Topic map for representing network security competencies
- Authors: Yekela, Odwa
- Date: 2018
- Subjects: Computer networks , Computer networks -- Security measures Computers -- Access control
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/36368 , vital:33931
- Description: Competencies represent the knowledge, skills and attitudes required for job roles. Organisations need to understand and grow competencies within their workforce in order to be more competitive and to maximise new market opportunities. Competency Management is the process of introducing, managing and enforcing competencies in organisations. Through this process, occupational competencies can be assessed to see if candidates match the required job role expectations. The assessment of competencies can be conceptualised from two perspectives. The rst is `competency frameworks', which describe competencies from a high-level overview. As such, they are regarded as theWhat" element of competency. The second perspective is `competencybased learning', which focuses on addressing competencies from a more detailed, task-oriented perspective. Competency-based learning is regarded as the How" element of competency. Currently, there is no available tool that can map the What" with the How" element of competency. Such a mapping would provide a more holistic approach to representing competencies. This dissertation adopts the topic map standard in order to demonstrate a holistic approach to mapping competencies, specially in network security. This is accomplished through the design and evaluation of a Design Science artefact. In this research process a topic map data model was constructed from mapping the `What' and `How' elements together. To demonstrate the applicability of the model, it was implemented in a Computer Security Incident Response Team (CSIRT) recruitment scenario. The aim of this demonstration was to prove that the topic map could be implemented in an organisational context.
- Full Text:
- Date Issued: 2018
- Authors: Yekela, Odwa
- Date: 2018
- Subjects: Computer networks , Computer networks -- Security measures Computers -- Access control
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/36368 , vital:33931
- Description: Competencies represent the knowledge, skills and attitudes required for job roles. Organisations need to understand and grow competencies within their workforce in order to be more competitive and to maximise new market opportunities. Competency Management is the process of introducing, managing and enforcing competencies in organisations. Through this process, occupational competencies can be assessed to see if candidates match the required job role expectations. The assessment of competencies can be conceptualised from two perspectives. The rst is `competency frameworks', which describe competencies from a high-level overview. As such, they are regarded as theWhat" element of competency. The second perspective is `competencybased learning', which focuses on addressing competencies from a more detailed, task-oriented perspective. Competency-based learning is regarded as the How" element of competency. Currently, there is no available tool that can map the What" with the How" element of competency. Such a mapping would provide a more holistic approach to representing competencies. This dissertation adopts the topic map standard in order to demonstrate a holistic approach to mapping competencies, specially in network security. This is accomplished through the design and evaluation of a Design Science artefact. In this research process a topic map data model was constructed from mapping the `What' and `How' elements together. To demonstrate the applicability of the model, it was implemented in a Computer Security Incident Response Team (CSIRT) recruitment scenario. The aim of this demonstration was to prove that the topic map could be implemented in an organisational context.
- Full Text:
- Date Issued: 2018
Users’ perceptions regarding password policies
- Authors: Fredericks, Damian Todd
- Date: 2018
- Subjects: Computers -- Access control , Computer networks -- Security measures Computer security
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/30205 , vital:30896
- Description: Information is considered a valuable asset to most organisations and is often exposed to various threats which exploit its confidentiality, integrity and availability (CIA). Identification and Authentication are commonly used to help ensure the CIA of information. This research study specifically focused on password-based authentication. Passwords are used to log into personal computers, company computers, email accounts, bank accounts and various software systems and mobile applications. Passwords act like a protective barrier between a user and their personal and company information, and remain the most cost-effective and most efficient method to control access to computer systems. An extensive content analysis was conducted regarding the security of passwords, as well as users’ password management coping strategies. It was determined that very little research has been conducted in relation to users’ perceptions towards password policies. The problem identified by this research is that organisations often implement password policy guidelines without taking into consideration users’ perceptions regarding such guidelines. This could result in users adopting various password management coping strategies. This research therefore aimed to determine users’ perceptions with regard to current password-related standards and best practices (password policy guidelines). Standards and best practices such as ISO/IEC 27002 (2013), NIST SP 800-118 (2009), NIST SP 800-63-2 (2013), NIST SP 800-63B (2016) and the SANS Password Protection Policy (2014b) were studied in order to determine the common elements of password policies. This research argued that before organisations implement password policy guidelines, they need to determine users’ perceptions towards such guidelines. It was identified that certain human factors such as human memory, attitude and apathy often cause users to adopt insecure coping strategies such as Reusing Passwords, Writing Down Passwords and Not Changing Passwords. This research included a survey which took the form of a questionnaire. The aim of the survey was to determine users’ perceptions towards common elements of password policies and to determine the coping strategies users commonly adopt. The survey included questions related to the new NIST SP 800-63B (2016) that sought to determine users’ perceptions towards these new NIST password policy iii guidelines. Findings from the survey indicated that respondents found the new NIST guidelines to be helpful, secure and easier to adhere to. Finally, recommendations regarding password policies were presented based on the common elements of password policies and users’ perceptions of the new NIST password guidelines. These recommendations could help policy makers in the implementation of new password policies or the revision of current password policies.
- Full Text:
- Date Issued: 2018
- Authors: Fredericks, Damian Todd
- Date: 2018
- Subjects: Computers -- Access control , Computer networks -- Security measures Computer security
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/30205 , vital:30896
- Description: Information is considered a valuable asset to most organisations and is often exposed to various threats which exploit its confidentiality, integrity and availability (CIA). Identification and Authentication are commonly used to help ensure the CIA of information. This research study specifically focused on password-based authentication. Passwords are used to log into personal computers, company computers, email accounts, bank accounts and various software systems and mobile applications. Passwords act like a protective barrier between a user and their personal and company information, and remain the most cost-effective and most efficient method to control access to computer systems. An extensive content analysis was conducted regarding the security of passwords, as well as users’ password management coping strategies. It was determined that very little research has been conducted in relation to users’ perceptions towards password policies. The problem identified by this research is that organisations often implement password policy guidelines without taking into consideration users’ perceptions regarding such guidelines. This could result in users adopting various password management coping strategies. This research therefore aimed to determine users’ perceptions with regard to current password-related standards and best practices (password policy guidelines). Standards and best practices such as ISO/IEC 27002 (2013), NIST SP 800-118 (2009), NIST SP 800-63-2 (2013), NIST SP 800-63B (2016) and the SANS Password Protection Policy (2014b) were studied in order to determine the common elements of password policies. This research argued that before organisations implement password policy guidelines, they need to determine users’ perceptions towards such guidelines. It was identified that certain human factors such as human memory, attitude and apathy often cause users to adopt insecure coping strategies such as Reusing Passwords, Writing Down Passwords and Not Changing Passwords. This research included a survey which took the form of a questionnaire. The aim of the survey was to determine users’ perceptions towards common elements of password policies and to determine the coping strategies users commonly adopt. The survey included questions related to the new NIST SP 800-63B (2016) that sought to determine users’ perceptions towards these new NIST password policy iii guidelines. Findings from the survey indicated that respondents found the new NIST guidelines to be helpful, secure and easier to adhere to. Finally, recommendations regarding password policies were presented based on the common elements of password policies and users’ perceptions of the new NIST password guidelines. These recommendations could help policy makers in the implementation of new password policies or the revision of current password policies.
- Full Text:
- Date Issued: 2018
Modelling the intention to change Facebook privacy settings on mobile phones
- Authors: Miya, Asanda Christopher
- Date: 2017
- Subjects: Online social networks -- Security measures Cell phone systems
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/19531 , vital:28890
- Description: Facebook and other social networking services have significantly changed the way people communicate and share information on the Internet. People are increasingly accessing these networking services on mobile phones as opposed to traditional computers. While privacy in social networking services always was a concern, mobile phones make it even easier to share personal information, thus spotlighting privacy concerns. Facebook has privacy settings for the users who use the service on various mobile phones. However, the failure of Facebook users to change privacy settings on mobile phones may result in undesirable sharing of personal information thereby exposing the users to privacy threats. This study extends the understanding of the use of Facebook privacy settings by investigating what impacts the intention to change the privacy settings on mobile phones. The Theory of Planned Behaviour (TPB) is identified as a theoretical underpinning that relates to the intention to perform a behaviour. Structural equation modelling is chosen as a suitable research method. A conceptual model is theorized by building on the Theory of Planned Behaviour. Following suggestions by other studies, the Perceived Behavioural Control (PBC) construct are speci_cally deconstructed into internal and external factors. Nine hypotheses are predicted. A measurement instrument in the form of a questionnaire consisting of 43 items is developed. The conceptual model is evaluated using empirical data, which is gathered from a sample of 414 South African Facebook users. The evaluation of the conceptual model shows it to be a good fit. Out of the nine hypotheses, five are accepted for the final model of the study. Self-efficacy are found to be a positive internal factor that inuences user's perceived control of changing Facebook privacy settings on mobile phones. Facilitating conditions and Perceived Required effort are found to be external factors that respectively have a positive and negative inuence on user's Perceived Behavioural Control. Attitude and Perceived Behavioural Control are both found to have a positive inuence on user's intention to change Facebook privacy settings on mobile phones. The hypotheses that could not be accepted are discussed and it is argued that potential unintended bias in the sample may have had an inuence. More detailed investigation are left for future studies.
- Full Text:
- Date Issued: 2017
- Authors: Miya, Asanda Christopher
- Date: 2017
- Subjects: Online social networks -- Security measures Cell phone systems
- Language: English
- Type: Thesis , Masters , MIT
- Identifier: http://hdl.handle.net/10948/19531 , vital:28890
- Description: Facebook and other social networking services have significantly changed the way people communicate and share information on the Internet. People are increasingly accessing these networking services on mobile phones as opposed to traditional computers. While privacy in social networking services always was a concern, mobile phones make it even easier to share personal information, thus spotlighting privacy concerns. Facebook has privacy settings for the users who use the service on various mobile phones. However, the failure of Facebook users to change privacy settings on mobile phones may result in undesirable sharing of personal information thereby exposing the users to privacy threats. This study extends the understanding of the use of Facebook privacy settings by investigating what impacts the intention to change the privacy settings on mobile phones. The Theory of Planned Behaviour (TPB) is identified as a theoretical underpinning that relates to the intention to perform a behaviour. Structural equation modelling is chosen as a suitable research method. A conceptual model is theorized by building on the Theory of Planned Behaviour. Following suggestions by other studies, the Perceived Behavioural Control (PBC) construct are speci_cally deconstructed into internal and external factors. Nine hypotheses are predicted. A measurement instrument in the form of a questionnaire consisting of 43 items is developed. The conceptual model is evaluated using empirical data, which is gathered from a sample of 414 South African Facebook users. The evaluation of the conceptual model shows it to be a good fit. Out of the nine hypotheses, five are accepted for the final model of the study. Self-efficacy are found to be a positive internal factor that inuences user's perceived control of changing Facebook privacy settings on mobile phones. Facilitating conditions and Perceived Required effort are found to be external factors that respectively have a positive and negative inuence on user's Perceived Behavioural Control. Attitude and Perceived Behavioural Control are both found to have a positive inuence on user's intention to change Facebook privacy settings on mobile phones. The hypotheses that could not be accepted are discussed and it is argued that potential unintended bias in the sample may have had an inuence. More detailed investigation are left for future studies.
- Full Text:
- Date Issued: 2017