The effectiveness of encryption methods in mitigating information technology security risks
- Authors: Mokoena, Troy
- Date: 2016
- Subjects: Auditing - Computer security , Information technology - Security measures , Cryptography
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/225589 , uj:22789
- Description: Abstract: Data protection is a critical area that is currently receiving much attention worldwide. Easy access to the internet and an increase in information transfer over communication networks contributes greatly to the need for data to be protected. Reports of data breaches from corporations and government institutions across the world have increased. Data breaches are mostly executed through the internet and other networks. Data loss and breaches can have significant consequences for concerned parties, such as reputational damage and litigation, when personal information is exposed to unauthorised persons. Mitigating controls, such as encryption methods, are generally implemented to protect data at rest and during transmission. Such controls, however, are useful only when they are effective in mitigating related risk exposure. This study focuses on investigating whether the current encryption methods being used are perceived by IT security managers from the Big Four audit firms and Dimension Data, as effective in mitigating IT security risks. Although it has been reported in the literature that specific symmetric and asymmetric encryption methods are effective, this study revealed the following: Symmetric encryption is perceived in practice as a highly breakable method at 15%, least breakable at 75%, and rated as not yet used at 10%. Asymmetric encryption is perceived slightly higher, as a highly breakable method at 25%, least breakable at 62%, and not yet used at 13%. , M.Com. (Computer Auditing)
- Full Text:
Limited-ccope dissertation : internal auditing of cloud computing in the telecommunications industry
- Authors: Bhayroo, Nastashia
- Date: 2017
- Subjects: Cloud computing , Telecommunication , Auditing, Internal
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/262241 , uj:27674
- Description: M.Com. (Computer Auditing) , Abstract: Cloud computing technologies have enabled innovation within the telecommunications industry and this in turn has enhanced the services which telecommunications companies provide through the use of the cloud. However, this exposes the telecommunications companies and their customers to new risks, such as data security, data privacy, data integrity, network performance and network availability. Internal auditing is able to provide assurance and consulting services to assist in the mitigation of the risks to an acceptable level. This limited-scope dissertation identifies the importance of cloud computing and the risks associated with cloud computing. The empirical study determines the role of internal auditing within the telecommunications industry in South Africa with regards to cloud computing. The research was conducted by means of an empirical study through the distribution of a self-completion questionnaire to the Chief Audit Executives of the top four telecommunications companies in South Africa. It was found that cloud computing exposes telecommunications companies to risks and these risks can be mitigated through internal audit functions providing assurance to the telecommunication companies.
- Full Text:
The impact of IT risk on external audit reports
- Authors: Dempsey, Karlien
- Date: 2018
- Subjects: Auditing - Data processing , Information technology - Management , Information technology - Risk management
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/292142 , uj:31743
- Description: Abstract: IT is an integral part of all organisations and consequently, all organisations should be considered as IT-affected entities. IT risk is therefore an entity risk which should be managed and mitigated through effective IT governance processes and the selection or design and implementation of IT governance frameworks. These frameworks should be designed and implemented at managerial level, however, the board and / or the audit committee should take overall responsibility for IT governance. The auditor uses the audit report as the primary tool to communicate their opinion to the users of the financial statements. The new audit report format, which superseded the previous format in 2016, should address the audit expectation gap as well as the shortcomings of the previous format, namely, limited communication and standardised language. The most significant change in this new format is the disclosure of items that are deemed of most significance in the audit, namely, Key Audit Matters. Through a content analysis of the JSE top 40 listed entities, it was found that those charged with governance in 39 of these entities regard IT as a significant risk and disclosed detail on IT governance or IT committees. However, although a total of 130 Key Audit Matters were raised by the entire study, none related to IT. This suggests a disconnect between the literature and the view of those charged with IT governance on the one hand, and the disclosure made by the auditor on the other. , M.Com. (Computer Auditing)
- Full Text:
Cyber risk management frameworks for the South African banking industry
- Authors: Koto, Caroline
- Date: 2019
- Subjects: Computer crimes , Cyberspace - Security measures , Business - Data processing - Security measures , Business enterprises - Computer networks - Security measures , Risk management , Banks and banking - South Africa
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/403209 , uj:33776
- Description: Abstract : Information technology (IT) has proven to be critical in the operation of businesses today. The banking industry is one of the industries that are most reliant on IT. The banking industry has enjoyed greater efficiency and effectiveness in their operations owing to the widespread use of IT. However, due to IT and continuous technological advancements, new threats such as cyber risk have surfaced, and the banking industry has experienced the most cybercrime incidents. In addition to the banking industry being the most targeted by cyber-criminals, cybercrime incidents have detrimental impacts on the industry. As a result, it is crucial for banks to employ effective cyber risk management processes. The South African banking industry is required by the South African Reserve Bank (SARB) to align their cyber risk management processes to the cyber resilience guidance document issued by the Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO). The CPMI–IOSCO cyber resilience guidance contains guidelines that should be addressed within a bank’s cyber risk management framework. This study seeks to establish whether the Improving Critical Infrastructure Cybersecurity (ICIC) framework addresses the guidelines contained in the CPMI–IOSCO cyber resilience guidance. The ICIC framework is effective for managing cyber risk and allows an organisation to modify it to suit its specific needs and objectives. The objective of the study is to recommend to the South African banking industry, a framework for managing cyber risks that is effective and that addresses the CPMI–IOSCO cyber resilience guidelines. The results were gathered by analysing the ICIC framework and mapping it against the CPMI–IOSCO cyber resilience guidelines. The results revealed that the ICIC framework addresses up to 71 percent of the CPMI –IOSCO cyber resilience guidelines. The study therefore recommends that instead of building a new cyber risk management framework, the South African banking industry should adopt the ICIC framework and modify it by adding the 29 percent of the CPMI –IOSCO cyber resilience guidelines not addressed by the ICIC framework. All the guidelines contained in the CPMI–IOSCO cyber resilience guidance will then be addressed within the modified ICIC framework. South African banks will also achieve effective management of cyber risks through the ICIC framework. , M.Com. (Computer Auditing)
- Full Text:
The impact of information systems auditor’s training on the quality of an information systems audit
- Authors: Dube, Ishmael
- Date: 2019
- Subjects: Information technology - Auditing , Auditors - Training of
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/421190 , uj:35891
- Description: Abstract: The significance of information technology (IT) audits in organisations is an area that has received increased focus, and it is increasingly necessary to conduct additional research into the IT audit subject area. As a result of increased dependence and spending on IT, it has effectively become a requirement for organisations to increase their level of assurance about these investments and their ability to deliver as expected. IT audits fulfil this role, and are used to examine the effectiveness of controls, security of important systems and business operations to identify weaknesses and find ways that can be used to improve and mitigate the impact of these weaknesses. However, prior research has not measured the impact that training of auditors has on the quality of IT audits. The findings of this study show that organisations play an integral role in the training programs. However, these organisations do not understand their training programs and cannot properly communicate the training requirements to IT auditors. The research findings have also shown that continuous professional development programs are additional tools in enhancing IT auditor knowledge. This research undertaking has found that generally, internal programs are more effective in delivering content to IT auditors and thus more emphasis can be put on them. Overall, this research undertaking strengthens the idea that resources should be committed to improving training programs, as improving training programs eventually leads to efficiency in all matters related to IT audit quality. , M.Com. (Computer Auditing)
- Full Text: