An enterprise information security model for a micro finance company: a case study
- Authors: Owen, Morné
- Date: 2009
- Subjects: Computer security -- South Africa -- Management , Computers -- Access control -- South Africa , Computer networks -- Security measures -- Standards -- South Africa , Data protection -- Management -- Standards , Management information systems -- Security measures -- South Africa
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9763 , http://hdl.handle.net/10948/1151 , Computer security -- South Africa -- Management , Computers -- Access control -- South Africa , Computer networks -- Security measures -- Standards -- South Africa , Data protection -- Management -- Standards , Management information systems -- Security measures -- South Africa
- Description: The world has entered the information age. How the information is used within an organization will determine success or failure of the organisation. This study aims to provide a model, that once implemented, will provide the required protection for the information assets. The model is based on ISO 27002, an international security standard. The primary objective is to build a model that will provide a holistic security system specifically for a South African Micro Finance Company (MFC). The secondary objectives focuses on successful implementation of such a model, the uniqueness of the MFC that should be taken into account, and the maintenance of the model once implemented to ensure ongoing relevance. A questionnaire conducted at the MFC provided insight into the perceived understanding of information security. The questionnaire results were used to ensure the model solution addressed current information security shortcomings within the MFC. This study found that the information security controls in ISO 27002 should be applicable to any industry. The uniqueness for the MFC is not in the security controls, but rather in the regulations and laws applicable to it.
- Full Text:
- Date Issued: 2009
- Authors: Owen, Morné
- Date: 2009
- Subjects: Computer security -- South Africa -- Management , Computers -- Access control -- South Africa , Computer networks -- Security measures -- Standards -- South Africa , Data protection -- Management -- Standards , Management information systems -- Security measures -- South Africa
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9763 , http://hdl.handle.net/10948/1151 , Computer security -- South Africa -- Management , Computers -- Access control -- South Africa , Computer networks -- Security measures -- Standards -- South Africa , Data protection -- Management -- Standards , Management information systems -- Security measures -- South Africa
- Description: The world has entered the information age. How the information is used within an organization will determine success or failure of the organisation. This study aims to provide a model, that once implemented, will provide the required protection for the information assets. The model is based on ISO 27002, an international security standard. The primary objective is to build a model that will provide a holistic security system specifically for a South African Micro Finance Company (MFC). The secondary objectives focuses on successful implementation of such a model, the uniqueness of the MFC that should be taken into account, and the maintenance of the model once implemented to ensure ongoing relevance. A questionnaire conducted at the MFC provided insight into the perceived understanding of information security. The questionnaire results were used to ensure the model solution addressed current information security shortcomings within the MFC. This study found that the information security controls in ISO 27002 should be applicable to any industry. The uniqueness for the MFC is not in the security controls, but rather in the regulations and laws applicable to it.
- Full Text:
- Date Issued: 2009
A standards-based security model for health information systems
- Authors: Thomson, Steven Michael
- Date: 2008
- Subjects: Computer networks -- Security measures -- Standards -- South Africa , Data protection -- Management -- Standards , Computer security -- South Africa -- Management , Computers -- Access control -- South Africa , Management information systems -- Security measures -- South Africa
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9786 , http://hdl.handle.net/10948/718 , Computer networks -- Security measures -- Standards -- South Africa , Data protection -- Management -- Standards , Computer security -- South Africa -- Management , Computers -- Access control -- South Africa , Management information systems -- Security measures -- South Africa
- Description: In the healthcare environment, various types of patient information are stored in electronic format. This prevents the re-entering of information that was captured previously. In the past this information was stored on paper and kept in large filing cabinets. However, with the technology advancements that have occurred over the years, the idea of storing patient information in electronic systems arose. This led to a number of electronic health information systems being created, which in turn led to an increase in possible security risks. Any organization that stores information of a sensitive nature must apply information security principles in order to ensure that the stored information is kept secure. At a basic level, this entails ensuring the confidentiality, integrity and availability of the information, which is not an easy feat in today’s distributed and networked environments. This paved the way for organized standardization activities in the areas of information security and information security management. Throughout history, there have been practices that were created to help “standardize” industries of all areas, to the extent that there are professional organizations whose main objective it is to create such standards to help connect industries all over the world. This applies equally to the healthcare environment, where standardization took off in the late eighties. Healthcare organizations must follow standardized security measures to ensure that patient information stored in health information systems is kept secure. However, the proliferation in standards makes it difficult to understand, adopt and deploy these standards in a coherent manner. This research, therefore, proposes a standards-based security model for health information systems to ensure that such standards are applied in a manner that contributes to securing the healthcare environment as a whole, rather than in a piecemeal fashion.
- Full Text:
- Date Issued: 2008
- Authors: Thomson, Steven Michael
- Date: 2008
- Subjects: Computer networks -- Security measures -- Standards -- South Africa , Data protection -- Management -- Standards , Computer security -- South Africa -- Management , Computers -- Access control -- South Africa , Management information systems -- Security measures -- South Africa
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9786 , http://hdl.handle.net/10948/718 , Computer networks -- Security measures -- Standards -- South Africa , Data protection -- Management -- Standards , Computer security -- South Africa -- Management , Computers -- Access control -- South Africa , Management information systems -- Security measures -- South Africa
- Description: In the healthcare environment, various types of patient information are stored in electronic format. This prevents the re-entering of information that was captured previously. In the past this information was stored on paper and kept in large filing cabinets. However, with the technology advancements that have occurred over the years, the idea of storing patient information in electronic systems arose. This led to a number of electronic health information systems being created, which in turn led to an increase in possible security risks. Any organization that stores information of a sensitive nature must apply information security principles in order to ensure that the stored information is kept secure. At a basic level, this entails ensuring the confidentiality, integrity and availability of the information, which is not an easy feat in today’s distributed and networked environments. This paved the way for organized standardization activities in the areas of information security and information security management. Throughout history, there have been practices that were created to help “standardize” industries of all areas, to the extent that there are professional organizations whose main objective it is to create such standards to help connect industries all over the world. This applies equally to the healthcare environment, where standardization took off in the late eighties. Healthcare organizations must follow standardized security measures to ensure that patient information stored in health information systems is kept secure. However, the proliferation in standards makes it difficult to understand, adopt and deploy these standards in a coherent manner. This research, therefore, proposes a standards-based security model for health information systems to ensure that such standards are applied in a manner that contributes to securing the healthcare environment as a whole, rather than in a piecemeal fashion.
- Full Text:
- Date Issued: 2008
- «
- ‹
- 1
- ›
- »