A socio-technical systems cybersecurity optimisation process : the systems engineering management approach
- Authors: Malatji, Masike
- Date: 2019
- Subjects: Cyberspace - Security measures , Computer networks - Security measures , Cyberterrorism
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/417550 , uj:35366
- Description: Abstract: Despite the emergence of artificial intelligence-powered enterprise systems security solutions, it was found that at least 90% of malicious cyberattacks resulted from human behaviour or error. This and various other studies over the past 11 years confirmed that the human being remains the weakest link in the entire enterprise systems security chain. In addition, evidence seemed to suggest that many enterprises are still taking overly techno-centric approaches to cybersecurity risk and increase the chances of missing the bigger picture. With that, the study sought to understand how a bigger enterprise systems security picture could be realised. In particular, the aim of this study was to identify and address socio-technical security gaps in existing enterprise systems security frameworks, which encompass information security, cybersecurity, information technology security and physical security. The importance of the study was to highlight that taking overly techno-centric approaches to enterprise systems security risk has not yielded significantly positive results for organisations. A big picture approach is required to attain a holistic enterprise systems security optimisation state. A socio-technical approach to enterprise systems security was adopted to develop the ‘big picture’ solution. This was achieved through the application of the socio-technical systems theory to the enterprise systems security domain. The cornerstone and foundation of the socio-technical systems approach is joint optimisation, which is a technique that is more concerned with harnessing the best of both the technical and social (including human) aspects of an enterprise structure and processes. This culminated into the development of an integrated management process to identify and address socio-technical security gaps in existing enterprise systems security programs. A mixed-methods research approach where the focus group, in-depth personal interviews and online surveys were employed to test for the validation of the integrated management process was adopted. This resulted in the finalisation and desktop application of the integrated management process on the COBIT® 5 for Information Security framework. Thus, the management process for security joint optimisation would benefit the information security, cybersecurity and information technology security community of practitioners to holistically optimise enterprise systems security practices. Moreover, the management process would benefit, especially those, who practice enterprise systems security at strategic (policy driven) and tactical (guideline driven) levels for security joint optimisation at operational level. , D.Ing. (Engineering Management)
- Full Text:
Best practice strategy framework for developing countries to secure cyberspace
- Authors: Jaquire, Victor John
- Date: 2015-11-12
- Subjects: Computer networks - Security measures , Data encryption (Computer science) , Cyberspace - Security measures , Cyberterrorism - Prevention , Information warfare - Prevention
- Type: Thesis
- Identifier: uj:14558 , http://hdl.handle.net/10210/15091
- Description: M.Com. (Informatics) , Cyber issues are global phenomena in a world of inter-related systems, and as such, the discussion on cybersecurity frameworks, policies and strategies inevitably requires reference to, and benchmarking with regional, continental and global trends and solutions. This, in the context of the effects of globalisation on developing countries, with specific reference to areas such as Africa as a developing continent with regard to the protection of its cyberspace. More drastic measures, such as the utilization of cyber warfare techniques and pre-emptive cyber strike-teams in addition to traditional cybersecurity mechanisms as an essential part of a national security effort to protect cyberspace has become more prevalent within the developed worlds. Likewise, developing nations need to gear themselves in a structured, coordinated and responsible way in order to do their part to secure their own environments. Cyberspace is a dynamic global environment with cyber related issues being a global concern. Although countries generally regulate their own cyber environment through policy; cross-border cyber issues are difficult to resolve and the lack of international cyber laws impede cybersecurity efforts. Cybercrime and the management of cross-border cyber incidents are becoming a growing national security concern as the lack of effective controls leave critical infrastructure and the cyber-connected environment vulnerable to attack. Some developing countries are on track with the maturity of their cybersecurity initiatives, but appropriate cybersecurity frameworks for many developing countries require careful consideration, especially due to the lack of resources, infrastructure and local technology development capabilities.
- Full Text:
Cyber risk management frameworks for the South African banking industry
- Authors: Koto, Caroline
- Date: 2019
- Subjects: Computer crimes , Cyberspace - Security measures , Business - Data processing - Security measures , Business enterprises - Computer networks - Security measures , Risk management , Banks and banking - South Africa
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/403209 , uj:33776
- Description: Abstract : Information technology (IT) has proven to be critical in the operation of businesses today. The banking industry is one of the industries that are most reliant on IT. The banking industry has enjoyed greater efficiency and effectiveness in their operations owing to the widespread use of IT. However, due to IT and continuous technological advancements, new threats such as cyber risk have surfaced, and the banking industry has experienced the most cybercrime incidents. In addition to the banking industry being the most targeted by cyber-criminals, cybercrime incidents have detrimental impacts on the industry. As a result, it is crucial for banks to employ effective cyber risk management processes. The South African banking industry is required by the South African Reserve Bank (SARB) to align their cyber risk management processes to the cyber resilience guidance document issued by the Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO). The CPMI–IOSCO cyber resilience guidance contains guidelines that should be addressed within a bank’s cyber risk management framework. This study seeks to establish whether the Improving Critical Infrastructure Cybersecurity (ICIC) framework addresses the guidelines contained in the CPMI–IOSCO cyber resilience guidance. The ICIC framework is effective for managing cyber risk and allows an organisation to modify it to suit its specific needs and objectives. The objective of the study is to recommend to the South African banking industry, a framework for managing cyber risks that is effective and that addresses the CPMI–IOSCO cyber resilience guidelines. The results were gathered by analysing the ICIC framework and mapping it against the CPMI–IOSCO cyber resilience guidelines. The results revealed that the ICIC framework addresses up to 71 percent of the CPMI –IOSCO cyber resilience guidelines. The study therefore recommends that instead of building a new cyber risk management framework, the South African banking industry should adopt the ICIC framework and modify it by adding the 29 percent of the CPMI –IOSCO cyber resilience guidelines not addressed by the ICIC framework. All the guidelines contained in the CPMI–IOSCO cyber resilience guidance will then be addressed within the modified ICIC framework. South African banks will also achieve effective management of cyber risks through the ICIC framework. , M.Com. (Computer Auditing)
- Full Text: