A framework to measure the degree of alignment between corporate and IT/IS objectives at Randwater
- Authors: Sigasa, Moshane Lydia
- Date: 2020
- Subjects: Business enterprises -- Computer networks -- Security measures , Data protection Information technology -- Security measures
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/47156 , vital:39818
- Description: The South African Government has institutionalised a Corporate Governance of ICT Policy Framework which was developed by Department of Public Service and Administration (DPSA). The framework has adopted some elements of KING III, ISO 38500 and COBIT. Consequently, it is now a requirement by the South African Government that all its entities must adopt this framework. Nevertheless, it is not clear how government has emphasised this alignment in such entities. The problem statement in this study was that Randwater is unable to realise full value of the investment in IT/IS because there is misalignment between IT objectives or deliverables and the corporate objectives. This study sought to identify a suitable framework which meets the ICT policy criteria as set out by the DPSA, which will facilitate the alignment between corporate objectives and IT/IS objectives at Randwater. This was achieved through the development and refinement of the artefact through the various iteration phases. Additionally, an online survey was used to collect data from a focus group comprising IT experts and senior management at Randwater. The Information Technology Governance Institute Framework was employed to assist in the development of the questions. The survey results were utilised during the validation of the artefact produced by this research study in a workshop. The findings were then linked with the related literature which either supported or rejected the findings through discussions on the literature and thereafter conclusions were made based on these findings. Furthermore, a literature review was conducted to gain a better understanding of what has been done in the field of research in order to assist in defining the problem that this research seeks to solve so as to inform the development of design characteristics. The research process employed the Nelson Mandela University – Design Science Strategy Methodology referred to as (NMU – DSSM) with the goal of developing an artefact in the form of a framework. The research process entailed studying the existing literature and analysing the aspects relating to corporate governance, IT governance, frameworks, and strategies to be able to measure the degree of alignment. The phases of designing the artefact were analysis, design, evaluate, validate and diffuse phases. The final artefact developed was a framework that incorporated the principles of King IV and ISO 38500 in corporate governance and ICT goals alignment. The final artefact also embedded transparency, accountability and security as important elements in the implementation of the artefact. The survey findings were instrumental in the development of the artefact that brings alignment between business strategy and IT objectives at Randwater. From the findings, in terms of IT flexibility, it was revealed that the interrelated parts of the system at Randwater were modular. It was also concluded that there is lack of communication about the manner in which the components of the information systems are organised and integrated in order to allow for rapid changes and that the organisational IT infrastructure and applications were loosely coupled. The findings further revealed that the business had established corporate rules and standards for hardware and operating systems to ensure platform compatibility. It was also revealed that organisational IT applications were developed based on compliance guidelines. In terms of IT-enabled dynamic capabilities, it was revealed that IT systems at Randwater are not capable of scanning the environment and identifying new business opportunities and are not capable of anticipating discontinuities arising in the business domain by developing greater reactive and proactive strength. It was also revealed that it was concluded that IT systems were capable of achieving strategic alignment between IT flexibility and dynamic capabilities. Therefore, design science was the ideal research paradigm towards addressing the research problem and the artefact designed was a viable research contribution. The significance of the study was that it contributed to the development of technology-based solutions to an important and relevant business problem of alignment of business strategy to IT goals. The design evaluation, the utility, quality, and efficacy of the final design artefact was rigorously demonstrated via well-executed evaluation methods. The study also contributed to the literature
- Full Text:
- Date Issued: 2020
- Authors: Sigasa, Moshane Lydia
- Date: 2020
- Subjects: Business enterprises -- Computer networks -- Security measures , Data protection Information technology -- Security measures
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/47156 , vital:39818
- Description: The South African Government has institutionalised a Corporate Governance of ICT Policy Framework which was developed by Department of Public Service and Administration (DPSA). The framework has adopted some elements of KING III, ISO 38500 and COBIT. Consequently, it is now a requirement by the South African Government that all its entities must adopt this framework. Nevertheless, it is not clear how government has emphasised this alignment in such entities. The problem statement in this study was that Randwater is unable to realise full value of the investment in IT/IS because there is misalignment between IT objectives or deliverables and the corporate objectives. This study sought to identify a suitable framework which meets the ICT policy criteria as set out by the DPSA, which will facilitate the alignment between corporate objectives and IT/IS objectives at Randwater. This was achieved through the development and refinement of the artefact through the various iteration phases. Additionally, an online survey was used to collect data from a focus group comprising IT experts and senior management at Randwater. The Information Technology Governance Institute Framework was employed to assist in the development of the questions. The survey results were utilised during the validation of the artefact produced by this research study in a workshop. The findings were then linked with the related literature which either supported or rejected the findings through discussions on the literature and thereafter conclusions were made based on these findings. Furthermore, a literature review was conducted to gain a better understanding of what has been done in the field of research in order to assist in defining the problem that this research seeks to solve so as to inform the development of design characteristics. The research process employed the Nelson Mandela University – Design Science Strategy Methodology referred to as (NMU – DSSM) with the goal of developing an artefact in the form of a framework. The research process entailed studying the existing literature and analysing the aspects relating to corporate governance, IT governance, frameworks, and strategies to be able to measure the degree of alignment. The phases of designing the artefact were analysis, design, evaluate, validate and diffuse phases. The final artefact developed was a framework that incorporated the principles of King IV and ISO 38500 in corporate governance and ICT goals alignment. The final artefact also embedded transparency, accountability and security as important elements in the implementation of the artefact. The survey findings were instrumental in the development of the artefact that brings alignment between business strategy and IT objectives at Randwater. From the findings, in terms of IT flexibility, it was revealed that the interrelated parts of the system at Randwater were modular. It was also concluded that there is lack of communication about the manner in which the components of the information systems are organised and integrated in order to allow for rapid changes and that the organisational IT infrastructure and applications were loosely coupled. The findings further revealed that the business had established corporate rules and standards for hardware and operating systems to ensure platform compatibility. It was also revealed that organisational IT applications were developed based on compliance guidelines. In terms of IT-enabled dynamic capabilities, it was revealed that IT systems at Randwater are not capable of scanning the environment and identifying new business opportunities and are not capable of anticipating discontinuities arising in the business domain by developing greater reactive and proactive strength. It was also revealed that it was concluded that IT systems were capable of achieving strategic alignment between IT flexibility and dynamic capabilities. Therefore, design science was the ideal research paradigm towards addressing the research problem and the artefact designed was a viable research contribution. The significance of the study was that it contributed to the development of technology-based solutions to an important and relevant business problem of alignment of business strategy to IT goals. The design evaluation, the utility, quality, and efficacy of the final design artefact was rigorously demonstrated via well-executed evaluation methods. The study also contributed to the literature
- Full Text:
- Date Issued: 2020
Establishment of an information technology risk management framework within food manufacturing enterprises in South Africa
- Authors: Sandi, Siyabulela
- Date: 2020
- Subjects: Business enterprises -- Computer networks -- Security measures , Information technology -- Security measures Computer security Risk management
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/47128 , vital:39812
- Description: Enterprises of all kinds, regardless of the sector, are directly or indirectly dependent on Information Technology (IT) to carry out their daily activities. With this in mind, and correlated with the problem statement that it is “the lack of IT governance principles that lead to exposing enterprises to IT-related threats, vulnerabilities, and risks”, the objective of this study was to establish an Information Technology Risk Management Framework for enterprises within the Food manufacturing industry in South Africa that will ensure that IT-related threats, vulnerabilities, and risks are properly managed. In order to accomplish this, the research followed a process called design science research. The design science research paradigm was used to create a design artificial artefact in the form of a framework. The Nelson Mandela University – Design Science Framework Methodology (NMU-DSFM) was adopted since the objective of the study was to develop a framework. The study has revealed that enterprises within the sector are indeed lagging behind in terms of IT governance principles, hence an artefact called the IT Risk Management Framework for Enterprises within Food Manufacturing Industries in South Africa was developed.
- Full Text:
- Date Issued: 2020
- Authors: Sandi, Siyabulela
- Date: 2020
- Subjects: Business enterprises -- Computer networks -- Security measures , Information technology -- Security measures Computer security Risk management
- Language: English
- Type: Thesis , Masters , MPhil
- Identifier: http://hdl.handle.net/10948/47128 , vital:39812
- Description: Enterprises of all kinds, regardless of the sector, are directly or indirectly dependent on Information Technology (IT) to carry out their daily activities. With this in mind, and correlated with the problem statement that it is “the lack of IT governance principles that lead to exposing enterprises to IT-related threats, vulnerabilities, and risks”, the objective of this study was to establish an Information Technology Risk Management Framework for enterprises within the Food manufacturing industry in South Africa that will ensure that IT-related threats, vulnerabilities, and risks are properly managed. In order to accomplish this, the research followed a process called design science research. The design science research paradigm was used to create a design artificial artefact in the form of a framework. The Nelson Mandela University – Design Science Framework Methodology (NMU-DSFM) was adopted since the objective of the study was to develop a framework. The study has revealed that enterprises within the sector are indeed lagging behind in terms of IT governance principles, hence an artefact called the IT Risk Management Framework for Enterprises within Food Manufacturing Industries in South Africa was developed.
- Full Text:
- Date Issued: 2020
Data-centric security : towards a utopian model for protecting corporate data on mobile devices
- Authors: Mayisela, Simphiwe Hector
- Date: 2014
- Subjects: Computer security , Computer networks -- Security measures , Business enterprises -- Computer networks -- Security measures , Mobile computing -- Security measures , Mobile communication systems -- Security measures
- Language: English
- Type: Thesis , Masters , MSc
- Identifier: vital:4688 , http://hdl.handle.net/10962/d1011094 , Computer security , Computer networks -- Security measures , Business enterprises -- Computer networks -- Security measures , Mobile computing -- Security measures , Mobile communication systems -- Security measures
- Description: Data-centric security is significant in understanding, assessing and mitigating the various risks and impacts of sharing information outside corporate boundaries. Information generally leaves corporate boundaries through mobile devices. Mobile devices continue to evolve as multi-functional tools for everyday life, surpassing their initial intended use. This added capability and increasingly extensive use of mobile devices does not come without a degree of risk - hence the need to guard and protect information as it exists beyond the corporate boundaries and throughout its lifecycle. Literature on existing models crafted to protect data, rather than infrastructure in which the data resides, is reviewed. Technologies that organisations have implemented to adopt the data-centric model are studied. A utopian model that takes into account the shortcomings of existing technologies and deficiencies of common theories is proposed. Two sets of qualitative studies are reported; the first is a preliminary online survey to assess the ubiquity of mobile devices and extent of technology adoption towards implementation of data-centric model; and the second comprises of a focus survey and expert interviews pertaining on technologies that organisations have implemented to adopt the data-centric model. The latter study revealed insufficient data at the time of writing for the results to be statistically significant; however; indicative trends supported the assertions documented in the literature review. The question that this research answers is whether or not current technology implementations designed to mitigate risks from mobile devices, actually address business requirements. This research question, answered through these two sets qualitative studies, discovered inconsistencies between the technology implementations and business requirements. The thesis concludes by proposing a realistic model, based on the outcome of the qualitative study, which bridges the gap between the technology implementations and business requirements. Future work which could perhaps be conducted in light of the findings and the comments from this research is also considered.
- Full Text:
- Date Issued: 2014
- Authors: Mayisela, Simphiwe Hector
- Date: 2014
- Subjects: Computer security , Computer networks -- Security measures , Business enterprises -- Computer networks -- Security measures , Mobile computing -- Security measures , Mobile communication systems -- Security measures
- Language: English
- Type: Thesis , Masters , MSc
- Identifier: vital:4688 , http://hdl.handle.net/10962/d1011094 , Computer security , Computer networks -- Security measures , Business enterprises -- Computer networks -- Security measures , Mobile computing -- Security measures , Mobile communication systems -- Security measures
- Description: Data-centric security is significant in understanding, assessing and mitigating the various risks and impacts of sharing information outside corporate boundaries. Information generally leaves corporate boundaries through mobile devices. Mobile devices continue to evolve as multi-functional tools for everyday life, surpassing their initial intended use. This added capability and increasingly extensive use of mobile devices does not come without a degree of risk - hence the need to guard and protect information as it exists beyond the corporate boundaries and throughout its lifecycle. Literature on existing models crafted to protect data, rather than infrastructure in which the data resides, is reviewed. Technologies that organisations have implemented to adopt the data-centric model are studied. A utopian model that takes into account the shortcomings of existing technologies and deficiencies of common theories is proposed. Two sets of qualitative studies are reported; the first is a preliminary online survey to assess the ubiquity of mobile devices and extent of technology adoption towards implementation of data-centric model; and the second comprises of a focus survey and expert interviews pertaining on technologies that organisations have implemented to adopt the data-centric model. The latter study revealed insufficient data at the time of writing for the results to be statistically significant; however; indicative trends supported the assertions documented in the literature review. The question that this research answers is whether or not current technology implementations designed to mitigate risks from mobile devices, actually address business requirements. This research question, answered through these two sets qualitative studies, discovered inconsistencies between the technology implementations and business requirements. The thesis concludes by proposing a realistic model, based on the outcome of the qualitative study, which bridges the gap between the technology implementations and business requirements. Future work which could perhaps be conducted in light of the findings and the comments from this research is also considered.
- Full Text:
- Date Issued: 2014
Corporate information risk : an information security governance framework
- Authors: Posthumus, Shaun Murray
- Date: 2006
- Subjects: Computer security , Business enterprises -- Computer networks -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9776 , http://hdl.handle.net/10948/814 , Computer security , Business enterprises -- Computer networks -- Security measures
- Description: Information Security is currently viewed from a technical point of view only. Some authors believe that Information Security is a process that involves more than merely Risk Management at the department level, as it is also a strategic and potentially legal issue. Hence, there is a need to elevate the importance of Information Security to a governance level through Information Security Governance and propose a framework to help guide the Board of Directors in their Information Security Governance efforts. IT is a major facilitator of organizational business processes and these processes manipulate and transmit sensitive customer and financial information. IT, which involves major risks, may threaten the security if corporate information assets. Therefore, IT requires attention at board level to ensure that technology-related information risks are within an organization’s accepted risk appetite. However, IT issues are a neglected topic at board level and this could bring about enronesque disasters. Therefore, there is a need for the Board of Directors to direct and control IT-related risks effectively to reduce the potential for Information Security breaches and bring about a stronger system of internal control. The IT Oversight Committee is a proven means of achieving this, and this study further motivates the necessity for such a committee to solidify an organization’s Information Security posture among other IT-related issues.
- Full Text:
- Date Issued: 2006
- Authors: Posthumus, Shaun Murray
- Date: 2006
- Subjects: Computer security , Business enterprises -- Computer networks -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9776 , http://hdl.handle.net/10948/814 , Computer security , Business enterprises -- Computer networks -- Security measures
- Description: Information Security is currently viewed from a technical point of view only. Some authors believe that Information Security is a process that involves more than merely Risk Management at the department level, as it is also a strategic and potentially legal issue. Hence, there is a need to elevate the importance of Information Security to a governance level through Information Security Governance and propose a framework to help guide the Board of Directors in their Information Security Governance efforts. IT is a major facilitator of organizational business processes and these processes manipulate and transmit sensitive customer and financial information. IT, which involves major risks, may threaten the security if corporate information assets. Therefore, IT requires attention at board level to ensure that technology-related information risks are within an organization’s accepted risk appetite. However, IT issues are a neglected topic at board level and this could bring about enronesque disasters. Therefore, there is a need for the Board of Directors to direct and control IT-related risks effectively to reduce the potential for Information Security breaches and bring about a stronger system of internal control. The IT Oversight Committee is a proven means of achieving this, and this study further motivates the necessity for such a committee to solidify an organization’s Information Security posture among other IT-related issues.
- Full Text:
- Date Issued: 2006
- «
- ‹
- 1
- ›
- »