An information security policy architecture with special reference to a tertiary institution.
- Authors: Jordaan, Ansa
- Date: 2008-06-02T10:17:07Z
- Subjects: Universities and colleges risk assessment , Information technology security measures , Computer security
- Type: Thesis
- Identifier: uj:2524 , http://hdl.handle.net/10210/497
- Description: This dissertation will be limited to the compilation of an Information Security Policy Architecture for a Tertiary Institution. An Information Security Policy Architecture for a Tertiary Institution is probably the most challenging architecture to develop in an environment where information accessibility is promoted. The Security Policy Architecture is a component of a complete Information Security Architecture, which will not be addressed in this dissertation. To mitigate and manage risks, it is essential to know what the information technology risks are and as a second step, to actively manage these risks to ensure that they stay within acceptable limits. The reporting and the monitoring of these risks open new fields of research and will not be discussed in this dissertation. , von Solms, S.H., Prof.
- Full Text:
Information security risk management in the South African small, medium and micro enterprise environment
- Authors: Van Niekerk, Liesel
- Date: 2008-07-07T09:33:28Z
- Subjects: Small business , Risk management , Computer security management , Information technology security measures
- Type: Thesis
- Identifier: uj:10248 , http://hdl.handle.net/10210/761
- Description: The small, medium and micro enterprise (SMME) environment of South Africa contributes 42% to the national gross domestic product. This is a high number for a largely under-regulated environment. The corporate governance and IT governance standards that apply to South African companies are not feasible for SMMEs, and neither are they enforced, although 80% of failures of SMMEs are attributable to lack of enterprise management skill. The first objective of this dissertation is to examine the South African SMME, and in so doing determine whether local regulatory standards can be used for this unique enterprise formation. The second objective of this dissertation is to determine whether international methodologies for information security risk management, as an inclusive of IT governance, may be used in the unique local SMME formation. The result of these two objectives creates a gap in a typical information security risk management methodology that is suitable for the South African regulatory and economic environment for SMMEs. A model has been created as a possible answer for filling the gap. The dissertation includes the Peculium Model, which answers the regulatory and economic requirements that resulted from the second objective. The Model allows the small enterprise a simple but effective method for managing risks to its information assets, with the control of corporate governance and IT governance included in its framework. The Model answers the methods for identifying and assessing risk in a tradition-based but feasible new qualitative technique. , Labuschagne, L., Prof.
- Full Text: