A framework for selecting NoSQL Databases:a NetFlow use case
- Authors: Rheeder, Leon Albertus
- Date: 2018
- Subjects: Non-relational databases , Database management Information technology Computer science
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/35061 , vital:33611
- Description: Making decisions regarding technology is difficult for IT practitioners, especially when they lack formal guidance. Ad hoc decisions are prone to be influenced by biases. This research study specifically considered decisions regarding NoSQL. The primary objective of this study was to develop a framework that can assist IT practitioners with decisions regarding NoSQL technologies. An investigation into typical decision-making problems encountered when having to make technology-based decisions provided an understanding of the problem context. The application context was explored through a literature study of the four NoSQL families. This study produces a framework to assist IT practitioners in making decisions regarding technology. The framework comprises two models. Firstly, a weighted decision model combines several constructs, thereby providing a general method of making decisions. Secondly, a 6-step process model that can be used to adapt the weighted decision-model to a specific type of technology and a specific use case is proposed. The feasibility and utility of the proposed framework are demonstrated by applying the framework to a NetFlow use case. If NetFlow data is to be used for analytical decision-making, the data must be stored long-term. NoSQL databases have increased in popularity, especially in decision-making contexts. Therefore, NoSQL is a logical storage choice. However, which NoSQL family to use is not self-evident. Therefore, the decision-maker may require assistance to make the right decision. To assist with this decision, the framework was adapted to be used in the NoSQL context. A set of criteria was developed to allow various NoSQL options to be uniformly compared. Furthermore, the four NoSQL families were graded based on this set of criteria. After adaptation, experts provided input regarding the requirements of the NetFlow use case. This resulted in the weighting of the criteria for this specific use case. Finally, a weighted score was calculated for each family. For the NetFlow use case, the model suggests that a document-based NoSQL database be used. The framework ensures that all NoSQL technologies are systematically investigated, thereby reducing the effect of biases. Thus, the problem identified in this study is addressed. The proposed model can also serve as a foundation for future research
- Full Text:
- Date Issued: 2018
A framework for the integration of mobile technology into adventure sport for the purpose of increasing participant safety
- Authors: Mills, Craig John
- Date: 2018
- Subjects: Mobile communication systems , Health promotion -- Technological innovations Sports -- Technological innovations Cell phones -- Health aspects
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/32099 , vital:31958
- Description: The sporting industry has seen incredible advancements with the use of information technology. Technology is used in the sporting industry for training, coaching and even as a deciding factor of a game result. There are certain sports which require individuals to venture into isolated environments, these sports have been termed adventure or extreme sports. Due to the extreme environmental factors that can occur with adventure sport, it is possible for an individual to experience an emergency situation. Emergency situations can occur at any time, and this is especially true in adventure sport. Adventure sport such as ocean and river kayaking require individuals to venture into isolated environments, where if an emergency situation occurs could result in an individual left stranded waiting for emergency rescue. Adventure sport participants and Event Organizers are aware of the dangers associated with this type of adventure sport, but there is currently no requirement to have a mobile technology device present during kayaking events. The main purpose of this dissertation was to evaluate the current use of mobile technology in adventure sport in the Eastern Cape province of South Africa. To accomplish this two literature reviews were conducted which identi_ed information on the two main themes which are adventure sport and mobile technology. To produce information from the ocean and river kayaking community an online questionnaire was distributed to several kayaking clubs in the Eastern Cape province of South Africa. This dissertation also presents a framework that proposes the use of mobile technology hardware and software by participants and event organisers in an attempt to increase the safety of events in this form of adventure sport. It is hoped that the framework for using mobile technology to increase the safety of adventure sport proposed in this research, may provide clear guidance for the achievement of a safer sporting experience for the participants of ocean and river kayaking.
- Full Text:
- Date Issued: 2018
An information security governance model for industrial control systems
- Authors: Webster, Zynn
- Date: 2018
- Subjects: Computer networks -- Security measures , Data protection Computer security Business enterprises -- Computer networks -- Security measures
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/36383 , vital:33934
- Description: Industrial Control Systems (ICS) is a term used to describe several types of control systems, including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS) and Programmable Logic Controllers (PLC). These systems consist of a combination of control components (e.g. electrical, mechanical, pneumatic) which act together to achieve an industrial objective (e.g., manufacturing, transportation of matter or energy). ICS play a fundamental role in critical infrastructures such as electricity grids, oil, gas and manufacturing industries. Initially ICS had little resemblance to typical enterprise IT systems; they were isolated and running proprietary control protocols using specialized hardware and software. However, with initiatives such as Industry 4.0 and Industrial Internet of Things (IIoT), the nature of ICS has changed significantly. There is an ever-increasing use of commercial operating systems and standard protocols like TCP/IP and Ethernet. Consequently, modern ICS are more and more resembling conventional enterprise IT systems, and it is a well-known fact that these IT systems and networks are known to be vulnerable and that they require extensive management to ensure Confidentiality, Integrity, and Availability. Since ICS are now adopting conventional IT characteristics they are also accepting the associated risks. However, owing to the functional area of ICS, the consequences of these threats are much more severe than those of enterprise IT systems. The need to manage security for these systems with highly skilled IT personnel has become essential. Therefore, this research was focussed to identify which unique security controls for ICS and enterprise IT systems can be combined and/or tailored to provide the organization with a single set of comprehensive security controls. By doing an investigation on existing standards and best practices for both enterprise IT and ICS environments, this study has produced a single set of security controls and presented how the security controls can be integrated into an existing information security governance model which organizations can use as a basis for generating a security framework, used not only to secure their enterprise IT systems, but also including the security of their ICS.
- Full Text:
- Date Issued: 2018
Guidelines for and evaluation of the design of technology-supported lessons to teach basic programming principles to deaf and hard of hearing learners: a case study of a school for the deaf
- Authors: Wassermann, Ulza
- Date: 2018
- Subjects: Deaf -- Education , Hearing impaired children -- Education Computers and people with disabilities Communication devices for people with disabilities Information technology -- Education
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/36347 , vital:33925
- Description: Deaf and Hard of Hearing (DHH) learners are part of a diverse population with unique learning challenges, strengths and needs. Learning material should be developed specifically for them to provide for their needs and capitalise on their strengths. These materials should include visual material and strategies as well as sign language. Furthermore, DHH learners have the same capacity for learning as hearing learners. However, in South Africa, DHH learners do not have adequate access to training in computer-related subjects, and therefore no material exists that has been developed specifically for DHH learners who want to learn a programming language. This research provides guidelines on the way technology-supported lessons can be designed to teach basic programming principles using the programming language Scratch, to DHH learners. Provision was made for the South African context where limited technology is available at most schools for DHH learners, but where most educators have access to Microsoft Office applications – specifically MS PowerPoint. Two goals were pursued. The primary goal of this research project was to determine the user experience (UX) of the participants (both learners and educators) during and after using and attending the technology-supported lessons. This was achieved through a case study. Four UX evaluation elements were evaluated in this project. They were: usability, accessibility, emotional user reaction, and hedonic aspects. Questionnaires, semi-structured interviews as well as participant-observation were used to determine the UX of participants. The UX evaluation provided sufficient evidence to claim that UX of participants was satisfactory, and therefore the guidelines that were developed to create technology-supported lessons to teach basic programming principles to DHH learners were appropriate. The secondary goal was to develop guidelines for the design of technology-supported lessons to teach programming to DHH learners, and to apply these guidelines to develop a high-fidelity, fully functional prototype – a set of technology-supported lessons. This was achieved through a prototype construction research strategy. The lessons consisted of two vocabulary lessons and one programming lesson. The words that were taught in the vocabulary lesson were either terms appearing in the interface of Scratch, or words needed in the explanation of programming principles and Scratch context. The programming lesson (a PowerPoint slide show) was a guide for the educator to present the content in a logical way, and not to leave out important information. It used multimedia techniques (colour, pictures, animation) to explain programming concepts, and to display the tasks to be completed to the learners, so that they could remember the sequence of the steps. Practical strategies have been included in the guidelines to address the learning challenges DHH experience in the following areas: Comprehension skills, application of knowledge and knowledge organisation, relational and individual-item orientations, metacognition, memory, distractibility. The guidelines referred to techniques and principles that can be followed to design the interface and navigation tools of a technology-supported lesson; enhance communication with DHH learners, and provide support for them to work independently; specify the educator’s role and attitude when facilitating or presenting programming lessons and to structure a programming lesson.
- Full Text:
- Date Issued: 2018
Guidelines for the protection of stored sensitive information assets within small, medium and micro enterprises
- Authors: Scharnick, Nicholas
- Date: 2018
- Subjects: Computer security , Information technology -- Security measures Data protection Business -- Data processing -- Security measures Small business -- Data processing -- Security measures -- South Africa
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/34799 , vital:33452
- Description: Technology has become important in the business environment as it ensures that a business is competitive and it also drives the business processes. However, in the era of mobile devices, easy access to the internet and a wide variety of other communication mechanisms; the security of the business from a technological perspective is constantly under threat. Thus, the problem that this research aims to address is that there is currently a lack of understanding by SMMEs in protecting their stored sensitive information assets. This study intends to assist small businesses, such as those within the Small Medium and Micro Enterprises (SMME) on how to protect and secure information while it is in storage. SMMEs usually do not have available resources to fully address information security related concerns that could pose a threat to the well being and success of the business. In order to address the problem identified, and assist SMMEs with better protecting their stored information assets, the outcomes of this research is to develop guidelines to assist SMMEs in protecting stored sensitive information assets. Through the use of a qualitative content analysis, a literature review, a number of information security standards, best practices, and frameworks, including the ISO27000 series of standards, COBIT, ITIL, and various NIST publications were analysed to determine how these security approaches address security concerns that arise when considering the storage of sensitive information. Following the literature analysis, a survey was developed and distributed to a wide variety of SMMEs in order to determine what their information security requirements might be, as well as how they address information security. The results obtained from this, coupled with the literature analysis, served as input for the development of a number of guidelines that can assist SMMEs in protecting stored sensitive information assets.
- Full Text:
- Date Issued: 2018
Topic map for representing network security competencies
- Authors: Yekela, Odwa
- Date: 2018
- Subjects: Computer networks , Computer networks -- Security measures Computers -- Access control
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/36368 , vital:33931
- Description: Competencies represent the knowledge, skills and attitudes required for job roles. Organisations need to understand and grow competencies within their workforce in order to be more competitive and to maximise new market opportunities. Competency Management is the process of introducing, managing and enforcing competencies in organisations. Through this process, occupational competencies can be assessed to see if candidates match the required job role expectations. The assessment of competencies can be conceptualised from two perspectives. The rst is `competency frameworks', which describe competencies from a high-level overview. As such, they are regarded as theWhat" element of competency. The second perspective is `competencybased learning', which focuses on addressing competencies from a more detailed, task-oriented perspective. Competency-based learning is regarded as the How" element of competency. Currently, there is no available tool that can map the What" with the How" element of competency. Such a mapping would provide a more holistic approach to representing competencies. This dissertation adopts the topic map standard in order to demonstrate a holistic approach to mapping competencies, specially in network security. This is accomplished through the design and evaluation of a Design Science artefact. In this research process a topic map data model was constructed from mapping the `What' and `How' elements together. To demonstrate the applicability of the model, it was implemented in a Computer Security Incident Response Team (CSIRT) recruitment scenario. The aim of this demonstration was to prove that the topic map could be implemented in an organisational context.
- Full Text:
- Date Issued: 2018
Users’ perceptions regarding password policies
- Authors: Fredericks, Damian Todd
- Date: 2018
- Subjects: Computers -- Access control , Computer networks -- Security measures Computer security
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/30205 , vital:30896
- Description: Information is considered a valuable asset to most organisations and is often exposed to various threats which exploit its confidentiality, integrity and availability (CIA). Identification and Authentication are commonly used to help ensure the CIA of information. This research study specifically focused on password-based authentication. Passwords are used to log into personal computers, company computers, email accounts, bank accounts and various software systems and mobile applications. Passwords act like a protective barrier between a user and their personal and company information, and remain the most cost-effective and most efficient method to control access to computer systems. An extensive content analysis was conducted regarding the security of passwords, as well as users’ password management coping strategies. It was determined that very little research has been conducted in relation to users’ perceptions towards password policies. The problem identified by this research is that organisations often implement password policy guidelines without taking into consideration users’ perceptions regarding such guidelines. This could result in users adopting various password management coping strategies. This research therefore aimed to determine users’ perceptions with regard to current password-related standards and best practices (password policy guidelines). Standards and best practices such as ISO/IEC 27002 (2013), NIST SP 800-118 (2009), NIST SP 800-63-2 (2013), NIST SP 800-63B (2016) and the SANS Password Protection Policy (2014b) were studied in order to determine the common elements of password policies. This research argued that before organisations implement password policy guidelines, they need to determine users’ perceptions towards such guidelines. It was identified that certain human factors such as human memory, attitude and apathy often cause users to adopt insecure coping strategies such as Reusing Passwords, Writing Down Passwords and Not Changing Passwords. This research included a survey which took the form of a questionnaire. The aim of the survey was to determine users’ perceptions towards common elements of password policies and to determine the coping strategies users commonly adopt. The survey included questions related to the new NIST SP 800-63B (2016) that sought to determine users’ perceptions towards these new NIST password policy iii guidelines. Findings from the survey indicated that respondents found the new NIST guidelines to be helpful, secure and easier to adhere to. Finally, recommendations regarding password policies were presented based on the common elements of password policies and users’ perceptions of the new NIST password guidelines. These recommendations could help policy makers in the implementation of new password policies or the revision of current password policies.
- Full Text:
- Date Issued: 2018