Exigencies of Computer System failure situations : influence on Information Security behaviour
- Authors: Van den Bergh, Maureen
- Date: 2019
- Subjects: Information technology - Management , Computer system failures , Computer security
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/422312 , uj:36033
- Description: Abstract: In the technology-people-management chain, people are predominantly identified as the weakest link in properly securing information systems. Previous information security studies pursued an understanding of information security behaviour by investigating internal and external factors influencing such behaviour. With some information security studies placing great significance on the role of the situation, an external factor, when investigating human behaviour. Psychological Situationism research emphasises that behaviour is shaped mainly by the exigencies of a particular situation. An examination of information security literature indicated that the exigencies of computer system failure situations had not been explored as an external factor in influencing information security behaviour. Computer system failure situations are perceived by employees as crises that interrupt or prevent them from performing their everyday tasks. Irrespective of the technological failure, employees still need to get the job done. Because the situation and its exigencies are influential in determining and shaping behaviour, it has the potential to negatively influence employee information security behaviour. Insecure employee behaviour could cause negative outcomes for organisations, such as financial loss and damage to reputation. .. , Ph.D. (Applied Information Systems)
- Full Text:
- Authors: Van den Bergh, Maureen
- Date: 2019
- Subjects: Information technology - Management , Computer system failures , Computer security
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/422312 , uj:36033
- Description: Abstract: In the technology-people-management chain, people are predominantly identified as the weakest link in properly securing information systems. Previous information security studies pursued an understanding of information security behaviour by investigating internal and external factors influencing such behaviour. With some information security studies placing great significance on the role of the situation, an external factor, when investigating human behaviour. Psychological Situationism research emphasises that behaviour is shaped mainly by the exigencies of a particular situation. An examination of information security literature indicated that the exigencies of computer system failure situations had not been explored as an external factor in influencing information security behaviour. Computer system failure situations are perceived by employees as crises that interrupt or prevent them from performing their everyday tasks. Irrespective of the technological failure, employees still need to get the job done. Because the situation and its exigencies are influential in determining and shaping behaviour, it has the potential to negatively influence employee information security behaviour. Insecure employee behaviour could cause negative outcomes for organisations, such as financial loss and damage to reputation. .. , Ph.D. (Applied Information Systems)
- Full Text:
Perception and determinism theories for communicating information systems security policies
- Authors: Rantao, Tsholofelo
- Date: 2020
- Subjects: Computer security , Information storage and retrieval systems - Security measures , Data protection
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/422244 , uj:36025
- Description: Abstract: Information security breaches are one of the fastest growing challenges faced by businesses in the world. The pace and progression of cybercrime exceeds most corporate’s security capability. That is why companies cannot rely on security technology only; however, employees also need to be involved. The goal of the study is to predict the relationship between communication factors and information security compliance. Media synchronicity theory is used due to its perceived effectiveness in promoting shared behaviour among people that work in the same environment. Communication theory and media richness theory were also included to support the model. These theories are combined into a framework called Miscellany of Perception and Determinism. Ten factors are extracted from this framework to test the relationship between communication and information security compliance in organisations. adopts a positivist deductive stance and generates hypotheses derived from a miscellany of communication theories. The positivist paradigm informs the data collection method and the development of the questionnaire. The Miscellany of Perception and Determinism Framework shows that there is a significant relationship between the dependent variable: Information security compliance and independent variables: Communication factors; Media Appropriateness; Reason for Communication; Non-conflicting Interpretations; Feedback Immediacy; and Personal Focus. The findings show that personal focus; non-conflicting interpretations; feedback immediacy; media appropriateness; and the reason for communication explain 61.3% of information security compliance. The study is at the forefront of linking important aspects within information security compliance and communication alike. This is ground-breaking research that was able to predict how policies can effectively be communicated. The results emphasise the necessity of adopting a comprehensive approach to using factors to communicate IS (information security) policy compliance. The implications of these findings are that communication mediums used by organisations are isolated in that they do not consider user experience for promoting understanding, and this leads to low security compliance behaviour. Once communication of policy is articulated effectively using the correct mediums, organisations will be able to be mindful of employee perception towards security strategies, which contributes to improving security compliance... , M.Com. (Information Technology Management)
- Full Text:
- Authors: Rantao, Tsholofelo
- Date: 2020
- Subjects: Computer security , Information storage and retrieval systems - Security measures , Data protection
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/422244 , uj:36025
- Description: Abstract: Information security breaches are one of the fastest growing challenges faced by businesses in the world. The pace and progression of cybercrime exceeds most corporate’s security capability. That is why companies cannot rely on security technology only; however, employees also need to be involved. The goal of the study is to predict the relationship between communication factors and information security compliance. Media synchronicity theory is used due to its perceived effectiveness in promoting shared behaviour among people that work in the same environment. Communication theory and media richness theory were also included to support the model. These theories are combined into a framework called Miscellany of Perception and Determinism. Ten factors are extracted from this framework to test the relationship between communication and information security compliance in organisations. adopts a positivist deductive stance and generates hypotheses derived from a miscellany of communication theories. The positivist paradigm informs the data collection method and the development of the questionnaire. The Miscellany of Perception and Determinism Framework shows that there is a significant relationship between the dependent variable: Information security compliance and independent variables: Communication factors; Media Appropriateness; Reason for Communication; Non-conflicting Interpretations; Feedback Immediacy; and Personal Focus. The findings show that personal focus; non-conflicting interpretations; feedback immediacy; media appropriateness; and the reason for communication explain 61.3% of information security compliance. The study is at the forefront of linking important aspects within information security compliance and communication alike. This is ground-breaking research that was able to predict how policies can effectively be communicated. The results emphasise the necessity of adopting a comprehensive approach to using factors to communicate IS (information security) policy compliance. The implications of these findings are that communication mediums used by organisations are isolated in that they do not consider user experience for promoting understanding, and this leads to low security compliance behaviour. Once communication of policy is articulated effectively using the correct mediums, organisations will be able to be mindful of employee perception towards security strategies, which contributes to improving security compliance... , M.Com. (Information Technology Management)
- Full Text:
Behaviour of outsourced employees as sources of information system security threats
- Authors: Oyebisi, David Jide
- Date: 2018
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/292346 , uj:31768
- Description: Abstract: In recent times, organisations in developing countries rely heavily on information systems to successfully execute their daily activities. These systems are essentially the life-blood of these organisations. Anecdotal reports trace information systems threats to insiders and in the recent past, outsourced employees. There is, therefore, an increased need for information systems to be protected against unauthorized access and retrieval particularly from legitimate ‘insider’ outsourced employees. While most studies have focused on organisations’ employees as threats, only a few have focused on the role the outsourced employees’ play as a potential threat. The study seeks to investigate the insider threat behaviour of outsourced employee in developing countries as security threats to information systems by virtue of their privileged access. The study is quantitative and adopts social bond and involvement theories for this purpose. The research sample was chosen from organisations in Nigeria and South Africa which are the largest two national economies in Africa. Close-ended questionnaires were used the data was analysed using factor analysis. The study found that outsourced employees exploit information systems vulnerabilities because they are not actively involved in the organisation and lack moral values and beliefs. A comparison test suggests that female outsourced employees pose greater threats to the information systems of organisations than males. The findings of this study will assist organisations in developing countries to mitigate the information security threats posed by outsourced employees. , M.Com. (Information Technology Management)
- Full Text:
- Authors: Oyebisi, David Jide
- Date: 2018
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/292346 , uj:31768
- Description: Abstract: In recent times, organisations in developing countries rely heavily on information systems to successfully execute their daily activities. These systems are essentially the life-blood of these organisations. Anecdotal reports trace information systems threats to insiders and in the recent past, outsourced employees. There is, therefore, an increased need for information systems to be protected against unauthorized access and retrieval particularly from legitimate ‘insider’ outsourced employees. While most studies have focused on organisations’ employees as threats, only a few have focused on the role the outsourced employees’ play as a potential threat. The study seeks to investigate the insider threat behaviour of outsourced employee in developing countries as security threats to information systems by virtue of their privileged access. The study is quantitative and adopts social bond and involvement theories for this purpose. The research sample was chosen from organisations in Nigeria and South Africa which are the largest two national economies in Africa. Close-ended questionnaires were used the data was analysed using factor analysis. The study found that outsourced employees exploit information systems vulnerabilities because they are not actively involved in the organisation and lack moral values and beliefs. A comparison test suggests that female outsourced employees pose greater threats to the information systems of organisations than males. The findings of this study will assist organisations in developing countries to mitigate the information security threats posed by outsourced employees. , M.Com. (Information Technology Management)
- Full Text:
Understanding taxpayers’ trust and perceived risk of using the electronic tax filing system
- Authors: Maphumula, F. E.
- Date: 2019
- Subjects: Electronic filing of tax returns , Electronic filing systems
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/416516 , uj:35236
- Description: M.Com. (Information Technology Management) , Abstract: In recent times, government have benefitted from the efficiency and convenience introduced by digital solutions such as e-government. Tax e-filing system is a type of e-government adopted by many tax authorities worldwide, enabling taxpayers to adopt the online tax filing system to submit tax returns for processing. The adoption of efiling by taxpayers is key in understanding the future development of online tax systems and to encourage e-filing usage. Despite the enhancement of the e-filing system in developing countries such as South Africa, tax authorities have not yet achieved full adoption and usage of the e-filing system by taxpayers. Taxpayers still adopt traditional methods of filing their taxes which generally involve visiting the branches, face to face consultations, e-mail and telephone inquiries. It is therefore important for government tax authorities to understand the reasons for non-adoption of the electronic tax filing system. This will ensure that mitigation action is implemented to increase adoption. This research focused on understanding the reasons for non-adoption of electronic tax filing. The purpose of this study is to determine the factors that influence South African taxpayers to adopt the electronic tax filing system. The study integrated constructs from TTAT model (namely, Perceived Threat and Safeguard Effectiveness) with the UTAUT model, with the purpose of achieving two objectives; namely (1) To identify what influences the behavioural intention to adopt e-filing system; and (2) Examine the importance of each variable for taxpayers that do not adopt the online tax filing system. The population consisted of 154 South African taxpayers’ responses captured on a questionnaire-based study. The results revealed that the adoption of e-filing was determined by society and close family relations. Additionally, the knowledge of antiphishing IT tools and anti-phishing education influence the intention to adopt e-filing by taxpayers. Interestingly, the study findings indicated that facilitating condition constructs, that is, a lack of resource was not the biggest predictor of behavioural intention to adopt e-filing like it has been in many developing countries.
- Full Text:
- Authors: Maphumula, F. E.
- Date: 2019
- Subjects: Electronic filing of tax returns , Electronic filing systems
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/416516 , uj:35236
- Description: M.Com. (Information Technology Management) , Abstract: In recent times, government have benefitted from the efficiency and convenience introduced by digital solutions such as e-government. Tax e-filing system is a type of e-government adopted by many tax authorities worldwide, enabling taxpayers to adopt the online tax filing system to submit tax returns for processing. The adoption of efiling by taxpayers is key in understanding the future development of online tax systems and to encourage e-filing usage. Despite the enhancement of the e-filing system in developing countries such as South Africa, tax authorities have not yet achieved full adoption and usage of the e-filing system by taxpayers. Taxpayers still adopt traditional methods of filing their taxes which generally involve visiting the branches, face to face consultations, e-mail and telephone inquiries. It is therefore important for government tax authorities to understand the reasons for non-adoption of the electronic tax filing system. This will ensure that mitigation action is implemented to increase adoption. This research focused on understanding the reasons for non-adoption of electronic tax filing. The purpose of this study is to determine the factors that influence South African taxpayers to adopt the electronic tax filing system. The study integrated constructs from TTAT model (namely, Perceived Threat and Safeguard Effectiveness) with the UTAUT model, with the purpose of achieving two objectives; namely (1) To identify what influences the behavioural intention to adopt e-filing system; and (2) Examine the importance of each variable for taxpayers that do not adopt the online tax filing system. The population consisted of 154 South African taxpayers’ responses captured on a questionnaire-based study. The results revealed that the adoption of e-filing was determined by society and close family relations. Additionally, the knowledge of antiphishing IT tools and anti-phishing education influence the intention to adopt e-filing by taxpayers. Interestingly, the study findings indicated that facilitating condition constructs, that is, a lack of resource was not the biggest predictor of behavioural intention to adopt e-filing like it has been in many developing countries.
- Full Text:
Mitigating spear phishing : a honeytoken based detection framework
- Authors: Magaoga, Dinko
- Date: 2018
- Subjects: Phishing - Prevention , Management information systems - Security measures
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/292239 , uj:31755
- Description: M.Com. (Information Technology Management) , Abstract: Email users who select to receive email communication through mailing-lists subscription may become a target of spear phishing attacks, resulting in major data breaches. The prospect of spear phishing exploitation of compromised mailing-lists is a threat to Information System security for organizations and individual subscribers. Using a qualitative research study, this dissertation explores the prospect of spear phishing attacks on mailing-lists communication channels. Research methods applying the Grounded Theory technique were employed to analyse empirical data collected in the form of interviews, participants’ observations and data-logs. The collection of data-logs is described by creating and implementing fake email accounts (honeytokens), and using the fake accounts to subscribe to live mailing-lists as a way of eliciting data-logs and analysing threats within them. Research study infers Sensitising Concepts from the Technology Threat Avoidance Theory (TTAT) to help refine the understanding of spear phishing attacks in the context of compromised mailing-lists. Inductive reasoning was used to observe patterns within the data and to draw general conclusions regarding it. To complement the application of multi-source data collection research, Triangulation Data Analysis was applied to the combined data-sets and to arrive at one set of findings. The research findings describe the existence of unexplored and largely unrecognised spear phishing threats (referred to as Mailing-Lists-Spear-Phishing threats in this dissertation) that may be targeted at specific mailing-lists subscribers. The research further shows that the threats posed by mailing-lists-spear-phishing’s unique method of attack and its subsequent security implications are not widely known by most mailing-list subscribers. While data analysis yielded the insight that these threats and attacks are not as prevalent as the researcher initially expected, the risk of exploitation remain a real serious threats to Information Systems security. This dissertation proposes a framework that uses the application of honeytokens as a potential detection and protection mechanism to mitigate against spear phishing exploitation of mailing-list communication channels. The study successfully demonstrated and tested a honeytoken framework implementation towards this purpose. The final recommendation is that honeytoken implementation could be used to complement, rather than replace, existing Information Systems security measures.
- Full Text:
- Authors: Magaoga, Dinko
- Date: 2018
- Subjects: Phishing - Prevention , Management information systems - Security measures
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/292239 , uj:31755
- Description: M.Com. (Information Technology Management) , Abstract: Email users who select to receive email communication through mailing-lists subscription may become a target of spear phishing attacks, resulting in major data breaches. The prospect of spear phishing exploitation of compromised mailing-lists is a threat to Information System security for organizations and individual subscribers. Using a qualitative research study, this dissertation explores the prospect of spear phishing attacks on mailing-lists communication channels. Research methods applying the Grounded Theory technique were employed to analyse empirical data collected in the form of interviews, participants’ observations and data-logs. The collection of data-logs is described by creating and implementing fake email accounts (honeytokens), and using the fake accounts to subscribe to live mailing-lists as a way of eliciting data-logs and analysing threats within them. Research study infers Sensitising Concepts from the Technology Threat Avoidance Theory (TTAT) to help refine the understanding of spear phishing attacks in the context of compromised mailing-lists. Inductive reasoning was used to observe patterns within the data and to draw general conclusions regarding it. To complement the application of multi-source data collection research, Triangulation Data Analysis was applied to the combined data-sets and to arrive at one set of findings. The research findings describe the existence of unexplored and largely unrecognised spear phishing threats (referred to as Mailing-Lists-Spear-Phishing threats in this dissertation) that may be targeted at specific mailing-lists subscribers. The research further shows that the threats posed by mailing-lists-spear-phishing’s unique method of attack and its subsequent security implications are not widely known by most mailing-list subscribers. While data analysis yielded the insight that these threats and attacks are not as prevalent as the researcher initially expected, the risk of exploitation remain a real serious threats to Information Systems security. This dissertation proposes a framework that uses the application of honeytokens as a potential detection and protection mechanism to mitigate against spear phishing exploitation of mailing-list communication channels. The study successfully demonstrated and tested a honeytoken framework implementation towards this purpose. The final recommendation is that honeytoken implementation could be used to complement, rather than replace, existing Information Systems security measures.
- Full Text:
Conceptualising antecedents of systems innovation on information security risks
- Authors: Botsime, Mogotsi Steven
- Date: 2019
- Subjects: Computer security - Management , Computer networks - Security measures , Information technology - Security measures
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/402702 , uj:33711
- Description: Abstract : This research represents a comprehensive conceptualisation of antecedents of systems innovation and how they affect systems innovation in an organisational context. It further examines the relationship between information security risks and systems innovation. Antecedents of systems innovation are identified based on the existing theories such as Diffusion of Innovation (DoI) and Organisational Innovation. This research makes use of new systems and technologies which include Big Data/Cloud Computing, Blockchain, Internet of Things (IoT), Virtual/Augmented reality and Artificial Intelligence (AI) to examine organisations strides towards systems innovation. This research is underpinned by the increase in systems innovation and the growing concerns of information security risks faced by organisations. A quantitative method of analysis was used to analyse data using statistical methods with a view to identify relationships between variables. Data collected shows that systems and technology must have increased benefits in order to be adopted and the complexity of systems does not affect the adoption of such systems and technologies. Individual characteristics were found to have no effect in systems innovation whereas organisational and environmental elements highly influence innovation in the organisation. A relationship could not be established between systems innovation and information security risks. This research highlights the importance of ensuring that new systems and technologies adds value to the organisation and equally important is to ensure management of organisational and environmental elements that affect systems innovation. Information security risks should also not be a deterrence for systems innovation. , M.Com. (Business Management)
- Full Text:
- Authors: Botsime, Mogotsi Steven
- Date: 2019
- Subjects: Computer security - Management , Computer networks - Security measures , Information technology - Security measures
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/402702 , uj:33711
- Description: Abstract : This research represents a comprehensive conceptualisation of antecedents of systems innovation and how they affect systems innovation in an organisational context. It further examines the relationship between information security risks and systems innovation. Antecedents of systems innovation are identified based on the existing theories such as Diffusion of Innovation (DoI) and Organisational Innovation. This research makes use of new systems and technologies which include Big Data/Cloud Computing, Blockchain, Internet of Things (IoT), Virtual/Augmented reality and Artificial Intelligence (AI) to examine organisations strides towards systems innovation. This research is underpinned by the increase in systems innovation and the growing concerns of information security risks faced by organisations. A quantitative method of analysis was used to analyse data using statistical methods with a view to identify relationships between variables. Data collected shows that systems and technology must have increased benefits in order to be adopted and the complexity of systems does not affect the adoption of such systems and technologies. Individual characteristics were found to have no effect in systems innovation whereas organisational and environmental elements highly influence innovation in the organisation. A relationship could not be established between systems innovation and information security risks. This research highlights the importance of ensuring that new systems and technologies adds value to the organisation and equally important is to ensure management of organisational and environmental elements that affect systems innovation. Information security risks should also not be a deterrence for systems innovation. , M.Com. (Business Management)
- Full Text:
- «
- ‹
- 1
- ›
- »