Conceptualising antecedents of systems innovation on information security risks
- Authors: Botsime, Mogotsi Steven
- Date: 2019
- Subjects: Computer security - Management , Computer networks - Security measures , Information technology - Security measures
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/402702 , uj:33711
- Description: Abstract : This research represents a comprehensive conceptualisation of antecedents of systems innovation and how they affect systems innovation in an organisational context. It further examines the relationship between information security risks and systems innovation. Antecedents of systems innovation are identified based on the existing theories such as Diffusion of Innovation (DoI) and Organisational Innovation. This research makes use of new systems and technologies which include Big Data/Cloud Computing, Blockchain, Internet of Things (IoT), Virtual/Augmented reality and Artificial Intelligence (AI) to examine organisations strides towards systems innovation. This research is underpinned by the increase in systems innovation and the growing concerns of information security risks faced by organisations. A quantitative method of analysis was used to analyse data using statistical methods with a view to identify relationships between variables. Data collected shows that systems and technology must have increased benefits in order to be adopted and the complexity of systems does not affect the adoption of such systems and technologies. Individual characteristics were found to have no effect in systems innovation whereas organisational and environmental elements highly influence innovation in the organisation. A relationship could not be established between systems innovation and information security risks. This research highlights the importance of ensuring that new systems and technologies adds value to the organisation and equally important is to ensure management of organisational and environmental elements that affect systems innovation. Information security risks should also not be a deterrence for systems innovation. , M.Com. (Business Management)
- Full Text:
- Authors: Botsime, Mogotsi Steven
- Date: 2019
- Subjects: Computer security - Management , Computer networks - Security measures , Information technology - Security measures
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/402702 , uj:33711
- Description: Abstract : This research represents a comprehensive conceptualisation of antecedents of systems innovation and how they affect systems innovation in an organisational context. It further examines the relationship between information security risks and systems innovation. Antecedents of systems innovation are identified based on the existing theories such as Diffusion of Innovation (DoI) and Organisational Innovation. This research makes use of new systems and technologies which include Big Data/Cloud Computing, Blockchain, Internet of Things (IoT), Virtual/Augmented reality and Artificial Intelligence (AI) to examine organisations strides towards systems innovation. This research is underpinned by the increase in systems innovation and the growing concerns of information security risks faced by organisations. A quantitative method of analysis was used to analyse data using statistical methods with a view to identify relationships between variables. Data collected shows that systems and technology must have increased benefits in order to be adopted and the complexity of systems does not affect the adoption of such systems and technologies. Individual characteristics were found to have no effect in systems innovation whereas organisational and environmental elements highly influence innovation in the organisation. A relationship could not be established between systems innovation and information security risks. This research highlights the importance of ensuring that new systems and technologies adds value to the organisation and equally important is to ensure management of organisational and environmental elements that affect systems innovation. Information security risks should also not be a deterrence for systems innovation. , M.Com. (Business Management)
- Full Text:
Compliance at velocity within a DevOps environment
- Authors: Abrahams, Muhammad Zaid
- Date: 2017
- Subjects: Information technology - Security measures , Computer software - Development , Data protection , Computer security
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/279418 , uj:30006
- Description: M.Sc. (Informatics) , Abstract: Please refer to full text to view abstract.
- Full Text:
- Authors: Abrahams, Muhammad Zaid
- Date: 2017
- Subjects: Information technology - Security measures , Computer software - Development , Data protection , Computer security
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/279418 , uj:30006
- Description: M.Sc. (Informatics) , Abstract: Please refer to full text to view abstract.
- Full Text:
Improving the management of inappropriate utilisation of information technology by university students
- Authors: Ramoshaba, Sefoko
- Date: 2017
- Subjects: Information technology - Management , Information technology - Security measures , Information technology - Moral and ethical aspects , College students
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/262429 , uj:27702
- Description: D.Litt. et Phil. , Abstract: The information technology (IT) revolution has brought about many global changes, revolutionalising the world in the way people live, learn, work and interact with one another. It has improved the conditions of living in a dramatic manner, from office paper work to computerised office space and automated manufacturing plants. The IT revolution has also brought with it ethical challenges, where human beings are tempted into using IT to commit crime and unethical behaviour. This has led to the challenges of IT ethics, and how to manage the challenges. Ethical problems related to the inappropriate utilisation of IT have been transplanted from society to the university environment. Universities are experiencing the same and/or more drastic kinds of unethical behaviour. These behaviours have been committed through the inappropriate utilisation of IT by students. The increment is because of the ever-increasing sophistication of new IT devices. This research project sought answers for the better management of inappropriate utilisation of IT by students. The current literature was assessed in order to find out how students use IT to commit unethical behaviour, and the types of IT devices students utilise to do this. Students inter alia use wristwatches, cellphones, laptops, computers, cigarette lighters, ultra-violet lights, USBs, translation software, calculators, pagers, websites, printers, scanners, portable wireless devices, photoshop, electronic pens, video cameras, portable radios, faxes and emails. Students use these devices to commit the following unethical activities, among others: online plagiarism, computer fraud, cyberbullying, cyberstalking, e-cheating, hacking, cybervandalism, distributions of viruses, flaming, cyberharrassment, pornography, sexting, hiring people online to write up academic projects on their behalf, sharing of individual academic projects against the instruction of their lecturers, online fights, theft of IT devices, damage to IT networks, piracy, and copyright infringements...
- Full Text:
- Authors: Ramoshaba, Sefoko
- Date: 2017
- Subjects: Information technology - Management , Information technology - Security measures , Information technology - Moral and ethical aspects , College students
- Language: English
- Type: Doctoral (Thesis)
- Identifier: http://hdl.handle.net/10210/262429 , uj:27702
- Description: D.Litt. et Phil. , Abstract: The information technology (IT) revolution has brought about many global changes, revolutionalising the world in the way people live, learn, work and interact with one another. It has improved the conditions of living in a dramatic manner, from office paper work to computerised office space and automated manufacturing plants. The IT revolution has also brought with it ethical challenges, where human beings are tempted into using IT to commit crime and unethical behaviour. This has led to the challenges of IT ethics, and how to manage the challenges. Ethical problems related to the inappropriate utilisation of IT have been transplanted from society to the university environment. Universities are experiencing the same and/or more drastic kinds of unethical behaviour. These behaviours have been committed through the inappropriate utilisation of IT by students. The increment is because of the ever-increasing sophistication of new IT devices. This research project sought answers for the better management of inappropriate utilisation of IT by students. The current literature was assessed in order to find out how students use IT to commit unethical behaviour, and the types of IT devices students utilise to do this. Students inter alia use wristwatches, cellphones, laptops, computers, cigarette lighters, ultra-violet lights, USBs, translation software, calculators, pagers, websites, printers, scanners, portable wireless devices, photoshop, electronic pens, video cameras, portable radios, faxes and emails. Students use these devices to commit the following unethical activities, among others: online plagiarism, computer fraud, cyberbullying, cyberstalking, e-cheating, hacking, cybervandalism, distributions of viruses, flaming, cyberharrassment, pornography, sexting, hiring people online to write up academic projects on their behalf, sharing of individual academic projects against the instruction of their lecturers, online fights, theft of IT devices, damage to IT networks, piracy, and copyright infringements...
- Full Text:
An evaluation of information technology security threats : a case study of the University of Johannesburg
- Authors: Rama, Pranisha
- Date: 2016
- Subjects: Information technology - Security measures , Auditing - Data processing , Cyberterrorism
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/237303 , uj:24314
- Description: M.Com. (Computer Auditing) , Abstract: This research investigated the different information technology (IT) security threats that the university faces and the concept of IT security awareness. The research has become increasingly relevant because IT plays an important role to prevent the interruption of a university network in the event of a cyber-attack. Thus, universities must consider the importance of creating IT security awareness. However, IT risks such as phishing, hacking, viruses and stolen passwords often expose universities to cyber-attacks. As a consequence of these ongoing IT security risks, universities must fully understand the importance of IT security and the impact it could have on the institution. To achieve the research objective, the research followed an empirical study and a quantitative method that consisted of a questionnaire distributed to BCom Accounting second year students at the University of Johannesburg. Using a literature review on IT security threats and IT security awareness programmes at universities had also produced a significant findings on IT security threats. Thus, the study found that that the majority of students are not aware of IT security threats affecting a university. Although the majority of the students perceive IT security threats as a negative implication, it was found that universities are not placing enough focus on IT security awareness. It was evident that there is a need for improvement in the way universities address IT security threats. Arising from the analysis, the study recommends that an effective and adequate IT security awareness should be in place to address IT security threats
- Full Text:
- Authors: Rama, Pranisha
- Date: 2016
- Subjects: Information technology - Security measures , Auditing - Data processing , Cyberterrorism
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/237303 , uj:24314
- Description: M.Com. (Computer Auditing) , Abstract: This research investigated the different information technology (IT) security threats that the university faces and the concept of IT security awareness. The research has become increasingly relevant because IT plays an important role to prevent the interruption of a university network in the event of a cyber-attack. Thus, universities must consider the importance of creating IT security awareness. However, IT risks such as phishing, hacking, viruses and stolen passwords often expose universities to cyber-attacks. As a consequence of these ongoing IT security risks, universities must fully understand the importance of IT security and the impact it could have on the institution. To achieve the research objective, the research followed an empirical study and a quantitative method that consisted of a questionnaire distributed to BCom Accounting second year students at the University of Johannesburg. Using a literature review on IT security threats and IT security awareness programmes at universities had also produced a significant findings on IT security threats. Thus, the study found that that the majority of students are not aware of IT security threats affecting a university. Although the majority of the students perceive IT security threats as a negative implication, it was found that universities are not placing enough focus on IT security awareness. It was evident that there is a need for improvement in the way universities address IT security threats. Arising from the analysis, the study recommends that an effective and adequate IT security awareness should be in place to address IT security threats
- Full Text:
IT risk management disclosure in the integrated reports of the Top 40 listed companies on the JSE Limited
- Authors: Hohls-du Preez, Covanni
- Date: 2016
- Subjects: Information technology - Risk management , Information technology - Security measures , Financial risk management , Auditing - Data processing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/245826 , uj:25469
- Description: M.Com. (Computer Auditing) , Abstract: Information Technology (IT) has become an integral part of virtually all modern day organisations. The advent of IT has given rise to numerous benefits which increase productivity and efficiency in the workplace, however, IT also brings with it significant risks that can have an impact on an organisation’s ability to function as a going concern. Organisations, especially those listed on the Johannesburg Stock Exchange (JSE), are required to submit an Integrated Report (IR) on an annual basis in which they indicate how they used the resources at their disposal to create value for the organisation and its stakeholders during the year under review. The IR is also a forward-looking document, as opposed to the traditional, backward-looking reports. The purpose of this study is to analyse the Integrated Reports of the Top 40 listed organisations on the JSE and determine the extent to which IT risks are disclosed in their IR and whether the way these risks are managed is also included in the IR as required by the IR Framework. This is done by means of an empirical study consisting of a content analysis of the IRs of the Top 40 listed companies on the JSE. The results of the analysis indicate that more than half of the companies in the sample included IT risk as part of their material risks and outlined appropriate and detailed processes that are followed by the company to manage those IT risks.
- Full Text:
- Authors: Hohls-du Preez, Covanni
- Date: 2016
- Subjects: Information technology - Risk management , Information technology - Security measures , Financial risk management , Auditing - Data processing
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/245826 , uj:25469
- Description: M.Com. (Computer Auditing) , Abstract: Information Technology (IT) has become an integral part of virtually all modern day organisations. The advent of IT has given rise to numerous benefits which increase productivity and efficiency in the workplace, however, IT also brings with it significant risks that can have an impact on an organisation’s ability to function as a going concern. Organisations, especially those listed on the Johannesburg Stock Exchange (JSE), are required to submit an Integrated Report (IR) on an annual basis in which they indicate how they used the resources at their disposal to create value for the organisation and its stakeholders during the year under review. The IR is also a forward-looking document, as opposed to the traditional, backward-looking reports. The purpose of this study is to analyse the Integrated Reports of the Top 40 listed organisations on the JSE and determine the extent to which IT risks are disclosed in their IR and whether the way these risks are managed is also included in the IR as required by the IR Framework. This is done by means of an empirical study consisting of a content analysis of the IRs of the Top 40 listed companies on the JSE. The results of the analysis indicate that more than half of the companies in the sample included IT risk as part of their material risks and outlined appropriate and detailed processes that are followed by the company to manage those IT risks.
- Full Text:
The effectiveness of encryption methods in mitigating information technology security risks
- Authors: Mokoena, Troy
- Date: 2016
- Subjects: Auditing - Computer security , Information technology - Security measures , Cryptography
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/225589 , uj:22789
- Description: Abstract: Data protection is a critical area that is currently receiving much attention worldwide. Easy access to the internet and an increase in information transfer over communication networks contributes greatly to the need for data to be protected. Reports of data breaches from corporations and government institutions across the world have increased. Data breaches are mostly executed through the internet and other networks. Data loss and breaches can have significant consequences for concerned parties, such as reputational damage and litigation, when personal information is exposed to unauthorised persons. Mitigating controls, such as encryption methods, are generally implemented to protect data at rest and during transmission. Such controls, however, are useful only when they are effective in mitigating related risk exposure. This study focuses on investigating whether the current encryption methods being used are perceived by IT security managers from the Big Four audit firms and Dimension Data, as effective in mitigating IT security risks. Although it has been reported in the literature that specific symmetric and asymmetric encryption methods are effective, this study revealed the following: Symmetric encryption is perceived in practice as a highly breakable method at 15%, least breakable at 75%, and rated as not yet used at 10%. Asymmetric encryption is perceived slightly higher, as a highly breakable method at 25%, least breakable at 62%, and not yet used at 13%. , M.Com. (Computer Auditing)
- Full Text:
- Authors: Mokoena, Troy
- Date: 2016
- Subjects: Auditing - Computer security , Information technology - Security measures , Cryptography
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/225589 , uj:22789
- Description: Abstract: Data protection is a critical area that is currently receiving much attention worldwide. Easy access to the internet and an increase in information transfer over communication networks contributes greatly to the need for data to be protected. Reports of data breaches from corporations and government institutions across the world have increased. Data breaches are mostly executed through the internet and other networks. Data loss and breaches can have significant consequences for concerned parties, such as reputational damage and litigation, when personal information is exposed to unauthorised persons. Mitigating controls, such as encryption methods, are generally implemented to protect data at rest and during transmission. Such controls, however, are useful only when they are effective in mitigating related risk exposure. This study focuses on investigating whether the current encryption methods being used are perceived by IT security managers from the Big Four audit firms and Dimension Data, as effective in mitigating IT security risks. Although it has been reported in the literature that specific symmetric and asymmetric encryption methods are effective, this study revealed the following: Symmetric encryption is perceived in practice as a highly breakable method at 15%, least breakable at 75%, and rated as not yet used at 10%. Asymmetric encryption is perceived slightly higher, as a highly breakable method at 25%, least breakable at 62%, and not yet used at 13%. , M.Com. (Computer Auditing)
- Full Text:
A system to support community-oriented critical information infrastructure protection
- Authors: Mouton, Jean
- Date: 2015
- Subjects: Information technology - Security measures
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/16462 , uj:15777
- Description: Abstract: Please refer to full text to view abstract Please refer to full text to view abstract , MSc. (Information Technology)
- Full Text:
- Authors: Mouton, Jean
- Date: 2015
- Subjects: Information technology - Security measures
- Language: English
- Type: Masters (Thesis)
- Identifier: http://hdl.handle.net/10210/16462 , uj:15777
- Description: Abstract: Please refer to full text to view abstract Please refer to full text to view abstract , MSc. (Information Technology)
- Full Text:
The computer incident response framework (CIRF)
- Authors: Pieterse, Theron Anton
- Date: 2014-10-10
- Subjects: Information technology - Security measures , Computer networks - Security measures , Risk management , Computer security
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/369666 , uj:12577 , http://hdl.handle.net/10210/12368
- Description: M.Com. (Informatics) , A company’s valuable information assets face many risks from internal and external sources. When these risks are exploited and reports on information assets are made public, it is usually easy to determine which companies had a contingency plan to deal with the various aspects of these “computer incidents”. This study incorporates important factors of computer incidents into a framework which will assists the company in effectively dealing and managing computer incidents when they occur.
- Full Text:
- Authors: Pieterse, Theron Anton
- Date: 2014-10-10
- Subjects: Information technology - Security measures , Computer networks - Security measures , Risk management , Computer security
- Type: Thesis
- Identifier: http://ujcontent.uj.ac.za8080/10210/369666 , uj:12577 , http://hdl.handle.net/10210/12368
- Description: M.Com. (Informatics) , A company’s valuable information assets face many risks from internal and external sources. When these risks are exploited and reports on information assets are made public, it is usually easy to determine which companies had a contingency plan to deal with the various aspects of these “computer incidents”. This study incorporates important factors of computer incidents into a framework which will assists the company in effectively dealing and managing computer incidents when they occur.
- Full Text:
Information security in health-care systems: a new approach to IT risk management
- Authors: Smith, Elmé
- Date: 2012-08-16
- Subjects: Information technology - Security measures , Information resources management , Computer security , Health facilities management
- Type: Thesis
- Identifier: uj:9451 , http://hdl.handle.net/10210/5884
- Description: Ph.D. , The present study originated from a realisation about the unique nature of the medical domain and about the limitations of existing risk-management methodologies with respect to incorporating the special demands and salient features of the said domain. A further incentive for the study was the long-felt need for proper Information Technology (IT) risk management for medical domains, especially in the light of the fact that IT is playing an ever-greater part in the rendering of health-care services. This part, however, introduces new information-security challenges every day, especially as far as securing sensitive medical information and ensuring patients' privacy are concerned. The study is, therefore, principally aimed at making a contribution to improving IT risk management in the medical domain and, for this reason, culminates in an IT risk-management model specifically developed for and propounded in the medical domain. While developing this model, special care was taken not only to take into consideration the special demands of the said domain when assessing IT risks but also that it would be suited to the concepts, terminology and standards used in and applied to this domain every day. The most important objectives of the study can be summarised as follows: A thorough investigation into modern trends in information security in the medical domain will soon uncover the key role IT is playing in this domain. Regrettably, however, this very trend also triggers a steep increase in IT riskincidence figures, which, in this domain, could often constitute the difference between life and death. The clamant need for effective risk-management methods to enhance the information security of medical institutions is, therefore, self-evident. After having explored the dynamic nature of the medical domain, the requirements were identified for a risk-management model aimed at effectively vi managing the IT risks to be incurred in a typical medical institution. Next, a critical evaluation of current risk-assessment techniques revealed that a fresh approach to IT risk management in medical domains is urgently necessary. An IT risk-management model, entitled "RiMaHCoF" (that is, "Risk Management in Health Care — using Cognitive Fuzzy techniques"), was developed and propounded specifically for the medical domain hereafter. The proposed model enhances IT risk management in the said domain in the sense that it proceeds on the assumption that the patient and his/her medical information constitute the primary assets of the medical institution.
- Full Text:
- Authors: Smith, Elmé
- Date: 2012-08-16
- Subjects: Information technology - Security measures , Information resources management , Computer security , Health facilities management
- Type: Thesis
- Identifier: uj:9451 , http://hdl.handle.net/10210/5884
- Description: Ph.D. , The present study originated from a realisation about the unique nature of the medical domain and about the limitations of existing risk-management methodologies with respect to incorporating the special demands and salient features of the said domain. A further incentive for the study was the long-felt need for proper Information Technology (IT) risk management for medical domains, especially in the light of the fact that IT is playing an ever-greater part in the rendering of health-care services. This part, however, introduces new information-security challenges every day, especially as far as securing sensitive medical information and ensuring patients' privacy are concerned. The study is, therefore, principally aimed at making a contribution to improving IT risk management in the medical domain and, for this reason, culminates in an IT risk-management model specifically developed for and propounded in the medical domain. While developing this model, special care was taken not only to take into consideration the special demands of the said domain when assessing IT risks but also that it would be suited to the concepts, terminology and standards used in and applied to this domain every day. The most important objectives of the study can be summarised as follows: A thorough investigation into modern trends in information security in the medical domain will soon uncover the key role IT is playing in this domain. Regrettably, however, this very trend also triggers a steep increase in IT riskincidence figures, which, in this domain, could often constitute the difference between life and death. The clamant need for effective risk-management methods to enhance the information security of medical institutions is, therefore, self-evident. After having explored the dynamic nature of the medical domain, the requirements were identified for a risk-management model aimed at effectively vi managing the IT risks to be incurred in a typical medical institution. Next, a critical evaluation of current risk-assessment techniques revealed that a fresh approach to IT risk management in medical domains is urgently necessary. An IT risk-management model, entitled "RiMaHCoF" (that is, "Risk Management in Health Care — using Cognitive Fuzzy techniques"), was developed and propounded specifically for the medical domain hereafter. The proposed model enhances IT risk management in the said domain in the sense that it proceeds on the assumption that the patient and his/her medical information constitute the primary assets of the medical institution.
- Full Text:
- «
- ‹
- 1
- ›
- »