A secure steganographic file system with non-duplicating properties
- Authors: Ellefsen, Ian David
- Date: 2012-09-11
- Subjects: Cryptography , Computer security , Data encryption (Computer science)
- Type: Thesis
- Identifier: uj:9972 , http://hdl.handle.net/10210/7367
- Description: M.Sc. , This dissertation investigates the possibility of a steganographic file system which does not have to duplicate hidden data in order to avoid "collisions" between the hidden and non-hidden data. This will ensure the consistency of the hidden data, and avoid unnecessary data duplication while at the same time providing an acceptable level of information security. The dissertation will critically analyse a number of existing steganographic file systems in order to determine the problems which are faced by this field. These problems will then be addressed, which will allow for the definition of a possible solution. In order to provide a more complete understanding of the implementation discussed in the latter part of this dissertation, a number of background concepts are discussed. This includes a discussion of file systems, cryptography, and steganography, each of which contributes to the body of knowledge required for later chapters. The latter part of this dissertation outlines the Secure Steganographic File System (SSFS). This implementation will attempt to effectively manage the storage of hidden data which is embedded within a host file system. The dissertation will outline how SSFS will allow fragments of hidden data to exist in any physical location on a storage device, while still maintaining a consistent file system structure. The dissertation will then critically analyse the impact of such a system, by examining the impact on the host file system's performance. This will allow the feasibility of such a system to be demonstrated.
- Full Text:
- Authors: Ellefsen, Ian David
- Date: 2012-09-11
- Subjects: Cryptography , Computer security , Data encryption (Computer science)
- Type: Thesis
- Identifier: uj:9972 , http://hdl.handle.net/10210/7367
- Description: M.Sc. , This dissertation investigates the possibility of a steganographic file system which does not have to duplicate hidden data in order to avoid "collisions" between the hidden and non-hidden data. This will ensure the consistency of the hidden data, and avoid unnecessary data duplication while at the same time providing an acceptable level of information security. The dissertation will critically analyse a number of existing steganographic file systems in order to determine the problems which are faced by this field. These problems will then be addressed, which will allow for the definition of a possible solution. In order to provide a more complete understanding of the implementation discussed in the latter part of this dissertation, a number of background concepts are discussed. This includes a discussion of file systems, cryptography, and steganography, each of which contributes to the body of knowledge required for later chapters. The latter part of this dissertation outlines the Secure Steganographic File System (SSFS). This implementation will attempt to effectively manage the storage of hidden data which is embedded within a host file system. The dissertation will outline how SSFS will allow fragments of hidden data to exist in any physical location on a storage device, while still maintaining a consistent file system structure. The dissertation will then critically analyse the impact of such a system, by examining the impact on the host file system's performance. This will allow the feasibility of such a system to be demonstrated.
- Full Text:
A control model for the evaluation and analysis of control facilities in a simple path context model in a MVS/XA environment
- Authors: Damianides, Marios
- Date: 2014-07-28
- Subjects: Computer security , Computers - Access control , Auditing - Data processing
- Type: Thesis
- Identifier: uj:11839 , http://hdl.handle.net/10210/11571
- Description: M.Com. (Computer Auditing) , The need to evaluate today's complex computer environments from an audit perspective has increased, particularly in viewof the disappearance of a paper audit trail and the inefficiencies of auditing "around" the computer in these environments. By making use of the Access Path and the Path Context Models, it was possible to carry out an evaluation of the MVS/XA environment. This evaluation was carried out using the methodology developed in this research essay. This methodology may have universal applicability in the evaluation of computer security. The concept of each layer in the access path being a "net", which only allows authorised users to drop to the next layer, was applied. It was found that each systems software component had sufficient facilities to meet the control objectives. The operating system itself, however, was found to present the installation with more risk factors than controls. It was therefore concluded that an external access control software package needs to be implemented to supplement the controls in this environment, if the control objectives are to be met. It was also concluded that the implementation of this package would not, in itself, solve all the security issues, and that the matrices developed should be used in the implementation of this package. This is a further indication of the usefulness of the model and the methodology. The applicability of the Access Path and the Path Context Models in the evaluation of the predefined environment has therefore been established.
- Full Text:
- Authors: Damianides, Marios
- Date: 2014-07-28
- Subjects: Computer security , Computers - Access control , Auditing - Data processing
- Type: Thesis
- Identifier: uj:11839 , http://hdl.handle.net/10210/11571
- Description: M.Com. (Computer Auditing) , The need to evaluate today's complex computer environments from an audit perspective has increased, particularly in viewof the disappearance of a paper audit trail and the inefficiencies of auditing "around" the computer in these environments. By making use of the Access Path and the Path Context Models, it was possible to carry out an evaluation of the MVS/XA environment. This evaluation was carried out using the methodology developed in this research essay. This methodology may have universal applicability in the evaluation of computer security. The concept of each layer in the access path being a "net", which only allows authorised users to drop to the next layer, was applied. It was found that each systems software component had sufficient facilities to meet the control objectives. The operating system itself, however, was found to present the installation with more risk factors than controls. It was therefore concluded that an external access control software package needs to be implemented to supplement the controls in this environment, if the control objectives are to be met. It was also concluded that the implementation of this package would not, in itself, solve all the security issues, and that the matrices developed should be used in the implementation of this package. This is a further indication of the usefulness of the model and the methodology. The applicability of the Access Path and the Path Context Models in the evaluation of the predefined environment has therefore been established.
- Full Text:
Critical information infrastructure protection for developing countries
- Authors: Ellefsen, Ian David
- Date: 2012-08-16
- Subjects: Computer crimes prevention , Computer security , Computer networks - Access control , Computer networks - Security measures
- Type: Thesis
- Identifier: uj:9498 , http://hdl.handle.net/10210/5928
- Description: D.Phil.(Computer Science) , In this thesis we will investigate the development of Critical Information Infrastructure Protection (CIIP) structures in the developing world. Developing regions are experiencing fast-paced development of information infrastructures, and improvements in related technologies such as Internet connectivity and wireless technologies. The use of these new technologies and the number of new users that are introduced to the Internet can allow cyber threats to flourish. In many cases, Computer Security Incident Response Teams (CSIRTs) can be used to provide CIIP. However, the development of traditional CSIRT-like structures can be problematic in developing regions where technological challenges, legal frameworks, and limited capacity can reduce its overall effectiveness. In this thesis we will introduce the Community-oriented Security, Advisory and Warning (C-SAW) Team. This model is designed to address the challenges to CIIP faced by developing regions by defining a structure that is loosely-coupled and flexible in nature. Furthermore, the aspect of community-orientation is used to allow a C-SAW Team to operate within a designated community of members. This thesis is divided into three primary parts. In Part 1 we will discuss the background research undertaken during this study. The background chapters will lay the foundation for the later chapters in this thesis. In Part 2 we will introduce the C-SAW Team model and elaborate on the construction, relationships, positioning, services, and framework in which it can be deployed. Finally, in Part 3 we present our conclusions to this thesis.
- Full Text:
- Authors: Ellefsen, Ian David
- Date: 2012-08-16
- Subjects: Computer crimes prevention , Computer security , Computer networks - Access control , Computer networks - Security measures
- Type: Thesis
- Identifier: uj:9498 , http://hdl.handle.net/10210/5928
- Description: D.Phil.(Computer Science) , In this thesis we will investigate the development of Critical Information Infrastructure Protection (CIIP) structures in the developing world. Developing regions are experiencing fast-paced development of information infrastructures, and improvements in related technologies such as Internet connectivity and wireless technologies. The use of these new technologies and the number of new users that are introduced to the Internet can allow cyber threats to flourish. In many cases, Computer Security Incident Response Teams (CSIRTs) can be used to provide CIIP. However, the development of traditional CSIRT-like structures can be problematic in developing regions where technological challenges, legal frameworks, and limited capacity can reduce its overall effectiveness. In this thesis we will introduce the Community-oriented Security, Advisory and Warning (C-SAW) Team. This model is designed to address the challenges to CIIP faced by developing regions by defining a structure that is loosely-coupled and flexible in nature. Furthermore, the aspect of community-orientation is used to allow a C-SAW Team to operate within a designated community of members. This thesis is divided into three primary parts. In Part 1 we will discuss the background research undertaken during this study. The background chapters will lay the foundation for the later chapters in this thesis. In Part 2 we will introduce the C-SAW Team model and elaborate on the construction, relationships, positioning, services, and framework in which it can be deployed. Finally, in Part 3 we present our conclusions to this thesis.
- Full Text:
The identification of information sources to aid with critical information infrastructure protection
- Authors: Mouton, Jean , Ellefsen, Ian
- Date: 2013
- Subjects: Critical information infrastructure protection , Computer security
- Type: Article
- Identifier: uj:6123 , http://hdl.handle.net/10210/12420
- Description: Providing Critical Information Infrastructure Protection (CIIP) has become an important focus area for countries across the world with the widespread adoption of computer systems and computer networks that handle and transfer large amounts of sensitive information on a daily basis. Most large organisations have their own security teams that provide some form of protection against cyber attacks that are launched by cybercriminals. It is however often the case that smaller stakeholders such as schools, pharmacies and other SMEs might not have the required means to protect themselves against these cyber attacks. The distribution of relevant and focused information is an important part of providing effective protection against cyber attacks. In this paper some of the existing mechanisms and formats in which information related to software security vulnerabilities are provided to the public are discussed and reviewed. Providing focused and relevant information can enable smaller stakeholders such as SMEs that have a limited set of skills and expertise to limit their risk of exposure to cyber attacks.
- Full Text:
The identification of information sources to aid with critical information infrastructure protection
- Authors: Mouton, Jean , Ellefsen, Ian
- Date: 2013
- Subjects: Critical information infrastructure protection , Computer security
- Type: Article
- Identifier: uj:6123 , http://hdl.handle.net/10210/12420
- Description: Providing Critical Information Infrastructure Protection (CIIP) has become an important focus area for countries across the world with the widespread adoption of computer systems and computer networks that handle and transfer large amounts of sensitive information on a daily basis. Most large organisations have their own security teams that provide some form of protection against cyber attacks that are launched by cybercriminals. It is however often the case that smaller stakeholders such as schools, pharmacies and other SMEs might not have the required means to protect themselves against these cyber attacks. The distribution of relevant and focused information is an important part of providing effective protection against cyber attacks. In this paper some of the existing mechanisms and formats in which information related to software security vulnerabilities are provided to the public are discussed and reviewed. Providing focused and relevant information can enable smaller stakeholders such as SMEs that have a limited set of skills and expertise to limit their risk of exposure to cyber attacks.
- Full Text:
Information security in health-care systems: a new approach to IT risk management
- Authors: Smith, Elmé
- Date: 2012-08-16
- Subjects: Information technology - Security measures , Information resources management , Computer security , Health facilities management
- Type: Thesis
- Identifier: uj:9451 , http://hdl.handle.net/10210/5884
- Description: Ph.D. , The present study originated from a realisation about the unique nature of the medical domain and about the limitations of existing risk-management methodologies with respect to incorporating the special demands and salient features of the said domain. A further incentive for the study was the long-felt need for proper Information Technology (IT) risk management for medical domains, especially in the light of the fact that IT is playing an ever-greater part in the rendering of health-care services. This part, however, introduces new information-security challenges every day, especially as far as securing sensitive medical information and ensuring patients' privacy are concerned. The study is, therefore, principally aimed at making a contribution to improving IT risk management in the medical domain and, for this reason, culminates in an IT risk-management model specifically developed for and propounded in the medical domain. While developing this model, special care was taken not only to take into consideration the special demands of the said domain when assessing IT risks but also that it would be suited to the concepts, terminology and standards used in and applied to this domain every day. The most important objectives of the study can be summarised as follows: A thorough investigation into modern trends in information security in the medical domain will soon uncover the key role IT is playing in this domain. Regrettably, however, this very trend also triggers a steep increase in IT riskincidence figures, which, in this domain, could often constitute the difference between life and death. The clamant need for effective risk-management methods to enhance the information security of medical institutions is, therefore, self-evident. After having explored the dynamic nature of the medical domain, the requirements were identified for a risk-management model aimed at effectively vi managing the IT risks to be incurred in a typical medical institution. Next, a critical evaluation of current risk-assessment techniques revealed that a fresh approach to IT risk management in medical domains is urgently necessary. An IT risk-management model, entitled "RiMaHCoF" (that is, "Risk Management in Health Care — using Cognitive Fuzzy techniques"), was developed and propounded specifically for the medical domain hereafter. The proposed model enhances IT risk management in the said domain in the sense that it proceeds on the assumption that the patient and his/her medical information constitute the primary assets of the medical institution.
- Full Text:
- Authors: Smith, Elmé
- Date: 2012-08-16
- Subjects: Information technology - Security measures , Information resources management , Computer security , Health facilities management
- Type: Thesis
- Identifier: uj:9451 , http://hdl.handle.net/10210/5884
- Description: Ph.D. , The present study originated from a realisation about the unique nature of the medical domain and about the limitations of existing risk-management methodologies with respect to incorporating the special demands and salient features of the said domain. A further incentive for the study was the long-felt need for proper Information Technology (IT) risk management for medical domains, especially in the light of the fact that IT is playing an ever-greater part in the rendering of health-care services. This part, however, introduces new information-security challenges every day, especially as far as securing sensitive medical information and ensuring patients' privacy are concerned. The study is, therefore, principally aimed at making a contribution to improving IT risk management in the medical domain and, for this reason, culminates in an IT risk-management model specifically developed for and propounded in the medical domain. While developing this model, special care was taken not only to take into consideration the special demands of the said domain when assessing IT risks but also that it would be suited to the concepts, terminology and standards used in and applied to this domain every day. The most important objectives of the study can be summarised as follows: A thorough investigation into modern trends in information security in the medical domain will soon uncover the key role IT is playing in this domain. Regrettably, however, this very trend also triggers a steep increase in IT riskincidence figures, which, in this domain, could often constitute the difference between life and death. The clamant need for effective risk-management methods to enhance the information security of medical institutions is, therefore, self-evident. After having explored the dynamic nature of the medical domain, the requirements were identified for a risk-management model aimed at effectively vi managing the IT risks to be incurred in a typical medical institution. Next, a critical evaluation of current risk-assessment techniques revealed that a fresh approach to IT risk management in medical domains is urgently necessary. An IT risk-management model, entitled "RiMaHCoF" (that is, "Risk Management in Health Care — using Cognitive Fuzzy techniques"), was developed and propounded specifically for the medical domain hereafter. The proposed model enhances IT risk management in the said domain in the sense that it proceeds on the assumption that the patient and his/her medical information constitute the primary assets of the medical institution.
- Full Text:
Netwerksekerheid
- Authors: Nel, Abraham Jacobus
- Date: 2014-10-07
- Subjects: Computer security , Computers -- Access control
- Type: Thesis
- Identifier: uj:12533 , http://hdl.handle.net/10210/12327
- Description: M.Com. (Computer Science) , Please refer to full text to view abstract
- Full Text:
- Authors: Nel, Abraham Jacobus
- Date: 2014-10-07
- Subjects: Computer security , Computers -- Access control
- Type: Thesis
- Identifier: uj:12533 , http://hdl.handle.net/10210/12327
- Description: M.Com. (Computer Science) , Please refer to full text to view abstract
- Full Text:
Information security using intelligent software agents
- Authors: Van der Merwe, Jacobus
- Date: 2012-08-20
- Subjects: Computer security , Computer networks - Security measures , Internet - Security measures , Intelligent agents (Computer software)
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/387930 , uj:2793 , http://hdl.handle.net/10210/6231
- Description: Ph.D. , Many organisations are starting to make large parts of their information resources publicly accessible. For example, many organisations publish information using the Internet. Some organisations allow non-employees to connect to their systems and retrieve information - many banks allow customers to retrieve account statements via the Internet. There is a trend towards more open information systems and more distributed processing such as client/server processing. The above are just some of the trends in computer information processing that creates new and complex problems in providing information systems that are both secure and manageable. To add to the complexity of the information security problem, organisations use the Internet to conduct some of their business and use many different applications, each with its own unique access control mechanisms. Central management of information security in a heterogeneous and distributed environments, such as the Internet has become a nightmare. There is a need for an information security model that will allow organisations to make use of the new trends in information processing, but still have confidence that they have adequate security and that the management of their information security systems is fairly easy. In this thesis we propose a model that satisfies the above requirements. We call this model the Intelligent Security Agent Model (ISAM). The ISAM model is based on two technologies: intelligent software agents and distributed objects. The main component of the model is Intelligent Security Agents that act as security brokers for its users in a distributed environment. In chapter 2 of the thesis, we design an Intelligent Security Agent which provides various information security services in open client/server environments. The Intelligent Security Agent Model addresses certain problems/requirements, such as single sign-on, in information security. These problems and possible solutions are described in chapter 4 to chapter 10 of this thesis. An Intelligent Security Agent must be protected from unauthorised modification, theft, etc. Chapter 3 shows how an Intelligent Security Agent is secured by implementing it as a distributed object. We show that the combination of intelligent software agents and distributed objects creates an agent that was not possible before, and solves many information security problems.In short, this thesis documents the results of a study in computer information security. The result of the study is a new information security model in which intelligent software agents and distributed objects are combined to create a security agent which acts on behalf of a user in open environments such as client/server systems and the Internet. The agent provides a set of services to its user and handles all information security related requests on behalf of its user.
- Full Text:
- Authors: Van der Merwe, Jacobus
- Date: 2012-08-20
- Subjects: Computer security , Computer networks - Security measures , Internet - Security measures , Intelligent agents (Computer software)
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/387930 , uj:2793 , http://hdl.handle.net/10210/6231
- Description: Ph.D. , Many organisations are starting to make large parts of their information resources publicly accessible. For example, many organisations publish information using the Internet. Some organisations allow non-employees to connect to their systems and retrieve information - many banks allow customers to retrieve account statements via the Internet. There is a trend towards more open information systems and more distributed processing such as client/server processing. The above are just some of the trends in computer information processing that creates new and complex problems in providing information systems that are both secure and manageable. To add to the complexity of the information security problem, organisations use the Internet to conduct some of their business and use many different applications, each with its own unique access control mechanisms. Central management of information security in a heterogeneous and distributed environments, such as the Internet has become a nightmare. There is a need for an information security model that will allow organisations to make use of the new trends in information processing, but still have confidence that they have adequate security and that the management of their information security systems is fairly easy. In this thesis we propose a model that satisfies the above requirements. We call this model the Intelligent Security Agent Model (ISAM). The ISAM model is based on two technologies: intelligent software agents and distributed objects. The main component of the model is Intelligent Security Agents that act as security brokers for its users in a distributed environment. In chapter 2 of the thesis, we design an Intelligent Security Agent which provides various information security services in open client/server environments. The Intelligent Security Agent Model addresses certain problems/requirements, such as single sign-on, in information security. These problems and possible solutions are described in chapter 4 to chapter 10 of this thesis. An Intelligent Security Agent must be protected from unauthorised modification, theft, etc. Chapter 3 shows how an Intelligent Security Agent is secured by implementing it as a distributed object. We show that the combination of intelligent software agents and distributed objects creates an agent that was not possible before, and solves many information security problems.In short, this thesis documents the results of a study in computer information security. The result of the study is a new information security model in which intelligent software agents and distributed objects are combined to create a security agent which acts on behalf of a user in open environments such as client/server systems and the Internet. The agent provides a set of services to its user and handles all information security related requests on behalf of its user.
- Full Text:
BioVault : a protocol to prevent replay in biometric systems
- Authors: Tait, Bobby Laubscher
- Date: 2014-10-07
- Subjects: Biometric identification , Computer science , Computer security
- Type: Thesis
- Identifier: uj:12529 , http://hdl.handle.net/10210/12321
- Description: D.Com. (Informatics) , Please refer to full text to view abstract
- Full Text:
- Authors: Tait, Bobby Laubscher
- Date: 2014-10-07
- Subjects: Biometric identification , Computer science , Computer security
- Type: Thesis
- Identifier: uj:12529 , http://hdl.handle.net/10210/12321
- Description: D.Com. (Informatics) , Please refer to full text to view abstract
- Full Text:
The Infopriv model for information privacy
- Dreyer, Lucas Cornelius Johannes
- Authors: Dreyer, Lucas Cornelius Johannes
- Date: 2012-08-20
- Subjects: Computer security , Privacy, Right of
- Type: Thesis
- Identifier: uj:2785 , http://hdl.handle.net/10210/6224
- Description: D.Phil. (Computer Science) , The privacy of personal information is crucial in today's information systems. Traditional security models are mainly concerned with the protection of information inside a computer system. These models assume that the users of a computer system are trustworthy and will not disclose information to unauthorised parties. However, this assumption does not always apply to information privacy since people are the major cause of privacy violations. Alternative models are, therefore, needed for the protection of personal information in an environment.
- Full Text:
- Authors: Dreyer, Lucas Cornelius Johannes
- Date: 2012-08-20
- Subjects: Computer security , Privacy, Right of
- Type: Thesis
- Identifier: uj:2785 , http://hdl.handle.net/10210/6224
- Description: D.Phil. (Computer Science) , The privacy of personal information is crucial in today's information systems. Traditional security models are mainly concerned with the protection of information inside a computer system. These models assume that the users of a computer system are trustworthy and will not disclose information to unauthorised parties. However, this assumption does not always apply to information privacy since people are the major cause of privacy violations. Alternative models are, therefore, needed for the protection of personal information in an environment.
- Full Text:
Securing the digital signing process
- Authors: Van den Berg, James Richard
- Date: 2010-03-25T06:47:20Z
- Subjects: Digital signature , Computer security , Public key cryptography
- Type: Thesis
- Identifier: uj:6707 , http://hdl.handle.net/10210/3109
- Description: M.Comm. , Worldwide an increasing amount of legal credibility is being assigned to digital signatures and it is therefore of utmost importance to research and develop additional measures to secure the technology. The main goal of this dissertation is to research and identify areas in which the user’s private key, used for the digital signing of messages, is exposed to the risk of being compromised and then develop a prototype system (SecureSign) to overcome the identified vulnerabilities and secure the digital signing process. In order to achieve the above stated, use will be made of a cryptographic token, which will provide secure storage and a secure operational environment to the user’s private key. The cryptographic token is at the heart of SecureSign and it is where the user’s private key will be created, stored and used. All operations requiring the user’s private key will be performed on the token, which is equipped with its own processor for this purpose.
- Full Text:
- Authors: Van den Berg, James Richard
- Date: 2010-03-25T06:47:20Z
- Subjects: Digital signature , Computer security , Public key cryptography
- Type: Thesis
- Identifier: uj:6707 , http://hdl.handle.net/10210/3109
- Description: M.Comm. , Worldwide an increasing amount of legal credibility is being assigned to digital signatures and it is therefore of utmost importance to research and develop additional measures to secure the technology. The main goal of this dissertation is to research and identify areas in which the user’s private key, used for the digital signing of messages, is exposed to the risk of being compromised and then develop a prototype system (SecureSign) to overcome the identified vulnerabilities and secure the digital signing process. In order to achieve the above stated, use will be made of a cryptographic token, which will provide secure storage and a secure operational environment to the user’s private key. The cryptographic token is at the heart of SecureSign and it is where the user’s private key will be created, stored and used. All operations requiring the user’s private key will be performed on the token, which is equipped with its own processor for this purpose.
- Full Text:
A strategy for managing examination security at tertiary institutions in South Africa
- Authors: van Zyl, Marthinus Petrus
- Date: 2012-09-11
- Subjects: Examinations , Management information systems , Higher education management , Computer security , Data protection
- Type: Mini-Dissertation
- Identifier: uj:9958 , http://hdl.handle.net/10210/7354
- Description: M.B.A. , More and more policy makers in South Africa’s educational environment are focusing on the impact of digital developments on lifelong learning, electronic publishing, computer-mediated communication and the growth of virtual universities. Johnson and Scholes (1999:475) state that increased availability and quality of information can enhance an organisation’s competency both by reducing the cost of processes and by improving their quality. Managers need to be clear about how these improvements in information technology should influence the way in which they manage their business processes and the benefits associated with the costs of these electronic services. President Thabo Mbeki has stated that universities have a key role to play in improving the quality of life of all South African citizens since education is the key to unlocking each person's potential and improving the quality of life in general (Le Roux, 2005). Mbeki also emphasized that South African universities should emerge from the current process of change, ready to compete with the best institutions in the world. Mbeki asserted that change must guarantee that South Africa catches up with the best in the world in terms of the generation and use of knowledge capital to create the winning society that South Africa yearns for. It must guarantee that South Africa produces the intelligentsia who must be at the cutting edge of our process of renaissance.
- Full Text:
- Authors: van Zyl, Marthinus Petrus
- Date: 2012-09-11
- Subjects: Examinations , Management information systems , Higher education management , Computer security , Data protection
- Type: Mini-Dissertation
- Identifier: uj:9958 , http://hdl.handle.net/10210/7354
- Description: M.B.A. , More and more policy makers in South Africa’s educational environment are focusing on the impact of digital developments on lifelong learning, electronic publishing, computer-mediated communication and the growth of virtual universities. Johnson and Scholes (1999:475) state that increased availability and quality of information can enhance an organisation’s competency both by reducing the cost of processes and by improving their quality. Managers need to be clear about how these improvements in information technology should influence the way in which they manage their business processes and the benefits associated with the costs of these electronic services. President Thabo Mbeki has stated that universities have a key role to play in improving the quality of life of all South African citizens since education is the key to unlocking each person's potential and improving the quality of life in general (Le Roux, 2005). Mbeki also emphasized that South African universities should emerge from the current process of change, ready to compete with the best institutions in the world. Mbeki asserted that change must guarantee that South Africa catches up with the best in the world in terms of the generation and use of knowledge capital to create the winning society that South Africa yearns for. It must guarantee that South Africa produces the intelligentsia who must be at the cutting edge of our process of renaissance.
- Full Text:
An information security perspective on XML web services.
- Authors: Chetty, Jacqueline
- Date: 2008-05-29T08:31:34Z
- Subjects: Computer security , World Wide Web security measures
- Type: Thesis
- Identifier: uj:2416 , http://hdl.handle.net/10210/486
- Description: The Internet has come a long way from its humble beginnings of being used as a simple way of transporting data within the US army and other academic organizations. With the exploding growth of the Internet and the World Wide Web or WWW more and more people and companies are not only providing services via the WWW but are also conducting business transactions. In today’s Web-based environment where individuals and organizations are conducting business online, it is imperative that the technologies that are being utilized are secure in every way. It is important that any individual or organization that wants to protect their data in one form or another adhere to the five (5) basic security services. These security services are Identification and Authentication, Authorization, Confidentiality, Integrity and Non-repudiation This study looks at two Web-based technologies, namely XML and XML Web services and provides an evaluation of whether or not the 5 security services form part of the security surrounding these Web-based technologies. Part 1 is divided into three chapters. Chapter 1, is an Introduction and roadmap to the dissertation. This chapter provides an introduction to the dissertation. Chapter 2 provides an Overview of XML. The reader must not view this chapter as a technical chapter. It is simply a chapter that provides the reader with an understanding of XML so that the reader is able to understand the chapter surrounding XML security. Chapter 3 provides an Overview of Web services. Again the reader must not view this chapter as a technical chapter and as in chapter 2 this chapter must be seen as an overview providing the reader with a broad picture of what Web services is. A lot of technical background and know how has not been included in these two chapters. Part 2 is divided into a further three chapters. Chapter 4 is titled Computer Security and provides the reader with a basic understanding surrounding security in general. The 5 security services are introduced in more detail and the important mechanisms and aspects surrounding security are explained. Chapter 5 looks at how XML and Web services are integrated. This is a short chapter with diagrams that illustrate how closely XML and Web services are interwoven. Chapter 6 is the most important chapter of the dissertation. This chapter is titled XML and Web services security. This chapter provides the reader with an understanding of the various XML mechanisms that form part of the Web services environment, thus providing security in the form of the 5 security services. Each XML mechanism is discussed and each security service is discussed in relation to these various mechanisms. This is all within the context of the Web services environment. The chapter concludes with a table that summarizes each security service along with its corresponding XML mechanism. Part 3 includes one chapter. Chapter 7 is titled Mapping XML and Web services against the 5 security services. This chapter makes use of the information from the previous chapter and provides a summary in the form of a table. This table identifies each security service and looks at the mechanisms that provide that service within a Web services environment. Part 4 provides a conclusion to the dissertation. Chapter 8 is titled Conclusion and provides a summary of each preceding chapter. This chapter also provides a conclusion and answers the question of whether or not the 5 information security services are integrated into XML and Web services. , von Solms, S.H., Prof.
- Full Text:
- Authors: Chetty, Jacqueline
- Date: 2008-05-29T08:31:34Z
- Subjects: Computer security , World Wide Web security measures
- Type: Thesis
- Identifier: uj:2416 , http://hdl.handle.net/10210/486
- Description: The Internet has come a long way from its humble beginnings of being used as a simple way of transporting data within the US army and other academic organizations. With the exploding growth of the Internet and the World Wide Web or WWW more and more people and companies are not only providing services via the WWW but are also conducting business transactions. In today’s Web-based environment where individuals and organizations are conducting business online, it is imperative that the technologies that are being utilized are secure in every way. It is important that any individual or organization that wants to protect their data in one form or another adhere to the five (5) basic security services. These security services are Identification and Authentication, Authorization, Confidentiality, Integrity and Non-repudiation This study looks at two Web-based technologies, namely XML and XML Web services and provides an evaluation of whether or not the 5 security services form part of the security surrounding these Web-based technologies. Part 1 is divided into three chapters. Chapter 1, is an Introduction and roadmap to the dissertation. This chapter provides an introduction to the dissertation. Chapter 2 provides an Overview of XML. The reader must not view this chapter as a technical chapter. It is simply a chapter that provides the reader with an understanding of XML so that the reader is able to understand the chapter surrounding XML security. Chapter 3 provides an Overview of Web services. Again the reader must not view this chapter as a technical chapter and as in chapter 2 this chapter must be seen as an overview providing the reader with a broad picture of what Web services is. A lot of technical background and know how has not been included in these two chapters. Part 2 is divided into a further three chapters. Chapter 4 is titled Computer Security and provides the reader with a basic understanding surrounding security in general. The 5 security services are introduced in more detail and the important mechanisms and aspects surrounding security are explained. Chapter 5 looks at how XML and Web services are integrated. This is a short chapter with diagrams that illustrate how closely XML and Web services are interwoven. Chapter 6 is the most important chapter of the dissertation. This chapter is titled XML and Web services security. This chapter provides the reader with an understanding of the various XML mechanisms that form part of the Web services environment, thus providing security in the form of the 5 security services. Each XML mechanism is discussed and each security service is discussed in relation to these various mechanisms. This is all within the context of the Web services environment. The chapter concludes with a table that summarizes each security service along with its corresponding XML mechanism. Part 3 includes one chapter. Chapter 7 is titled Mapping XML and Web services against the 5 security services. This chapter makes use of the information from the previous chapter and provides a summary in the form of a table. This table identifies each security service and looks at the mechanisms that provide that service within a Web services environment. Part 4 provides a conclusion to the dissertation. Chapter 8 is titled Conclusion and provides a summary of each preceding chapter. This chapter also provides a conclusion and answers the question of whether or not the 5 information security services are integrated into XML and Web services. , von Solms, S.H., Prof.
- Full Text:
The application of artificial intelligence within information security.
- Authors: De Ru, Willem Gerhardus
- Date: 2012-08-17
- Subjects: Artificial intelligence , Computer security , Fuzzy logic , Information resources management , Electronic data processing departments - Security measures
- Type: Thesis
- Identifier: uj:2641 , http://hdl.handle.net/10210/6087
- Description: D.Phil. , Computer-based information systems will probably always have to contend with security issues. Much research have already gone into the field of information security. These research results have yielded some very sophisticated and effective security mechanisms and procedures. However, due to the ever increasing sophistication of criminals, combined with the ever changing and evolving information technology environment, some limitations still exist within the field of information security. Recent years have seen the proliferation of products embracing so-called artificial intelligence technologies. These products are in fields as diverse as engineering, business and medicine. The successes achieved in these fields pose the question whether artificial intelligence has a role to play within the field of information security. This thesis discusses limitations within information security and proposes ways in which artificial intelligence can be effectively applied to address these limitations. Specifically, the fields of authentication and risk analysis are identified as research fields where artificial intelligence has much to offer. These fields are explored in the context of their limitations and ways in which artificial intelligence can be applied to address these limitations. This thesis identifies two mainstream approaches in the attainment of artificial intelligence. These mainstream approaches are referred to as the "traditional" approach and the "non-traditional" approach. The traditional approach is based on symbolic processing, as opposed to the non-traditional approach, which is based on an abstraction of human reasoning. A representative technology from each of these mainstream approaches is selected to research their applicability within information security. Actual working prototypes of artificial intelligence techniques were developed to substantiate the results obtained in this research.
- Full Text:
- Authors: De Ru, Willem Gerhardus
- Date: 2012-08-17
- Subjects: Artificial intelligence , Computer security , Fuzzy logic , Information resources management , Electronic data processing departments - Security measures
- Type: Thesis
- Identifier: uj:2641 , http://hdl.handle.net/10210/6087
- Description: D.Phil. , Computer-based information systems will probably always have to contend with security issues. Much research have already gone into the field of information security. These research results have yielded some very sophisticated and effective security mechanisms and procedures. However, due to the ever increasing sophistication of criminals, combined with the ever changing and evolving information technology environment, some limitations still exist within the field of information security. Recent years have seen the proliferation of products embracing so-called artificial intelligence technologies. These products are in fields as diverse as engineering, business and medicine. The successes achieved in these fields pose the question whether artificial intelligence has a role to play within the field of information security. This thesis discusses limitations within information security and proposes ways in which artificial intelligence can be effectively applied to address these limitations. Specifically, the fields of authentication and risk analysis are identified as research fields where artificial intelligence has much to offer. These fields are explored in the context of their limitations and ways in which artificial intelligence can be applied to address these limitations. This thesis identifies two mainstream approaches in the attainment of artificial intelligence. These mainstream approaches are referred to as the "traditional" approach and the "non-traditional" approach. The traditional approach is based on symbolic processing, as opposed to the non-traditional approach, which is based on an abstraction of human reasoning. A representative technology from each of these mainstream approaches is selected to research their applicability within information security. Actual working prototypes of artificial intelligence techniques were developed to substantiate the results obtained in this research.
- Full Text:
Rolprofiele vir die bestuur van inligtingsekerheid
- Authors: Van der Merwe, Isak Pieter
- Date: 2014-09-15
- Subjects: Database security , Computer security
- Type: Thesis
- Identifier: uj:12280 , http://hdl.handle.net/10210/12066
- Description: M.Com. (Informatics) , The aim of this study is to introduce a model that can be used to manage the security profiles by using a role oriented approach. In chapter 1 the addressed problem and the aim of the study, are introduced. In chapter 2 the different approaches used in the management of security profiles and the security profiles in Computer Associates's TOP SECRET and IBM's RACF, are discussed, In chapter 3 the Model for Role Profiles (MoRP) is introduced and discussed. Chapter 4 consists of a consideration of the possible problems of MoRP and an extension of MoRP is discussed.' The extended model is called ExMoRP. Chapter 5 consists of an analysis of the Path Context Model (pCM) for security and the principles of the PCM are added to ExMoRP to enhance security. In chapter 6 ExMoRP, with the principles of the PCM, are applied on a case study: In chapter 7 a methodology for the implementation of ExMoRP in an environment, is introduced. In chapter 8 it is shown how the principles of ExMoRP can be applied in UNIX, In chapter 9 it is shown how the principles of ExMoRP can be applied in Windows NT. In chapter 10 it is shown how the principles of ExMoRP can be applied in ORACLE. Chapter 11 consists of a review of the management of security and the present trends.
- Full Text:
- Authors: Van der Merwe, Isak Pieter
- Date: 2014-09-15
- Subjects: Database security , Computer security
- Type: Thesis
- Identifier: uj:12280 , http://hdl.handle.net/10210/12066
- Description: M.Com. (Informatics) , The aim of this study is to introduce a model that can be used to manage the security profiles by using a role oriented approach. In chapter 1 the addressed problem and the aim of the study, are introduced. In chapter 2 the different approaches used in the management of security profiles and the security profiles in Computer Associates's TOP SECRET and IBM's RACF, are discussed, In chapter 3 the Model for Role Profiles (MoRP) is introduced and discussed. Chapter 4 consists of a consideration of the possible problems of MoRP and an extension of MoRP is discussed.' The extended model is called ExMoRP. Chapter 5 consists of an analysis of the Path Context Model (pCM) for security and the principles of the PCM are added to ExMoRP to enhance security. In chapter 6 ExMoRP, with the principles of the PCM, are applied on a case study: In chapter 7 a methodology for the implementation of ExMoRP in an environment, is introduced. In chapter 8 it is shown how the principles of ExMoRP can be applied in UNIX, In chapter 9 it is shown how the principles of ExMoRP can be applied in Windows NT. In chapter 10 it is shown how the principles of ExMoRP can be applied in ORACLE. Chapter 11 consists of a review of the management of security and the present trends.
- Full Text:
Implementing rootkits to address operating system vulnerabilities
- Corregedor, Manuel, Von Solms, Sebastiaan
- Authors: Corregedor, Manuel , Von Solms, Sebastiaan
- Date: 2011
- Subjects: Computer security , Rootkits , Operating systems - Security measures , Malware (Computer software)
- Type: Article
- Identifier: http://ujcontent.uj.ac.za8080/10210/373539 , uj:6251 , ISBN 978-1-4577-1482-5 , http://hdl.handle.net/10210/8205
- Description: Statistics show that although malware detection techniques are detecting and preventing malware, they do not guarantee a 100% detection and / or prevention of malware. This is especially the case when it comes to rootkits that can manipulate the operating system such that it can distribute other malware, hide existing malware, steal information, hide itself, disable anti-malware software etc all without the knowledge of the user. This paper will demonstrate the steps required in order to create two rootkits. We will demonstrate that by implementing rootkits or any other type of malware a researcher will be able to better understand the techniques and vulnerabilities used by an attacker. Such information could then be useful when implementing anti-malware techniques.
- Full Text:
- Authors: Corregedor, Manuel , Von Solms, Sebastiaan
- Date: 2011
- Subjects: Computer security , Rootkits , Operating systems - Security measures , Malware (Computer software)
- Type: Article
- Identifier: http://ujcontent.uj.ac.za8080/10210/373539 , uj:6251 , ISBN 978-1-4577-1482-5 , http://hdl.handle.net/10210/8205
- Description: Statistics show that although malware detection techniques are detecting and preventing malware, they do not guarantee a 100% detection and / or prevention of malware. This is especially the case when it comes to rootkits that can manipulate the operating system such that it can distribute other malware, hide existing malware, steal information, hide itself, disable anti-malware software etc all without the knowledge of the user. This paper will demonstrate the steps required in order to create two rootkits. We will demonstrate that by implementing rootkits or any other type of malware a researcher will be able to better understand the techniques and vulnerabilities used by an attacker. Such information could then be useful when implementing anti-malware techniques.
- Full Text:
A model for computer security based on a biological immune system
- Authors: Louwrens, Cecil Petrus
- Date: 2012-03-05
- Subjects: Computer security , Biological immune systems
- Type: Thesis
- Identifier: uj:2125 , http://hdl.handle.net/10210/4493
- Description: Ph.D. , This thesis is a theoretical treatise on a proposed new computer security system, based on a biological immune system. Modem day network-centric computing is fast approaching the density and complexity of biological organisms, making biological and computer analogies relevant and meaningful. The success of biological immune systems in protecting life over countless millennia is well known. It is therefore postulated that a highly effective defensive mechanism can be developed, to transparently enforce an acceptable level of security in very extensive and complex computer networks and systems. It can be done by building very basic, but specialized autonomous software agents, functioning in a hierarchical system, that follow basic rules that can be deduced from biological immune systems. The computer security model proposed in this thesis does not require radical new technologies and it is extremely simple. The complexity however, lies in the effective implementation of the model. Three building blocks support the computer immune model: Biology, software agent technology and nanotechnology. The main features of the model are: • Firstly, it allows computer systems to automatically and transparently protect themselves, by using mobile autonomous intelligent software agents in an artificial immune system, based on biological immune systems. • Secondly, it allows computer systems to be pro-active in protecting themselves by being able to discern between which components are part of themselves (trusted system), and which components are foreign and may thus be harmful. Although part of the model relies on specialist human collaboration and international security standards, the main thrust is the heuristic ability of the proposed computer immune system. It allows systems to learn to recognize and cope with previously unknown cyber-antigens, automatically share the information amongst the participating computer systems, and thus 'inoculate' them to render them immune to similar attacks.
- Full Text:
- Authors: Louwrens, Cecil Petrus
- Date: 2012-03-05
- Subjects: Computer security , Biological immune systems
- Type: Thesis
- Identifier: uj:2125 , http://hdl.handle.net/10210/4493
- Description: Ph.D. , This thesis is a theoretical treatise on a proposed new computer security system, based on a biological immune system. Modem day network-centric computing is fast approaching the density and complexity of biological organisms, making biological and computer analogies relevant and meaningful. The success of biological immune systems in protecting life over countless millennia is well known. It is therefore postulated that a highly effective defensive mechanism can be developed, to transparently enforce an acceptable level of security in very extensive and complex computer networks and systems. It can be done by building very basic, but specialized autonomous software agents, functioning in a hierarchical system, that follow basic rules that can be deduced from biological immune systems. The computer security model proposed in this thesis does not require radical new technologies and it is extremely simple. The complexity however, lies in the effective implementation of the model. Three building blocks support the computer immune model: Biology, software agent technology and nanotechnology. The main features of the model are: • Firstly, it allows computer systems to automatically and transparently protect themselves, by using mobile autonomous intelligent software agents in an artificial immune system, based on biological immune systems. • Secondly, it allows computer systems to be pro-active in protecting themselves by being able to discern between which components are part of themselves (trusted system), and which components are foreign and may thus be harmful. Although part of the model relies on specialist human collaboration and international security standards, the main thrust is the heuristic ability of the proposed computer immune system. It allows systems to learn to recognize and cope with previously unknown cyber-antigens, automatically share the information amongst the participating computer systems, and thus 'inoculate' them to render them immune to similar attacks.
- Full Text:
Utilizing rootkits to address the vulnerabilities exploited by malware
- Corregedor, Manuel Rodrigues
- Authors: Corregedor, Manuel Rodrigues
- Date: 2012-08-20
- Subjects: Malware (Computer software) , Rootkits (Computer software) , Computer networks - Security measures , Computer security , Computer crimes - Prevention
- Type: Thesis
- Identifier: uj:2820 , http://hdl.handle.net/10210/6257
- Description: M.Sc. , Anyone who uses a computer for work or recreational purposes has come across one or all of the following problems directly or indirectly (knowingly or not): viruses, worms, trojans, rootkits and botnets. This is especially the case if the computer is connected to the Internet. Looking at the statistics in [1] we can see that although malware detection techniques are detecting and preventing malware, they do not guarantee a 100% detection and or prevention of malware. Furthermore the statistics in [2] show that malware infection rates are increasing around the world at an alarming rate. The statistics also show that there are a high number of new malware samples being discovered every month and that 31% of malware attacks resulted in data loss [3], with 10% of companies reporting the loss of sensitive business data [4][5]. The reason for not being able to achieve a 100% detection and / or prevention of malware is because malware authors make use of sophisticated techniques such as code obfuscation in order to prevent malware from being detected. This has resulted in the emergence of malware known as polymorphic and metamorphic malware. The aforementioned malware poses serious challenges for anti-malware software specifically signature based techniques. However a more serious threat that needs to be addressed is that of rootkits. Rootkits can execute at the same privilege level as the Operating System (OS) itself. At this level the rootkit can manipulate the OS such that it can distribute other malware, hide existing malware, steal information, hide itself, disable anti-malware software etc all without the knowledge of the user. It is clear from the statistics that anti-malware products are not working because infection rates continue to rise and companies and end users continue to fall victims of these attacks. Therefore this dissertation will address the problem that current anti-malware techniques are not working. The main objective of this dissertation is to create a framework called ATE (Anti-malware Technique Evaluator) that can be used to critically evaluate current commercial anti-malware products. The framework will achieve this by identifying the current vulnerabilities that exist in commercial anti-malware products and the operating system. The prior will be achieved by making use of two rootkits, the Evader rootkit and the Sabotager rootkit, which were specifically developed to support the anti-malware product evaluation. Finally an anti-malware architecture we called External Malware Scanner (EMS), will be proposed to address the identified vulnerabilities.
- Full Text:
- Authors: Corregedor, Manuel Rodrigues
- Date: 2012-08-20
- Subjects: Malware (Computer software) , Rootkits (Computer software) , Computer networks - Security measures , Computer security , Computer crimes - Prevention
- Type: Thesis
- Identifier: uj:2820 , http://hdl.handle.net/10210/6257
- Description: M.Sc. , Anyone who uses a computer for work or recreational purposes has come across one or all of the following problems directly or indirectly (knowingly or not): viruses, worms, trojans, rootkits and botnets. This is especially the case if the computer is connected to the Internet. Looking at the statistics in [1] we can see that although malware detection techniques are detecting and preventing malware, they do not guarantee a 100% detection and or prevention of malware. Furthermore the statistics in [2] show that malware infection rates are increasing around the world at an alarming rate. The statistics also show that there are a high number of new malware samples being discovered every month and that 31% of malware attacks resulted in data loss [3], with 10% of companies reporting the loss of sensitive business data [4][5]. The reason for not being able to achieve a 100% detection and / or prevention of malware is because malware authors make use of sophisticated techniques such as code obfuscation in order to prevent malware from being detected. This has resulted in the emergence of malware known as polymorphic and metamorphic malware. The aforementioned malware poses serious challenges for anti-malware software specifically signature based techniques. However a more serious threat that needs to be addressed is that of rootkits. Rootkits can execute at the same privilege level as the Operating System (OS) itself. At this level the rootkit can manipulate the OS such that it can distribute other malware, hide existing malware, steal information, hide itself, disable anti-malware software etc all without the knowledge of the user. It is clear from the statistics that anti-malware products are not working because infection rates continue to rise and companies and end users continue to fall victims of these attacks. Therefore this dissertation will address the problem that current anti-malware techniques are not working. The main objective of this dissertation is to create a framework called ATE (Anti-malware Technique Evaluator) that can be used to critically evaluate current commercial anti-malware products. The framework will achieve this by identifying the current vulnerabilities that exist in commercial anti-malware products and the operating system. The prior will be achieved by making use of two rootkits, the Evader rootkit and the Sabotager rootkit, which were specifically developed to support the anti-malware product evaluation. Finally an anti-malware architecture we called External Malware Scanner (EMS), will be proposed to address the identified vulnerabilities.
- Full Text:
Fitting an information security architecture to an enterprise architecture
- Authors: Naidoo, Chintal Krishna
- Date: 2009-05-19T06:23:55Z
- Subjects: Computer security , Computer architecture
- Type: Thesis
- Identifier: uj:8373 , http://hdl.handle.net/10210/2539
- Description: M.Phil. (Computer Science) , Despite the efforts at international and national level, security continues to pose challenging problems. Firstly, attacks on information systems are increasingly motivated by profit rather than by the desire to create disruption for its own sake. Data are illegally mined, increasingly without the user’s knowledge, while the number of variants (and the rate of evolution) of malicious software (malware) is increasing rapidly. Spam is a good example of this evolution. It is becoming a vehicle for viruses and fraudulent and criminal activities, such as spyware, phishing and other forms of malware. Its widespread distribution increasingly relies on botnets, i.e. compromised servers and PCs used as relays without the knowledge of their owners. The increasing deployment of mobile devices (including 3G mobile phones, portable videogames, etc.) and mobile-based network services will pose new challenges, as IP-based services develop rapidly. These could eventually prove to be a more common route for attacks than personal computers since the latter already deploy a significant level of security. Indeed, all new forms of communication platforms and information systems inevitably provide new windows of opportunity for malicious attacks. In order to successfully tackle the problems described above, a strategic approach to information security is required, rather than the implementation of ad hoc solutions and controls. The strategic approach requires the development of an Information Security Architecture. To be effective, an Information Security Architecture that is developed must be aligned with the organisation’s Enterprise Architecture and must be able to incorporate security into each domain of the Enterprise Architecture. This mini dissertation evaluates two current Information Security Architecture models and frameworks to find an Information Security Architecture that aligns with Eskom’s Enterprise Architecture.
- Full Text:
- Authors: Naidoo, Chintal Krishna
- Date: 2009-05-19T06:23:55Z
- Subjects: Computer security , Computer architecture
- Type: Thesis
- Identifier: uj:8373 , http://hdl.handle.net/10210/2539
- Description: M.Phil. (Computer Science) , Despite the efforts at international and national level, security continues to pose challenging problems. Firstly, attacks on information systems are increasingly motivated by profit rather than by the desire to create disruption for its own sake. Data are illegally mined, increasingly without the user’s knowledge, while the number of variants (and the rate of evolution) of malicious software (malware) is increasing rapidly. Spam is a good example of this evolution. It is becoming a vehicle for viruses and fraudulent and criminal activities, such as spyware, phishing and other forms of malware. Its widespread distribution increasingly relies on botnets, i.e. compromised servers and PCs used as relays without the knowledge of their owners. The increasing deployment of mobile devices (including 3G mobile phones, portable videogames, etc.) and mobile-based network services will pose new challenges, as IP-based services develop rapidly. These could eventually prove to be a more common route for attacks than personal computers since the latter already deploy a significant level of security. Indeed, all new forms of communication platforms and information systems inevitably provide new windows of opportunity for malicious attacks. In order to successfully tackle the problems described above, a strategic approach to information security is required, rather than the implementation of ad hoc solutions and controls. The strategic approach requires the development of an Information Security Architecture. To be effective, an Information Security Architecture that is developed must be aligned with the organisation’s Enterprise Architecture and must be able to incorporate security into each domain of the Enterprise Architecture. This mini dissertation evaluates two current Information Security Architecture models and frameworks to find an Information Security Architecture that aligns with Eskom’s Enterprise Architecture.
- Full Text:
'n Gerekenariseerde bestuurshulpmiddel vir 'n hoofraamtoegangsbeheerstelsel
- Authors: Pottas, Dalenca
- Date: 2014-02-18
- Subjects: Computer security , Computers - Access control
- Type: Thesis
- Identifier: uj:4095 , http://hdl.handle.net/10210/9442
- Description: M.Sc. (Computer Science) , Please refer to full text to view abstract
- Full Text:
- Authors: Pottas, Dalenca
- Date: 2014-02-18
- Subjects: Computer security , Computers - Access control
- Type: Thesis
- Identifier: uj:4095 , http://hdl.handle.net/10210/9442
- Description: M.Sc. (Computer Science) , Please refer to full text to view abstract
- Full Text:
Application of the access path model with specific reference to the SAP R/3 environment
- Authors: Pretorius, Maria Rebecca
- Date: 2014-10-07
- Subjects: Computer security , Data protection , Computers - Access control
- Type: Thesis
- Identifier: uj:12534 , http://hdl.handle.net/10210/12328
- Description: M.Com. (Computer Auditing) , The management and control of modern day computer systems are becoming more and more trying due to the complexity of systems. This renders the traditional approach to evaluating controls in complex computer systems, inadequate and heightens the need for an alternative audit approach. The complex SAP R/3 environment will be evaluated in terms of security and validity of users and processes. This will be achieved through the use of an alternative audit approach namely, the application of the Access Path and Path Context Models (Boshoff 1985, 1990). The research methodology used during this research may indicate universal application implications for similar complex environments, although this has not yet been proved. The research showed that there are many control features available in the different software c.omponents of the SAP R/3 environment, that can be applied to control access and validity of users and processes. The duplication of control features provided by the software components, requires a global approach to security inthe defined environment. Only when evaluating the environment as a whole, will it be able to make the most effective security decisions. The use of the control matrices developed during this research will ease the global evaluation of the SAP R/3 environment. Although further research is required, the above has proven the usefulness of both the research methodology and the resultant model and matrices.
- Full Text:
- Authors: Pretorius, Maria Rebecca
- Date: 2014-10-07
- Subjects: Computer security , Data protection , Computers - Access control
- Type: Thesis
- Identifier: uj:12534 , http://hdl.handle.net/10210/12328
- Description: M.Com. (Computer Auditing) , The management and control of modern day computer systems are becoming more and more trying due to the complexity of systems. This renders the traditional approach to evaluating controls in complex computer systems, inadequate and heightens the need for an alternative audit approach. The complex SAP R/3 environment will be evaluated in terms of security and validity of users and processes. This will be achieved through the use of an alternative audit approach namely, the application of the Access Path and Path Context Models (Boshoff 1985, 1990). The research methodology used during this research may indicate universal application implications for similar complex environments, although this has not yet been proved. The research showed that there are many control features available in the different software c.omponents of the SAP R/3 environment, that can be applied to control access and validity of users and processes. The duplication of control features provided by the software components, requires a global approach to security inthe defined environment. Only when evaluating the environment as a whole, will it be able to make the most effective security decisions. The use of the control matrices developed during this research will ease the global evaluation of the SAP R/3 environment. Although further research is required, the above has proven the usefulness of both the research methodology and the resultant model and matrices.
- Full Text: