A model for security incident response in the South African National Research and Education network
- Authors: Mooi, Roderick David
- Date: 2014
- Subjects: Information networks -- South Africa , Internet -- Security measures , Computer networks -- Security measures -- South Africa , National Research and Education Network (Computer network)
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9813 , http://hdl.handle.net/10948/d1017598
- Description: This dissertation addresses the problem of a lack of a formal incident response capability in the South African National Research and Education Network (SA NREN). While investigating alternatives it was found that no clear method exists to solve this problem. Therefore, a second problem is identified: the lack of a definitive method for establishing a Computer Security Incident Response Team (CSIRT) or Computer Emergency Response Team (CERT) in general. Solving the second problem is important as we then have a means of knowing how to start when building a CSIRT. This will set the basis for addressing the initial problem, resulting in a prepared, improved and coordinated response to IT security incidents affecting the SANREN. To commence, the requirements for establishing a CSIRT are identified via a comprehensive literature review. These requirements are categorized into five areas, namely, the basic business requirements followed by the four Ps of the IT Infrastructure Library (ITIL). That is, People, Processes, Product and Partners, adapted to suit the CSIRT context. Through the use of argumentation, the relationships between the areas are uncovered and explored. Thereafter, a Design Science Research-based process is utilised to develop a generic model for establishing a CSIRT. The model is based on the interactions uncovered between the business requirements and the adapted four Ps. These are summarised through two views -- strategic and tactical -- together forming an holistic model for establishing a CSIRT. The model highlights the decisions required for the business requirements, services, team model and staff, policies and processes, tools and technologies, and partners of a CSIRT respectively. Finally, to address the primary objective, the generic model is applied to the SANREN environment. Thus, the second artefact is an instantiation, a specific model, which can be implemented to create a CSIRT for the SA NREN. To produce the specific model, insight into the nature of the SANREN environment was required. The status quo was revealed through the use of a survey and argumentative analysis of the results. The specific decisions in each area required to establish an SA NREN CSIRT are explored throughout the development of the model. The result is a comprehensive framework for implementing a CSIRT in the SA NREN, detailing the decisions required in each of the areas. This model additionally acts as a demonstration of the utility of the generic model. The implications of this research are twofold. Firstly, the generic model is useful as a basis for anyone wanting to establish a CSIRT. It helps to ensure that all factors are considered and that no important decisions are neglected, thereby enabling an holistic view. Secondly, the specific model for the SA NREN CSIRT serves as a foundation for implementing the CSIRT going forward. It accelerates the process by addressing the important considerations and highlighting the concerns that must be addressed while establishing the CSIRT.
- Full Text:
- Date Issued: 2014
- Authors: Mooi, Roderick David
- Date: 2014
- Subjects: Information networks -- South Africa , Internet -- Security measures , Computer networks -- Security measures -- South Africa , National Research and Education Network (Computer network)
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9813 , http://hdl.handle.net/10948/d1017598
- Description: This dissertation addresses the problem of a lack of a formal incident response capability in the South African National Research and Education Network (SA NREN). While investigating alternatives it was found that no clear method exists to solve this problem. Therefore, a second problem is identified: the lack of a definitive method for establishing a Computer Security Incident Response Team (CSIRT) or Computer Emergency Response Team (CERT) in general. Solving the second problem is important as we then have a means of knowing how to start when building a CSIRT. This will set the basis for addressing the initial problem, resulting in a prepared, improved and coordinated response to IT security incidents affecting the SANREN. To commence, the requirements for establishing a CSIRT are identified via a comprehensive literature review. These requirements are categorized into five areas, namely, the basic business requirements followed by the four Ps of the IT Infrastructure Library (ITIL). That is, People, Processes, Product and Partners, adapted to suit the CSIRT context. Through the use of argumentation, the relationships between the areas are uncovered and explored. Thereafter, a Design Science Research-based process is utilised to develop a generic model for establishing a CSIRT. The model is based on the interactions uncovered between the business requirements and the adapted four Ps. These are summarised through two views -- strategic and tactical -- together forming an holistic model for establishing a CSIRT. The model highlights the decisions required for the business requirements, services, team model and staff, policies and processes, tools and technologies, and partners of a CSIRT respectively. Finally, to address the primary objective, the generic model is applied to the SANREN environment. Thus, the second artefact is an instantiation, a specific model, which can be implemented to create a CSIRT for the SA NREN. To produce the specific model, insight into the nature of the SANREN environment was required. The status quo was revealed through the use of a survey and argumentative analysis of the results. The specific decisions in each area required to establish an SA NREN CSIRT are explored throughout the development of the model. The result is a comprehensive framework for implementing a CSIRT in the SA NREN, detailing the decisions required in each of the areas. This model additionally acts as a demonstration of the utility of the generic model. The implications of this research are twofold. Firstly, the generic model is useful as a basis for anyone wanting to establish a CSIRT. It helps to ensure that all factors are considered and that no important decisions are neglected, thereby enabling an holistic view. Secondly, the specific model for the SA NREN CSIRT serves as a foundation for implementing the CSIRT going forward. It accelerates the process by addressing the important considerations and highlighting the concerns that must be addressed while establishing the CSIRT.
- Full Text:
- Date Issued: 2014
Towards an information security awareness process for engineering SMEs in emerging economies
- Authors: Gundu, Tapiwa
- Date: 2013
- Subjects: Computer security -- South Africa , Information technology -- South Africa , Computer networks -- Security measures -- South Africa , Information resources management -- South Africa , Small business -- South Africa , Engineering firms -- South Africa , Confidential communications -- South Africa , Information Security Awareness , Information Security Behaviour , Information Security Training
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11138 , http://hdl.handle.net/10353/d1007179 , Computer security -- South Africa , Information technology -- South Africa , Computer networks -- Security measures -- South Africa , Information resources management -- South Africa , Small business -- South Africa , Engineering firms -- South Africa , Confidential communications -- South Africa , Information Security Awareness , Information Security Behaviour , Information Security Training
- Description: With most employees in Engineering Small and Medium Enterprises (SME) now having access to their own personal workstations, the need for information security management to safeguard against loss/alteration or theft of the firms’ important information has increased. These Engineering SMEs tend to be more concerned with vulnerabilities from external threats, although industry research suggests that a substantial proportion of security incidents originate from insiders within the firm. Hence, technical preventative measures such as antivirus software and firewalls are proving to solve only part of the problem as the employees controlling them lack adequate information security knowledge. This tends to expose a firm to risk and costly mistakes made by naïve/uninformed employees. This dissertation presents an information security awareness process that seeks to cultivate positive security behaviours using a behavioural intention model based on the Theory of Reasoned Action, Protection Motivation Theory and the Behaviourism Theory. The process and model have been refined and verified using expert review and tested through action research at an Engineering SME in South Africa. The main finding was information security levels of employees within the firm were low, but the proposed information security awareness process increased their knowledge thereby positively altering their behaviour.
- Full Text:
- Date Issued: 2013
- Authors: Gundu, Tapiwa
- Date: 2013
- Subjects: Computer security -- South Africa , Information technology -- South Africa , Computer networks -- Security measures -- South Africa , Information resources management -- South Africa , Small business -- South Africa , Engineering firms -- South Africa , Confidential communications -- South Africa , Information Security Awareness , Information Security Behaviour , Information Security Training
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11138 , http://hdl.handle.net/10353/d1007179 , Computer security -- South Africa , Information technology -- South Africa , Computer networks -- Security measures -- South Africa , Information resources management -- South Africa , Small business -- South Africa , Engineering firms -- South Africa , Confidential communications -- South Africa , Information Security Awareness , Information Security Behaviour , Information Security Training
- Description: With most employees in Engineering Small and Medium Enterprises (SME) now having access to their own personal workstations, the need for information security management to safeguard against loss/alteration or theft of the firms’ important information has increased. These Engineering SMEs tend to be more concerned with vulnerabilities from external threats, although industry research suggests that a substantial proportion of security incidents originate from insiders within the firm. Hence, technical preventative measures such as antivirus software and firewalls are proving to solve only part of the problem as the employees controlling them lack adequate information security knowledge. This tends to expose a firm to risk and costly mistakes made by naïve/uninformed employees. This dissertation presents an information security awareness process that seeks to cultivate positive security behaviours using a behavioural intention model based on the Theory of Reasoned Action, Protection Motivation Theory and the Behaviourism Theory. The process and model have been refined and verified using expert review and tested through action research at an Engineering SME in South Africa. The main finding was information security levels of employees within the firm were low, but the proposed information security awareness process increased their knowledge thereby positively altering their behaviour.
- Full Text:
- Date Issued: 2013
A model for legal compliance in the South African banking sector : an information security perspective
- Maphakela, Madidimalo Rabbie
- Authors: Maphakela, Madidimalo Rabbie
- Date: 2008
- Subjects: Database security -- South Africa , Computer security -- South Africa , Computer networks -- Security measures -- South Africa
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9783 , http://hdl.handle.net/10948/725 , Database security -- South Africa , Computer security -- South Africa , Computer networks -- Security measures -- South Africa
- Description: In the past, many organisations used to keep their information on paper, which resulted in the loss of important information. In today’s knowledge era the information super-highway facilitates highly connected electronic environments where business applications can communicate on an intra- as well as inter-organizational level. As business expanded more into the cyber-world, so did the need to protect the information they have. Technology advances did not only bring benefits, it also increased the vulnerability of companies’ information. Information, the lifeblood of an organization, must be protected from threats such as hackers and fraud, amongst others. In the highly regulated financial sector, the protection of information is not only a best practice, but a legal obligation carrying penalties for non-compliance. From a positive aspect, organisations can identify security controls that can help them to secure their information, with the aid of legal sources. But organisations find themselves burdened by a burgeoning number of legal sources and requirements, which require vast resources and often become unmanageable. This research focuses on finding a solution for South African banks to comply with multiple legal sources, as seen from an information security perspective.
- Full Text:
- Date Issued: 2008
- Authors: Maphakela, Madidimalo Rabbie
- Date: 2008
- Subjects: Database security -- South Africa , Computer security -- South Africa , Computer networks -- Security measures -- South Africa
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9783 , http://hdl.handle.net/10948/725 , Database security -- South Africa , Computer security -- South Africa , Computer networks -- Security measures -- South Africa
- Description: In the past, many organisations used to keep their information on paper, which resulted in the loss of important information. In today’s knowledge era the information super-highway facilitates highly connected electronic environments where business applications can communicate on an intra- as well as inter-organizational level. As business expanded more into the cyber-world, so did the need to protect the information they have. Technology advances did not only bring benefits, it also increased the vulnerability of companies’ information. Information, the lifeblood of an organization, must be protected from threats such as hackers and fraud, amongst others. In the highly regulated financial sector, the protection of information is not only a best practice, but a legal obligation carrying penalties for non-compliance. From a positive aspect, organisations can identify security controls that can help them to secure their information, with the aid of legal sources. But organisations find themselves burdened by a burgeoning number of legal sources and requirements, which require vast resources and often become unmanageable. This research focuses on finding a solution for South African banks to comply with multiple legal sources, as seen from an information security perspective.
- Full Text:
- Date Issued: 2008
- «
- ‹
- 1
- ›
- »