A cyber security strategy to mitigate cloud computing risks within the investment management sector in Cape Town
- Authors: Monareng, Glacier Jamela
- Date: 2024-04
- Subjects: Cloud computing , Computer security , Computer science
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/64717 , vital:73866
- Description: Adoption of cloud computing has become a transformative force in modern information technology, revolutionizing how organisations procure, manage, and deliver IT resources as well as IT services. This treatise explores the implementation of cloud computing in the investment management sector. It focuses on potential cloud security risks, broader implications for businesses and IT ecosystems, and subsequently the treatise conceptualises a strategy that may help in responding to these security risks. The study began by surveying the motivations behind cloud adoption in the investment sector, emphasising the potential cost savings, scalability, and flexibility cloud services offer. It then delves into the challenges faced during implementation, including security concerns, data privacy, compliance issues, and the intricacies of transitioning legacy systems to cloud environments. In response to these challenges, the treatise outlines strategies for successful cloud implementation within the investment sector, in Cape Town, South Africa. It highlights the significance of selecting appropriate cloud service models (for example, IaaS, PaaS, or SaaS) and deployment options (for example, public, private, hybrid, or multi-cloud) to align with organisational needs and objectives. The study followed a qualitative research study. In collecting data an open-ended online survey was sent to participants. The participants were from an investment company in Cape Town. The study employed the design science research paradigm with the aim of developing an artefact. The methodology used was the Nelson Mandela University-Design Science Strategy Methodology (NMU-DSSM) In conclusion, this treatise conceptualises a strategy that may help companies investing in cloud computing technologies to mitigate cyber security and cloud risks. It recommends practices that underscore cloud computing's transformative potential while acknowledging its complexity and challenges. The strategy may serve as a valuable resource for IT professionals, decision-makers, and organisations embarking on the cloud journey, offering guidance and perspectives to navigate the complexities and to realise the potential benefits of cloud technology. , Thesis (MPhil) -- Faculty of Engineering, the Built Environment and Technology, School of Information Technology, 2024
- Full Text:
- Date Issued: 2024-04
- Authors: Monareng, Glacier Jamela
- Date: 2024-04
- Subjects: Cloud computing , Computer security , Computer science
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/64717 , vital:73866
- Description: Adoption of cloud computing has become a transformative force in modern information technology, revolutionizing how organisations procure, manage, and deliver IT resources as well as IT services. This treatise explores the implementation of cloud computing in the investment management sector. It focuses on potential cloud security risks, broader implications for businesses and IT ecosystems, and subsequently the treatise conceptualises a strategy that may help in responding to these security risks. The study began by surveying the motivations behind cloud adoption in the investment sector, emphasising the potential cost savings, scalability, and flexibility cloud services offer. It then delves into the challenges faced during implementation, including security concerns, data privacy, compliance issues, and the intricacies of transitioning legacy systems to cloud environments. In response to these challenges, the treatise outlines strategies for successful cloud implementation within the investment sector, in Cape Town, South Africa. It highlights the significance of selecting appropriate cloud service models (for example, IaaS, PaaS, or SaaS) and deployment options (for example, public, private, hybrid, or multi-cloud) to align with organisational needs and objectives. The study followed a qualitative research study. In collecting data an open-ended online survey was sent to participants. The participants were from an investment company in Cape Town. The study employed the design science research paradigm with the aim of developing an artefact. The methodology used was the Nelson Mandela University-Design Science Strategy Methodology (NMU-DSSM) In conclusion, this treatise conceptualises a strategy that may help companies investing in cloud computing technologies to mitigate cyber security and cloud risks. It recommends practices that underscore cloud computing's transformative potential while acknowledging its complexity and challenges. The strategy may serve as a valuable resource for IT professionals, decision-makers, and organisations embarking on the cloud journey, offering guidance and perspectives to navigate the complexities and to realise the potential benefits of cloud technology. , Thesis (MPhil) -- Faculty of Engineering, the Built Environment and Technology, School of Information Technology, 2024
- Full Text:
- Date Issued: 2024-04
A strategic approach for handling information security incidents in higher education
- Authors: Khamali, Rethabile
- Date: 2024-04
- Subjects: Computer security -- Management , Computer security , Information resources management , Corporate governance -- South Africa
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/64588 , vital:73769
- Description: Information Security Management System (ISMS) is a set of processes to protect institution information assets and information and to preserve confidentiality, integrity, and availability of institutional information. In the world of computers, it is known that there is no silver bullet when it comes to protecting an IT infrastructure. At some point, an organisation will face a security breach, and how it deals with the information security incident depending on the robustness of its processes and the strategy for handling incidents. In today’s world, information communication and technology (ICT) is integral in automating manual tasks that can take hours and even days to execute. The more institutions depend on technology, the more they become vulnerable to cyber threats. This could result in an institution losing its competitive edge, facing legal issues, loss of reputation, customer confidence and productivity, and lastly, financial loss. Various information security standards, frameworks, and methodologies can be applied to protect information assets. Many of these best practices define the ‘what’ and not the ‘how’ making it even more complex for institutions such as Higher Education to implement ISMS. The study aims is to develop a strategy for handling information security incidents that Higher Education Institutions can follow to improve how incidents, cyber threats and breaches are handled. The primary research objective is addressed through several secondary research objectives, namely, to investigate current strategies that Higher Education Institutions can utilise for the handling of information security incidents, to understand various challenges that Higher Education Institutions encounter when handling information security incidents, to assess the current capacity of relevant personnel in handling information security incidents through semi-structured interviews. A detailed literature review was undertaken to delve into existing various information security standards, frameworks, and methodologies. In addition, an investigation was conducted on ISMS adoption and implementation by institutions and Higher Education Institutions in general and how modern best practices such as ISO2700x, COBIT, ITIL, NIST, etc, relate to ISMS. Furthermore, semi-structured interviews were conducted to determine information security incidents at South African Higher Education Institutions. Expert interviews are utilised to evaluate the proposed strategy and provide input. The literature review findings, together with results obtained from semi-structured and expert interviews, are used to develop a strategy evaluated for its robustness, effectiveness, and suitability for the purpose. The developed strategy can be considered a beneficial tool for Higher Education Institutions in South Africa for handling information security incidents. This study’s findings significantly contribute to ISMS research in Higher Education Institutions in South Africa. In conclusion, findings of the study can be summarized as follows. The first chapter, which is also an introduction, sets out the scene for the entire research study undertaken by first highlighting information technology as an integral part of any business nowadays. Higher education institutions collect, process and store sensitive information of current and prospective students and employees, which might be of value to hackers. An information security management system (ISMS) can minimise damage by ensuring information assets are protected from a wide range of threats and business resilience in case of a breach or an incident. Chapter 2 reviews the existing literature for these frameworks, standards, and methods. In addition, various ISMS challenges and limitations within Higher Education Institutions were explored. The third chapter outlines the research design process and an emphasises that it must be based on real-world or tangible challenges. The fourth chapter presented and discussed results that were obtained from semi-structured interviews. The study’s analysis and findings vividly show that there is a need to implement a strategy to handle information security incidents for South African higher education institutions. The strategic management approach used to formulate a strategy to address the identified real problem is discussed in detail in chapter 5. The strategy is developed based on the information gathered from the literature review and semi-structured interviews. The results of the assessment of the proposed strategy carried out by the experts are presented in Chapter 6.The chapter also includes recommendations made by the experts to improve the proposedstrategy. , Thesis (MPhil) -- Faculty of Engineering, the Built Environment and Technology, School of Information Technology, 2024
- Full Text:
- Date Issued: 2024-04
- Authors: Khamali, Rethabile
- Date: 2024-04
- Subjects: Computer security -- Management , Computer security , Information resources management , Corporate governance -- South Africa
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/64588 , vital:73769
- Description: Information Security Management System (ISMS) is a set of processes to protect institution information assets and information and to preserve confidentiality, integrity, and availability of institutional information. In the world of computers, it is known that there is no silver bullet when it comes to protecting an IT infrastructure. At some point, an organisation will face a security breach, and how it deals with the information security incident depending on the robustness of its processes and the strategy for handling incidents. In today’s world, information communication and technology (ICT) is integral in automating manual tasks that can take hours and even days to execute. The more institutions depend on technology, the more they become vulnerable to cyber threats. This could result in an institution losing its competitive edge, facing legal issues, loss of reputation, customer confidence and productivity, and lastly, financial loss. Various information security standards, frameworks, and methodologies can be applied to protect information assets. Many of these best practices define the ‘what’ and not the ‘how’ making it even more complex for institutions such as Higher Education to implement ISMS. The study aims is to develop a strategy for handling information security incidents that Higher Education Institutions can follow to improve how incidents, cyber threats and breaches are handled. The primary research objective is addressed through several secondary research objectives, namely, to investigate current strategies that Higher Education Institutions can utilise for the handling of information security incidents, to understand various challenges that Higher Education Institutions encounter when handling information security incidents, to assess the current capacity of relevant personnel in handling information security incidents through semi-structured interviews. A detailed literature review was undertaken to delve into existing various information security standards, frameworks, and methodologies. In addition, an investigation was conducted on ISMS adoption and implementation by institutions and Higher Education Institutions in general and how modern best practices such as ISO2700x, COBIT, ITIL, NIST, etc, relate to ISMS. Furthermore, semi-structured interviews were conducted to determine information security incidents at South African Higher Education Institutions. Expert interviews are utilised to evaluate the proposed strategy and provide input. The literature review findings, together with results obtained from semi-structured and expert interviews, are used to develop a strategy evaluated for its robustness, effectiveness, and suitability for the purpose. The developed strategy can be considered a beneficial tool for Higher Education Institutions in South Africa for handling information security incidents. This study’s findings significantly contribute to ISMS research in Higher Education Institutions in South Africa. In conclusion, findings of the study can be summarized as follows. The first chapter, which is also an introduction, sets out the scene for the entire research study undertaken by first highlighting information technology as an integral part of any business nowadays. Higher education institutions collect, process and store sensitive information of current and prospective students and employees, which might be of value to hackers. An information security management system (ISMS) can minimise damage by ensuring information assets are protected from a wide range of threats and business resilience in case of a breach or an incident. Chapter 2 reviews the existing literature for these frameworks, standards, and methods. In addition, various ISMS challenges and limitations within Higher Education Institutions were explored. The third chapter outlines the research design process and an emphasises that it must be based on real-world or tangible challenges. The fourth chapter presented and discussed results that were obtained from semi-structured interviews. The study’s analysis and findings vividly show that there is a need to implement a strategy to handle information security incidents for South African higher education institutions. The strategic management approach used to formulate a strategy to address the identified real problem is discussed in detail in chapter 5. The strategy is developed based on the information gathered from the literature review and semi-structured interviews. The results of the assessment of the proposed strategy carried out by the experts are presented in Chapter 6.The chapter also includes recommendations made by the experts to improve the proposedstrategy. , Thesis (MPhil) -- Faculty of Engineering, the Built Environment and Technology, School of Information Technology, 2024
- Full Text:
- Date Issued: 2024-04
Investigating the use of nudging to dissuade online banking fraud
- Mutyavariri, Takudzwa Stanley
- Authors: Mutyavariri, Takudzwa Stanley
- Date: 2023-03-31
- Subjects: Electronic commerce Security measures , Bank fraud , Computer security , Behavioral cybersecurity , Decision making Data processing
- Language: English
- Type: Academic theses , Master's theses , text
- Identifier: http://hdl.handle.net/10962/419462 , vital:71646
- Description: Online banking is a service offered by most modern banks to provide their clients with a convenient means to access their bank accounts remotely. However, such convenience comes at a cost and has the potential to expose clients to online banking fraud. To mitigate such forms of fraud, banks make extensive use of traditional cybersecurity measures such as firewalls, intrusion detection systems, as well as personal identification numbers (PINs) and passwords. However, despite the use of such traditional cybersecurity measures, online banking fraud still occurs. In particular, traditional cybersecurity measures have difficulties detecting the unauthorised use of a customer’s online banking credentials. For this reason, this study’s main objective was to investigate the effectiveness of nudges when used to dissuade the unauthorised use of clients’ online banking credentials. The study also had two secondary objectives: firstly, to identify where the deployment of nudges would be most effective; and secondly, to identify the rationalisations an individual may use to justify committing online banking fraud. Although previous research has sought to understand the use of nudges in various online contexts, none have done so within the context of online banking. Using a recontextualised version of the COM-B (capability, opportunity, motivation – behaviour) model of behaviour change, nudges were deployed in three versions of a fictitious online banking website. Following this, 15 semi-structured interviews were conducted with online banking users from the United States of America to understand how a third party may behave and rationalise their choices when they have unauthorised access to a customer’s online banking credentials. The transcripts of these interviews were analysed using thematic analysis. The findings revealed that the most dissuasive nudges focused on encouraging individuals to empathise with the account holder. Nudges that increased the perception of an online banking website’s security were also particularly dissuasive. The findings also indicated that the most effective place to deploy these nudges was after a user had logged in. Several rationalisations that enabled individuals to commit online baking fraud were found. The three most common were crime of opportunity, down on their luck, and sunk cost fallacy and curiosity. Together, the findings provide evidence to suggest that, if used effectively, nudges could prove useful as a means of dissuading online banking fraud, and even more so when combined with traditional cybersecurity measures. , Thesis (MCom) -- Faculty of Commerce, Information Systems, 2023
- Full Text:
- Date Issued: 2023-03-31
- Authors: Mutyavariri, Takudzwa Stanley
- Date: 2023-03-31
- Subjects: Electronic commerce Security measures , Bank fraud , Computer security , Behavioral cybersecurity , Decision making Data processing
- Language: English
- Type: Academic theses , Master's theses , text
- Identifier: http://hdl.handle.net/10962/419462 , vital:71646
- Description: Online banking is a service offered by most modern banks to provide their clients with a convenient means to access their bank accounts remotely. However, such convenience comes at a cost and has the potential to expose clients to online banking fraud. To mitigate such forms of fraud, banks make extensive use of traditional cybersecurity measures such as firewalls, intrusion detection systems, as well as personal identification numbers (PINs) and passwords. However, despite the use of such traditional cybersecurity measures, online banking fraud still occurs. In particular, traditional cybersecurity measures have difficulties detecting the unauthorised use of a customer’s online banking credentials. For this reason, this study’s main objective was to investigate the effectiveness of nudges when used to dissuade the unauthorised use of clients’ online banking credentials. The study also had two secondary objectives: firstly, to identify where the deployment of nudges would be most effective; and secondly, to identify the rationalisations an individual may use to justify committing online banking fraud. Although previous research has sought to understand the use of nudges in various online contexts, none have done so within the context of online banking. Using a recontextualised version of the COM-B (capability, opportunity, motivation – behaviour) model of behaviour change, nudges were deployed in three versions of a fictitious online banking website. Following this, 15 semi-structured interviews were conducted with online banking users from the United States of America to understand how a third party may behave and rationalise their choices when they have unauthorised access to a customer’s online banking credentials. The transcripts of these interviews were analysed using thematic analysis. The findings revealed that the most dissuasive nudges focused on encouraging individuals to empathise with the account holder. Nudges that increased the perception of an online banking website’s security were also particularly dissuasive. The findings also indicated that the most effective place to deploy these nudges was after a user had logged in. Several rationalisations that enabled individuals to commit online baking fraud were found. The three most common were crime of opportunity, down on their luck, and sunk cost fallacy and curiosity. Together, the findings provide evidence to suggest that, if used effectively, nudges could prove useful as a means of dissuading online banking fraud, and even more so when combined with traditional cybersecurity measures. , Thesis (MCom) -- Faculty of Commerce, Information Systems, 2023
- Full Text:
- Date Issued: 2023-03-31
Remote fidelity of Container-Based Network Emulators
- Authors: Peach, Schalk Willem
- Date: 2021-10-29
- Subjects: Computer networks Security measures , Intrusion detection systems (Computer security) , Computer security , Host-based intrusion detection systems (Computer security) , Emulators (Computer programs) , Computer network protocols , Container-Based Network Emulators (CBNEs) , Network Experimentation Platforms (NEPs)
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10962/192141 , vital:45199
- Description: This thesis examines if Container-Based Network Emulators (CBNEs) are able to instantiate emulated nodes that provide sufficient realism to be used in information security experiments. The realism measure used is based on the information available from the point of view of a remote attacker. During the evaluation of a Container-Based Network Emulator (CBNE) as a platform to replicate production networks for information security experiments, it was observed that nmap fingerprinting returned Operating System (OS) family and version results inconsistent with that of the host Operating System (OS). CBNEs utilise Linux namespaces, the technology used for containerisation, to instantiate \emulated" hosts for experimental networks. Linux containers partition resources of the host OS to create lightweight virtual machines that share a single OS kernel. As all emulated hosts share the same kernel in a CBNE network, there is a reasonable expectation that the fingerprints of the host OS and emulated hosts should be the same. Based on how CBNEs instantiate emulated networks and that fingerprinting returned inconsistent results, it was hypothesised that the technologies used to construct CBNEs are capable of influencing fingerprints generated by utilities such as nmap. It was predicted that hosts emulated using different CBNEs would show deviations in remotely generated fingerprints when compared to fingerprints generated for the host OS. An experimental network consisting of two emulated hosts and a Layer 2 switch was instantiated on multiple CBNEs using the same host OS. Active and passive fingerprinting was conducted between the emulated hosts to generate fingerprints and OS family and version matches. Passive fingerprinting failed to produce OS family and version matches as the fingerprint databases for these utilities are no longer maintained. For active fingerprinting the OS family results were consistent between tested systems and the host OS, though OS version results reported was inconsistent. A comparison of the generated fingerprints revealed that for certain CBNEs fingerprint features related to network stack optimisations of the host OS deviated from other CBNEs and the host OS. The hypothesis that CBNEs can influence remotely generated fingerprints was partially confirmed. One CBNE system modified Linux kernel networking options, causing a deviation from fingerprints generated for other tested systems and the host OS. The hypothesis was also partially rejected as the technologies used by CBNEs do not influence the remote fidelity of emulated hosts. , Thesis (MSc) -- Faculty of Science, Computer Science, 2021
- Full Text:
- Date Issued: 2021-10-29
- Authors: Peach, Schalk Willem
- Date: 2021-10-29
- Subjects: Computer networks Security measures , Intrusion detection systems (Computer security) , Computer security , Host-based intrusion detection systems (Computer security) , Emulators (Computer programs) , Computer network protocols , Container-Based Network Emulators (CBNEs) , Network Experimentation Platforms (NEPs)
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10962/192141 , vital:45199
- Description: This thesis examines if Container-Based Network Emulators (CBNEs) are able to instantiate emulated nodes that provide sufficient realism to be used in information security experiments. The realism measure used is based on the information available from the point of view of a remote attacker. During the evaluation of a Container-Based Network Emulator (CBNE) as a platform to replicate production networks for information security experiments, it was observed that nmap fingerprinting returned Operating System (OS) family and version results inconsistent with that of the host Operating System (OS). CBNEs utilise Linux namespaces, the technology used for containerisation, to instantiate \emulated" hosts for experimental networks. Linux containers partition resources of the host OS to create lightweight virtual machines that share a single OS kernel. As all emulated hosts share the same kernel in a CBNE network, there is a reasonable expectation that the fingerprints of the host OS and emulated hosts should be the same. Based on how CBNEs instantiate emulated networks and that fingerprinting returned inconsistent results, it was hypothesised that the technologies used to construct CBNEs are capable of influencing fingerprints generated by utilities such as nmap. It was predicted that hosts emulated using different CBNEs would show deviations in remotely generated fingerprints when compared to fingerprints generated for the host OS. An experimental network consisting of two emulated hosts and a Layer 2 switch was instantiated on multiple CBNEs using the same host OS. Active and passive fingerprinting was conducted between the emulated hosts to generate fingerprints and OS family and version matches. Passive fingerprinting failed to produce OS family and version matches as the fingerprint databases for these utilities are no longer maintained. For active fingerprinting the OS family results were consistent between tested systems and the host OS, though OS version results reported was inconsistent. A comparison of the generated fingerprints revealed that for certain CBNEs fingerprint features related to network stack optimisations of the host OS deviated from other CBNEs and the host OS. The hypothesis that CBNEs can influence remotely generated fingerprints was partially confirmed. One CBNE system modified Linux kernel networking options, causing a deviation from fingerprints generated for other tested systems and the host OS. The hypothesis was also partially rejected as the technologies used by CBNEs do not influence the remote fidelity of emulated hosts. , Thesis (MSc) -- Faculty of Science, Computer Science, 2021
- Full Text:
- Date Issued: 2021-10-29
- «
- ‹
- 1
- ›
- »