psychological aspects -- South Africa , Human behavior , Disclosure of information -- Psychological aspects -- Case studies , Personal information management -- Psychological aspects -- Case studies , Data protection -- Psychologial aspects -- Case studies
- Language: English
- Type: text , Thesis , Masters , MCom
- Identifier: http://hdl.handle.net/10962/172329 , vital:42189
- Description: Social media has revolutionized the way people send and receive information by creating a new level of interconnected communication. However, the use of the Internet and social media brings about various ways in which a user’s personal data can be put at risk. This study aims to investigate what drives the disclosure of personal information online and whether an increase in awareness of the value of personal information motivates users to safeguard their information. Fourteen university students participated in a mixed-methods experiment, where they completed a questionnaire before and after being shown the data stored about them by online platforms to determine if changes occur in their intention to disclose. Following completing the initial questionnaire, the participant viewed the personal data stored about them by Facebook, Google, and Instagram. Other online tools such as Social Profile Checker, Facebook View As, and HaveIBeenPawned were used to see the information publicly available about each participant. Together these findings were discussed in a semi-structured interview to determine the influence of attitudes, subjective norms, and awareness on the cost-benefit analysis users conduct when disclosing information online. Overall, the findings indicate that users are able to disregard their concerns due to a resigned and apathetic attitude towards privacy. Furthermore, subjective norms enhanced by FOMO further allow users to overlook potential risks to their information in order to avoid social isolation and sanction. Alternatively, an increased awareness of the personal value of information and having experienced a previous privacy violation encourage the protection of information and limited disclosure. Thus, this study provides insight into privacy and information disclosure on social media in South Africa. It reveals more insight into the cost-benefit analysis users conduct by combining the Theory of Planned Behaviour with the Privacy Calculus Model, as well as the antecedent factors of Trust in the Social Media Provider, FOMO, and Personal Valuation of Information.
- Full Text:
- Date Issued: 2021
- Authors: Parker, Heather Joubert
- Date: 2021
- Subjects: Social media -- Psychological aspects , Social media -- Psychological aspects -- South Africa , Human behavior , Disclosure of information -- Psychological aspects -- Case studies , Personal information management -- Psychological aspects -- Case studies , Data protection -- Psychologial aspects -- Case studies
- Language: English
- Type: text , Thesis , Masters , MCom
- Identifier: http://hdl.handle.net/10962/172329 , vital:42189
- Description: Social media has revolutionized the way people send and receive information by creating a new level of interconnected communication. However, the use of the Internet and social media brings about various ways in which a user’s personal data can be put at risk. This study aims to investigate what drives the disclosure of personal information online and whether an increase in awareness of the value of personal information motivates users to safeguard their information. Fourteen university students participated in a mixed-methods experiment, where they completed a questionnaire before and after being shown the data stored about them by online platforms to determine if changes occur in their intention to disclose. Following completing the initial questionnaire, the participant viewed the personal data stored about them by Facebook, Google, and Instagram. Other online tools such as Social Profile Checker, Facebook View As, and HaveIBeenPawned were used to see the information publicly available about each participant. Together these findings were discussed in a semi-structured interview to determine the influence of attitudes, subjective norms, and awareness on the cost-benefit analysis users conduct when disclosing information online. Overall, the findings indicate that users are able to disregard their concerns due to a resigned and apathetic attitude towards privacy. Furthermore, subjective norms enhanced by FOMO further allow users to overlook potential risks to their information in order to avoid social isolation and sanction. Alternatively, an increased awareness of the personal value of information and having experienced a previous privacy violation encourage the protection of information and limited disclosure. Thus, this study provides insight into privacy and information disclosure on social media in South Africa. It reveals more insight into the cost-benefit analysis users conduct by combining the Theory of Planned Behaviour with the Privacy Calculus Model, as well as the antecedent factors of Trust in the Social Media Provider, FOMO, and Personal Valuation of Information.
- Full Text:
- Date Issued: 2021
A personality-based surveillance model for Facebook apps
- Authors: Van der Schyff, Karl Izak
- Date: 2020
- Subjects: Facebook (Electronic resource) , Electronic surveillance -- Psychological aspects , Online social networks -- Psychological aspects , Social media -- Psychological aspects , Personality
- Language: English
- Type: text , Thesis , Doctoral , PhD
- Identifier: http://hdl.handle.net/10962/145534 , vital:38447
- Description: The surveillance of data through the use of Facebook Apps is an ongoing and persistent problem that impacts millions of users. Nonetheless, limited research has been conducted investigating to what extent a Facebook user’s personality influences their awareness of such surveillance practices. Thus, to understand this situation better, the current study inductively developed four propositions from secondary data sources as part of a detailed content analysis. Spanning three search and analysis phases the content analysis led to the development of the research model. Guided by the propositions and research questions, a questionnaire was developed based on the relevant constructs prescribed by the Theory of Planned Behaviour. This questionnaire was used, and a total of 651 responses were collected from Facebook users over the age of 18 years old and residing in the United States of America. Primary data took place at both a univariate and multivariate level with a specific focus on the development of a structural model. Interpretation of the structural model revealed that out of all the Big Five personality traits, Conscientiousness exhibited the strongest relationship with information security awareness followed by Openness to Experience and Neuroticism, respectively. The results further indicated that the model constructs based on attitude, social norms and awareness significantly influenced the intended use of Facebook Apps. The study also contributes by indicating which personality traits are most vulnerable to Facebook App surveillance. For example, it was found that individuals high in Conscientiousness are the least vulnerable with individuals high in Extraversion being the most vulnerable. Since the results indicate that not all the personality traits are significantly related to the model constructs, additional factors may contribute to App surveillance in this context. Concerning this, factors such as user apathy, information privacy, privacy concerns, control and Facebook dependency are discussed as a means to argue why this might be the case.
- Full Text:
- Date Issued: 2020
- Authors: Van der Schyff, Karl Izak
- Date: 2020
- Subjects: Facebook (Electronic resource) , Electronic surveillance -- Psychological aspects , Online social networks -- Psychological aspects , Social media -- Psychological aspects , Personality
- Language: English
- Type: text , Thesis , Doctoral , PhD
- Identifier: http://hdl.handle.net/10962/145534 , vital:38447
- Description: The surveillance of data through the use of Facebook Apps is an ongoing and persistent problem that impacts millions of users. Nonetheless, limited research has been conducted investigating to what extent a Facebook user’s personality influences their awareness of such surveillance practices. Thus, to understand this situation better, the current study inductively developed four propositions from secondary data sources as part of a detailed content analysis. Spanning three search and analysis phases the content analysis led to the development of the research model. Guided by the propositions and research questions, a questionnaire was developed based on the relevant constructs prescribed by the Theory of Planned Behaviour. This questionnaire was used, and a total of 651 responses were collected from Facebook users over the age of 18 years old and residing in the United States of America. Primary data took place at both a univariate and multivariate level with a specific focus on the development of a structural model. Interpretation of the structural model revealed that out of all the Big Five personality traits, Conscientiousness exhibited the strongest relationship with information security awareness followed by Openness to Experience and Neuroticism, respectively. The results further indicated that the model constructs based on attitude, social norms and awareness significantly influenced the intended use of Facebook Apps. The study also contributes by indicating which personality traits are most vulnerable to Facebook App surveillance. For example, it was found that individuals high in Conscientiousness are the least vulnerable with individuals high in Extraversion being the most vulnerable. Since the results indicate that not all the personality traits are significantly related to the model constructs, additional factors may contribute to App surveillance in this context. Concerning this, factors such as user apathy, information privacy, privacy concerns, control and Facebook dependency are discussed as a means to argue why this might be the case.
- Full Text:
- Date Issued: 2020
Passphrase and keystroke dynamics authentication: security and usability
- Authors: Bhana, Bhaveer
- Date: 2020
- Subjects: Computer security -- Management , Computers -- Access control -- Codewords , Computers -- Access control -- Keystroke timing authentication , Entropy (Information theory)
- Language: English
- Type: text , Thesis , Doctoral , PhD
- Identifier: http://hdl.handle.net/10962/146663 , vital:38546
- Description: It was found that employees spend a total 2.25 days within a 60 day period on password related activities. Another study found that over 85 days an average user will create 25 accounts with an average of 6.5 unique passwords. These numbers are expected to increase over time as more systems become available. In addition, the use of 6.5 unique passwords highlight that passwords are being reused which creates security concerns as multiple systems will be accessible by an unauthorised party if one of these passwords is leaked. Current user authentication solutions either increase security or usability. When security increases, usability decreases, or vice versa. To add to this, stringent security protocols encourage unsecure behaviours by the user such as writing the password down on a piece of paper to remember it. It was found that passphrases require less cognitive effort than passwords and because passphrases are stronger than passwords, they don’t need to be changed as frequently as passwords. This study aimed to assess a two-tier user authentication solution that increases security and usability. The proposed solution uses passphrases in conjunction with keystroke dynamics to address this research problem. The design science research approach was used to guide this study. The study’s theoretical foundation includes three theories. The Shannon entropy formula was used to calculate the strength of passwords, passphrases and keystroke dynamics. The chunking theory assisted in assessing password and passphrase memorisation issues and the keystroke-level model was used to assess password and passphrase typing issues. Two primary data collection methods were used to evaluate the findings and to ensure that gaps in the research were filled. A login assessment experiment collected data on user authentication and user-system interaction for passwords and passphrases. Plus, an expert review was conducted to verify findings and assess the research artefact in the form of a model. The model can be used to assist with the implementation of a two-tier user authentication solution which involves passphrases and keystroke dynamics. There are a number of components that need to be considered to realise the benefits of this solution and ensure successful implementation.
- Full Text:
- Date Issued: 2020
- Authors: Bhana, Bhaveer
- Date: 2020
- Subjects: Computer security -- Management , Computers -- Access control -- Codewords , Computers -- Access control -- Keystroke timing authentication , Entropy (Information theory)
- Language: English
- Type: text , Thesis , Doctoral , PhD
- Identifier: http://hdl.handle.net/10962/146663 , vital:38546
- Description: It was found that employees spend a total 2.25 days within a 60 day period on password related activities. Another study found that over 85 days an average user will create 25 accounts with an average of 6.5 unique passwords. These numbers are expected to increase over time as more systems become available. In addition, the use of 6.5 unique passwords highlight that passwords are being reused which creates security concerns as multiple systems will be accessible by an unauthorised party if one of these passwords is leaked. Current user authentication solutions either increase security or usability. When security increases, usability decreases, or vice versa. To add to this, stringent security protocols encourage unsecure behaviours by the user such as writing the password down on a piece of paper to remember it. It was found that passphrases require less cognitive effort than passwords and because passphrases are stronger than passwords, they don’t need to be changed as frequently as passwords. This study aimed to assess a two-tier user authentication solution that increases security and usability. The proposed solution uses passphrases in conjunction with keystroke dynamics to address this research problem. The design science research approach was used to guide this study. The study’s theoretical foundation includes three theories. The Shannon entropy formula was used to calculate the strength of passwords, passphrases and keystroke dynamics. The chunking theory assisted in assessing password and passphrase memorisation issues and the keystroke-level model was used to assess password and passphrase typing issues. Two primary data collection methods were used to evaluate the findings and to ensure that gaps in the research were filled. A login assessment experiment collected data on user authentication and user-system interaction for passwords and passphrases. Plus, an expert review was conducted to verify findings and assess the research artefact in the form of a model. The model can be used to assist with the implementation of a two-tier user authentication solution which involves passphrases and keystroke dynamics. There are a number of components that need to be considered to realise the benefits of this solution and ensure successful implementation.
- Full Text:
- Date Issued: 2020
A model for secure and usable passphrases for multilingual users
- Authors: Maoneke, Pardon Blessings
- Date: 2019
- Subjects: Computers -- Access control -- Passwords Computer security
- Language: English
- Type: Thesis , Doctoral , PhD (Information Systems)
- Identifier: http://hdl.handle.net/10353/12571 , vital:39289
- Description: Research on more than 100 million passwords that have been leaked to the public domain has uncovered various security limitations associated with user-generated short passwords. Long passwords (passphrases) are considered an alternative solution that could provide a balance between security and usability. However, the literature shows a lack of consistency in the security and usability contributions of passphrases. For example, studies that investigated passphrase security focusing on structural dependencies at character level found passphrases to be secure. Inversely, other research findings suggest that passphrase security could be compromised by the use of predictable grammatical rules, popular words in a natural language and keyboard patterns. This is further exacerbated by research on passphrases that is focused on the Global North. This is a huge concern given that results from inter-cultural studies suggest that local languages do influence password structure and to some extent, password usability and security. To address these gaps in the literature, this study used socio-technical theory which emphasised both the social and technical aspects of the phenomenon under study. Psychological studies show that the memory has limited capacity, something that threatens password usability; hence, the need to utilise information that is already known during password generation. Socio-cultural theory suggests that the information that is already known by users is contextually informed, hence sociocultural theory was applied to understand the contextual factors that could be used to enhance passphrase security and usability. With reference to the Southern African context, this study argues that system designers should take advantage of a multilingual user group and encourage the generation of passphrases that are based on substrings from different languages. This study went on to promote the use of multilingual passphrases instead of emphasising multi-character class passwords. This study was guided by design science research. Participants were invited to take part in a short password and multilingual passphrase generation and recall experiment that was made available using a web-based application. These passwords were generated by participants under pre-specified conditions. Quantitative and qualitative data was gathered. The study findings showed the use of both African and Indo-European languages in multilingual passphrases and short passwords. English oriented passwords and substrings dominated the multilingual passphrase and short password corpora. In addition, some of the short passwords and substrings in the multilingual passphrase corpora were found among the most common passwords of 2016, 2017 and 2018. Usability tests showed that multilingual passphrases are usable, even though they were not easy to create and recall when compared to short passwords. A high rate of password reuse during short password generation by participants might have worked in favour of short passwords. Nonetheless, participants appear to reflect better usability with multilingual passphrases over time due to repeated use. Females struggled to recall short passwords and multilingual passphrases when compared to their male counterparts. Security tests using the Probabilistic Context-Free Grammar suggest that short passwords are weaker, with just more than 50% of the short passwords being guessed, while none 4 Final Submission of Thesis, Dissertation or Research Report/Project, Conference or Exam Paper of the multilingual passphrases were guessed. Further analysis showed that short passwords that were oriented towards an IndoEuropean language were more easily guessed than African language-oriented short passwords. As such, this study encourages orienting passwords towards African languages while the use of multilingual passphrases is expected to offer more security. The use of African languages and multilingual passphrases by a user group that is biased towards English-oriented passwords could enhance security by increasing the search space.
- Full Text:
- Date Issued: 2019
- Authors: Maoneke, Pardon Blessings
- Date: 2019
- Subjects: Computers -- Access control -- Passwords Computer security
- Language: English
- Type: Thesis , Doctoral , PhD (Information Systems)
- Identifier: http://hdl.handle.net/10353/12571 , vital:39289
- Description: Research on more than 100 million passwords that have been leaked to the public domain has uncovered various security limitations associated with user-generated short passwords. Long passwords (passphrases) are considered an alternative solution that could provide a balance between security and usability. However, the literature shows a lack of consistency in the security and usability contributions of passphrases. For example, studies that investigated passphrase security focusing on structural dependencies at character level found passphrases to be secure. Inversely, other research findings suggest that passphrase security could be compromised by the use of predictable grammatical rules, popular words in a natural language and keyboard patterns. This is further exacerbated by research on passphrases that is focused on the Global North. This is a huge concern given that results from inter-cultural studies suggest that local languages do influence password structure and to some extent, password usability and security. To address these gaps in the literature, this study used socio-technical theory which emphasised both the social and technical aspects of the phenomenon under study. Psychological studies show that the memory has limited capacity, something that threatens password usability; hence, the need to utilise information that is already known during password generation. Socio-cultural theory suggests that the information that is already known by users is contextually informed, hence sociocultural theory was applied to understand the contextual factors that could be used to enhance passphrase security and usability. With reference to the Southern African context, this study argues that system designers should take advantage of a multilingual user group and encourage the generation of passphrases that are based on substrings from different languages. This study went on to promote the use of multilingual passphrases instead of emphasising multi-character class passwords. This study was guided by design science research. Participants were invited to take part in a short password and multilingual passphrase generation and recall experiment that was made available using a web-based application. These passwords were generated by participants under pre-specified conditions. Quantitative and qualitative data was gathered. The study findings showed the use of both African and Indo-European languages in multilingual passphrases and short passwords. English oriented passwords and substrings dominated the multilingual passphrase and short password corpora. In addition, some of the short passwords and substrings in the multilingual passphrase corpora were found among the most common passwords of 2016, 2017 and 2018. Usability tests showed that multilingual passphrases are usable, even though they were not easy to create and recall when compared to short passwords. A high rate of password reuse during short password generation by participants might have worked in favour of short passwords. Nonetheless, participants appear to reflect better usability with multilingual passphrases over time due to repeated use. Females struggled to recall short passwords and multilingual passphrases when compared to their male counterparts. Security tests using the Probabilistic Context-Free Grammar suggest that short passwords are weaker, with just more than 50% of the short passwords being guessed, while none 4 Final Submission of Thesis, Dissertation or Research Report/Project, Conference or Exam Paper of the multilingual passphrases were guessed. Further analysis showed that short passwords that were oriented towards an IndoEuropean language were more easily guessed than African language-oriented short passwords. As such, this study encourages orienting passwords towards African languages while the use of multilingual passphrases is expected to offer more security. The use of African languages and multilingual passphrases by a user group that is biased towards English-oriented passwords could enhance security by increasing the search space.
- Full Text:
- Date Issued: 2019
An access control model for a South African National Electronic Health Record System
- Authors: Tsegaye, Tamir Asrat
- Date: 2019
- Subjects: Medical records -- Data processing , Medical records -- Data processing -- Safety measures , Medical records -- Data processing -- South Africa , Medical records -- Data processing -- Access control , Medical informatics , Medical records -- Management -- South Africa , Health services administration -- South Africa
- Language: English
- Type: text , Thesis , Masters , MCom
- Identifier: http://hdl.handle.net/10962/97046 , vital:31390
- Description: Countries such as South Africa have attempted to leverage eHealth by digitising patients’ medical records with the ultimate goal of improving the delivery of healthcare. This involves the use of the Electronic Health Record (EHR) which is a longitudinal electronic record of a patient’s information. The EHR is comprised of all of the encounters that have been made at different health facilities. In the national context, the EHR is also known as a national EHR which enables the sharing of patient information between points of care. Despite this, the realisation of a national EHR system puts patients' EHRs at risk. This is because patients’ information, which was once only available at local health facilities in the form of paper-based records, can be accessed anywhere within the country as a national EHR. This results in security and privacy issues since patients’ EHRs are shared with an increasing number of parties who are geographically distributed. This study proposes an access control model that will address the security and privacy issues by providing the right level of secure access to authorised clinicians. The proposed model is based on a combination of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). The study found that RBAC is the most common access control model that is used within the healthcare domain where users’ job functions are based on roles. While RBAC is not able to handle dynamic events such as emergencies, the proposed model’s use of ABAC addresses this limitation. The development of the proposed model followed the design science research paradigm and was informed by the results of the content analysis plus an expert review. The content analysis sample was retrieved by conducting a systematic literature review and the analysis of this sample resulted in 6743 tags. The proposed model was evaluated using an evaluation framework via an expert review.
- Full Text:
- Date Issued: 2019
- Authors: Tsegaye, Tamir Asrat
- Date: 2019
- Subjects: Medical records -- Data processing , Medical records -- Data processing -- Safety measures , Medical records -- Data processing -- South Africa , Medical records -- Data processing -- Access control , Medical informatics , Medical records -- Management -- South Africa , Health services administration -- South Africa
- Language: English
- Type: text , Thesis , Masters , MCom
- Identifier: http://hdl.handle.net/10962/97046 , vital:31390
- Description: Countries such as South Africa have attempted to leverage eHealth by digitising patients’ medical records with the ultimate goal of improving the delivery of healthcare. This involves the use of the Electronic Health Record (EHR) which is a longitudinal electronic record of a patient’s information. The EHR is comprised of all of the encounters that have been made at different health facilities. In the national context, the EHR is also known as a national EHR which enables the sharing of patient information between points of care. Despite this, the realisation of a national EHR system puts patients' EHRs at risk. This is because patients’ information, which was once only available at local health facilities in the form of paper-based records, can be accessed anywhere within the country as a national EHR. This results in security and privacy issues since patients’ EHRs are shared with an increasing number of parties who are geographically distributed. This study proposes an access control model that will address the security and privacy issues by providing the right level of secure access to authorised clinicians. The proposed model is based on a combination of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). The study found that RBAC is the most common access control model that is used within the healthcare domain where users’ job functions are based on roles. While RBAC is not able to handle dynamic events such as emergencies, the proposed model’s use of ABAC addresses this limitation. The development of the proposed model followed the design science research paradigm and was informed by the results of the content analysis plus an expert review. The content analysis sample was retrieved by conducting a systematic literature review and the analysis of this sample resulted in 6743 tags. The proposed model was evaluated using an evaluation framework via an expert review.
- Full Text:
- Date Issued: 2019
A bring your own device information security behavioural model
- Authors: Musarurwa, Alfred
- Date: 2017
- Subjects: Data protection Computer security -- Management Privacy, Right of
- Language: English
- Type: Thesis , Doctoral , PhD
- Identifier: http://hdl.handle.net/10353/8587 , vital:33166
- Description: The Bring Your Own Device (BYOD) phenomenon has become prevalent in the modern-day workplace, including the banking industry. Employees who own devices have become the unintended administrators of the organisation’s information as their mobile devices often carry information belonging to the organisation. The unintended administrator is not necessarily schooled or aware of the information security risks and challenges that are associated with the BYOD. This inadvertently shifts the management of organisational information security from the information technology (IT) administrator to the unintended administrator. This shift leaves the organisation at risk of information security breaches that can permeate the organisation, which result from the behaviour that the unintended administrator displays when operating the mobile device. This study introduces the BYOD Information Security Behavioural (BISB) model. The model constructs are a combination of individual and organisational traits of the unintended administrator. The purpose of this study is to mitigate the risks posed by the unintended administrator in organisations through the implementation this model. The risk that the unintended administrator poses in relation to the BYOD phenomenon results in chief information officers (CIOs) being unable to totally control these mobile devices. Traditional endpoint information security management tools and methods can no longer secure devices in the BYOD the way they can in the traditional network where they are confined to the organisation’s IT administrator. This results in the organisation’s information security becoming the responsibility of the unintended administrator. This study was conducted in the banking sector in Zimbabwe. It is noteworthy that the BYOD phenomenon has become prevalent in the banking sector among other organisational sectors like education, health or even government departments. Information security is also an important component of the banks as such and a choice was made to conduct the study in the banking industry. The design science research paradigm was followed in this study and included a survey of 270 bank employees in Zimbabwe, which received 170 complete responses. A literature review on both employee behaviour and organisational culture was conducted, followed by a case study of a commercial bank in Zimbabwe. The literature review culminated in traits that were then classified as individual traits and organisational traits. Six constructs –, knowledge, attitude, habit, environment, governance and training – were identified from the literature and combined to form the BYOD information security behavioural (BISB) model. Statistical calculations were conducted on the survey results which informed the reliability, validity and rigour of the model constructs. An expert review including industry experts was conducted to evaluate the BISB model. This study concludes by recommending that organisations in Zimbabwe should make use of the BISB model to mitigate the information security risks that are posed by the unintended administrator. While there are technical solutions for managing the information security risks that come with the BYOD, this study points out that without harnessing the individual and organisational traits that make up the BYOD information security behavioural model for the unintended administrator, technical solutions alone will not be effective.
- Full Text:
- Date Issued: 2017
- Authors: Musarurwa, Alfred
- Date: 2017
- Subjects: Data protection Computer security -- Management Privacy, Right of
- Language: English
- Type: Thesis , Doctoral , PhD
- Identifier: http://hdl.handle.net/10353/8587 , vital:33166
- Description: The Bring Your Own Device (BYOD) phenomenon has become prevalent in the modern-day workplace, including the banking industry. Employees who own devices have become the unintended administrators of the organisation’s information as their mobile devices often carry information belonging to the organisation. The unintended administrator is not necessarily schooled or aware of the information security risks and challenges that are associated with the BYOD. This inadvertently shifts the management of organisational information security from the information technology (IT) administrator to the unintended administrator. This shift leaves the organisation at risk of information security breaches that can permeate the organisation, which result from the behaviour that the unintended administrator displays when operating the mobile device. This study introduces the BYOD Information Security Behavioural (BISB) model. The model constructs are a combination of individual and organisational traits of the unintended administrator. The purpose of this study is to mitigate the risks posed by the unintended administrator in organisations through the implementation this model. The risk that the unintended administrator poses in relation to the BYOD phenomenon results in chief information officers (CIOs) being unable to totally control these mobile devices. Traditional endpoint information security management tools and methods can no longer secure devices in the BYOD the way they can in the traditional network where they are confined to the organisation’s IT administrator. This results in the organisation’s information security becoming the responsibility of the unintended administrator. This study was conducted in the banking sector in Zimbabwe. It is noteworthy that the BYOD phenomenon has become prevalent in the banking sector among other organisational sectors like education, health or even government departments. Information security is also an important component of the banks as such and a choice was made to conduct the study in the banking industry. The design science research paradigm was followed in this study and included a survey of 270 bank employees in Zimbabwe, which received 170 complete responses. A literature review on both employee behaviour and organisational culture was conducted, followed by a case study of a commercial bank in Zimbabwe. The literature review culminated in traits that were then classified as individual traits and organisational traits. Six constructs –, knowledge, attitude, habit, environment, governance and training – were identified from the literature and combined to form the BYOD information security behavioural (BISB) model. Statistical calculations were conducted on the survey results which informed the reliability, validity and rigour of the model constructs. An expert review including industry experts was conducted to evaluate the BISB model. This study concludes by recommending that organisations in Zimbabwe should make use of the BISB model to mitigate the information security risks that are posed by the unintended administrator. While there are technical solutions for managing the information security risks that come with the BYOD, this study points out that without harnessing the individual and organisational traits that make up the BYOD information security behavioural model for the unintended administrator, technical solutions alone will not be effective.
- Full Text:
- Date Issued: 2017
Text data analysis for a smart city project in a developing nation
- Authors: Currin, Aubrey Jason
- Date: 2015
- Subjects: Natural language processing (Computer science) Human computation Human-computer interaction
- Language: English
- Type: Thesis , Masters , MCom
- Identifier: http://hdl.handle.net/10353/2227 , vital:27709
- Description: Increased urbanisation against the backdrop of limited resources is complicating city planning and management of functions including public safety. The smart city concept can help, but most previous smart city systems have focused on utilising automated sensors and analysing quantitative data. In developing nations, using the ubiquitous mobile phone as an enabler for crowdsourcing of qualitative public safety reports, from the public, is a more viable option due to limited resources and infrastructure limitations. However, there is no specific best method for the analysis of qualitative text reports for a smart city in a developing nation. The aim of this study, therefore, is the development of a model for enabling the analysis of unstructured natural language text for use in a public safety smart city project. Following the guidelines of the design science paradigm, the resulting model was developed through the inductive review of related literature, assessed and refined by observations of a crowdsourcing prototype and conversational analysis with industry experts and academics. The content analysis technique was applied to the public safety reports obtained from the prototype via computer assisted qualitative data analysis software. This has resulted in the development of a hierarchical ontology which forms an additional output of this research project. Thus, this study has shown how municipalities or local government can use CAQDAS and content analysis techniques to prepare large quantities of text data for use in a smart city.
- Full Text:
- Date Issued: 2015
- Authors: Currin, Aubrey Jason
- Date: 2015
- Subjects: Natural language processing (Computer science) Human computation Human-computer interaction
- Language: English
- Type: Thesis , Masters , MCom
- Identifier: http://hdl.handle.net/10353/2227 , vital:27709
- Description: Increased urbanisation against the backdrop of limited resources is complicating city planning and management of functions including public safety. The smart city concept can help, but most previous smart city systems have focused on utilising automated sensors and analysing quantitative data. In developing nations, using the ubiquitous mobile phone as an enabler for crowdsourcing of qualitative public safety reports, from the public, is a more viable option due to limited resources and infrastructure limitations. However, there is no specific best method for the analysis of qualitative text reports for a smart city in a developing nation. The aim of this study, therefore, is the development of a model for enabling the analysis of unstructured natural language text for use in a public safety smart city project. Following the guidelines of the design science paradigm, the resulting model was developed through the inductive review of related literature, assessed and refined by observations of a crowdsourcing prototype and conversational analysis with industry experts and academics. The content analysis technique was applied to the public safety reports obtained from the prototype via computer assisted qualitative data analysis software. This has resulted in the development of a hierarchical ontology which forms an additional output of this research project. Thus, this study has shown how municipalities or local government can use CAQDAS and content analysis techniques to prepare large quantities of text data for use in a smart city.
- Full Text:
- Date Issued: 2015
A process maturity framework of information security policy development life cycle
- Authors: Tuyikeze, Tite
- Date: 2014-12
- Subjects: Computer security , Information technology , Computer crimes
- Language: English
- Type: Doctoral theses , text
- Identifier: http://hdl.handle.net/10353/26797 , vital:66010
- Description: Information security policy development involves more than policy formulation and implementation. Unless organisations explicitly recognise the various steps required in the development of a security policy, they run the risk of developing policies that are poorly thought out, incomplete, redundant and, irrelevant and which will not be fully supported by the users. This study argues that an information security policy has an entire life cycle through which it must pass through during its useful lifetime. A content analysis on information security policy development methods was conducted using secondary sources in the relevant literature. The outcome of the content analysis resulted in the proposal of a framework of information security policy development and implementation. The proposed framework outlines the various steps required in the development, implementation and enforcement of an effective information security policy. A survey of 400 security professionals was conducted in order to evaluate the concepts contained in the framework.This study also emphasises the importance of integrating a security maturity assessment process into the information security policy development life cycle. A key finding of this study is the proposed maturity assessment framework which offers a structured methodology for evaluating the maturity level of an information security policy. The framework presents an integrated and holistic approach to ensure the incremental process maturity of the organisation’s information security policy development process. In addition, organisations using the proposed framework will be able both to determine the current maturity levels of their information security policy development process and also to plan enhancements in the correct sequence. , Thesis (PhD) -- Faculty of Management and Commerce, 2014
- Full Text:
- Date Issued: 2014-12
- Authors: Tuyikeze, Tite
- Date: 2014-12
- Subjects: Computer security , Information technology , Computer crimes
- Language: English
- Type: Doctoral theses , text
- Identifier: http://hdl.handle.net/10353/26797 , vital:66010
- Description: Information security policy development involves more than policy formulation and implementation. Unless organisations explicitly recognise the various steps required in the development of a security policy, they run the risk of developing policies that are poorly thought out, incomplete, redundant and, irrelevant and which will not be fully supported by the users. This study argues that an information security policy has an entire life cycle through which it must pass through during its useful lifetime. A content analysis on information security policy development methods was conducted using secondary sources in the relevant literature. The outcome of the content analysis resulted in the proposal of a framework of information security policy development and implementation. The proposed framework outlines the various steps required in the development, implementation and enforcement of an effective information security policy. A survey of 400 security professionals was conducted in order to evaluate the concepts contained in the framework.This study also emphasises the importance of integrating a security maturity assessment process into the information security policy development life cycle. A key finding of this study is the proposed maturity assessment framework which offers a structured methodology for evaluating the maturity level of an information security policy. The framework presents an integrated and holistic approach to ensure the incremental process maturity of the organisation’s information security policy development process. In addition, organisations using the proposed framework will be able both to determine the current maturity levels of their information security policy development process and also to plan enhancements in the correct sequence. , Thesis (PhD) -- Faculty of Management and Commerce, 2014
- Full Text:
- Date Issued: 2014-12
Ensuring high quality public safety data in participatory crowdsourcing used as a smart city initiative
- Authors: Bhana, Bhaveer
- Date: 2013
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11141 , http://hdl.handle.net/10353/d1014673
- Description: The increase in urbanisation is making the management of city resources a difficult task. Data collected through observations of the city surroundings can be used to improve decision-making in terms of manage city resources. However, the data collected must be of quality in order to ensure that effective and efficient decisions are made. This study is focused on improving emergency and non-emergency services (city resources) by using Participatory Crowdsourcing as a data collection method (collect public safety data) utilising voice technology in the form of an advanced IVR system known as the Spoken Web. The study illustrates how Participatory Crowdsourcing can be used as a Smart City initiative by illustrating what is required to contribute to the Smart City, and developing a roadmap in the form of a model to assist decision-making when selecting the optimal Crowdsourcing initiative. A Public Safety Data Quality criteria was also developed to assess and identify the problems affecting Data Quality. This study is guided by the Design Science methodology and utilises two driving theories: the characteristics of a Smart City, and Wang and Strong’s (1996) Data Quality Framework. Five Critical Success Factors were developed to ensure high quality public safety data is collected through Participatory Crowdsourcing utilising voice technologies. These Critical Success Factors include: Relevant Public Safety Data, Public Safety Reporting Instructions, Public Safety Data Interpretation and Presentation Format, Public Safety Data Integrity and Security, and Simple Participatory Crowdsourcing System Setup.
- Full Text:
- Date Issued: 2013
- Authors: Bhana, Bhaveer
- Date: 2013
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11141 , http://hdl.handle.net/10353/d1014673
- Description: The increase in urbanisation is making the management of city resources a difficult task. Data collected through observations of the city surroundings can be used to improve decision-making in terms of manage city resources. However, the data collected must be of quality in order to ensure that effective and efficient decisions are made. This study is focused on improving emergency and non-emergency services (city resources) by using Participatory Crowdsourcing as a data collection method (collect public safety data) utilising voice technology in the form of an advanced IVR system known as the Spoken Web. The study illustrates how Participatory Crowdsourcing can be used as a Smart City initiative by illustrating what is required to contribute to the Smart City, and developing a roadmap in the form of a model to assist decision-making when selecting the optimal Crowdsourcing initiative. A Public Safety Data Quality criteria was also developed to assess and identify the problems affecting Data Quality. This study is guided by the Design Science methodology and utilises two driving theories: the characteristics of a Smart City, and Wang and Strong’s (1996) Data Quality Framework. Five Critical Success Factors were developed to ensure high quality public safety data is collected through Participatory Crowdsourcing utilising voice technologies. These Critical Success Factors include: Relevant Public Safety Data, Public Safety Reporting Instructions, Public Safety Data Interpretation and Presentation Format, Public Safety Data Integrity and Security, and Simple Participatory Crowdsourcing System Setup.
- Full Text:
- Date Issued: 2013
A model for enhancing trust in South African automotive supply chains through information technology
- Authors: Piderit, Roxanne
- Date: 2012
- Subjects: Automobile supplies industry -- South Africa , Automobiles -- Technological innovations , Business logistics -- South Africa
- Language: English
- Type: Thesis , Doctoral , DPhil
- Identifier: vital:9793 , http://hdl.handle.net/10948/d1011851 , Automobile supplies industry -- South Africa , Automobiles -- Technological innovations , Business logistics -- South Africa
- Description: The South African automotive industry is recognised as an important sector for the economy and has thus been prioritised by the South African government. The success of the automotive manufacturers depends on the efficiency and effectiveness of their supply chain. Due to the large number of suppliers involved in these supply chains, enhancing trust in the inter-organisational relationships can ensure the competitiveness of the supply chain. Additionally, insufficient trust can disrupt information sharing between supply chain partners which further impacts on supply chain operations and hence supply chain competitiveness. Thus, both insufficient trust and insufficient information sharing are viewed as contributing factors to the inefficiency and ineffectiveness of a supply chain’s operations. The use of Information Technology to facilitate inter-organisational relationships, in particular in terms of improving information sharing, is an important consideration in this research project. As in the Prisoner’s Dilemma, when supply chain members share information freely, trust levels are increased, hence supply chain effectiveness and efficiency is achieved and therefore the competitiveness of the supply chain is optimised. This study addresses the problem of enhancing trust in automotive supply chains using Information Technology. Previous studies have recognised the importance of trust and information sharing in supply chain relationships. These previous studies have also considered the effect of trust on information sharing, or the effect of information sharing on trust in a single direction. Thus, to address this research problem, a cyclical relationship between trust and information sharing is proposed. In this respect, Information Technology should be used to nurture this cyclical relationship between trust and information sharing. A model for the enhancement of trust in automotive supply chains through Information Technology is proposed to achieve the objectives of this research project. This model includes risk perception; information sharing as a means of enhancing trust; a trust area that consists of both supply chain partner trustworthiness and system trust; the resultant trusting behaviour; and the resultant improved information sharing. As this study is concerned with the use of IT to enhance trust, the inclusion of system trust as a component of the model is a significant contribution of this study which is complementary to the proposed cyclical relationship between trust and information sharing.
- Full Text:
- Date Issued: 2012
A model for enhancing trust in South African automotive supply chains through information technology
- Authors: Piderit, Roxanne
- Date: 2012
- Subjects: Automobile supplies industry -- South Africa , Automobiles -- Technological innovations , Business logistics -- South Africa
- Language: English
- Type: Thesis , Doctoral , DPhil
- Identifier: vital:9793 , http://hdl.handle.net/10948/d1011851 , Automobile supplies industry -- South Africa , Automobiles -- Technological innovations , Business logistics -- South Africa
- Description: The South African automotive industry is recognised as an important sector for the economy and has thus been prioritised by the South African government. The success of the automotive manufacturers depends on the efficiency and effectiveness of their supply chain. Due to the large number of suppliers involved in these supply chains, enhancing trust in the inter-organisational relationships can ensure the competitiveness of the supply chain. Additionally, insufficient trust can disrupt information sharing between supply chain partners which further impacts on supply chain operations and hence supply chain competitiveness. Thus, both insufficient trust and insufficient information sharing are viewed as contributing factors to the inefficiency and ineffectiveness of a supply chain’s operations. The use of Information Technology to facilitate inter-organisational relationships, in particular in terms of improving information sharing, is an important consideration in this research project. As in the Prisoner’s Dilemma, when supply chain members share information freely, trust levels are increased, hence supply chain effectiveness and efficiency is achieved and therefore the competitiveness of the supply chain is optimised. This study addresses the problem of enhancing trust in automotive supply chains using Information Technology. Previous studies have recognised the importance of trust and information sharing in supply chain relationships. These previous studies have also considered the effect of trust on information sharing, or the effect of information sharing on trust in a single direction. Thus, to address this research problem, a cyclical relationship between trust and information sharing is proposed. In this respect, Information Technology should be used to nurture this cyclical relationship between trust and information sharing. A model for the enhancement of trust in automotive supply chains through Information Technology is proposed to achieve the objectives of this research project. This model includes risk perception; information sharing as a means of enhancing trust; a trust area that consists of both supply chain partner trustworthiness and system trust; the resultant trusting behaviour; and the resultant improved information sharing. As this study is concerned with the use of IT to enhance trust, the inclusion of system trust as a component of the model is a significant contribution of this study which is complementary to the proposed cyclical relationship between trust and information sharing.
- Full Text:
- Date Issued: 2012
Impact of information and communication technology (ICT) on trust and information sharing in South African automotive supply chains
- Authors: Goche, Chiedza
- Date: 2012
- Subjects: Business logistics -- South Africa , Automobile industry and trade -- South Africa , Interorganizational relations -- South Africa , Trust -- South Africa , Information technology -- South Africa , Prisoner's dilemma game
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: http://hdl.handle.net/10353/668 , vital:26486 , Business logistics -- South Africa , Automobile industry and trade -- South Africa , Interorganizational relations -- South Africa , Trust -- South Africa , Information technology -- South Africa , Prisoner's dilemma game
- Description: The Internet has made a considerable impact on how business is conducted. Empowered by technology consumers are using the Internet as a tool to communicate and transact online. E-commerce (electronic commerce) presents opportunities for business to gain a competitive advantage, however it also posses certain challenges. Small and Medium Hospitality Enterprises (SMHEs) sector within the tourism industry, is one of the sectors which stands to benefit from using the Internet for business. Researchers agree that the contribution made by the tourism sector in developing economies is substantial. However, SMHEs are noted for their failure to derive optimal benefits from using the Internet for business to improve their competitiveness. This study which seeks to develop a model for use by SMHEs as a guide when making the decision to adopt technology was necessitated by the importance of SMHE’s contribution in the economy of developing countries. This model is based on the examination of existing theories and models such as; the Delone and McLean IS success model (2004), and the ITGI’s (2007) IT governance focus areas model. To elicit the desired outcomes, additional data was collected using questionnaires, interviews, and observations. The collected data was analysed and resulted in the development of a model that can be used by SMHEs in order to derive value from IT and to gain a competitive advantage.
- Full Text:
- Date Issued: 2012
- Authors: Goche, Chiedza
- Date: 2012
- Subjects: Business logistics -- South Africa , Automobile industry and trade -- South Africa , Interorganizational relations -- South Africa , Trust -- South Africa , Information technology -- South Africa , Prisoner's dilemma game
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: http://hdl.handle.net/10353/668 , vital:26486 , Business logistics -- South Africa , Automobile industry and trade -- South Africa , Interorganizational relations -- South Africa , Trust -- South Africa , Information technology -- South Africa , Prisoner's dilemma game
- Description: The Internet has made a considerable impact on how business is conducted. Empowered by technology consumers are using the Internet as a tool to communicate and transact online. E-commerce (electronic commerce) presents opportunities for business to gain a competitive advantage, however it also posses certain challenges. Small and Medium Hospitality Enterprises (SMHEs) sector within the tourism industry, is one of the sectors which stands to benefit from using the Internet for business. Researchers agree that the contribution made by the tourism sector in developing economies is substantial. However, SMHEs are noted for their failure to derive optimal benefits from using the Internet for business to improve their competitiveness. This study which seeks to develop a model for use by SMHEs as a guide when making the decision to adopt technology was necessitated by the importance of SMHE’s contribution in the economy of developing countries. This model is based on the examination of existing theories and models such as; the Delone and McLean IS success model (2004), and the ITGI’s (2007) IT governance focus areas model. To elicit the desired outcomes, additional data was collected using questionnaires, interviews, and observations. The collected data was analysed and resulted in the development of a model that can be used by SMHEs in order to derive value from IT and to gain a competitive advantage.
- Full Text:
- Date Issued: 2012
Adoption and sustained use of M-Commerce to improve efficacy of construction SMMEs
- Authors: Williams, Zenande
- Date: 2011
- Subjects: Construction industry , Mobile commerce , Small business , Computer-assisted instruction , Interactive videos
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11125 , http://hdl.handle.net/10353/528 , Construction industry , Mobile commerce , Small business , Computer-assisted instruction , Interactive videos
- Description: E-commerce has been said to bring value to businesses by improving business efficiency and effectiveness and thus providing business with a competitive advantage through the potential benefits that it offers (Cloete, Courtney & Fintz, 2002). However, despite the potential benefits that e-commerce can offer, the adoption of B2C e-commerce in South African construction SMMEs is low and this is due to the challenges associated with e-commerce (Vaithanathan, 2010; Uzoka, Shemi & Seleka, 2007; Love & Irani, 2004; Anumba & Ruikar, 2002). These e-commerce challenges include: high implementation costs, lack or poor infrastructure, inadequate resources, low use of e-commerce by suppliers and consumers, lack of access to e-commerce, computer illiteracy, deficiency in understanding the potential benefits of e-commerce and security concerns (Vaithanathan, 2010; Uzoka, Shemi, & Seleka, 2007; Mensah, Bahta, & Mhlanga, 2005; Cloete, Courtney, & Fintz, 2002). Therefore, due to these e-commerce challenges, construction SMMEs do not exploit the business advantages that e-commerce offers. In order to assist South African construction SMMEs in their efforts to improve their business effectiveness and efficiency through commercial technologies.
- Full Text:
- Date Issued: 2011
- Authors: Williams, Zenande
- Date: 2011
- Subjects: Construction industry , Mobile commerce , Small business , Computer-assisted instruction , Interactive videos
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11125 , http://hdl.handle.net/10353/528 , Construction industry , Mobile commerce , Small business , Computer-assisted instruction , Interactive videos
- Description: E-commerce has been said to bring value to businesses by improving business efficiency and effectiveness and thus providing business with a competitive advantage through the potential benefits that it offers (Cloete, Courtney & Fintz, 2002). However, despite the potential benefits that e-commerce can offer, the adoption of B2C e-commerce in South African construction SMMEs is low and this is due to the challenges associated with e-commerce (Vaithanathan, 2010; Uzoka, Shemi & Seleka, 2007; Love & Irani, 2004; Anumba & Ruikar, 2002). These e-commerce challenges include: high implementation costs, lack or poor infrastructure, inadequate resources, low use of e-commerce by suppliers and consumers, lack of access to e-commerce, computer illiteracy, deficiency in understanding the potential benefits of e-commerce and security concerns (Vaithanathan, 2010; Uzoka, Shemi, & Seleka, 2007; Mensah, Bahta, & Mhlanga, 2005; Cloete, Courtney, & Fintz, 2002). Therefore, due to these e-commerce challenges, construction SMMEs do not exploit the business advantages that e-commerce offers. In order to assist South African construction SMMEs in their efforts to improve their business effectiveness and efficiency through commercial technologies.
- Full Text:
- Date Issued: 2011
Trust and identity management within online social networks
- Authors: Galpin, Ryan
- Date: 2010-12
- Subjects: Online social networks , Data privacy
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10353/25972 , vital:64638
- Description: Online social networking is one of the largest Internet activities, with almost one third of all daily Internet users visiting these websites. Characteristics of this environment are issues relating to trust, user privacy and anonymity. Service providers are focused primarily on acquiring users, and little attention is given to the effective management of these users within the social networking environment. This study serves to evaluate if proper identity management processes and controls are needed to protect users and their informational privacy, while establishing a higher degree of user trust for other users and the system. Design Science is followed as the primary methodology, with the final outcome being a proposed artefact. Through a detailed experiment, an evaluation of the controls and processes exhibited by Facebook and MySpace was conducted. The areas of evaluation were identified through the Vulnerability Mitigation and Assessment (VAM) methodology. The findings of this experiment, together with the secondary data reviewed, form the proposed artefact, which is a set of controls aimed at increasing trust and privacy through the effective implementation of these controls and identity management processes. , Thesis (MA) -- Faculty of Management and Commerce, 2010
- Full Text:
- Date Issued: 2010-12
- Authors: Galpin, Ryan
- Date: 2010-12
- Subjects: Online social networks , Data privacy
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10353/25972 , vital:64638
- Description: Online social networking is one of the largest Internet activities, with almost one third of all daily Internet users visiting these websites. Characteristics of this environment are issues relating to trust, user privacy and anonymity. Service providers are focused primarily on acquiring users, and little attention is given to the effective management of these users within the social networking environment. This study serves to evaluate if proper identity management processes and controls are needed to protect users and their informational privacy, while establishing a higher degree of user trust for other users and the system. Design Science is followed as the primary methodology, with the final outcome being a proposed artefact. Through a detailed experiment, an evaluation of the controls and processes exhibited by Facebook and MySpace was conducted. The areas of evaluation were identified through the Vulnerability Mitigation and Assessment (VAM) methodology. The findings of this experiment, together with the secondary data reviewed, form the proposed artefact, which is a set of controls aimed at increasing trust and privacy through the effective implementation of these controls and identity management processes. , Thesis (MA) -- Faculty of Management and Commerce, 2010
- Full Text:
- Date Issued: 2010-12
Adoption of IT Systems by HR professionals in order to enhance efficacy at the University of Fort Hare
- Authors: Ngqubekile, Nolufefe
- Date: 2010
- Subjects: Management information systems , Personnel management , Public administration
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10353/27176 , vital:66326
- Description: This study seeks to address the adoption of Integrated Tertiary Software (ITS), ease of use of ITS and continuous usage in Human Resources Departments. The focus of this research project is User Acceptance and Continued Use of ITS within the HR Department - the case of Fort Hare University. The University is a multi - campus operation and the use of paper systems is extremely difficult. The University made a decision to invest in ITS with the objective of improving effectiveness and efficiency of services. The nature of the problem is that ITS is partially used and it is necessary to further explore the specific influence of technological and environmental factors that may change the user’s acceptance and use of this IT System. The nature of this study is Qualitative and follows an Interpretive Approach. The Research Instrument used is an in-depth questionnaire distributed and responded to by all HR Professionals at the UFH. Recommendations based on findings will be used to design the Critical Success Factors (CSFs) for the Adoption of IT Systems by HR Professionals in order to enhance efficacy at the University of Fort Hare. The CSFs can be generalized to other settings and were identified for the UFH HR Department to include. , Thesis (MCom) -- Faculty of Management and Commerce , 2010
- Full Text:
- Date Issued: 2010
- Authors: Ngqubekile, Nolufefe
- Date: 2010
- Subjects: Management information systems , Personnel management , Public administration
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10353/27176 , vital:66326
- Description: This study seeks to address the adoption of Integrated Tertiary Software (ITS), ease of use of ITS and continuous usage in Human Resources Departments. The focus of this research project is User Acceptance and Continued Use of ITS within the HR Department - the case of Fort Hare University. The University is a multi - campus operation and the use of paper systems is extremely difficult. The University made a decision to invest in ITS with the objective of improving effectiveness and efficiency of services. The nature of the problem is that ITS is partially used and it is necessary to further explore the specific influence of technological and environmental factors that may change the user’s acceptance and use of this IT System. The nature of this study is Qualitative and follows an Interpretive Approach. The Research Instrument used is an in-depth questionnaire distributed and responded to by all HR Professionals at the UFH. Recommendations based on findings will be used to design the Critical Success Factors (CSFs) for the Adoption of IT Systems by HR Professionals in order to enhance efficacy at the University of Fort Hare. The CSFs can be generalized to other settings and were identified for the UFH HR Department to include. , Thesis (MCom) -- Faculty of Management and Commerce , 2010
- Full Text:
- Date Issued: 2010
Critical success factors for user acceptance of telemedicine in South Africa
- Authors: Cilliers, Liezel
- Date: 2010
- Subjects: Telecommunication in medicine , Medical telematics
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11126 , http://hdl.handle.net/10353/384 , Telecommunication in medicine , Medical telematics
- Description: The World Health Organization has recommended Telemedicine to improve health care in developing countries. The objective of this study was to produce Critical Success Factors that will investigate and identify factors that influence the acceptance and continued use of Telemedicine in the Eastern Cape Department of Health, and to suggest ways to sustain this technology from initial adoption (the pilot programme) to full adoption. Sub questions investigated which other facilitating factors, such as management support or previous Information Technology exposure must be present in order for the technology to be adopted successfully. The study made use of a questionnaire to investigate the user acceptance and behaviour of health care workers. A return rate of 76% was achieved. The data was analysed making use of Statistical Package for the Social Sciences (SPSS), specifically the Chi Square test. From these results Critical Success Factors where then formulated to address the problems identified. The Critical Success Factors that were identified include: Implement and disseminate best practice within a legislative framework; Find a champion; Change management strategies; Training; Sustainable finance; Technical issues and Project management principles If these CSFs are addressed before and during the implementation of Telemedicine it will increase the acceptance and use of the technology among health care workers. Critical Success Factors for User Acceptance of Telemedicine in South Africa.
- Full Text:
- Date Issued: 2010
- Authors: Cilliers, Liezel
- Date: 2010
- Subjects: Telecommunication in medicine , Medical telematics
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11126 , http://hdl.handle.net/10353/384 , Telecommunication in medicine , Medical telematics
- Description: The World Health Organization has recommended Telemedicine to improve health care in developing countries. The objective of this study was to produce Critical Success Factors that will investigate and identify factors that influence the acceptance and continued use of Telemedicine in the Eastern Cape Department of Health, and to suggest ways to sustain this technology from initial adoption (the pilot programme) to full adoption. Sub questions investigated which other facilitating factors, such as management support or previous Information Technology exposure must be present in order for the technology to be adopted successfully. The study made use of a questionnaire to investigate the user acceptance and behaviour of health care workers. A return rate of 76% was achieved. The data was analysed making use of Statistical Package for the Social Sciences (SPSS), specifically the Chi Square test. From these results Critical Success Factors where then formulated to address the problems identified. The Critical Success Factors that were identified include: Implement and disseminate best practice within a legislative framework; Find a champion; Change management strategies; Training; Sustainable finance; Technical issues and Project management principles If these CSFs are addressed before and during the implementation of Telemedicine it will increase the acceptance and use of the technology among health care workers. Critical Success Factors for User Acceptance of Telemedicine in South Africa.
- Full Text:
- Date Issued: 2010
E-mail forensic authorship attribution
- Authors: Lalla, Himal
- Date: 2010
- Subjects: Electronic evidence , Electronic mail systems , Authorship , Electronic mail messages , Signatures (Writing) , Writing -- Identification , Forensic accounting
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11128 , http://hdl.handle.net/10353/360 , Electronic evidence , Electronic mail systems , Authorship , Electronic mail messages , Signatures (Writing) , Writing -- Identification , Forensic accounting
- Description: E-mails have become the standard for business as well as personal communication. The inherent security risks within e-mail communication present the problem of anonymity. If an author of an e-mail is not known, the digital forensic investigator needs to determine the authorship of the e-mail using a process that has not been standardised in the e-mail forensic field. This research project examines many problems associated with e-mail communication and the digital forensic domain; more specifically e-mail forensic investigations, and the recovery of legally admissible evidence to be presented in a court of law. The Research Methodology utilised a comprehensive literature review in combination with Design Science which results in the development of an artifact through intensive research. The Proposed E-Mail Forensic Methodology is based on the most current digital forensic investigation process and further validation of the process was established via expert reviews. The opinions of the digital forensic experts were an integral portion of the validation process which adds to the credibility of the study. This was performed through the aid of the Delphi technique. This Proposed E-Mail Forensic Methodology adopts a standardised investigation process applied to an e-mail investigation and takes into account the South African perspective by incorporating various checks with the laws and legislation. By following the Proposed E-mail Forensic Methodology, e-mail forensic investigators can produce evidence that is legally admissible in a court of law.
- Full Text:
- Date Issued: 2010
- Authors: Lalla, Himal
- Date: 2010
- Subjects: Electronic evidence , Electronic mail systems , Authorship , Electronic mail messages , Signatures (Writing) , Writing -- Identification , Forensic accounting
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11128 , http://hdl.handle.net/10353/360 , Electronic evidence , Electronic mail systems , Authorship , Electronic mail messages , Signatures (Writing) , Writing -- Identification , Forensic accounting
- Description: E-mails have become the standard for business as well as personal communication. The inherent security risks within e-mail communication present the problem of anonymity. If an author of an e-mail is not known, the digital forensic investigator needs to determine the authorship of the e-mail using a process that has not been standardised in the e-mail forensic field. This research project examines many problems associated with e-mail communication and the digital forensic domain; more specifically e-mail forensic investigations, and the recovery of legally admissible evidence to be presented in a court of law. The Research Methodology utilised a comprehensive literature review in combination with Design Science which results in the development of an artifact through intensive research. The Proposed E-Mail Forensic Methodology is based on the most current digital forensic investigation process and further validation of the process was established via expert reviews. The opinions of the digital forensic experts were an integral portion of the validation process which adds to the credibility of the study. This was performed through the aid of the Delphi technique. This Proposed E-Mail Forensic Methodology adopts a standardised investigation process applied to an e-mail investigation and takes into account the South African perspective by incorporating various checks with the laws and legislation. By following the Proposed E-mail Forensic Methodology, e-mail forensic investigators can produce evidence that is legally admissible in a court of law.
- Full Text:
- Date Issued: 2010
Phishing within e-commerce: reducing the risk, increasing the trust
- Authors: Megaw, Gregory M
- Date: 2010
- Subjects: Phishing , Identity theft -- Prevention , Electronic commerce , Computer security , Internet -- Safety measures
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11131 , http://hdl.handle.net/10353/376 , Phishing , Identity theft -- Prevention , Electronic commerce , Computer security , Internet -- Safety measures
- Description: E-Commerce has been plagued with problems since its inception and this study examines one of these problems: The lack of user trust in E-Commerce created by the risk of phishing. Phishing has grown exponentially together with the expansion of the Internet. This growth and the advancement of technology has not only benefited honest Internet users, but has enabled criminals to increase their effectiveness which has caused considerable damage to this budding area of commerce. Moreover, it has negatively impacted both the user and online business in breaking down the trust relationship between them. In an attempt to explore this problem, the following was considered: First, E-Commerce’s vulnerability to phishing attacks. By referring to the Common Criteria Security Model, various critical security areas within E-Commerce are identified, as well as the areas of vulnerability and weakness. Second, the methods and techniques used in phishing, such as phishing e-mails, websites and addresses, distributed attacks and redirected attacks, as well as the data that phishers seek to obtain, are examined. Furthermore, the way to reduce the risk of phishing and in turn increase the trust between users and websites is identified. Here the importance of Trust and the Uncertainty Reduction Theory plus the fine balance between trust and control is explored. Finally, the study presents Critical Success Factors that aid in phishing prevention and control, these being: User Authentication, Website Authentication, E-mail Authentication, Data Cryptography, Communication, and Active Risk Mitigation.
- Full Text:
- Date Issued: 2010
- Authors: Megaw, Gregory M
- Date: 2010
- Subjects: Phishing , Identity theft -- Prevention , Electronic commerce , Computer security , Internet -- Safety measures
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11131 , http://hdl.handle.net/10353/376 , Phishing , Identity theft -- Prevention , Electronic commerce , Computer security , Internet -- Safety measures
- Description: E-Commerce has been plagued with problems since its inception and this study examines one of these problems: The lack of user trust in E-Commerce created by the risk of phishing. Phishing has grown exponentially together with the expansion of the Internet. This growth and the advancement of technology has not only benefited honest Internet users, but has enabled criminals to increase their effectiveness which has caused considerable damage to this budding area of commerce. Moreover, it has negatively impacted both the user and online business in breaking down the trust relationship between them. In an attempt to explore this problem, the following was considered: First, E-Commerce’s vulnerability to phishing attacks. By referring to the Common Criteria Security Model, various critical security areas within E-Commerce are identified, as well as the areas of vulnerability and weakness. Second, the methods and techniques used in phishing, such as phishing e-mails, websites and addresses, distributed attacks and redirected attacks, as well as the data that phishers seek to obtain, are examined. Furthermore, the way to reduce the risk of phishing and in turn increase the trust between users and websites is identified. Here the importance of Trust and the Uncertainty Reduction Theory plus the fine balance between trust and control is explored. Finally, the study presents Critical Success Factors that aid in phishing prevention and control, these being: User Authentication, Website Authentication, E-mail Authentication, Data Cryptography, Communication, and Active Risk Mitigation.
- Full Text:
- Date Issued: 2010
Quality assessment of information systems in SMEs: a study of Eldoret Town in Kenya
- Authors: Ndiege, Joshua Rumo Arongo
- Date: 2010
- Subjects: Small business -- Kenya , Financial institutions -- Kenya , Small business -- Kenya -- Data processing , Information technology -- Kenya -- Evaluation
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11132 , http://hdl.handle.net/10353/d1000973 , Small business -- Kenya , Financial institutions -- Kenya , Small business -- Kenya -- Data processing , Information technology -- Kenya -- Evaluation
- Full Text: false
- Date Issued: 2010
- Authors: Ndiege, Joshua Rumo Arongo
- Date: 2010
- Subjects: Small business -- Kenya , Financial institutions -- Kenya , Small business -- Kenya -- Data processing , Information technology -- Kenya -- Evaluation
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11132 , http://hdl.handle.net/10353/d1000973 , Small business -- Kenya , Financial institutions -- Kenya , Small business -- Kenya -- Data processing , Information technology -- Kenya -- Evaluation
- Full Text: false
- Date Issued: 2010