A framework for a cybersecurity policy in South African schools
- Authors: Mhlaba, Surety Aleta
- Date: 2024-04
- Subjects: Computer security -- Government policy -- South Africa , Computer security -- South Africa , Cyber intelligence (Computer security) , Computer security -- South Africa Educational technology -- Security measures
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/64651 , vital:73835
- Description: Today, learners at school grow up within an Information and Communication Technology (ICT) environment and have become technology users. A growing number of learners have access to ICT devices, such as mobile phones, tablets and desktop computers owing to their affordability. Access to ICT devices enables learners to interact in cyberspace which offers them numerous advantages and benefits. Cyberspace enables learners to improve their learning by providing ease of access to information and other learning material. Additionally, it allows them to socialise and to communicate with each without having to be in the same place. Furthermore, it allows them to participate in games, including educational games, to help with their learning. Despite these benefits, learners are prone to falling victim to a range of cyber risks and attacks. These cyber risks and attacks include cyberbullying, accessing inappropriate content and being exposed to sexual grooming. This is due to the fact that cyberspace is an unregulated platform and its complex nature does not make it easy to govern. Thus, there is a need to implement a policy that can govern and educate school learners on how to protect and conduct themselves when accessing cyberspace to avoid and reduce exposure to cyber risks. Countries like the United Kingdom (UK), Australia (AU) and Rwanda (RW) have developed cybersecurity policies to assist schools to develop and implement a cybersecurity policy to create a cybersecurity environment for learners with the support and commitment of the government. These countries continue to implement cybersecurity strategies and advocate for a cybersecurity policy to be implemented in schools to foster a cybersecurity culture. However, this does not seem to be the case for South Africa. The South African education system does not have a standard national cybersecurity policy to be implemented in all schools to handle cyber risks and incidents. The Department of Basic Education (DBE) drafted guidelines to assist schools to implement cybersecurity strategies such as a cybersecurity-related policy; however, these guidelines do not include guidance on how to implement them and they have not been enacted. Because of the lack of commitment from the government to implement a cybersecurity policy at school level, learners continue to be exposed to cyber risks. Hence, it is up to each school to create and implement a cybersecurity policy that is unique to that school to help keep their learners safe. In terms of South African law, schools are ultimately responsible for the safety and well-being of school learners. School Governing Bodies (SGBs) have a legal obligation to ensure that cybersecurity measures are in place to protect learners from cyber risks, especially when schools provide access or expect learners to have and use ICT devices during school hours. However, schools (including SGBs) are ill-equipped to implement cybersecurity initiatives by themselves. They lack knowledge about ICT and are hampered by severe time and financial constraints. This study proposes a framework to assist SGBs in implementing a cybersecurity policy in South African schools. To address this need, the study first performed a literature review to identify the problem area, that schools in South Africa have no cybersecurity policy to guide them and protect school learners from cyber risks. There is a need for cybersecurity policies in schools and the SGBs entrusted with such a responsibility lack the resources and capacity to develop them. Moreover, many schools do not have cybersecurity policies in place to protect school learners if cyber risk incidents occur. This led to identifying research objectives together with research methods to address the problem area. The primary objective is to develop a framework to assist SGBs in implementing a basic cybersecurity policy in South African schools. In order to achieve the primary objective, the study determined cybersecurity policy implementation components and characteristics of cybersecurity policies using the literature review method to obtain the framework design components. Thereafter, cybersecurity-related policies, guidelines and best practices in South Africa and globally were identified and analysed for the school environment through the use of a literature review and qualitative content analysis to obtain cybersecurity policy content suitable for the school environment. Once these actions were performed, the formulation and design of the framework for implementing a basic cybersecurity policy using the relevant policy components and characteristics took place, which resulted in the proposed framework solution. , Thesis (MIT) -- Faculty of Engineering, the Built Environment, and Technology, School of Information Technology, 2024
- Full Text:
- Date Issued: 2024-04
- Authors: Mhlaba, Surety Aleta
- Date: 2024-04
- Subjects: Computer security -- Government policy -- South Africa , Computer security -- South Africa , Cyber intelligence (Computer security) , Computer security -- South Africa Educational technology -- Security measures
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/64651 , vital:73835
- Description: Today, learners at school grow up within an Information and Communication Technology (ICT) environment and have become technology users. A growing number of learners have access to ICT devices, such as mobile phones, tablets and desktop computers owing to their affordability. Access to ICT devices enables learners to interact in cyberspace which offers them numerous advantages and benefits. Cyberspace enables learners to improve their learning by providing ease of access to information and other learning material. Additionally, it allows them to socialise and to communicate with each without having to be in the same place. Furthermore, it allows them to participate in games, including educational games, to help with their learning. Despite these benefits, learners are prone to falling victim to a range of cyber risks and attacks. These cyber risks and attacks include cyberbullying, accessing inappropriate content and being exposed to sexual grooming. This is due to the fact that cyberspace is an unregulated platform and its complex nature does not make it easy to govern. Thus, there is a need to implement a policy that can govern and educate school learners on how to protect and conduct themselves when accessing cyberspace to avoid and reduce exposure to cyber risks. Countries like the United Kingdom (UK), Australia (AU) and Rwanda (RW) have developed cybersecurity policies to assist schools to develop and implement a cybersecurity policy to create a cybersecurity environment for learners with the support and commitment of the government. These countries continue to implement cybersecurity strategies and advocate for a cybersecurity policy to be implemented in schools to foster a cybersecurity culture. However, this does not seem to be the case for South Africa. The South African education system does not have a standard national cybersecurity policy to be implemented in all schools to handle cyber risks and incidents. The Department of Basic Education (DBE) drafted guidelines to assist schools to implement cybersecurity strategies such as a cybersecurity-related policy; however, these guidelines do not include guidance on how to implement them and they have not been enacted. Because of the lack of commitment from the government to implement a cybersecurity policy at school level, learners continue to be exposed to cyber risks. Hence, it is up to each school to create and implement a cybersecurity policy that is unique to that school to help keep their learners safe. In terms of South African law, schools are ultimately responsible for the safety and well-being of school learners. School Governing Bodies (SGBs) have a legal obligation to ensure that cybersecurity measures are in place to protect learners from cyber risks, especially when schools provide access or expect learners to have and use ICT devices during school hours. However, schools (including SGBs) are ill-equipped to implement cybersecurity initiatives by themselves. They lack knowledge about ICT and are hampered by severe time and financial constraints. This study proposes a framework to assist SGBs in implementing a cybersecurity policy in South African schools. To address this need, the study first performed a literature review to identify the problem area, that schools in South Africa have no cybersecurity policy to guide them and protect school learners from cyber risks. There is a need for cybersecurity policies in schools and the SGBs entrusted with such a responsibility lack the resources and capacity to develop them. Moreover, many schools do not have cybersecurity policies in place to protect school learners if cyber risk incidents occur. This led to identifying research objectives together with research methods to address the problem area. The primary objective is to develop a framework to assist SGBs in implementing a basic cybersecurity policy in South African schools. In order to achieve the primary objective, the study determined cybersecurity policy implementation components and characteristics of cybersecurity policies using the literature review method to obtain the framework design components. Thereafter, cybersecurity-related policies, guidelines and best practices in South Africa and globally were identified and analysed for the school environment through the use of a literature review and qualitative content analysis to obtain cybersecurity policy content suitable for the school environment. Once these actions were performed, the formulation and design of the framework for implementing a basic cybersecurity policy using the relevant policy components and characteristics took place, which resulted in the proposed framework solution. , Thesis (MIT) -- Faculty of Engineering, the Built Environment, and Technology, School of Information Technology, 2024
- Full Text:
- Date Issued: 2024-04
A social networking approach to security awareness in end-user cyber-driven financial transactions
- Authors: Maharaj,Rahul
- Date: 2019-04
- Subjects: Internet -- Security measures , Cyber intelligence (Computer security) , Internet -- Social aspects , Cyberspace
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/49952 , vital:41912
- Description: Cyberspace, including the internet and associated technologies have become critical to social users in their day to day lives. Social users have grown to become reliant on cyberspace and associated cyber services. As such, a culture of users becoming dependent on cyberspace has formed. This cyberculture need to ensure that they can make use of cyberspace and associated cyber services in a safe and secure manner. This is particularly true for those social users involved in cyberdriven financial transactions. Therefore, the aim of this research study is to report on research undertaken, to assist said users by providing them with an alternative educational approach to cyber security, education, awareness and training. , Thesis (MIT) -- Faculty of Engineering, the Built Environment and Technology, Information Technology, 2019
- Full Text:
- Date Issued: 2019-04
- Authors: Maharaj,Rahul
- Date: 2019-04
- Subjects: Internet -- Security measures , Cyber intelligence (Computer security) , Internet -- Social aspects , Cyberspace
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/49952 , vital:41912
- Description: Cyberspace, including the internet and associated technologies have become critical to social users in their day to day lives. Social users have grown to become reliant on cyberspace and associated cyber services. As such, a culture of users becoming dependent on cyberspace has formed. This cyberculture need to ensure that they can make use of cyberspace and associated cyber services in a safe and secure manner. This is particularly true for those social users involved in cyberdriven financial transactions. Therefore, the aim of this research study is to report on research undertaken, to assist said users by providing them with an alternative educational approach to cyber security, education, awareness and training. , Thesis (MIT) -- Faculty of Engineering, the Built Environment and Technology, Information Technology, 2019
- Full Text:
- Date Issued: 2019-04
A model to address factors that could influence the information security behaviour of computing graduates
- Mabece, Thandolwethu, Thomson, Kerry-Lynn
- Authors: Mabece, Thandolwethu , Thomson, Kerry-Lynn
- Date: 2017
- Subjects: Information technology -- Security measures , Computer security , Cyber intelligence (Computer security)
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: http://hdl.handle.net/10948/7355 , vital:21339
- Description: The fact that information is ubiquitous throughout most modern organisations cannot be denied. Information is not merely used as an enabler in modern organisations today, but is also used to gain a competitive advantage over competitors. Thus, information has become one of the most important business assets. It is, therefore, imperative that organisations protect information assets as they would protect other business assets. This is typically achieved through implementing various security measures.Technological and procedural security measures are largely dependent on humans. However, the incorrect behaviour of humans poses a significant threat to the protection of these information assets. Thus, it is vital to understand how human behaviour may impact the protection of information assets. While the focus of much literature is on organisations, the focus of this research is on higher education institutions and the factors of information security, with a specific focus on influencing the information security behaviour of computing graduates. Typically, computing graduates would be employed in organisations in various careers such as software developers, network administrators, database administrators and information systems analysts. Employment in these careers means that they would be closely interacting with information assets and information systems. A real problem, as identified by this research, is that currently, many higher education institutions are not consciously doing enough to positively influence the information security behaviour of their computing graduates. This research presents a model to address various factors that could influence the information security behaviour of computing graduates. The aim of this model is to assist computing educators in influencing computing graduates to adopt more secure behaviour, such as security assurance behaviour. A literature review was conducted to identify the research problem. A number of theories such as the Theory of Planned Behaviour, Protection Motivation Theory and Social Cognitive Theory were identified as being relevant for this research as they provided a theoretical foundation for factors that could influence the information security behaviour of computing graduates. Additionally, a survey was conducted to gather the opinions and perceptions of computing educators relating to information security education in higher education institutions. Results indicated that information security is not pervasively integrated within the higher education institutions surveyed. Furthermore, results revealed that most computing students were perceived to not be behaving in a secure manner with regard to information security. This could negatively influence their information security behaviour as computing graduates employed within organisations. Computing educators therefore require assistance in influencing the information security behaviour of these computing students. The proposed model to provide this assistance was developed through argumentation and modelling.
- Full Text:
- Date Issued: 2017
- Authors: Mabece, Thandolwethu , Thomson, Kerry-Lynn
- Date: 2017
- Subjects: Information technology -- Security measures , Computer security , Cyber intelligence (Computer security)
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: http://hdl.handle.net/10948/7355 , vital:21339
- Description: The fact that information is ubiquitous throughout most modern organisations cannot be denied. Information is not merely used as an enabler in modern organisations today, but is also used to gain a competitive advantage over competitors. Thus, information has become one of the most important business assets. It is, therefore, imperative that organisations protect information assets as they would protect other business assets. This is typically achieved through implementing various security measures.Technological and procedural security measures are largely dependent on humans. However, the incorrect behaviour of humans poses a significant threat to the protection of these information assets. Thus, it is vital to understand how human behaviour may impact the protection of information assets. While the focus of much literature is on organisations, the focus of this research is on higher education institutions and the factors of information security, with a specific focus on influencing the information security behaviour of computing graduates. Typically, computing graduates would be employed in organisations in various careers such as software developers, network administrators, database administrators and information systems analysts. Employment in these careers means that they would be closely interacting with information assets and information systems. A real problem, as identified by this research, is that currently, many higher education institutions are not consciously doing enough to positively influence the information security behaviour of their computing graduates. This research presents a model to address various factors that could influence the information security behaviour of computing graduates. The aim of this model is to assist computing educators in influencing computing graduates to adopt more secure behaviour, such as security assurance behaviour. A literature review was conducted to identify the research problem. A number of theories such as the Theory of Planned Behaviour, Protection Motivation Theory and Social Cognitive Theory were identified as being relevant for this research as they provided a theoretical foundation for factors that could influence the information security behaviour of computing graduates. Additionally, a survey was conducted to gather the opinions and perceptions of computing educators relating to information security education in higher education institutions. Results indicated that information security is not pervasively integrated within the higher education institutions surveyed. Furthermore, results revealed that most computing students were perceived to not be behaving in a secure manner with regard to information security. This could negatively influence their information security behaviour as computing graduates employed within organisations. Computing educators therefore require assistance in influencing the information security behaviour of these computing students. The proposed model to provide this assistance was developed through argumentation and modelling.
- Full Text:
- Date Issued: 2017
- «
- ‹
- 1
- ›
- »