A model for security incident response in the South African National Research and Education network
- Authors: Mooi, Roderick David
- Date: 2014
- Subjects: Information networks -- South Africa , Internet -- Security measures , Computer networks -- Security measures -- South Africa , National Research and Education Network (Computer network)
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9813 , http://hdl.handle.net/10948/d1017598
- Description: This dissertation addresses the problem of a lack of a formal incident response capability in the South African National Research and Education Network (SA NREN). While investigating alternatives it was found that no clear method exists to solve this problem. Therefore, a second problem is identified: the lack of a definitive method for establishing a Computer Security Incident Response Team (CSIRT) or Computer Emergency Response Team (CERT) in general. Solving the second problem is important as we then have a means of knowing how to start when building a CSIRT. This will set the basis for addressing the initial problem, resulting in a prepared, improved and coordinated response to IT security incidents affecting the SANREN. To commence, the requirements for establishing a CSIRT are identified via a comprehensive literature review. These requirements are categorized into five areas, namely, the basic business requirements followed by the four Ps of the IT Infrastructure Library (ITIL). That is, People, Processes, Product and Partners, adapted to suit the CSIRT context. Through the use of argumentation, the relationships between the areas are uncovered and explored. Thereafter, a Design Science Research-based process is utilised to develop a generic model for establishing a CSIRT. The model is based on the interactions uncovered between the business requirements and the adapted four Ps. These are summarised through two views -- strategic and tactical -- together forming an holistic model for establishing a CSIRT. The model highlights the decisions required for the business requirements, services, team model and staff, policies and processes, tools and technologies, and partners of a CSIRT respectively. Finally, to address the primary objective, the generic model is applied to the SANREN environment. Thus, the second artefact is an instantiation, a specific model, which can be implemented to create a CSIRT for the SA NREN. To produce the specific model, insight into the nature of the SANREN environment was required. The status quo was revealed through the use of a survey and argumentative analysis of the results. The specific decisions in each area required to establish an SA NREN CSIRT are explored throughout the development of the model. The result is a comprehensive framework for implementing a CSIRT in the SA NREN, detailing the decisions required in each of the areas. This model additionally acts as a demonstration of the utility of the generic model. The implications of this research are twofold. Firstly, the generic model is useful as a basis for anyone wanting to establish a CSIRT. It helps to ensure that all factors are considered and that no important decisions are neglected, thereby enabling an holistic view. Secondly, the specific model for the SA NREN CSIRT serves as a foundation for implementing the CSIRT going forward. It accelerates the process by addressing the important considerations and highlighting the concerns that must be addressed while establishing the CSIRT.
- Full Text:
- Date Issued: 2014
Introducing hippocratic log files for personal privacy control
- Authors: Rutherford, Andrew
- Date: 2005
- Subjects: Computer security , Internet -- Security measures
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9743 , http://hdl.handle.net/10948/171 , Computer security , Internet -- Security measures
- Description: The rapid growth of the Internet has served to intensify existing privacy concerns of the individual, to the point that privacy is the number one concern amongst Internet users today. Tools exist that can provide users with a choice of anonymity or pseudonymity. However, many Web transactions require the release of personally identifying information, thus rendering such tools infeasible in many instances. Since it is then a given that users are often required to release personal information, which could be recorded, it follows that they require a greater degree of control over the information they release. Hippocratic databases, designed by Agrawal, Kiernan, Srikant, and Xu (2002), aim to give users greater control over information stored in a data- base. Their design was inspired by the medical Hippocratic oath, and makes data privacy protection a fundamental responsibility of the database itself. To achieve the privacy of data, Hippocratic databases are governed by 10 key privacy principles. This dissertation argues, that asides from a few challenges, the 10 prin- ciples of Hippocratic databases can be applied to log ¯les. This argument is supported by presenting a high-level functional view of a Hippocratic log file architecture. This architecture focuses on issues that highlight the con- trol users gain over their personal information that is collected in log files. By presenting a layered view of the aforementioned architecture, it was, fur- thermore, possible to provide greater insight into the major processes that would be at work in a Hippocratic log file implementation. An exploratory prototype served to understand and demonstrate certain of the architectural components of Hippocratic log files. This dissertation, thus, makes a contribution to the ideal of providing users with greater control over their personal information, by proposing the use of Hippocratic logfiles.
- Full Text:
- Date Issued: 2005