A cybersafety educational framework for primary school learners in South Africa
- Authors: Kucherera, Lean
- Date: 2020
- Subjects: Computer crimes -- Security measures -- South Africa School children -- Crimes against -- South Africa
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/49452 , vital:41722
- Description: Information and communication technologies (ICTs) have made life much easier for many people but have also brought many dangers to the world. School learners are amongst the users of ICT who are becoming cyber citizens. This age is good at exploring new things, with a growing number of school learners having access to ICT devices, such as mobile phones, tablets and desktop computers. This is due to the affordability of mobile phones, which they normally receive as gifts from their parents. Due to easy access of ICT, school learners can now access cyberspace which offers them many advantages and benefits. Such advantages and benefits include having a platform to socialise, improved and ease of access to information as well as improving their learning. Despite these benefits, school learners (primary school learners in particular) are prone to falling victim to a range of cyber risks and attacks since cyberspace is an unregulated platform that poses many potential dangers Common cybersafety threats associated with school learners include cyberbullying, sexting/“sextortion”, engaging with strangers, accessing inappropriate content and being exposed to a breach of privacy. Because the cybersafety of children, especially primary school learners, is often compromised, there is a need to protect them from the threats associated with ICT. However, protecting children from the aforementioned cybersafety threats is complicated because access to cyberspace is no longer confined to the home computer, but has extended to mobile phones, which are even more pervasive. Therefore, it is essential for school learners to be educated on how to protect themselves and their information in the virtual computer world. A number of developed countries like Australia, New Zealand, Canada, United States of America (USA) and United Kingdom (UK) have included cybersafety education in their school curricula. Similarly, the rapid growth of the Internet around the world, allowed some countries in Africa to take the initiative to start implementing cybersafety education in schools including Mauritius, Tunisia, Kenya, Ghana, Mozambique, Cameroon, Egypt and Rwanda. Countries like Uganda, Sudan, Morocco and South Africa are still facing challenges in this aspect. This study is focused on the cybersafety of primary school learners in the South African context.
- Full Text:
- Date Issued: 2020
- Authors: Kucherera, Lean
- Date: 2020
- Subjects: Computer crimes -- Security measures -- South Africa School children -- Crimes against -- South Africa
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/49452 , vital:41722
- Description: Information and communication technologies (ICTs) have made life much easier for many people but have also brought many dangers to the world. School learners are amongst the users of ICT who are becoming cyber citizens. This age is good at exploring new things, with a growing number of school learners having access to ICT devices, such as mobile phones, tablets and desktop computers. This is due to the affordability of mobile phones, which they normally receive as gifts from their parents. Due to easy access of ICT, school learners can now access cyberspace which offers them many advantages and benefits. Such advantages and benefits include having a platform to socialise, improved and ease of access to information as well as improving their learning. Despite these benefits, school learners (primary school learners in particular) are prone to falling victim to a range of cyber risks and attacks since cyberspace is an unregulated platform that poses many potential dangers Common cybersafety threats associated with school learners include cyberbullying, sexting/“sextortion”, engaging with strangers, accessing inappropriate content and being exposed to a breach of privacy. Because the cybersafety of children, especially primary school learners, is often compromised, there is a need to protect them from the threats associated with ICT. However, protecting children from the aforementioned cybersafety threats is complicated because access to cyberspace is no longer confined to the home computer, but has extended to mobile phones, which are even more pervasive. Therefore, it is essential for school learners to be educated on how to protect themselves and their information in the virtual computer world. A number of developed countries like Australia, New Zealand, Canada, United States of America (USA) and United Kingdom (UK) have included cybersafety education in their school curricula. Similarly, the rapid growth of the Internet around the world, allowed some countries in Africa to take the initiative to start implementing cybersafety education in schools including Mauritius, Tunisia, Kenya, Ghana, Mozambique, Cameroon, Egypt and Rwanda. Countries like Uganda, Sudan, Morocco and South Africa are still facing challenges in this aspect. This study is focused on the cybersafety of primary school learners in the South African context.
- Full Text:
- Date Issued: 2020
A cybersecurity curricular framework for IT undergraduates in South Africa
- Authors: Mbuqe, Apelele Alungile
- Date: 2020
- Subjects: LCSH
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/49595 , vital:41739
- Description: Abstract ending in a full stop.
- Full Text:
- Authors: Mbuqe, Apelele Alungile
- Date: 2020
- Subjects: LCSH
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/49595 , vital:41739
- Description: Abstract ending in a full stop.
- Full Text:
A framework for teaching secure coding practices through a blended learning approach
- Mdunyelwa, Vuyolwethu Sizoli
- Authors: Mdunyelwa, Vuyolwethu Sizoli
- Date: 2020
- Subjects: Blended learning , Blended learning -- Case studies Computer security
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/49940 , vital:41890
- Description: With the recent increase in cyber-related attacks, cybersecurity is becoming a key area of concern for many organisations. Cybersecurity vulnerabilities are typically addressed through the implementation of various cybersecurity controls. These controls can be operational, technical or physical in nature. The focus of this research, however, is on technical controls with a specific focus on securing web applications. This research investigated whether third year software development students at the Nelson Mandela University adhered to secure coding practices in their capstone projects. In order to determine adherence, secure coding practices were identified from OWASP for the data access layer in web applications developed in the .NET environment. This was addressed by Secondary Objective, which was To determine what secure coding practices a web application developer should adhere to in the .NET environment. These secure coding practices were used to conduct a code review on 2015 third year capstone projects, and addressed Secondary Objective, To determine the adherence of third year software development capstone projects to the identified secure coding practices. The results for the code review were analysed and indicated low levels of adherence which led to the Problem Statement of this research, namely: Undergraduate software development students do not consistently adhere to secure coding practices when developing their third-year capstone projects, thereby leading to vulnerabilities in their web applications. In order to address this Problem Statement, the Primary Objective was identified, To develop a framework for teaching secure coding practices through a blended learning approach. Secondary Objective, To determine whether third year software development students have the requisite knowledge relating to secure coding, took the form of a questionnaire to assess students' knowledge relating to secure coding practices. This required the achievement of further sub-objectives which addressed both the knowledge and behaviour of software development students. The results of this questionnaire indicated that many of the third-year software development students lacked the requisite knowledge. This lack of knowledge and adherence was addressed through an educational intervention, meeting Secondary Objective, To design and implement an educational intervention to support software development students in the development of secure web applications. In terms of knowledge, online lessons were developed addressing each of the secure coding practices identified. In order to address adherence, students were given a checklist to monitor their adherence to the identified secure coding practices. Secondary Objective, To determine the exact of the educational intervention on both student adherence and their requisite knowledge regarding secure coding practices, involved the varication of the educational intervention, and comprised of two components, knowledge and behaviour. Knowledge varication took the form of an online questionnaire given to 2017 third year project students. To address behavioural adherence, the researcher conducted a code review on the 2017 capstone projects. The results from the varication showed a general improvement in students' knowledge and high levels of adherence to secure coding practices. Finally, a framework was developed that encompassed the key elements of this research, thereby providing guidance to support the development of se cure web applications in higher education institutions and meeting the primary objective of this study.
- Full Text:
- Date Issued: 2020
- Authors: Mdunyelwa, Vuyolwethu Sizoli
- Date: 2020
- Subjects: Blended learning , Blended learning -- Case studies Computer security
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/49940 , vital:41890
- Description: With the recent increase in cyber-related attacks, cybersecurity is becoming a key area of concern for many organisations. Cybersecurity vulnerabilities are typically addressed through the implementation of various cybersecurity controls. These controls can be operational, technical or physical in nature. The focus of this research, however, is on technical controls with a specific focus on securing web applications. This research investigated whether third year software development students at the Nelson Mandela University adhered to secure coding practices in their capstone projects. In order to determine adherence, secure coding practices were identified from OWASP for the data access layer in web applications developed in the .NET environment. This was addressed by Secondary Objective, which was To determine what secure coding practices a web application developer should adhere to in the .NET environment. These secure coding practices were used to conduct a code review on 2015 third year capstone projects, and addressed Secondary Objective, To determine the adherence of third year software development capstone projects to the identified secure coding practices. The results for the code review were analysed and indicated low levels of adherence which led to the Problem Statement of this research, namely: Undergraduate software development students do not consistently adhere to secure coding practices when developing their third-year capstone projects, thereby leading to vulnerabilities in their web applications. In order to address this Problem Statement, the Primary Objective was identified, To develop a framework for teaching secure coding practices through a blended learning approach. Secondary Objective, To determine whether third year software development students have the requisite knowledge relating to secure coding, took the form of a questionnaire to assess students' knowledge relating to secure coding practices. This required the achievement of further sub-objectives which addressed both the knowledge and behaviour of software development students. The results of this questionnaire indicated that many of the third-year software development students lacked the requisite knowledge. This lack of knowledge and adherence was addressed through an educational intervention, meeting Secondary Objective, To design and implement an educational intervention to support software development students in the development of secure web applications. In terms of knowledge, online lessons were developed addressing each of the secure coding practices identified. In order to address adherence, students were given a checklist to monitor their adherence to the identified secure coding practices. Secondary Objective, To determine the exact of the educational intervention on both student adherence and their requisite knowledge regarding secure coding practices, involved the varication of the educational intervention, and comprised of two components, knowledge and behaviour. Knowledge varication took the form of an online questionnaire given to 2017 third year project students. To address behavioural adherence, the researcher conducted a code review on the 2017 capstone projects. The results from the varication showed a general improvement in students' knowledge and high levels of adherence to secure coding practices. Finally, a framework was developed that encompassed the key elements of this research, thereby providing guidance to support the development of se cure web applications in higher education institutions and meeting the primary objective of this study.
- Full Text:
- Date Issued: 2020
A framework to integrate secure programming principles into undergraduate computing curricula
- Authors: Bangani, Sifiso Matthews
- Date: 2020
- Subjects: Information technology -- Study and teaching (Higher) , Electronic data processing personnel -- Training of Computer software -- Development
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/46019 , vital:39409
- Description: Many graduate software developers are not competent in secure programming, resulting in risks that are caused by vulnerabilities in the application code of software applications. These graduate software developers are equipped with programming knowledge and skills from universities, however, these software developers are rarely equipped with secure programming knowledge and skills from the undergraduate level. Although there are various techniques for writing secure code in the current body of knowledge, these techniques are rarely fundamental components of a computing curriculum, resulting in incompetent graduate software developers. The security aspect of software applications, is considered as an important aspect that can reflect the ability of a system to prevent data exposures and loss of information. For businesses that rely on software applications to keep operations running, a failure of a software application can stop production, interrupt processes, and may lead to data breaches and financial losses. This research argued that secure programming education needs to be included across computing curricula, and thus, the primary objective of this dissertation was: To develop a framework for integrating secure programming principles into undergraduate computing curricula. It proposes a framework for the incorporation of secure programming principles into undergraduate computing curricula, through a step-by-step approach. This framework includes the identification of application risks and secure programming practices as they relate to each other, and to the basic programming concepts taught to undergraduate students. It specifically aims to improve the security of software applications developed in the .Net framework environment. The main research methods used in this study included a literature view, thematic content analysis, argumentation, and modelling.
- Full Text:
- Date Issued: 2020
- Authors: Bangani, Sifiso Matthews
- Date: 2020
- Subjects: Information technology -- Study and teaching (Higher) , Electronic data processing personnel -- Training of Computer software -- Development
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/46019 , vital:39409
- Description: Many graduate software developers are not competent in secure programming, resulting in risks that are caused by vulnerabilities in the application code of software applications. These graduate software developers are equipped with programming knowledge and skills from universities, however, these software developers are rarely equipped with secure programming knowledge and skills from the undergraduate level. Although there are various techniques for writing secure code in the current body of knowledge, these techniques are rarely fundamental components of a computing curriculum, resulting in incompetent graduate software developers. The security aspect of software applications, is considered as an important aspect that can reflect the ability of a system to prevent data exposures and loss of information. For businesses that rely on software applications to keep operations running, a failure of a software application can stop production, interrupt processes, and may lead to data breaches and financial losses. This research argued that secure programming education needs to be included across computing curricula, and thus, the primary objective of this dissertation was: To develop a framework for integrating secure programming principles into undergraduate computing curricula. It proposes a framework for the incorporation of secure programming principles into undergraduate computing curricula, through a step-by-step approach. This framework includes the identification of application risks and secure programming practices as they relate to each other, and to the basic programming concepts taught to undergraduate students. It specifically aims to improve the security of software applications developed in the .Net framework environment. The main research methods used in this study included a literature view, thematic content analysis, argumentation, and modelling.
- Full Text:
- Date Issued: 2020
A model for the detection of breast cancer using machine learning and thermal images in a mobile environment
- Authors: Lennox, Nicholas
- Date: 2020
- Subjects: Breast -- Cancer -- Imaging , Breast -- Imaging Mobile communication systems
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/46097 , vital:39492
- Description: Breast cancer is the most common cancer amongst women and one of the deadliest. Various modalities exist which image the breasts, all with a focus on early detection; thermography is one such method. It is a non-invasive test, which is safe and can be used for a wide variety of breast densities. It functions by analysing thermal patterns captured via an infrared camera of the surface of the breast. Advances in infrared and mobile technology enable this modality to be mobile based; allowing a high degree of portability at a lower cost. Furthermore, as technology has improved, machine learning has played a larger role in medical practices by offering unbiased, consistent, and timely second opinions. Machine learning algorithms are able to classify medical images automatically if offered in the correct format. This study aims to provide a model, which integrates breast cancer detection, thermal imaging, machine learning, and mobile technology. The conceptual model is theorised from three literature studies regarding: identifiable aspects of breast cancer through thermal imaging, the mobile ecosystem, and classification using machine learning algorithms. The model is implemented and evaluated using an experiment designed to classify automatically thermal breast images of the same quality that mobile attachable thermal cameras are able to capture. The experiment contrasts various combinations of segmentation methods, extracted features, and classification algorithms. Promising results were shown in the experiment with a high degree of accuracy obtained. The successful results obtained from the experimentation process validates the feasibility of the model.
- Full Text:
- Date Issued: 2020
- Authors: Lennox, Nicholas
- Date: 2020
- Subjects: Breast -- Cancer -- Imaging , Breast -- Imaging Mobile communication systems
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/46097 , vital:39492
- Description: Breast cancer is the most common cancer amongst women and one of the deadliest. Various modalities exist which image the breasts, all with a focus on early detection; thermography is one such method. It is a non-invasive test, which is safe and can be used for a wide variety of breast densities. It functions by analysing thermal patterns captured via an infrared camera of the surface of the breast. Advances in infrared and mobile technology enable this modality to be mobile based; allowing a high degree of portability at a lower cost. Furthermore, as technology has improved, machine learning has played a larger role in medical practices by offering unbiased, consistent, and timely second opinions. Machine learning algorithms are able to classify medical images automatically if offered in the correct format. This study aims to provide a model, which integrates breast cancer detection, thermal imaging, machine learning, and mobile technology. The conceptual model is theorised from three literature studies regarding: identifiable aspects of breast cancer through thermal imaging, the mobile ecosystem, and classification using machine learning algorithms. The model is implemented and evaluated using an experiment designed to classify automatically thermal breast images of the same quality that mobile attachable thermal cameras are able to capture. The experiment contrasts various combinations of segmentation methods, extracted features, and classification algorithms. Promising results were shown in the experiment with a high degree of accuracy obtained. The successful results obtained from the experimentation process validates the feasibility of the model.
- Full Text:
- Date Issued: 2020
Applying blockchain technology to aspects of electronic health records in South Africa: lessons learnt
- Authors: Adlam, Ryno
- Date: 2020
- Subjects: Blockchains (Databases) , Database security Data protection Medical records -- Data processing
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/45996 , vital:39405
- Description: The purpose of this study was to explore the applicability of blockchain technology as a viable alternative for the secure storage and distribution of electronic health records in a South African context. The adoption of electronic health records (EHRs) has grown over recent years. Electronic health records (EHRs) can be seen as electronic versions of patients’ medical history. EHRs promise benefits such as improving the quality of care, reducing medical errors, reducing costs, saving time, and enhancing the availability and sharing of medical records. Blockchain, in simple terms, could be seen as a distributed database controlled by a group of individuals. Blockchain technology differs from other distributed ledger technology by bundling unrelated data into blocks that are chained together in a linked-list manner, hence the name blockchain. Blockchain technology strives to provide desirable features, such as decentralization, immutability, audibility, and transparency. EHRs are traditionally constructed with a cloud-based infrastructure to promote the storing and distribution of medical records. These medical records are commonly stored in a centralized architecture, such as a relational database. The centralized architecture employed by EHRs may present a single point of failure. These kinds of failures may lead to data-breaches. The cloud-based infrastructure is effective and efficient from an availability standpoint. The increased availability of electronic health records has brought forth challenges related to the security and privacy of the patient’s medical records. The sensitive nature of EHRs attracts the attention of cyber-criminals. There has been a rise in the number of data breaches related to electronic health records. The traditional infrastructure used by electronic health records can no longer ensure the privacy and security of patient’s medical records. To determine whether blockchain is a viable alternative to these approaches, the main objective of this study was to compile a technical report on the applicability of aspects of blockchain technology to the secure storage and distribution of electronic health records. The study first conducted a literature review to gather background on the current state of electronic health records and blockchain technology. The results of the literature review were used to compile an initial report. Experiments were conducted with various aspects of blockchain technology to build a technical baseline and to ultimately validate the initial report. The insights gained from the experiments served to refine the initial report into a final technical report. The final deliverable of this study was to devise a technical report. The technical report serves as a generalized overview of the applicability of blockchain technology as a secure storage and distribution mechanism for electronic health records. The main topics covered by the technical report to outline the applicability of blockchain technology to EHRs are as follows: authentication, authorization, audit log, storage and transactions. The insights gained from the study illustrate that permissioned blockchain technology can enhance the traditional AAA security scheme employed by traditional EHRs. The AAA security scheme entails the use of certificate-based authentication and attributebased access control for authorization. Audit logs can be stored in a semi-decentralized architecture that can enhance the security and privacy of audit logs. Using blockchain technology for storing electronic health records might not be a viable alternative to traditional EHRs architecture. Blockchain technology violates certain privacy regulations as information is stored in a permanent manner. Furthermore, blockchain technology is not optimized for dealing with large volumes of data. However, blockchain technology could be used to store a cryptographic hash of electronic health records to ensure the integrity of records. Permissioned blockchain technology can enhance the EHRs transaction process by transacting health records in a peer-to-peer infrastructure. In doing so, the above-mentioned AAA security scheme can enhance the security, confidentiality, and integrity of electronic health records shared across organizational bounds.
- Full Text:
- Date Issued: 2020
- Authors: Adlam, Ryno
- Date: 2020
- Subjects: Blockchains (Databases) , Database security Data protection Medical records -- Data processing
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/45996 , vital:39405
- Description: The purpose of this study was to explore the applicability of blockchain technology as a viable alternative for the secure storage and distribution of electronic health records in a South African context. The adoption of electronic health records (EHRs) has grown over recent years. Electronic health records (EHRs) can be seen as electronic versions of patients’ medical history. EHRs promise benefits such as improving the quality of care, reducing medical errors, reducing costs, saving time, and enhancing the availability and sharing of medical records. Blockchain, in simple terms, could be seen as a distributed database controlled by a group of individuals. Blockchain technology differs from other distributed ledger technology by bundling unrelated data into blocks that are chained together in a linked-list manner, hence the name blockchain. Blockchain technology strives to provide desirable features, such as decentralization, immutability, audibility, and transparency. EHRs are traditionally constructed with a cloud-based infrastructure to promote the storing and distribution of medical records. These medical records are commonly stored in a centralized architecture, such as a relational database. The centralized architecture employed by EHRs may present a single point of failure. These kinds of failures may lead to data-breaches. The cloud-based infrastructure is effective and efficient from an availability standpoint. The increased availability of electronic health records has brought forth challenges related to the security and privacy of the patient’s medical records. The sensitive nature of EHRs attracts the attention of cyber-criminals. There has been a rise in the number of data breaches related to electronic health records. The traditional infrastructure used by electronic health records can no longer ensure the privacy and security of patient’s medical records. To determine whether blockchain is a viable alternative to these approaches, the main objective of this study was to compile a technical report on the applicability of aspects of blockchain technology to the secure storage and distribution of electronic health records. The study first conducted a literature review to gather background on the current state of electronic health records and blockchain technology. The results of the literature review were used to compile an initial report. Experiments were conducted with various aspects of blockchain technology to build a technical baseline and to ultimately validate the initial report. The insights gained from the experiments served to refine the initial report into a final technical report. The final deliverable of this study was to devise a technical report. The technical report serves as a generalized overview of the applicability of blockchain technology as a secure storage and distribution mechanism for electronic health records. The main topics covered by the technical report to outline the applicability of blockchain technology to EHRs are as follows: authentication, authorization, audit log, storage and transactions. The insights gained from the study illustrate that permissioned blockchain technology can enhance the traditional AAA security scheme employed by traditional EHRs. The AAA security scheme entails the use of certificate-based authentication and attributebased access control for authorization. Audit logs can be stored in a semi-decentralized architecture that can enhance the security and privacy of audit logs. Using blockchain technology for storing electronic health records might not be a viable alternative to traditional EHRs architecture. Blockchain technology violates certain privacy regulations as information is stored in a permanent manner. Furthermore, blockchain technology is not optimized for dealing with large volumes of data. However, blockchain technology could be used to store a cryptographic hash of electronic health records to ensure the integrity of records. Permissioned blockchain technology can enhance the EHRs transaction process by transacting health records in a peer-to-peer infrastructure. In doing so, the above-mentioned AAA security scheme can enhance the security, confidentiality, and integrity of electronic health records shared across organizational bounds.
- Full Text:
- Date Issued: 2020
Applying the substitution augmentation modification redefinition model towards adoption of e-learning usage at Walter Sisulu University
- Authors: Mabona, Teoflax Anele
- Date: 2020
- Subjects: Educational technology -- South Africa Universities and colleges -- Computer-assisted instruction -- South Africa
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/49474 , vital:41724
- Description: The adoption of e-learning by universities around the world has grown drastically during this time of the Fourth Industrial Revolution. Most universities implement the full utilisation of e-learning, conducting classes only by using online course delivery. Some universities still prefer a blended learning approach where classes are presented to students using both the traditional way of teaching and online e-learning platforms. Walter Sisulu University (WSU) is one of those universities that uses blended learning. The university started using this approach in 2009, through a partnership between WSU and the Netherlands for learning and teaching enhancement using e-learning. The adoption and usage of e-learning in universities is a challenge, which some researchers have investigated. This study aimed to apply the Substitution; Augmentation; Modification; Redefinition (SAMR) Model to enhance the adoption of e-learning and its usage at WSU. To obtain results, a quantitative method using approaches, such as WiseUp logs, WiseUp e-learning usage publications, WSU e-learning documents and literature, was applied. The study, according to the WiseUp logs, found that the e-learning levels at the university were low. Using the WiseUp e-learning usage publications, revealed that the university was still having some challenges regarding the low usage of WiseUp. Some of the students were not aware of the WiseUp platform as they said the system was only shown to them once and never again for continuous training. Most lecturers’ challenge was that the system was time-consuming to upload online content. This study used the WSU e-learning documents to show that the institution employed some initiatives for the adoption and usage of WiseUp, such as the LTD (Learning Teaching Development) department orientating students about WiseUp, just after their registration. The study ‘s objective was achieved, which was to apply the Substitution; Augmentation; Modification; Redefinition (SAMR) Model to enhance the adoption and usage of e-learning at WSU. The study applied the Substitution; Augmentation; Modification; Redefinition (SAMR) Model to provide a clear understanding of WSU’s position in terms of e-learning adoption and usage. The overall result from the study showed that WSU was based mostly on the first three levels of teaching and learning integration into technology, and in the enhancement level of the Substitution; Augmentation; Modification; Redefinition (SAMR) Model. The researcher noted that much still needed to be done because the usage of the system was still very low but its integration into teaching and learning was positive.
- Full Text:
- Date Issued: 2020
- Authors: Mabona, Teoflax Anele
- Date: 2020
- Subjects: Educational technology -- South Africa Universities and colleges -- Computer-assisted instruction -- South Africa
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/49474 , vital:41724
- Description: The adoption of e-learning by universities around the world has grown drastically during this time of the Fourth Industrial Revolution. Most universities implement the full utilisation of e-learning, conducting classes only by using online course delivery. Some universities still prefer a blended learning approach where classes are presented to students using both the traditional way of teaching and online e-learning platforms. Walter Sisulu University (WSU) is one of those universities that uses blended learning. The university started using this approach in 2009, through a partnership between WSU and the Netherlands for learning and teaching enhancement using e-learning. The adoption and usage of e-learning in universities is a challenge, which some researchers have investigated. This study aimed to apply the Substitution; Augmentation; Modification; Redefinition (SAMR) Model to enhance the adoption of e-learning and its usage at WSU. To obtain results, a quantitative method using approaches, such as WiseUp logs, WiseUp e-learning usage publications, WSU e-learning documents and literature, was applied. The study, according to the WiseUp logs, found that the e-learning levels at the university were low. Using the WiseUp e-learning usage publications, revealed that the university was still having some challenges regarding the low usage of WiseUp. Some of the students were not aware of the WiseUp platform as they said the system was only shown to them once and never again for continuous training. Most lecturers’ challenge was that the system was time-consuming to upload online content. This study used the WSU e-learning documents to show that the institution employed some initiatives for the adoption and usage of WiseUp, such as the LTD (Learning Teaching Development) department orientating students about WiseUp, just after their registration. The study ‘s objective was achieved, which was to apply the Substitution; Augmentation; Modification; Redefinition (SAMR) Model to enhance the adoption and usage of e-learning at WSU. The study applied the Substitution; Augmentation; Modification; Redefinition (SAMR) Model to provide a clear understanding of WSU’s position in terms of e-learning adoption and usage. The overall result from the study showed that WSU was based mostly on the first three levels of teaching and learning integration into technology, and in the enhancement level of the Substitution; Augmentation; Modification; Redefinition (SAMR) Model. The researcher noted that much still needed to be done because the usage of the system was still very low but its integration into teaching and learning was positive.
- Full Text:
- Date Issued: 2020
Best practices to address medical identity theft awareness : the case of South African medical aid members
- Authors: Ah Why, Brandon Lawrence
- Date: 2020
- Subjects: Medical records -- Access control -- South Africa Identity theft -- South Africa
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/49396 , vital:41708
- Description: The prevalence of medical identity theft continues to increase. This is a concern for medical aid members within the South African private healthcare sector. Medical identity theft can be caused by various individuals, including internal and external role players. The deceptions involved in medical identity theft can affect medical aid members, the healthcare industry, and medical aids. Medical aid members remain unaware that they are victims of medical identity theft until they receive high medical bills or are notified by their healthcare providers. This research study focused on the lack of awareness of medical identity theft among medical aid members. The main objective of this research study was to propose best practices that can be used to address medical aid members’ awareness of medical identity theft in the South African private healthcare sector. Sub-objectives were used to achieve the main objective. The first sub-objective was to identify the parties causing and the parties affected by medical identity theft. The second sub-objective was to determine the level of medical identity theft awareness among medical aid members in the South African private healthcare sector. The third sub-objective was to identify best practices to address medical identity theft awareness. The methodology used by this exploratory research study included a convergent mixed method design, which was used to obtain quantitative and qualitative data. Data collection was completed using a literature review and a questionnaire. Data analysis and reporting made use of a qualitative content analysis, descriptive statistics, and logical argumentation. Respondents’ answers to a questionnaire about their experiences with medical identity theft provided insight into South African medical aid members’ awareness of medical identity theft. The data gathered from the respondents was analysed, and themes emerged that emphasised a lack of awareness of medical identity theft among South African medical aid members. Twenty-six pre-emptive and nine retroactive best practices to address medical identity theft awareness were identified from existing literature. These best practices were cross-referenced to determine their relevance to the list of concerns about medical identity theft that emanated from the survey completed by South African medical aid members.
- Full Text:
- Date Issued: 2020
- Authors: Ah Why, Brandon Lawrence
- Date: 2020
- Subjects: Medical records -- Access control -- South Africa Identity theft -- South Africa
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/49396 , vital:41708
- Description: The prevalence of medical identity theft continues to increase. This is a concern for medical aid members within the South African private healthcare sector. Medical identity theft can be caused by various individuals, including internal and external role players. The deceptions involved in medical identity theft can affect medical aid members, the healthcare industry, and medical aids. Medical aid members remain unaware that they are victims of medical identity theft until they receive high medical bills or are notified by their healthcare providers. This research study focused on the lack of awareness of medical identity theft among medical aid members. The main objective of this research study was to propose best practices that can be used to address medical aid members’ awareness of medical identity theft in the South African private healthcare sector. Sub-objectives were used to achieve the main objective. The first sub-objective was to identify the parties causing and the parties affected by medical identity theft. The second sub-objective was to determine the level of medical identity theft awareness among medical aid members in the South African private healthcare sector. The third sub-objective was to identify best practices to address medical identity theft awareness. The methodology used by this exploratory research study included a convergent mixed method design, which was used to obtain quantitative and qualitative data. Data collection was completed using a literature review and a questionnaire. Data analysis and reporting made use of a qualitative content analysis, descriptive statistics, and logical argumentation. Respondents’ answers to a questionnaire about their experiences with medical identity theft provided insight into South African medical aid members’ awareness of medical identity theft. The data gathered from the respondents was analysed, and themes emerged that emphasised a lack of awareness of medical identity theft among South African medical aid members. Twenty-six pre-emptive and nine retroactive best practices to address medical identity theft awareness were identified from existing literature. These best practices were cross-referenced to determine their relevance to the list of concerns about medical identity theft that emanated from the survey completed by South African medical aid members.
- Full Text:
- Date Issued: 2020
Exploring the privacy calculus on social networking services from a South African perspective
- Authors: Mathew, Boney George
- Date: 2020
- Subjects: Data encryption (Computer science) , Public key cryptography Online social networks -- Research -- South Africa
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/46163 , vital:39510
- Description: Social Network Services (SNSs) have revolutionized the way we communicate, interact and present ourselves before others. The business model of SNS’S like Facebook is primarily based on SNS’S user self-disclosure of personal information. It is argued that the SNS’S user conducts a cost-benefit analysis before deciding to self-disclose their personal information, and this user behaviour forms the basis of the Privacy Calculus Theory. Enjoyment, Self-Presentation and Relationship Maintenance is considered as the benefits and the Privacy Concerns of the users is considered as the costs of disclosing personal information.As national or regional culture could influence SNS’S user self-disclosure behaviour, it would be advantageous for multinational SNS’S’s like Facebook to understand the perceptions of SNS’S user’s from different nationalities. Currently, no studies have been conducted amongst the South African (SA) SNSs’ users’ self-disclosure behaviour. This research is aimed at understanding the South African SNSs’ users’ perceptions regarding their perceived costs, benefits and selfdisclosure using the Privacy Calculus theory. This study is a replication of a similar study undertaken amongst the United States of America (US) and German SNS’S users. To remain competitive in the market and to sustain the viability of their business model, SNS like Facebook will have to encourage user self-disclosure. Studies have proven that national cultures play an important role on the nature and extent of user disclosure (Krasnova & Veltri, 2010; Lewis, Kaufman, & Christakis, 2008). However, no similar research has been undertaken in South Africa, and currently we do not understand South African SNS users’ self-disclosure behaviour in terms of the privacy calculus theory. The primary objective of this study is to understand the perceptions of South African SNS’S users regarding the perceived benefits, costs, moderating factors and self-disclosure, using the Privacy Calculus Theory. To achieve this objective, we initially undertook a detailed literature review to understand the concept of information privacy, privacy calculus, information privacy policy and legal framework, SNS’S and self-disclosure and the various factors affecting self-disclosure. We then proceeded to validate the theoretical framework by collecting data from two South African universities, namely the Nelson Mandela University (NMU) and Walter Sisulu University (WSU (NMD Campus – Former University of Transkei)), by adopting the same methodology and instrument used in the original study (and the isiXhosa translation). The theoretical framework used for this study is based on the Privacy Calculus theory, which argues that users conduct a cost-benefit calculus before deciding to self-disclose their personal information. This analysis is further influenced by other moderating factors like trust, control and awareness. All these factors have been incorporated into the theoretical framework and the instrument, adapted from the original research was used to collect data from the participants. The data from 239 respondents, who finally qualified for analysis was collated and proceeded with the analysis of that data. The data was analysed in four stages using established statistical tests. The first three phases were used to determine the actual value placed by the users on selfdisclosure, its determinants and moderating factors, and the last phase concentrated on how each of the constructs included in the theoretical framework influenced the other constructs. The results obtained from the analysis provided valuable insights into the self-disclosure behaviour of South African SNS’S users. Entertainment was the primary benefit the students derived from using SNS like Facebook, followed by relationship maintenance and those who enjoyed the platform more tended to Self-Disclose more. Those who tended to derive more benefits from the platform were found to trust the platform and the other users of the network. The theoretical framework was validated and it was determined that privacy paradox exists within the South African SNS’S user community, meaning that even with high privacy concerns, these SNS users are willing to self-disclose their personal information.
- Full Text:
- Date Issued: 2020
- Authors: Mathew, Boney George
- Date: 2020
- Subjects: Data encryption (Computer science) , Public key cryptography Online social networks -- Research -- South Africa
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/46163 , vital:39510
- Description: Social Network Services (SNSs) have revolutionized the way we communicate, interact and present ourselves before others. The business model of SNS’S like Facebook is primarily based on SNS’S user self-disclosure of personal information. It is argued that the SNS’S user conducts a cost-benefit analysis before deciding to self-disclose their personal information, and this user behaviour forms the basis of the Privacy Calculus Theory. Enjoyment, Self-Presentation and Relationship Maintenance is considered as the benefits and the Privacy Concerns of the users is considered as the costs of disclosing personal information.As national or regional culture could influence SNS’S user self-disclosure behaviour, it would be advantageous for multinational SNS’S’s like Facebook to understand the perceptions of SNS’S user’s from different nationalities. Currently, no studies have been conducted amongst the South African (SA) SNSs’ users’ self-disclosure behaviour. This research is aimed at understanding the South African SNSs’ users’ perceptions regarding their perceived costs, benefits and selfdisclosure using the Privacy Calculus theory. This study is a replication of a similar study undertaken amongst the United States of America (US) and German SNS’S users. To remain competitive in the market and to sustain the viability of their business model, SNS like Facebook will have to encourage user self-disclosure. Studies have proven that national cultures play an important role on the nature and extent of user disclosure (Krasnova & Veltri, 2010; Lewis, Kaufman, & Christakis, 2008). However, no similar research has been undertaken in South Africa, and currently we do not understand South African SNS users’ self-disclosure behaviour in terms of the privacy calculus theory. The primary objective of this study is to understand the perceptions of South African SNS’S users regarding the perceived benefits, costs, moderating factors and self-disclosure, using the Privacy Calculus Theory. To achieve this objective, we initially undertook a detailed literature review to understand the concept of information privacy, privacy calculus, information privacy policy and legal framework, SNS’S and self-disclosure and the various factors affecting self-disclosure. We then proceeded to validate the theoretical framework by collecting data from two South African universities, namely the Nelson Mandela University (NMU) and Walter Sisulu University (WSU (NMD Campus – Former University of Transkei)), by adopting the same methodology and instrument used in the original study (and the isiXhosa translation). The theoretical framework used for this study is based on the Privacy Calculus theory, which argues that users conduct a cost-benefit calculus before deciding to self-disclose their personal information. This analysis is further influenced by other moderating factors like trust, control and awareness. All these factors have been incorporated into the theoretical framework and the instrument, adapted from the original research was used to collect data from the participants. The data from 239 respondents, who finally qualified for analysis was collated and proceeded with the analysis of that data. The data was analysed in four stages using established statistical tests. The first three phases were used to determine the actual value placed by the users on selfdisclosure, its determinants and moderating factors, and the last phase concentrated on how each of the constructs included in the theoretical framework influenced the other constructs. The results obtained from the analysis provided valuable insights into the self-disclosure behaviour of South African SNS’S users. Entertainment was the primary benefit the students derived from using SNS like Facebook, followed by relationship maintenance and those who enjoyed the platform more tended to Self-Disclose more. Those who tended to derive more benefits from the platform were found to trust the platform and the other users of the network. The theoretical framework was validated and it was determined that privacy paradox exists within the South African SNS’S user community, meaning that even with high privacy concerns, these SNS users are willing to self-disclose their personal information.
- Full Text:
- Date Issued: 2020
Guidelines for the use of machine learning to predict student project group academic performance
- Authors: Evezard, Ryan
- Date: 2020
- Subjects: Academic achievement , Machine learning
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/46042 , vital:39476
- Description: Education plays a crucial role in the growth and development of a country. However, in South Africa, there is a limited capacity and an increasing demand of students seeking an education. In an attempt to address this demand, universities are pressured into accepting more students to increase their throughput. This pressure leads to educators having less time to give students individual attention. This study aims to address this problem by demonstrating how machine learning can be used to predict student group academic performance so that educators may allocate more resources and attention to students and groups at risk. The study focused on data obtained from the third-year capstone project for the diploma in Information Technology at the Nelson Mandela University. Learning analytics and educational data mining and their processes were discussed with an in-depth look at the machine learning techniques involved therein. Artificial neural networks, decision trees and naïve Bayes classifiers were proposed and motivated for prediction modelling. An experiment was performed resulting in proposed guidelines, which give insight and recommendations for the use of machine learning to predict student group academic performance.
- Full Text:
- Date Issued: 2020
- Authors: Evezard, Ryan
- Date: 2020
- Subjects: Academic achievement , Machine learning
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/46042 , vital:39476
- Description: Education plays a crucial role in the growth and development of a country. However, in South Africa, there is a limited capacity and an increasing demand of students seeking an education. In an attempt to address this demand, universities are pressured into accepting more students to increase their throughput. This pressure leads to educators having less time to give students individual attention. This study aims to address this problem by demonstrating how machine learning can be used to predict student group academic performance so that educators may allocate more resources and attention to students and groups at risk. The study focused on data obtained from the third-year capstone project for the diploma in Information Technology at the Nelson Mandela University. Learning analytics and educational data mining and their processes were discussed with an in-depth look at the machine learning techniques involved therein. Artificial neural networks, decision trees and naïve Bayes classifiers were proposed and motivated for prediction modelling. An experiment was performed resulting in proposed guidelines, which give insight and recommendations for the use of machine learning to predict student group academic performance.
- Full Text:
- Date Issued: 2020
ISGOP: A model for an information security governance platform
- Authors: Manjezi, Zandile
- Date: 2020
- Subjects: Electronic data processing departments -- Security measures , Computer networks -- Security measures Data protection
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/46130 , vital:39505
- Description: Sound information security governance is an important part of every business. However, the widespread ransomware attacks that occur regularly cast a shadow of doubt on information security governance practices. Countermeasures to prevent and mitigate ransomware attacks are well known, yet knowledge of these countermeasures is not enough to ensure good information security governance. What matters is how the countermeasures are implemented across a business. Therefore, an information security governance structure is needed to oversee the deployment of these countermeasures. This research study proposes an information security governance model called ISGoP, which describes an information security governance platform comprising a data aspect and a functional aspect. ISGoP adopted ideas from existing frameworks. An information security governance framework known as the Direct-Control Cycle was analyzed. This provided ISGoP with conceptual components, such as information security-related documents and the relationships that exist between them. It is important to understand these conceptual components when distributing information security-related documents across all level of management for a holistic implementation. Security related documents and their relationships comprise the data aspect of ISGoP. Another framework that influenced ISGoP is the SABSA framework. The SABSA framework is an enterprise architecture framework that enables interoperability. It ensures collaboration between the people working for a business. Ideas from the SABSA framework were used to identify roles within the information security governance framework. The SABSA life cycle stages were also adopted by ISGoP. Various functions define the functional aspect of ISGoP. These functions are organised according to the life cycle stages and the views defined for the various roles. A case study was used to evaluate the possible utility of ISGoP. The case study explored a prototype implementation of ISGoP in a company. In addition to demonstrating its utility, the case study also allowed the model to be refined. ISGoP as a model must be refined and modified for specific business circumstances but lays a solid foundation to assist businesses in implementing sound information security governance.
- Full Text:
- Date Issued: 2020
- Authors: Manjezi, Zandile
- Date: 2020
- Subjects: Electronic data processing departments -- Security measures , Computer networks -- Security measures Data protection
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/46130 , vital:39505
- Description: Sound information security governance is an important part of every business. However, the widespread ransomware attacks that occur regularly cast a shadow of doubt on information security governance practices. Countermeasures to prevent and mitigate ransomware attacks are well known, yet knowledge of these countermeasures is not enough to ensure good information security governance. What matters is how the countermeasures are implemented across a business. Therefore, an information security governance structure is needed to oversee the deployment of these countermeasures. This research study proposes an information security governance model called ISGoP, which describes an information security governance platform comprising a data aspect and a functional aspect. ISGoP adopted ideas from existing frameworks. An information security governance framework known as the Direct-Control Cycle was analyzed. This provided ISGoP with conceptual components, such as information security-related documents and the relationships that exist between them. It is important to understand these conceptual components when distributing information security-related documents across all level of management for a holistic implementation. Security related documents and their relationships comprise the data aspect of ISGoP. Another framework that influenced ISGoP is the SABSA framework. The SABSA framework is an enterprise architecture framework that enables interoperability. It ensures collaboration between the people working for a business. Ideas from the SABSA framework were used to identify roles within the information security governance framework. The SABSA life cycle stages were also adopted by ISGoP. Various functions define the functional aspect of ISGoP. These functions are organised according to the life cycle stages and the views defined for the various roles. A case study was used to evaluate the possible utility of ISGoP. The case study explored a prototype implementation of ISGoP in a company. In addition to demonstrating its utility, the case study also allowed the model to be refined. ISGoP as a model must be refined and modified for specific business circumstances but lays a solid foundation to assist businesses in implementing sound information security governance.
- Full Text:
- Date Issued: 2020
Towards user experience principles for Electronic Tax in South Africa
- Authors: Mzili, Xolelwa
- Date: 2020
- Subjects: Electronic filing systems -- South Africa Tax returns -- South Africa
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/49529 , vital:41733
- Description: Electronic Tax is a convenient system that enables taxpayers to submit their tax returns electronically, from home or from the office at any time of the day during the tax filing season. However, the electronic tax system has faced challenges over the years and to date. Thus, the reason for this study was to recommend user experience and usability principles for the electronic tax system to enhance the experience of taxpayers when using the electronic tax submission system. These principles contributed to improving the electronic tax system and increasing the adoption of the system among taxpayers who still submit their tax returns, manually. The study firstly described the problem, which forms part of the foundation for this research, namely development, which then led to the research questions and objectives, forming the core for the development of this study. User experience and usability principles are available for an online system, but there are limited studies on these factors regarding the electronic tax system. This study emphasized the importance of applying the user experience and usability principles to the electronic tax system. The various factors that affect the South African electronic tax system as a case study, have also been identified, including those that prompt other taxpayers to file at the SARS branch. As a result, to prove this theory, a questionnaire was sent only to electronic taxpayers to investigate how they perceive the electronic tax system. It can be concluded that the system has both advantages and disadvantages. An advantage is that the electronic tax system enables taxpayers to submit returns online from home or the office, instead of waiting in queues at the SARS branch. Disadvantages include that some taxpayers are concerned that their information is not safe and some encounter error messages and solutions while interacting with the system and these are not in a simple language for them to understand and recover. The user experience and usability principles have been recommended based on the responses obtained from the questionnaire.
- Full Text:
- Date Issued: 2020
- Authors: Mzili, Xolelwa
- Date: 2020
- Subjects: Electronic filing systems -- South Africa Tax returns -- South Africa
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/49529 , vital:41733
- Description: Electronic Tax is a convenient system that enables taxpayers to submit their tax returns electronically, from home or from the office at any time of the day during the tax filing season. However, the electronic tax system has faced challenges over the years and to date. Thus, the reason for this study was to recommend user experience and usability principles for the electronic tax system to enhance the experience of taxpayers when using the electronic tax submission system. These principles contributed to improving the electronic tax system and increasing the adoption of the system among taxpayers who still submit their tax returns, manually. The study firstly described the problem, which forms part of the foundation for this research, namely development, which then led to the research questions and objectives, forming the core for the development of this study. User experience and usability principles are available for an online system, but there are limited studies on these factors regarding the electronic tax system. This study emphasized the importance of applying the user experience and usability principles to the electronic tax system. The various factors that affect the South African electronic tax system as a case study, have also been identified, including those that prompt other taxpayers to file at the SARS branch. As a result, to prove this theory, a questionnaire was sent only to electronic taxpayers to investigate how they perceive the electronic tax system. It can be concluded that the system has both advantages and disadvantages. An advantage is that the electronic tax system enables taxpayers to submit returns online from home or the office, instead of waiting in queues at the SARS branch. Disadvantages include that some taxpayers are concerned that their information is not safe and some encounter error messages and solutions while interacting with the system and these are not in a simple language for them to understand and recover. The user experience and usability principles have been recommended based on the responses obtained from the questionnaire.
- Full Text:
- Date Issued: 2020
A model for the alignment of information security requirements within South African small, medium and micro enterprises
- Authors: Speckman, Timothy Harambee
- Date: 2019
- Subjects: Computer security -- Management , Data protection -- Management Small business -- South Africa Knowledge management
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/44012 , vital:37092
- Description: Small, medium and micro enterprises (SMMEs) are reported to be the hope of the economy in many developing countries, such as South Africa (SA). The unique characteristics of SMMEs such as their ability to evolve rapidly, and to employ larger labour forces as they grow, make these enterprises valuable to the SA economy, in which poverty and unemployment rates are alarmingly high. Like most modern enterprises, SA SMMEs make use of information and communication technology (ICT) systems - as a vehicle to store, transmit and process information, which is an asset that is critical to their business operations. Thus, the vulnerabilities of these ICT systems need to be addressed, in order to protect the information assets of enterprises. However, SMMEs are known to only implement measures to protect their information assets on an ad hoc basis and frequently as reactive measures to information security incidents. This can be attributed to the fact that most of these enterprises lack the ability to establish their unique information security requirements. Information security requirements are a measure of the level of security needed to adequately protect the information assets of an enterprise. Furthermore, it is reported that information security best practices and standards, which provide guidance on information security, are too complex for SA SMMEs to implement and for SMMEs to use for establishing their unique information security requirements.
- Full Text:
- Date Issued: 2019
- Authors: Speckman, Timothy Harambee
- Date: 2019
- Subjects: Computer security -- Management , Data protection -- Management Small business -- South Africa Knowledge management
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/44012 , vital:37092
- Description: Small, medium and micro enterprises (SMMEs) are reported to be the hope of the economy in many developing countries, such as South Africa (SA). The unique characteristics of SMMEs such as their ability to evolve rapidly, and to employ larger labour forces as they grow, make these enterprises valuable to the SA economy, in which poverty and unemployment rates are alarmingly high. Like most modern enterprises, SA SMMEs make use of information and communication technology (ICT) systems - as a vehicle to store, transmit and process information, which is an asset that is critical to their business operations. Thus, the vulnerabilities of these ICT systems need to be addressed, in order to protect the information assets of enterprises. However, SMMEs are known to only implement measures to protect their information assets on an ad hoc basis and frequently as reactive measures to information security incidents. This can be attributed to the fact that most of these enterprises lack the ability to establish their unique information security requirements. Information security requirements are a measure of the level of security needed to adequately protect the information assets of an enterprise. Furthermore, it is reported that information security best practices and standards, which provide guidance on information security, are too complex for SA SMMEs to implement and for SMMEs to use for establishing their unique information security requirements.
- Full Text:
- Date Issued: 2019
Factors impacting the design of a mobile application for soil management: a case study of the Eastern Cape crops
- Authors: Botha, Stephan
- Date: 2019
- Subjects: Mobile soil management application
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/44581 , vital:38127
- Description: Some of the biggest challenges the global community has to face are the ever-dwindling levels of freshwater resources, the drastic impact of the greenhouse gases on the global climate and the loss of non-renewable fertile soil. South African agriculture contributes a total of 12.7% to the overall South African GDP (gross domestic product). Only a small portion of the South African soil is considered as being able to grow healthy and nutritious crops. The world of information communication technology (ICT) is extremely vast and growing daily with newly created tools, to accommodate the needs of a specific sector, such as agriculture. As the ICT-based agricultural solutions increase and improve, the uptake of these solutions within the South African agricultural sector becomes even smaller. The reasons for the low uptake of mobile soil management solutions for crop growing farmers are unknown, due to limited research conducted. The identified problem was a lack of understanding of the way mobile technologies can be designed to adequately support farmers to correctly manage their soil to produce the best possible crops. The primary objective of this research study was to identify factors, which may have a significant impact on the design of a mobile soil management application for crop farmers in the Eastern Cape (South Africa). The secondary objectives were as follows: (i) to determine what soil management is and which aspects are required to implement soil management effectively; (ii) to identify possible mobile technologies suitable to act as an effective support structure for a mobile soil management application; and (iii) to identify which user experience guidelines are key for the development of an effective mobile soil management solution and to compile a user experience guideline for an effective mobile soil management solution. Achieving these objectives, resulted in a better understanding of the identified problem. The problem was addressed by conducting a thorough literature review and a case study to better grasp the different aspects of the identified problem. Quantitative data was collected by conducting a user interface evaluation. Qualitative data were also gathered by means of a field test using the mobile soil management application. The field test was done in conjunction with a heuristic evaluation, completed by the participants. Data triangulation was used to compare the results of the gathered data. The results from the data triangulation were used to confirm the factors, which made the most significant impact on the success of the soil management application. These confirmed design factors were used to produce a list of guidelines to improve the design of future mobile ICT soil management applications.
- Full Text:
- Date Issued: 2019
- Authors: Botha, Stephan
- Date: 2019
- Subjects: Mobile soil management application
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/44581 , vital:38127
- Description: Some of the biggest challenges the global community has to face are the ever-dwindling levels of freshwater resources, the drastic impact of the greenhouse gases on the global climate and the loss of non-renewable fertile soil. South African agriculture contributes a total of 12.7% to the overall South African GDP (gross domestic product). Only a small portion of the South African soil is considered as being able to grow healthy and nutritious crops. The world of information communication technology (ICT) is extremely vast and growing daily with newly created tools, to accommodate the needs of a specific sector, such as agriculture. As the ICT-based agricultural solutions increase and improve, the uptake of these solutions within the South African agricultural sector becomes even smaller. The reasons for the low uptake of mobile soil management solutions for crop growing farmers are unknown, due to limited research conducted. The identified problem was a lack of understanding of the way mobile technologies can be designed to adequately support farmers to correctly manage their soil to produce the best possible crops. The primary objective of this research study was to identify factors, which may have a significant impact on the design of a mobile soil management application for crop farmers in the Eastern Cape (South Africa). The secondary objectives were as follows: (i) to determine what soil management is and which aspects are required to implement soil management effectively; (ii) to identify possible mobile technologies suitable to act as an effective support structure for a mobile soil management application; and (iii) to identify which user experience guidelines are key for the development of an effective mobile soil management solution and to compile a user experience guideline for an effective mobile soil management solution. Achieving these objectives, resulted in a better understanding of the identified problem. The problem was addressed by conducting a thorough literature review and a case study to better grasp the different aspects of the identified problem. Quantitative data was collected by conducting a user interface evaluation. Qualitative data were also gathered by means of a field test using the mobile soil management application. The field test was done in conjunction with a heuristic evaluation, completed by the participants. Data triangulation was used to compare the results of the gathered data. The results from the data triangulation were used to confirm the factors, which made the most significant impact on the success of the soil management application. These confirmed design factors were used to produce a list of guidelines to improve the design of future mobile ICT soil management applications.
- Full Text:
- Date Issued: 2019
A framework for selecting NoSQL Databases:a NetFlow use case
- Authors: Rheeder, Leon Albertus
- Date: 2018
- Subjects: Non-relational databases , Database management Information technology Computer science
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/35061 , vital:33611
- Description: Making decisions regarding technology is difficult for IT practitioners, especially when they lack formal guidance. Ad hoc decisions are prone to be influenced by biases. This research study specifically considered decisions regarding NoSQL. The primary objective of this study was to develop a framework that can assist IT practitioners with decisions regarding NoSQL technologies. An investigation into typical decision-making problems encountered when having to make technology-based decisions provided an understanding of the problem context. The application context was explored through a literature study of the four NoSQL families. This study produces a framework to assist IT practitioners in making decisions regarding technology. The framework comprises two models. Firstly, a weighted decision model combines several constructs, thereby providing a general method of making decisions. Secondly, a 6-step process model that can be used to adapt the weighted decision-model to a specific type of technology and a specific use case is proposed. The feasibility and utility of the proposed framework are demonstrated by applying the framework to a NetFlow use case. If NetFlow data is to be used for analytical decision-making, the data must be stored long-term. NoSQL databases have increased in popularity, especially in decision-making contexts. Therefore, NoSQL is a logical storage choice. However, which NoSQL family to use is not self-evident. Therefore, the decision-maker may require assistance to make the right decision. To assist with this decision, the framework was adapted to be used in the NoSQL context. A set of criteria was developed to allow various NoSQL options to be uniformly compared. Furthermore, the four NoSQL families were graded based on this set of criteria. After adaptation, experts provided input regarding the requirements of the NetFlow use case. This resulted in the weighting of the criteria for this specific use case. Finally, a weighted score was calculated for each family. For the NetFlow use case, the model suggests that a document-based NoSQL database be used. The framework ensures that all NoSQL technologies are systematically investigated, thereby reducing the effect of biases. Thus, the problem identified in this study is addressed. The proposed model can also serve as a foundation for future research
- Full Text:
- Date Issued: 2018
- Authors: Rheeder, Leon Albertus
- Date: 2018
- Subjects: Non-relational databases , Database management Information technology Computer science
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/35061 , vital:33611
- Description: Making decisions regarding technology is difficult for IT practitioners, especially when they lack formal guidance. Ad hoc decisions are prone to be influenced by biases. This research study specifically considered decisions regarding NoSQL. The primary objective of this study was to develop a framework that can assist IT practitioners with decisions regarding NoSQL technologies. An investigation into typical decision-making problems encountered when having to make technology-based decisions provided an understanding of the problem context. The application context was explored through a literature study of the four NoSQL families. This study produces a framework to assist IT practitioners in making decisions regarding technology. The framework comprises two models. Firstly, a weighted decision model combines several constructs, thereby providing a general method of making decisions. Secondly, a 6-step process model that can be used to adapt the weighted decision-model to a specific type of technology and a specific use case is proposed. The feasibility and utility of the proposed framework are demonstrated by applying the framework to a NetFlow use case. If NetFlow data is to be used for analytical decision-making, the data must be stored long-term. NoSQL databases have increased in popularity, especially in decision-making contexts. Therefore, NoSQL is a logical storage choice. However, which NoSQL family to use is not self-evident. Therefore, the decision-maker may require assistance to make the right decision. To assist with this decision, the framework was adapted to be used in the NoSQL context. A set of criteria was developed to allow various NoSQL options to be uniformly compared. Furthermore, the four NoSQL families were graded based on this set of criteria. After adaptation, experts provided input regarding the requirements of the NetFlow use case. This resulted in the weighting of the criteria for this specific use case. Finally, a weighted score was calculated for each family. For the NetFlow use case, the model suggests that a document-based NoSQL database be used. The framework ensures that all NoSQL technologies are systematically investigated, thereby reducing the effect of biases. Thus, the problem identified in this study is addressed. The proposed model can also serve as a foundation for future research
- Full Text:
- Date Issued: 2018
A framework for the integration of mobile technology into adventure sport for the purpose of increasing participant safety
- Authors: Mills, Craig John
- Date: 2018
- Subjects: Mobile communication systems , Health promotion -- Technological innovations Sports -- Technological innovations Cell phones -- Health aspects
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/32099 , vital:31958
- Description: The sporting industry has seen incredible advancements with the use of information technology. Technology is used in the sporting industry for training, coaching and even as a deciding factor of a game result. There are certain sports which require individuals to venture into isolated environments, these sports have been termed adventure or extreme sports. Due to the extreme environmental factors that can occur with adventure sport, it is possible for an individual to experience an emergency situation. Emergency situations can occur at any time, and this is especially true in adventure sport. Adventure sport such as ocean and river kayaking require individuals to venture into isolated environments, where if an emergency situation occurs could result in an individual left stranded waiting for emergency rescue. Adventure sport participants and Event Organizers are aware of the dangers associated with this type of adventure sport, but there is currently no requirement to have a mobile technology device present during kayaking events. The main purpose of this dissertation was to evaluate the current use of mobile technology in adventure sport in the Eastern Cape province of South Africa. To accomplish this two literature reviews were conducted which identi_ed information on the two main themes which are adventure sport and mobile technology. To produce information from the ocean and river kayaking community an online questionnaire was distributed to several kayaking clubs in the Eastern Cape province of South Africa. This dissertation also presents a framework that proposes the use of mobile technology hardware and software by participants and event organisers in an attempt to increase the safety of events in this form of adventure sport. It is hoped that the framework for using mobile technology to increase the safety of adventure sport proposed in this research, may provide clear guidance for the achievement of a safer sporting experience for the participants of ocean and river kayaking.
- Full Text:
- Date Issued: 2018
- Authors: Mills, Craig John
- Date: 2018
- Subjects: Mobile communication systems , Health promotion -- Technological innovations Sports -- Technological innovations Cell phones -- Health aspects
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/32099 , vital:31958
- Description: The sporting industry has seen incredible advancements with the use of information technology. Technology is used in the sporting industry for training, coaching and even as a deciding factor of a game result. There are certain sports which require individuals to venture into isolated environments, these sports have been termed adventure or extreme sports. Due to the extreme environmental factors that can occur with adventure sport, it is possible for an individual to experience an emergency situation. Emergency situations can occur at any time, and this is especially true in adventure sport. Adventure sport such as ocean and river kayaking require individuals to venture into isolated environments, where if an emergency situation occurs could result in an individual left stranded waiting for emergency rescue. Adventure sport participants and Event Organizers are aware of the dangers associated with this type of adventure sport, but there is currently no requirement to have a mobile technology device present during kayaking events. The main purpose of this dissertation was to evaluate the current use of mobile technology in adventure sport in the Eastern Cape province of South Africa. To accomplish this two literature reviews were conducted which identi_ed information on the two main themes which are adventure sport and mobile technology. To produce information from the ocean and river kayaking community an online questionnaire was distributed to several kayaking clubs in the Eastern Cape province of South Africa. This dissertation also presents a framework that proposes the use of mobile technology hardware and software by participants and event organisers in an attempt to increase the safety of events in this form of adventure sport. It is hoped that the framework for using mobile technology to increase the safety of adventure sport proposed in this research, may provide clear guidance for the achievement of a safer sporting experience for the participants of ocean and river kayaking.
- Full Text:
- Date Issued: 2018
A social networking approach to security awareness in end-user cyber-driven financial transactions
- Authors: Maharaj, Rahul
- Date: 2018
- Subjects: Computer networks -- Security measures
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/48824 , vital:41144
- Description: Cyberspace, including the internet and associated technologies have become critical to social users in their day to day lives. Social users have grown to become reliant on cyberspace and associated cyber services. As such, a culture of users becoming dependent on cyberspace has formed. This cyberculture need to ensure that they can make use of cyberspace and associated cyber services in a safe and secure manner. This is particularly true for those social users involved in cyberdriven financial transactions. Therefore, the aim of this research study is to report on research undertaken, to assist said users by providing them with an alternative educational approach to cyber security, education, awareness and training.
- Full Text:
- Authors: Maharaj, Rahul
- Date: 2018
- Subjects: Computer networks -- Security measures
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/48824 , vital:41144
- Description: Cyberspace, including the internet and associated technologies have become critical to social users in their day to day lives. Social users have grown to become reliant on cyberspace and associated cyber services. As such, a culture of users becoming dependent on cyberspace has formed. This cyberculture need to ensure that they can make use of cyberspace and associated cyber services in a safe and secure manner. This is particularly true for those social users involved in cyberdriven financial transactions. Therefore, the aim of this research study is to report on research undertaken, to assist said users by providing them with an alternative educational approach to cyber security, education, awareness and training.
- Full Text:
An information security governance model for industrial control systems
- Authors: Webster, Zynn
- Date: 2018
- Subjects: Computer networks -- Security measures , Data protection Computer security Business enterprises -- Computer networks -- Security measures
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/36383 , vital:33934
- Description: Industrial Control Systems (ICS) is a term used to describe several types of control systems, including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS) and Programmable Logic Controllers (PLC). These systems consist of a combination of control components (e.g. electrical, mechanical, pneumatic) which act together to achieve an industrial objective (e.g., manufacturing, transportation of matter or energy). ICS play a fundamental role in critical infrastructures such as electricity grids, oil, gas and manufacturing industries. Initially ICS had little resemblance to typical enterprise IT systems; they were isolated and running proprietary control protocols using specialized hardware and software. However, with initiatives such as Industry 4.0 and Industrial Internet of Things (IIoT), the nature of ICS has changed significantly. There is an ever-increasing use of commercial operating systems and standard protocols like TCP/IP and Ethernet. Consequently, modern ICS are more and more resembling conventional enterprise IT systems, and it is a well-known fact that these IT systems and networks are known to be vulnerable and that they require extensive management to ensure Confidentiality, Integrity, and Availability. Since ICS are now adopting conventional IT characteristics they are also accepting the associated risks. However, owing to the functional area of ICS, the consequences of these threats are much more severe than those of enterprise IT systems. The need to manage security for these systems with highly skilled IT personnel has become essential. Therefore, this research was focussed to identify which unique security controls for ICS and enterprise IT systems can be combined and/or tailored to provide the organization with a single set of comprehensive security controls. By doing an investigation on existing standards and best practices for both enterprise IT and ICS environments, this study has produced a single set of security controls and presented how the security controls can be integrated into an existing information security governance model which organizations can use as a basis for generating a security framework, used not only to secure their enterprise IT systems, but also including the security of their ICS.
- Full Text:
- Date Issued: 2018
- Authors: Webster, Zynn
- Date: 2018
- Subjects: Computer networks -- Security measures , Data protection Computer security Business enterprises -- Computer networks -- Security measures
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/36383 , vital:33934
- Description: Industrial Control Systems (ICS) is a term used to describe several types of control systems, including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS) and Programmable Logic Controllers (PLC). These systems consist of a combination of control components (e.g. electrical, mechanical, pneumatic) which act together to achieve an industrial objective (e.g., manufacturing, transportation of matter or energy). ICS play a fundamental role in critical infrastructures such as electricity grids, oil, gas and manufacturing industries. Initially ICS had little resemblance to typical enterprise IT systems; they were isolated and running proprietary control protocols using specialized hardware and software. However, with initiatives such as Industry 4.0 and Industrial Internet of Things (IIoT), the nature of ICS has changed significantly. There is an ever-increasing use of commercial operating systems and standard protocols like TCP/IP and Ethernet. Consequently, modern ICS are more and more resembling conventional enterprise IT systems, and it is a well-known fact that these IT systems and networks are known to be vulnerable and that they require extensive management to ensure Confidentiality, Integrity, and Availability. Since ICS are now adopting conventional IT characteristics they are also accepting the associated risks. However, owing to the functional area of ICS, the consequences of these threats are much more severe than those of enterprise IT systems. The need to manage security for these systems with highly skilled IT personnel has become essential. Therefore, this research was focussed to identify which unique security controls for ICS and enterprise IT systems can be combined and/or tailored to provide the organization with a single set of comprehensive security controls. By doing an investigation on existing standards and best practices for both enterprise IT and ICS environments, this study has produced a single set of security controls and presented how the security controls can be integrated into an existing information security governance model which organizations can use as a basis for generating a security framework, used not only to secure their enterprise IT systems, but also including the security of their ICS.
- Full Text:
- Date Issued: 2018
Guidelines for and evaluation of the design of technology-supported lessons to teach basic programming principles to deaf and hard of hearing learners: a case study of a school for the deaf
- Authors: Wassermann, Ulza
- Date: 2018
- Subjects: Deaf -- Education , Hearing impaired children -- Education Computers and people with disabilities Communication devices for people with disabilities Information technology -- Education
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/36347 , vital:33925
- Description: Deaf and Hard of Hearing (DHH) learners are part of a diverse population with unique learning challenges, strengths and needs. Learning material should be developed specifically for them to provide for their needs and capitalise on their strengths. These materials should include visual material and strategies as well as sign language. Furthermore, DHH learners have the same capacity for learning as hearing learners. However, in South Africa, DHH learners do not have adequate access to training in computer-related subjects, and therefore no material exists that has been developed specifically for DHH learners who want to learn a programming language. This research provides guidelines on the way technology-supported lessons can be designed to teach basic programming principles using the programming language Scratch, to DHH learners. Provision was made for the South African context where limited technology is available at most schools for DHH learners, but where most educators have access to Microsoft Office applications – specifically MS PowerPoint. Two goals were pursued. The primary goal of this research project was to determine the user experience (UX) of the participants (both learners and educators) during and after using and attending the technology-supported lessons. This was achieved through a case study. Four UX evaluation elements were evaluated in this project. They were: usability, accessibility, emotional user reaction, and hedonic aspects. Questionnaires, semi-structured interviews as well as participant-observation were used to determine the UX of participants. The UX evaluation provided sufficient evidence to claim that UX of participants was satisfactory, and therefore the guidelines that were developed to create technology-supported lessons to teach basic programming principles to DHH learners were appropriate. The secondary goal was to develop guidelines for the design of technology-supported lessons to teach programming to DHH learners, and to apply these guidelines to develop a high-fidelity, fully functional prototype – a set of technology-supported lessons. This was achieved through a prototype construction research strategy. The lessons consisted of two vocabulary lessons and one programming lesson. The words that were taught in the vocabulary lesson were either terms appearing in the interface of Scratch, or words needed in the explanation of programming principles and Scratch context. The programming lesson (a PowerPoint slide show) was a guide for the educator to present the content in a logical way, and not to leave out important information. It used multimedia techniques (colour, pictures, animation) to explain programming concepts, and to display the tasks to be completed to the learners, so that they could remember the sequence of the steps. Practical strategies have been included in the guidelines to address the learning challenges DHH experience in the following areas: Comprehension skills, application of knowledge and knowledge organisation, relational and individual-item orientations, metacognition, memory, distractibility. The guidelines referred to techniques and principles that can be followed to design the interface and navigation tools of a technology-supported lesson; enhance communication with DHH learners, and provide support for them to work independently; specify the educator’s role and attitude when facilitating or presenting programming lessons and to structure a programming lesson.
- Full Text:
- Date Issued: 2018
- Authors: Wassermann, Ulza
- Date: 2018
- Subjects: Deaf -- Education , Hearing impaired children -- Education Computers and people with disabilities Communication devices for people with disabilities Information technology -- Education
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/36347 , vital:33925
- Description: Deaf and Hard of Hearing (DHH) learners are part of a diverse population with unique learning challenges, strengths and needs. Learning material should be developed specifically for them to provide for their needs and capitalise on their strengths. These materials should include visual material and strategies as well as sign language. Furthermore, DHH learners have the same capacity for learning as hearing learners. However, in South Africa, DHH learners do not have adequate access to training in computer-related subjects, and therefore no material exists that has been developed specifically for DHH learners who want to learn a programming language. This research provides guidelines on the way technology-supported lessons can be designed to teach basic programming principles using the programming language Scratch, to DHH learners. Provision was made for the South African context where limited technology is available at most schools for DHH learners, but where most educators have access to Microsoft Office applications – specifically MS PowerPoint. Two goals were pursued. The primary goal of this research project was to determine the user experience (UX) of the participants (both learners and educators) during and after using and attending the technology-supported lessons. This was achieved through a case study. Four UX evaluation elements were evaluated in this project. They were: usability, accessibility, emotional user reaction, and hedonic aspects. Questionnaires, semi-structured interviews as well as participant-observation were used to determine the UX of participants. The UX evaluation provided sufficient evidence to claim that UX of participants was satisfactory, and therefore the guidelines that were developed to create technology-supported lessons to teach basic programming principles to DHH learners were appropriate. The secondary goal was to develop guidelines for the design of technology-supported lessons to teach programming to DHH learners, and to apply these guidelines to develop a high-fidelity, fully functional prototype – a set of technology-supported lessons. This was achieved through a prototype construction research strategy. The lessons consisted of two vocabulary lessons and one programming lesson. The words that were taught in the vocabulary lesson were either terms appearing in the interface of Scratch, or words needed in the explanation of programming principles and Scratch context. The programming lesson (a PowerPoint slide show) was a guide for the educator to present the content in a logical way, and not to leave out important information. It used multimedia techniques (colour, pictures, animation) to explain programming concepts, and to display the tasks to be completed to the learners, so that they could remember the sequence of the steps. Practical strategies have been included in the guidelines to address the learning challenges DHH experience in the following areas: Comprehension skills, application of knowledge and knowledge organisation, relational and individual-item orientations, metacognition, memory, distractibility. The guidelines referred to techniques and principles that can be followed to design the interface and navigation tools of a technology-supported lesson; enhance communication with DHH learners, and provide support for them to work independently; specify the educator’s role and attitude when facilitating or presenting programming lessons and to structure a programming lesson.
- Full Text:
- Date Issued: 2018
Guidelines for the protection of stored sensitive information assets within small, medium and micro enterprises
- Authors: Scharnick, Nicholas
- Date: 2018
- Subjects: Computer security , Information technology -- Security measures Data protection Business -- Data processing -- Security measures Small business -- Data processing -- Security measures -- South Africa
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/34799 , vital:33452
- Description: Technology has become important in the business environment as it ensures that a business is competitive and it also drives the business processes. However, in the era of mobile devices, easy access to the internet and a wide variety of other communication mechanisms; the security of the business from a technological perspective is constantly under threat. Thus, the problem that this research aims to address is that there is currently a lack of understanding by SMMEs in protecting their stored sensitive information assets. This study intends to assist small businesses, such as those within the Small Medium and Micro Enterprises (SMME) on how to protect and secure information while it is in storage. SMMEs usually do not have available resources to fully address information security related concerns that could pose a threat to the well being and success of the business. In order to address the problem identified, and assist SMMEs with better protecting their stored information assets, the outcomes of this research is to develop guidelines to assist SMMEs in protecting stored sensitive information assets. Through the use of a qualitative content analysis, a literature review, a number of information security standards, best practices, and frameworks, including the ISO27000 series of standards, COBIT, ITIL, and various NIST publications were analysed to determine how these security approaches address security concerns that arise when considering the storage of sensitive information. Following the literature analysis, a survey was developed and distributed to a wide variety of SMMEs in order to determine what their information security requirements might be, as well as how they address information security. The results obtained from this, coupled with the literature analysis, served as input for the development of a number of guidelines that can assist SMMEs in protecting stored sensitive information assets.
- Full Text:
- Date Issued: 2018
- Authors: Scharnick, Nicholas
- Date: 2018
- Subjects: Computer security , Information technology -- Security measures Data protection Business -- Data processing -- Security measures Small business -- Data processing -- Security measures -- South Africa
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/34799 , vital:33452
- Description: Technology has become important in the business environment as it ensures that a business is competitive and it also drives the business processes. However, in the era of mobile devices, easy access to the internet and a wide variety of other communication mechanisms; the security of the business from a technological perspective is constantly under threat. Thus, the problem that this research aims to address is that there is currently a lack of understanding by SMMEs in protecting their stored sensitive information assets. This study intends to assist small businesses, such as those within the Small Medium and Micro Enterprises (SMME) on how to protect and secure information while it is in storage. SMMEs usually do not have available resources to fully address information security related concerns that could pose a threat to the well being and success of the business. In order to address the problem identified, and assist SMMEs with better protecting their stored information assets, the outcomes of this research is to develop guidelines to assist SMMEs in protecting stored sensitive information assets. Through the use of a qualitative content analysis, a literature review, a number of information security standards, best practices, and frameworks, including the ISO27000 series of standards, COBIT, ITIL, and various NIST publications were analysed to determine how these security approaches address security concerns that arise when considering the storage of sensitive information. Following the literature analysis, a survey was developed and distributed to a wide variety of SMMEs in order to determine what their information security requirements might be, as well as how they address information security. The results obtained from this, coupled with the literature analysis, served as input for the development of a number of guidelines that can assist SMMEs in protecting stored sensitive information assets.
- Full Text:
- Date Issued: 2018