An online information security Aaareness model: the disclosure of personal data
- Authors: Parker, Heather Joubert
- Date: 2021
- Subjects: Social media -- Psychological aspects , Social media -- Psychological aspects -- South Africa , Human behavior , Disclosure of information -- Psychological aspects -- Case studies , Personal information management -- Psychological aspects -- Case studies , Data protection -- Psychologial aspects -- Case studies
- Language: English
- Type: text , Thesis , Masters , MCom
- Identifier: http://hdl.handle.net/10962/172329 , vital:42189
- Description: Social media has revolutionized the way people send and receive information by creating a new level of interconnected communication. However, the use of the Internet and social media brings about various ways in which a user’s personal data can be put at risk. This study aims to investigate what drives the disclosure of personal information online and whether an increase in awareness of the value of personal information motivates users to safeguard their information. Fourteen university students participated in a mixed-methods experiment, where they completed a questionnaire before and after being shown the data stored about them by online platforms to determine if changes occur in their intention to disclose. Following completing the initial questionnaire, the participant viewed the personal data stored about them by Facebook, Google, and Instagram. Other online tools such as Social Profile Checker, Facebook View As, and HaveIBeenPawned were used to see the information publicly available about each participant. Together these findings were discussed in a semi-structured interview to determine the influence of attitudes, subjective norms, and awareness on the cost-benefit analysis users conduct when disclosing information online. Overall, the findings indicate that users are able to disregard their concerns due to a resigned and apathetic attitude towards privacy. Furthermore, subjective norms enhanced by FOMO further allow users to overlook potential risks to their information in order to avoid social isolation and sanction. Alternatively, an increased awareness of the personal value of information and having experienced a previous privacy violation encourage the protection of information and limited disclosure. Thus, this study provides insight into privacy and information disclosure on social media in South Africa. It reveals more insight into the cost-benefit analysis users conduct by combining the Theory of Planned Behaviour with the Privacy Calculus Model, as well as the antecedent factors of Trust in the Social Media Provider, FOMO, and Personal Valuation of Information.
- Full Text:
- Date Issued: 2021
- Authors: Parker, Heather Joubert
- Date: 2021
- Subjects: Social media -- Psychological aspects , Social media -- Psychological aspects -- South Africa , Human behavior , Disclosure of information -- Psychological aspects -- Case studies , Personal information management -- Psychological aspects -- Case studies , Data protection -- Psychologial aspects -- Case studies
- Language: English
- Type: text , Thesis , Masters , MCom
- Identifier: http://hdl.handle.net/10962/172329 , vital:42189
- Description: Social media has revolutionized the way people send and receive information by creating a new level of interconnected communication. However, the use of the Internet and social media brings about various ways in which a user’s personal data can be put at risk. This study aims to investigate what drives the disclosure of personal information online and whether an increase in awareness of the value of personal information motivates users to safeguard their information. Fourteen university students participated in a mixed-methods experiment, where they completed a questionnaire before and after being shown the data stored about them by online platforms to determine if changes occur in their intention to disclose. Following completing the initial questionnaire, the participant viewed the personal data stored about them by Facebook, Google, and Instagram. Other online tools such as Social Profile Checker, Facebook View As, and HaveIBeenPawned were used to see the information publicly available about each participant. Together these findings were discussed in a semi-structured interview to determine the influence of attitudes, subjective norms, and awareness on the cost-benefit analysis users conduct when disclosing information online. Overall, the findings indicate that users are able to disregard their concerns due to a resigned and apathetic attitude towards privacy. Furthermore, subjective norms enhanced by FOMO further allow users to overlook potential risks to their information in order to avoid social isolation and sanction. Alternatively, an increased awareness of the personal value of information and having experienced a previous privacy violation encourage the protection of information and limited disclosure. Thus, this study provides insight into privacy and information disclosure on social media in South Africa. It reveals more insight into the cost-benefit analysis users conduct by combining the Theory of Planned Behaviour with the Privacy Calculus Model, as well as the antecedent factors of Trust in the Social Media Provider, FOMO, and Personal Valuation of Information.
- Full Text:
- Date Issued: 2021
A personality-based surveillance model for Facebook apps
- Authors: Van der Schyff, Karl Izak
- Date: 2020
- Subjects: Facebook (Electronic resource) , Electronic surveillance -- Psychological aspects , Online social networks -- Psychological aspects , Social media -- Psychological aspects , Personality
- Language: English
- Type: text , Thesis , Doctoral , PhD
- Identifier: http://hdl.handle.net/10962/145534 , vital:38447
- Description: The surveillance of data through the use of Facebook Apps is an ongoing and persistent problem that impacts millions of users. Nonetheless, limited research has been conducted investigating to what extent a Facebook user’s personality influences their awareness of such surveillance practices. Thus, to understand this situation better, the current study inductively developed four propositions from secondary data sources as part of a detailed content analysis. Spanning three search and analysis phases the content analysis led to the development of the research model. Guided by the propositions and research questions, a questionnaire was developed based on the relevant constructs prescribed by the Theory of Planned Behaviour. This questionnaire was used, and a total of 651 responses were collected from Facebook users over the age of 18 years old and residing in the United States of America. Primary data took place at both a univariate and multivariate level with a specific focus on the development of a structural model. Interpretation of the structural model revealed that out of all the Big Five personality traits, Conscientiousness exhibited the strongest relationship with information security awareness followed by Openness to Experience and Neuroticism, respectively. The results further indicated that the model constructs based on attitude, social norms and awareness significantly influenced the intended use of Facebook Apps. The study also contributes by indicating which personality traits are most vulnerable to Facebook App surveillance. For example, it was found that individuals high in Conscientiousness are the least vulnerable with individuals high in Extraversion being the most vulnerable. Since the results indicate that not all the personality traits are significantly related to the model constructs, additional factors may contribute to App surveillance in this context. Concerning this, factors such as user apathy, information privacy, privacy concerns, control and Facebook dependency are discussed as a means to argue why this might be the case.
- Full Text:
- Date Issued: 2020
- Authors: Van der Schyff, Karl Izak
- Date: 2020
- Subjects: Facebook (Electronic resource) , Electronic surveillance -- Psychological aspects , Online social networks -- Psychological aspects , Social media -- Psychological aspects , Personality
- Language: English
- Type: text , Thesis , Doctoral , PhD
- Identifier: http://hdl.handle.net/10962/145534 , vital:38447
- Description: The surveillance of data through the use of Facebook Apps is an ongoing and persistent problem that impacts millions of users. Nonetheless, limited research has been conducted investigating to what extent a Facebook user’s personality influences their awareness of such surveillance practices. Thus, to understand this situation better, the current study inductively developed four propositions from secondary data sources as part of a detailed content analysis. Spanning three search and analysis phases the content analysis led to the development of the research model. Guided by the propositions and research questions, a questionnaire was developed based on the relevant constructs prescribed by the Theory of Planned Behaviour. This questionnaire was used, and a total of 651 responses were collected from Facebook users over the age of 18 years old and residing in the United States of America. Primary data took place at both a univariate and multivariate level with a specific focus on the development of a structural model. Interpretation of the structural model revealed that out of all the Big Five personality traits, Conscientiousness exhibited the strongest relationship with information security awareness followed by Openness to Experience and Neuroticism, respectively. The results further indicated that the model constructs based on attitude, social norms and awareness significantly influenced the intended use of Facebook Apps. The study also contributes by indicating which personality traits are most vulnerable to Facebook App surveillance. For example, it was found that individuals high in Conscientiousness are the least vulnerable with individuals high in Extraversion being the most vulnerable. Since the results indicate that not all the personality traits are significantly related to the model constructs, additional factors may contribute to App surveillance in this context. Concerning this, factors such as user apathy, information privacy, privacy concerns, control and Facebook dependency are discussed as a means to argue why this might be the case.
- Full Text:
- Date Issued: 2020
Passphrase and keystroke dynamics authentication: security and usability
- Authors: Bhana, Bhaveer
- Date: 2020
- Subjects: Computer security -- Management , Computers -- Access control -- Codewords , Computers -- Access control -- Keystroke timing authentication , Entropy (Information theory)
- Language: English
- Type: text , Thesis , Doctoral , PhD
- Identifier: http://hdl.handle.net/10962/146663 , vital:38546
- Description: It was found that employees spend a total 2.25 days within a 60 day period on password related activities. Another study found that over 85 days an average user will create 25 accounts with an average of 6.5 unique passwords. These numbers are expected to increase over time as more systems become available. In addition, the use of 6.5 unique passwords highlight that passwords are being reused which creates security concerns as multiple systems will be accessible by an unauthorised party if one of these passwords is leaked. Current user authentication solutions either increase security or usability. When security increases, usability decreases, or vice versa. To add to this, stringent security protocols encourage unsecure behaviours by the user such as writing the password down on a piece of paper to remember it. It was found that passphrases require less cognitive effort than passwords and because passphrases are stronger than passwords, they don’t need to be changed as frequently as passwords. This study aimed to assess a two-tier user authentication solution that increases security and usability. The proposed solution uses passphrases in conjunction with keystroke dynamics to address this research problem. The design science research approach was used to guide this study. The study’s theoretical foundation includes three theories. The Shannon entropy formula was used to calculate the strength of passwords, passphrases and keystroke dynamics. The chunking theory assisted in assessing password and passphrase memorisation issues and the keystroke-level model was used to assess password and passphrase typing issues. Two primary data collection methods were used to evaluate the findings and to ensure that gaps in the research were filled. A login assessment experiment collected data on user authentication and user-system interaction for passwords and passphrases. Plus, an expert review was conducted to verify findings and assess the research artefact in the form of a model. The model can be used to assist with the implementation of a two-tier user authentication solution which involves passphrases and keystroke dynamics. There are a number of components that need to be considered to realise the benefits of this solution and ensure successful implementation.
- Full Text:
- Date Issued: 2020
- Authors: Bhana, Bhaveer
- Date: 2020
- Subjects: Computer security -- Management , Computers -- Access control -- Codewords , Computers -- Access control -- Keystroke timing authentication , Entropy (Information theory)
- Language: English
- Type: text , Thesis , Doctoral , PhD
- Identifier: http://hdl.handle.net/10962/146663 , vital:38546
- Description: It was found that employees spend a total 2.25 days within a 60 day period on password related activities. Another study found that over 85 days an average user will create 25 accounts with an average of 6.5 unique passwords. These numbers are expected to increase over time as more systems become available. In addition, the use of 6.5 unique passwords highlight that passwords are being reused which creates security concerns as multiple systems will be accessible by an unauthorised party if one of these passwords is leaked. Current user authentication solutions either increase security or usability. When security increases, usability decreases, or vice versa. To add to this, stringent security protocols encourage unsecure behaviours by the user such as writing the password down on a piece of paper to remember it. It was found that passphrases require less cognitive effort than passwords and because passphrases are stronger than passwords, they don’t need to be changed as frequently as passwords. This study aimed to assess a two-tier user authentication solution that increases security and usability. The proposed solution uses passphrases in conjunction with keystroke dynamics to address this research problem. The design science research approach was used to guide this study. The study’s theoretical foundation includes three theories. The Shannon entropy formula was used to calculate the strength of passwords, passphrases and keystroke dynamics. The chunking theory assisted in assessing password and passphrase memorisation issues and the keystroke-level model was used to assess password and passphrase typing issues. Two primary data collection methods were used to evaluate the findings and to ensure that gaps in the research were filled. A login assessment experiment collected data on user authentication and user-system interaction for passwords and passphrases. Plus, an expert review was conducted to verify findings and assess the research artefact in the form of a model. The model can be used to assist with the implementation of a two-tier user authentication solution which involves passphrases and keystroke dynamics. There are a number of components that need to be considered to realise the benefits of this solution and ensure successful implementation.
- Full Text:
- Date Issued: 2020
A model for secure and usable passphrases for multilingual users
- Authors: Maoneke, Pardon Blessings
- Date: 2019
- Subjects: Computers -- Access control -- Passwords Computer security
- Language: English
- Type: Thesis , Doctoral , PhD (Information Systems)
- Identifier: http://hdl.handle.net/10353/12571 , vital:39289
- Description: Research on more than 100 million passwords that have been leaked to the public domain has uncovered various security limitations associated with user-generated short passwords. Long passwords (passphrases) are considered an alternative solution that could provide a balance between security and usability. However, the literature shows a lack of consistency in the security and usability contributions of passphrases. For example, studies that investigated passphrase security focusing on structural dependencies at character level found passphrases to be secure. Inversely, other research findings suggest that passphrase security could be compromised by the use of predictable grammatical rules, popular words in a natural language and keyboard patterns. This is further exacerbated by research on passphrases that is focused on the Global North. This is a huge concern given that results from inter-cultural studies suggest that local languages do influence password structure and to some extent, password usability and security. To address these gaps in the literature, this study used socio-technical theory which emphasised both the social and technical aspects of the phenomenon under study. Psychological studies show that the memory has limited capacity, something that threatens password usability; hence, the need to utilise information that is already known during password generation. Socio-cultural theory suggests that the information that is already known by users is contextually informed, hence sociocultural theory was applied to understand the contextual factors that could be used to enhance passphrase security and usability. With reference to the Southern African context, this study argues that system designers should take advantage of a multilingual user group and encourage the generation of passphrases that are based on substrings from different languages. This study went on to promote the use of multilingual passphrases instead of emphasising multi-character class passwords. This study was guided by design science research. Participants were invited to take part in a short password and multilingual passphrase generation and recall experiment that was made available using a web-based application. These passwords were generated by participants under pre-specified conditions. Quantitative and qualitative data was gathered. The study findings showed the use of both African and Indo-European languages in multilingual passphrases and short passwords. English oriented passwords and substrings dominated the multilingual passphrase and short password corpora. In addition, some of the short passwords and substrings in the multilingual passphrase corpora were found among the most common passwords of 2016, 2017 and 2018. Usability tests showed that multilingual passphrases are usable, even though they were not easy to create and recall when compared to short passwords. A high rate of password reuse during short password generation by participants might have worked in favour of short passwords. Nonetheless, participants appear to reflect better usability with multilingual passphrases over time due to repeated use. Females struggled to recall short passwords and multilingual passphrases when compared to their male counterparts. Security tests using the Probabilistic Context-Free Grammar suggest that short passwords are weaker, with just more than 50% of the short passwords being guessed, while none 4 Final Submission of Thesis, Dissertation or Research Report/Project, Conference or Exam Paper of the multilingual passphrases were guessed. Further analysis showed that short passwords that were oriented towards an IndoEuropean language were more easily guessed than African language-oriented short passwords. As such, this study encourages orienting passwords towards African languages while the use of multilingual passphrases is expected to offer more security. The use of African languages and multilingual passphrases by a user group that is biased towards English-oriented passwords could enhance security by increasing the search space.
- Full Text:
- Date Issued: 2019
- Authors: Maoneke, Pardon Blessings
- Date: 2019
- Subjects: Computers -- Access control -- Passwords Computer security
- Language: English
- Type: Thesis , Doctoral , PhD (Information Systems)
- Identifier: http://hdl.handle.net/10353/12571 , vital:39289
- Description: Research on more than 100 million passwords that have been leaked to the public domain has uncovered various security limitations associated with user-generated short passwords. Long passwords (passphrases) are considered an alternative solution that could provide a balance between security and usability. However, the literature shows a lack of consistency in the security and usability contributions of passphrases. For example, studies that investigated passphrase security focusing on structural dependencies at character level found passphrases to be secure. Inversely, other research findings suggest that passphrase security could be compromised by the use of predictable grammatical rules, popular words in a natural language and keyboard patterns. This is further exacerbated by research on passphrases that is focused on the Global North. This is a huge concern given that results from inter-cultural studies suggest that local languages do influence password structure and to some extent, password usability and security. To address these gaps in the literature, this study used socio-technical theory which emphasised both the social and technical aspects of the phenomenon under study. Psychological studies show that the memory has limited capacity, something that threatens password usability; hence, the need to utilise information that is already known during password generation. Socio-cultural theory suggests that the information that is already known by users is contextually informed, hence sociocultural theory was applied to understand the contextual factors that could be used to enhance passphrase security and usability. With reference to the Southern African context, this study argues that system designers should take advantage of a multilingual user group and encourage the generation of passphrases that are based on substrings from different languages. This study went on to promote the use of multilingual passphrases instead of emphasising multi-character class passwords. This study was guided by design science research. Participants were invited to take part in a short password and multilingual passphrase generation and recall experiment that was made available using a web-based application. These passwords were generated by participants under pre-specified conditions. Quantitative and qualitative data was gathered. The study findings showed the use of both African and Indo-European languages in multilingual passphrases and short passwords. English oriented passwords and substrings dominated the multilingual passphrase and short password corpora. In addition, some of the short passwords and substrings in the multilingual passphrase corpora were found among the most common passwords of 2016, 2017 and 2018. Usability tests showed that multilingual passphrases are usable, even though they were not easy to create and recall when compared to short passwords. A high rate of password reuse during short password generation by participants might have worked in favour of short passwords. Nonetheless, participants appear to reflect better usability with multilingual passphrases over time due to repeated use. Females struggled to recall short passwords and multilingual passphrases when compared to their male counterparts. Security tests using the Probabilistic Context-Free Grammar suggest that short passwords are weaker, with just more than 50% of the short passwords being guessed, while none 4 Final Submission of Thesis, Dissertation or Research Report/Project, Conference or Exam Paper of the multilingual passphrases were guessed. Further analysis showed that short passwords that were oriented towards an IndoEuropean language were more easily guessed than African language-oriented short passwords. As such, this study encourages orienting passwords towards African languages while the use of multilingual passphrases is expected to offer more security. The use of African languages and multilingual passphrases by a user group that is biased towards English-oriented passwords could enhance security by increasing the search space.
- Full Text:
- Date Issued: 2019
An access control model for a South African National Electronic Health Record System
- Authors: Tsegaye, Tamir Asrat
- Date: 2019
- Subjects: Medical records -- Data processing , Medical records -- Data processing -- Safety measures , Medical records -- Data processing -- South Africa , Medical records -- Data processing -- Access control , Medical informatics , Medical records -- Management -- South Africa , Health services administration -- South Africa
- Language: English
- Type: text , Thesis , Masters , MCom
- Identifier: http://hdl.handle.net/10962/97046 , vital:31390
- Description: Countries such as South Africa have attempted to leverage eHealth by digitising patients’ medical records with the ultimate goal of improving the delivery of healthcare. This involves the use of the Electronic Health Record (EHR) which is a longitudinal electronic record of a patient’s information. The EHR is comprised of all of the encounters that have been made at different health facilities. In the national context, the EHR is also known as a national EHR which enables the sharing of patient information between points of care. Despite this, the realisation of a national EHR system puts patients' EHRs at risk. This is because patients’ information, which was once only available at local health facilities in the form of paper-based records, can be accessed anywhere within the country as a national EHR. This results in security and privacy issues since patients’ EHRs are shared with an increasing number of parties who are geographically distributed. This study proposes an access control model that will address the security and privacy issues by providing the right level of secure access to authorised clinicians. The proposed model is based on a combination of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). The study found that RBAC is the most common access control model that is used within the healthcare domain where users’ job functions are based on roles. While RBAC is not able to handle dynamic events such as emergencies, the proposed model’s use of ABAC addresses this limitation. The development of the proposed model followed the design science research paradigm and was informed by the results of the content analysis plus an expert review. The content analysis sample was retrieved by conducting a systematic literature review and the analysis of this sample resulted in 6743 tags. The proposed model was evaluated using an evaluation framework via an expert review.
- Full Text:
- Date Issued: 2019
- Authors: Tsegaye, Tamir Asrat
- Date: 2019
- Subjects: Medical records -- Data processing , Medical records -- Data processing -- Safety measures , Medical records -- Data processing -- South Africa , Medical records -- Data processing -- Access control , Medical informatics , Medical records -- Management -- South Africa , Health services administration -- South Africa
- Language: English
- Type: text , Thesis , Masters , MCom
- Identifier: http://hdl.handle.net/10962/97046 , vital:31390
- Description: Countries such as South Africa have attempted to leverage eHealth by digitising patients’ medical records with the ultimate goal of improving the delivery of healthcare. This involves the use of the Electronic Health Record (EHR) which is a longitudinal electronic record of a patient’s information. The EHR is comprised of all of the encounters that have been made at different health facilities. In the national context, the EHR is also known as a national EHR which enables the sharing of patient information between points of care. Despite this, the realisation of a national EHR system puts patients' EHRs at risk. This is because patients’ information, which was once only available at local health facilities in the form of paper-based records, can be accessed anywhere within the country as a national EHR. This results in security and privacy issues since patients’ EHRs are shared with an increasing number of parties who are geographically distributed. This study proposes an access control model that will address the security and privacy issues by providing the right level of secure access to authorised clinicians. The proposed model is based on a combination of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). The study found that RBAC is the most common access control model that is used within the healthcare domain where users’ job functions are based on roles. While RBAC is not able to handle dynamic events such as emergencies, the proposed model’s use of ABAC addresses this limitation. The development of the proposed model followed the design science research paradigm and was informed by the results of the content analysis plus an expert review. The content analysis sample was retrieved by conducting a systematic literature review and the analysis of this sample resulted in 6743 tags. The proposed model was evaluated using an evaluation framework via an expert review.
- Full Text:
- Date Issued: 2019
A bring your own device information security behavioural model
- Authors: Musarurwa, Alfred
- Date: 2017
- Subjects: Data protection Computer security -- Management Privacy, Right of
- Language: English
- Type: Thesis , Doctoral , PhD
- Identifier: http://hdl.handle.net/10353/8587 , vital:33166
- Description: The Bring Your Own Device (BYOD) phenomenon has become prevalent in the modern-day workplace, including the banking industry. Employees who own devices have become the unintended administrators of the organisation’s information as their mobile devices often carry information belonging to the organisation. The unintended administrator is not necessarily schooled or aware of the information security risks and challenges that are associated with the BYOD. This inadvertently shifts the management of organisational information security from the information technology (IT) administrator to the unintended administrator. This shift leaves the organisation at risk of information security breaches that can permeate the organisation, which result from the behaviour that the unintended administrator displays when operating the mobile device. This study introduces the BYOD Information Security Behavioural (BISB) model. The model constructs are a combination of individual and organisational traits of the unintended administrator. The purpose of this study is to mitigate the risks posed by the unintended administrator in organisations through the implementation this model. The risk that the unintended administrator poses in relation to the BYOD phenomenon results in chief information officers (CIOs) being unable to totally control these mobile devices. Traditional endpoint information security management tools and methods can no longer secure devices in the BYOD the way they can in the traditional network where they are confined to the organisation’s IT administrator. This results in the organisation’s information security becoming the responsibility of the unintended administrator. This study was conducted in the banking sector in Zimbabwe. It is noteworthy that the BYOD phenomenon has become prevalent in the banking sector among other organisational sectors like education, health or even government departments. Information security is also an important component of the banks as such and a choice was made to conduct the study in the banking industry. The design science research paradigm was followed in this study and included a survey of 270 bank employees in Zimbabwe, which received 170 complete responses. A literature review on both employee behaviour and organisational culture was conducted, followed by a case study of a commercial bank in Zimbabwe. The literature review culminated in traits that were then classified as individual traits and organisational traits. Six constructs –, knowledge, attitude, habit, environment, governance and training – were identified from the literature and combined to form the BYOD information security behavioural (BISB) model. Statistical calculations were conducted on the survey results which informed the reliability, validity and rigour of the model constructs. An expert review including industry experts was conducted to evaluate the BISB model. This study concludes by recommending that organisations in Zimbabwe should make use of the BISB model to mitigate the information security risks that are posed by the unintended administrator. While there are technical solutions for managing the information security risks that come with the BYOD, this study points out that without harnessing the individual and organisational traits that make up the BYOD information security behavioural model for the unintended administrator, technical solutions alone will not be effective.
- Full Text:
- Date Issued: 2017
- Authors: Musarurwa, Alfred
- Date: 2017
- Subjects: Data protection Computer security -- Management Privacy, Right of
- Language: English
- Type: Thesis , Doctoral , PhD
- Identifier: http://hdl.handle.net/10353/8587 , vital:33166
- Description: The Bring Your Own Device (BYOD) phenomenon has become prevalent in the modern-day workplace, including the banking industry. Employees who own devices have become the unintended administrators of the organisation’s information as their mobile devices often carry information belonging to the organisation. The unintended administrator is not necessarily schooled or aware of the information security risks and challenges that are associated with the BYOD. This inadvertently shifts the management of organisational information security from the information technology (IT) administrator to the unintended administrator. This shift leaves the organisation at risk of information security breaches that can permeate the organisation, which result from the behaviour that the unintended administrator displays when operating the mobile device. This study introduces the BYOD Information Security Behavioural (BISB) model. The model constructs are a combination of individual and organisational traits of the unintended administrator. The purpose of this study is to mitigate the risks posed by the unintended administrator in organisations through the implementation this model. The risk that the unintended administrator poses in relation to the BYOD phenomenon results in chief information officers (CIOs) being unable to totally control these mobile devices. Traditional endpoint information security management tools and methods can no longer secure devices in the BYOD the way they can in the traditional network where they are confined to the organisation’s IT administrator. This results in the organisation’s information security becoming the responsibility of the unintended administrator. This study was conducted in the banking sector in Zimbabwe. It is noteworthy that the BYOD phenomenon has become prevalent in the banking sector among other organisational sectors like education, health or even government departments. Information security is also an important component of the banks as such and a choice was made to conduct the study in the banking industry. The design science research paradigm was followed in this study and included a survey of 270 bank employees in Zimbabwe, which received 170 complete responses. A literature review on both employee behaviour and organisational culture was conducted, followed by a case study of a commercial bank in Zimbabwe. The literature review culminated in traits that were then classified as individual traits and organisational traits. Six constructs –, knowledge, attitude, habit, environment, governance and training – were identified from the literature and combined to form the BYOD information security behavioural (BISB) model. Statistical calculations were conducted on the survey results which informed the reliability, validity and rigour of the model constructs. An expert review including industry experts was conducted to evaluate the BISB model. This study concludes by recommending that organisations in Zimbabwe should make use of the BISB model to mitigate the information security risks that are posed by the unintended administrator. While there are technical solutions for managing the information security risks that come with the BYOD, this study points out that without harnessing the individual and organisational traits that make up the BYOD information security behavioural model for the unintended administrator, technical solutions alone will not be effective.
- Full Text:
- Date Issued: 2017
Text data analysis for a smart city project in a developing nation
- Authors: Currin, Aubrey Jason
- Date: 2015
- Subjects: Natural language processing (Computer science) Human computation Human-computer interaction
- Language: English
- Type: Thesis , Masters , MCom
- Identifier: http://hdl.handle.net/10353/2227 , vital:27709
- Description: Increased urbanisation against the backdrop of limited resources is complicating city planning and management of functions including public safety. The smart city concept can help, but most previous smart city systems have focused on utilising automated sensors and analysing quantitative data. In developing nations, using the ubiquitous mobile phone as an enabler for crowdsourcing of qualitative public safety reports, from the public, is a more viable option due to limited resources and infrastructure limitations. However, there is no specific best method for the analysis of qualitative text reports for a smart city in a developing nation. The aim of this study, therefore, is the development of a model for enabling the analysis of unstructured natural language text for use in a public safety smart city project. Following the guidelines of the design science paradigm, the resulting model was developed through the inductive review of related literature, assessed and refined by observations of a crowdsourcing prototype and conversational analysis with industry experts and academics. The content analysis technique was applied to the public safety reports obtained from the prototype via computer assisted qualitative data analysis software. This has resulted in the development of a hierarchical ontology which forms an additional output of this research project. Thus, this study has shown how municipalities or local government can use CAQDAS and content analysis techniques to prepare large quantities of text data for use in a smart city.
- Full Text:
- Date Issued: 2015
- Authors: Currin, Aubrey Jason
- Date: 2015
- Subjects: Natural language processing (Computer science) Human computation Human-computer interaction
- Language: English
- Type: Thesis , Masters , MCom
- Identifier: http://hdl.handle.net/10353/2227 , vital:27709
- Description: Increased urbanisation against the backdrop of limited resources is complicating city planning and management of functions including public safety. The smart city concept can help, but most previous smart city systems have focused on utilising automated sensors and analysing quantitative data. In developing nations, using the ubiquitous mobile phone as an enabler for crowdsourcing of qualitative public safety reports, from the public, is a more viable option due to limited resources and infrastructure limitations. However, there is no specific best method for the analysis of qualitative text reports for a smart city in a developing nation. The aim of this study, therefore, is the development of a model for enabling the analysis of unstructured natural language text for use in a public safety smart city project. Following the guidelines of the design science paradigm, the resulting model was developed through the inductive review of related literature, assessed and refined by observations of a crowdsourcing prototype and conversational analysis with industry experts and academics. The content analysis technique was applied to the public safety reports obtained from the prototype via computer assisted qualitative data analysis software. This has resulted in the development of a hierarchical ontology which forms an additional output of this research project. Thus, this study has shown how municipalities or local government can use CAQDAS and content analysis techniques to prepare large quantities of text data for use in a smart city.
- Full Text:
- Date Issued: 2015
Ensuring high quality public safety data in participatory crowdsourcing used as a smart city initiative
- Authors: Bhana, Bhaveer
- Date: 2013
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11141 , http://hdl.handle.net/10353/d1014673
- Description: The increase in urbanisation is making the management of city resources a difficult task. Data collected through observations of the city surroundings can be used to improve decision-making in terms of manage city resources. However, the data collected must be of quality in order to ensure that effective and efficient decisions are made. This study is focused on improving emergency and non-emergency services (city resources) by using Participatory Crowdsourcing as a data collection method (collect public safety data) utilising voice technology in the form of an advanced IVR system known as the Spoken Web. The study illustrates how Participatory Crowdsourcing can be used as a Smart City initiative by illustrating what is required to contribute to the Smart City, and developing a roadmap in the form of a model to assist decision-making when selecting the optimal Crowdsourcing initiative. A Public Safety Data Quality criteria was also developed to assess and identify the problems affecting Data Quality. This study is guided by the Design Science methodology and utilises two driving theories: the characteristics of a Smart City, and Wang and Strong’s (1996) Data Quality Framework. Five Critical Success Factors were developed to ensure high quality public safety data is collected through Participatory Crowdsourcing utilising voice technologies. These Critical Success Factors include: Relevant Public Safety Data, Public Safety Reporting Instructions, Public Safety Data Interpretation and Presentation Format, Public Safety Data Integrity and Security, and Simple Participatory Crowdsourcing System Setup.
- Full Text:
- Date Issued: 2013
- Authors: Bhana, Bhaveer
- Date: 2013
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11141 , http://hdl.handle.net/10353/d1014673
- Description: The increase in urbanisation is making the management of city resources a difficult task. Data collected through observations of the city surroundings can be used to improve decision-making in terms of manage city resources. However, the data collected must be of quality in order to ensure that effective and efficient decisions are made. This study is focused on improving emergency and non-emergency services (city resources) by using Participatory Crowdsourcing as a data collection method (collect public safety data) utilising voice technology in the form of an advanced IVR system known as the Spoken Web. The study illustrates how Participatory Crowdsourcing can be used as a Smart City initiative by illustrating what is required to contribute to the Smart City, and developing a roadmap in the form of a model to assist decision-making when selecting the optimal Crowdsourcing initiative. A Public Safety Data Quality criteria was also developed to assess and identify the problems affecting Data Quality. This study is guided by the Design Science methodology and utilises two driving theories: the characteristics of a Smart City, and Wang and Strong’s (1996) Data Quality Framework. Five Critical Success Factors were developed to ensure high quality public safety data is collected through Participatory Crowdsourcing utilising voice technologies. These Critical Success Factors include: Relevant Public Safety Data, Public Safety Reporting Instructions, Public Safety Data Interpretation and Presentation Format, Public Safety Data Integrity and Security, and Simple Participatory Crowdsourcing System Setup.
- Full Text:
- Date Issued: 2013
A model for enhancing trust in South African automotive supply chains through information technology
- Authors: Piderit, Roxanne
- Date: 2012
- Subjects: Automobile supplies industry -- South Africa , Automobiles -- Technological innovations , Business logistics -- South Africa
- Language: English
- Type: Thesis , Doctoral , DPhil
- Identifier: vital:9793 , http://hdl.handle.net/10948/d1011851 , Automobile supplies industry -- South Africa , Automobiles -- Technological innovations , Business logistics -- South Africa
- Description: The South African automotive industry is recognised as an important sector for the economy and has thus been prioritised by the South African government. The success of the automotive manufacturers depends on the efficiency and effectiveness of their supply chain. Due to the large number of suppliers involved in these supply chains, enhancing trust in the inter-organisational relationships can ensure the competitiveness of the supply chain. Additionally, insufficient trust can disrupt information sharing between supply chain partners which further impacts on supply chain operations and hence supply chain competitiveness. Thus, both insufficient trust and insufficient information sharing are viewed as contributing factors to the inefficiency and ineffectiveness of a supply chain’s operations. The use of Information Technology to facilitate inter-organisational relationships, in particular in terms of improving information sharing, is an important consideration in this research project. As in the Prisoner’s Dilemma, when supply chain members share information freely, trust levels are increased, hence supply chain effectiveness and efficiency is achieved and therefore the competitiveness of the supply chain is optimised. This study addresses the problem of enhancing trust in automotive supply chains using Information Technology. Previous studies have recognised the importance of trust and information sharing in supply chain relationships. These previous studies have also considered the effect of trust on information sharing, or the effect of information sharing on trust in a single direction. Thus, to address this research problem, a cyclical relationship between trust and information sharing is proposed. In this respect, Information Technology should be used to nurture this cyclical relationship between trust and information sharing. A model for the enhancement of trust in automotive supply chains through Information Technology is proposed to achieve the objectives of this research project. This model includes risk perception; information sharing as a means of enhancing trust; a trust area that consists of both supply chain partner trustworthiness and system trust; the resultant trusting behaviour; and the resultant improved information sharing. As this study is concerned with the use of IT to enhance trust, the inclusion of system trust as a component of the model is a significant contribution of this study which is complementary to the proposed cyclical relationship between trust and information sharing.
- Full Text:
- Date Issued: 2012
A model for enhancing trust in South African automotive supply chains through information technology
- Authors: Piderit, Roxanne
- Date: 2012
- Subjects: Automobile supplies industry -- South Africa , Automobiles -- Technological innovations , Business logistics -- South Africa
- Language: English
- Type: Thesis , Doctoral , DPhil
- Identifier: vital:9793 , http://hdl.handle.net/10948/d1011851 , Automobile supplies industry -- South Africa , Automobiles -- Technological innovations , Business logistics -- South Africa
- Description: The South African automotive industry is recognised as an important sector for the economy and has thus been prioritised by the South African government. The success of the automotive manufacturers depends on the efficiency and effectiveness of their supply chain. Due to the large number of suppliers involved in these supply chains, enhancing trust in the inter-organisational relationships can ensure the competitiveness of the supply chain. Additionally, insufficient trust can disrupt information sharing between supply chain partners which further impacts on supply chain operations and hence supply chain competitiveness. Thus, both insufficient trust and insufficient information sharing are viewed as contributing factors to the inefficiency and ineffectiveness of a supply chain’s operations. The use of Information Technology to facilitate inter-organisational relationships, in particular in terms of improving information sharing, is an important consideration in this research project. As in the Prisoner’s Dilemma, when supply chain members share information freely, trust levels are increased, hence supply chain effectiveness and efficiency is achieved and therefore the competitiveness of the supply chain is optimised. This study addresses the problem of enhancing trust in automotive supply chains using Information Technology. Previous studies have recognised the importance of trust and information sharing in supply chain relationships. These previous studies have also considered the effect of trust on information sharing, or the effect of information sharing on trust in a single direction. Thus, to address this research problem, a cyclical relationship between trust and information sharing is proposed. In this respect, Information Technology should be used to nurture this cyclical relationship between trust and information sharing. A model for the enhancement of trust in automotive supply chains through Information Technology is proposed to achieve the objectives of this research project. This model includes risk perception; information sharing as a means of enhancing trust; a trust area that consists of both supply chain partner trustworthiness and system trust; the resultant trusting behaviour; and the resultant improved information sharing. As this study is concerned with the use of IT to enhance trust, the inclusion of system trust as a component of the model is a significant contribution of this study which is complementary to the proposed cyclical relationship between trust and information sharing.
- Full Text:
- Date Issued: 2012
Impact of information and communication technology (ICT) on trust and information sharing in South African automotive supply chains
- Authors: Goche, Chiedza
- Date: 2012
- Subjects: Business logistics -- South Africa , Automobile industry and trade -- South Africa , Interorganizational relations -- South Africa , Trust -- South Africa , Information technology -- South Africa , Prisoner's dilemma game
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: http://hdl.handle.net/10353/668 , vital:26486 , Business logistics -- South Africa , Automobile industry and trade -- South Africa , Interorganizational relations -- South Africa , Trust -- South Africa , Information technology -- South Africa , Prisoner's dilemma game
- Description: The Internet has made a considerable impact on how business is conducted. Empowered by technology consumers are using the Internet as a tool to communicate and transact online. E-commerce (electronic commerce) presents opportunities for business to gain a competitive advantage, however it also posses certain challenges. Small and Medium Hospitality Enterprises (SMHEs) sector within the tourism industry, is one of the sectors which stands to benefit from using the Internet for business. Researchers agree that the contribution made by the tourism sector in developing economies is substantial. However, SMHEs are noted for their failure to derive optimal benefits from using the Internet for business to improve their competitiveness. This study which seeks to develop a model for use by SMHEs as a guide when making the decision to adopt technology was necessitated by the importance of SMHE’s contribution in the economy of developing countries. This model is based on the examination of existing theories and models such as; the Delone and McLean IS success model (2004), and the ITGI’s (2007) IT governance focus areas model. To elicit the desired outcomes, additional data was collected using questionnaires, interviews, and observations. The collected data was analysed and resulted in the development of a model that can be used by SMHEs in order to derive value from IT and to gain a competitive advantage.
- Full Text:
- Date Issued: 2012
- Authors: Goche, Chiedza
- Date: 2012
- Subjects: Business logistics -- South Africa , Automobile industry and trade -- South Africa , Interorganizational relations -- South Africa , Trust -- South Africa , Information technology -- South Africa , Prisoner's dilemma game
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: http://hdl.handle.net/10353/668 , vital:26486 , Business logistics -- South Africa , Automobile industry and trade -- South Africa , Interorganizational relations -- South Africa , Trust -- South Africa , Information technology -- South Africa , Prisoner's dilemma game
- Description: The Internet has made a considerable impact on how business is conducted. Empowered by technology consumers are using the Internet as a tool to communicate and transact online. E-commerce (electronic commerce) presents opportunities for business to gain a competitive advantage, however it also posses certain challenges. Small and Medium Hospitality Enterprises (SMHEs) sector within the tourism industry, is one of the sectors which stands to benefit from using the Internet for business. Researchers agree that the contribution made by the tourism sector in developing economies is substantial. However, SMHEs are noted for their failure to derive optimal benefits from using the Internet for business to improve their competitiveness. This study which seeks to develop a model for use by SMHEs as a guide when making the decision to adopt technology was necessitated by the importance of SMHE’s contribution in the economy of developing countries. This model is based on the examination of existing theories and models such as; the Delone and McLean IS success model (2004), and the ITGI’s (2007) IT governance focus areas model. To elicit the desired outcomes, additional data was collected using questionnaires, interviews, and observations. The collected data was analysed and resulted in the development of a model that can be used by SMHEs in order to derive value from IT and to gain a competitive advantage.
- Full Text:
- Date Issued: 2012
Adoption and sustained use of M-Commerce to improve efficacy of construction SMMEs
- Authors: Williams, Zenande
- Date: 2011
- Subjects: Construction industry , Mobile commerce , Small business , Computer-assisted instruction , Interactive videos
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11125 , http://hdl.handle.net/10353/528 , Construction industry , Mobile commerce , Small business , Computer-assisted instruction , Interactive videos
- Description: E-commerce has been said to bring value to businesses by improving business efficiency and effectiveness and thus providing business with a competitive advantage through the potential benefits that it offers (Cloete, Courtney & Fintz, 2002). However, despite the potential benefits that e-commerce can offer, the adoption of B2C e-commerce in South African construction SMMEs is low and this is due to the challenges associated with e-commerce (Vaithanathan, 2010; Uzoka, Shemi & Seleka, 2007; Love & Irani, 2004; Anumba & Ruikar, 2002). These e-commerce challenges include: high implementation costs, lack or poor infrastructure, inadequate resources, low use of e-commerce by suppliers and consumers, lack of access to e-commerce, computer illiteracy, deficiency in understanding the potential benefits of e-commerce and security concerns (Vaithanathan, 2010; Uzoka, Shemi, & Seleka, 2007; Mensah, Bahta, & Mhlanga, 2005; Cloete, Courtney, & Fintz, 2002). Therefore, due to these e-commerce challenges, construction SMMEs do not exploit the business advantages that e-commerce offers. In order to assist South African construction SMMEs in their efforts to improve their business effectiveness and efficiency through commercial technologies.
- Full Text:
- Date Issued: 2011
- Authors: Williams, Zenande
- Date: 2011
- Subjects: Construction industry , Mobile commerce , Small business , Computer-assisted instruction , Interactive videos
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11125 , http://hdl.handle.net/10353/528 , Construction industry , Mobile commerce , Small business , Computer-assisted instruction , Interactive videos
- Description: E-commerce has been said to bring value to businesses by improving business efficiency and effectiveness and thus providing business with a competitive advantage through the potential benefits that it offers (Cloete, Courtney & Fintz, 2002). However, despite the potential benefits that e-commerce can offer, the adoption of B2C e-commerce in South African construction SMMEs is low and this is due to the challenges associated with e-commerce (Vaithanathan, 2010; Uzoka, Shemi & Seleka, 2007; Love & Irani, 2004; Anumba & Ruikar, 2002). These e-commerce challenges include: high implementation costs, lack or poor infrastructure, inadequate resources, low use of e-commerce by suppliers and consumers, lack of access to e-commerce, computer illiteracy, deficiency in understanding the potential benefits of e-commerce and security concerns (Vaithanathan, 2010; Uzoka, Shemi, & Seleka, 2007; Mensah, Bahta, & Mhlanga, 2005; Cloete, Courtney, & Fintz, 2002). Therefore, due to these e-commerce challenges, construction SMMEs do not exploit the business advantages that e-commerce offers. In order to assist South African construction SMMEs in their efforts to improve their business effectiveness and efficiency through commercial technologies.
- Full Text:
- Date Issued: 2011
Critical success factors for user acceptance of telemedicine in South Africa
- Authors: Cilliers, Liezel
- Date: 2010
- Subjects: Telecommunication in medicine , Medical telematics
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11126 , http://hdl.handle.net/10353/384 , Telecommunication in medicine , Medical telematics
- Description: The World Health Organization has recommended Telemedicine to improve health care in developing countries. The objective of this study was to produce Critical Success Factors that will investigate and identify factors that influence the acceptance and continued use of Telemedicine in the Eastern Cape Department of Health, and to suggest ways to sustain this technology from initial adoption (the pilot programme) to full adoption. Sub questions investigated which other facilitating factors, such as management support or previous Information Technology exposure must be present in order for the technology to be adopted successfully. The study made use of a questionnaire to investigate the user acceptance and behaviour of health care workers. A return rate of 76% was achieved. The data was analysed making use of Statistical Package for the Social Sciences (SPSS), specifically the Chi Square test. From these results Critical Success Factors where then formulated to address the problems identified. The Critical Success Factors that were identified include: Implement and disseminate best practice within a legislative framework; Find a champion; Change management strategies; Training; Sustainable finance; Technical issues and Project management principles If these CSFs are addressed before and during the implementation of Telemedicine it will increase the acceptance and use of the technology among health care workers. Critical Success Factors for User Acceptance of Telemedicine in South Africa.
- Full Text:
- Date Issued: 2010
- Authors: Cilliers, Liezel
- Date: 2010
- Subjects: Telecommunication in medicine , Medical telematics
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11126 , http://hdl.handle.net/10353/384 , Telecommunication in medicine , Medical telematics
- Description: The World Health Organization has recommended Telemedicine to improve health care in developing countries. The objective of this study was to produce Critical Success Factors that will investigate and identify factors that influence the acceptance and continued use of Telemedicine in the Eastern Cape Department of Health, and to suggest ways to sustain this technology from initial adoption (the pilot programme) to full adoption. Sub questions investigated which other facilitating factors, such as management support or previous Information Technology exposure must be present in order for the technology to be adopted successfully. The study made use of a questionnaire to investigate the user acceptance and behaviour of health care workers. A return rate of 76% was achieved. The data was analysed making use of Statistical Package for the Social Sciences (SPSS), specifically the Chi Square test. From these results Critical Success Factors where then formulated to address the problems identified. The Critical Success Factors that were identified include: Implement and disseminate best practice within a legislative framework; Find a champion; Change management strategies; Training; Sustainable finance; Technical issues and Project management principles If these CSFs are addressed before and during the implementation of Telemedicine it will increase the acceptance and use of the technology among health care workers. Critical Success Factors for User Acceptance of Telemedicine in South Africa.
- Full Text:
- Date Issued: 2010
E-mail forensic authorship attribution
- Authors: Lalla, Himal
- Date: 2010
- Subjects: Electronic evidence , Electronic mail systems , Authorship , Electronic mail messages , Signatures (Writing) , Writing -- Identification , Forensic accounting
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11128 , http://hdl.handle.net/10353/360 , Electronic evidence , Electronic mail systems , Authorship , Electronic mail messages , Signatures (Writing) , Writing -- Identification , Forensic accounting
- Description: E-mails have become the standard for business as well as personal communication. The inherent security risks within e-mail communication present the problem of anonymity. If an author of an e-mail is not known, the digital forensic investigator needs to determine the authorship of the e-mail using a process that has not been standardised in the e-mail forensic field. This research project examines many problems associated with e-mail communication and the digital forensic domain; more specifically e-mail forensic investigations, and the recovery of legally admissible evidence to be presented in a court of law. The Research Methodology utilised a comprehensive literature review in combination with Design Science which results in the development of an artifact through intensive research. The Proposed E-Mail Forensic Methodology is based on the most current digital forensic investigation process and further validation of the process was established via expert reviews. The opinions of the digital forensic experts were an integral portion of the validation process which adds to the credibility of the study. This was performed through the aid of the Delphi technique. This Proposed E-Mail Forensic Methodology adopts a standardised investigation process applied to an e-mail investigation and takes into account the South African perspective by incorporating various checks with the laws and legislation. By following the Proposed E-mail Forensic Methodology, e-mail forensic investigators can produce evidence that is legally admissible in a court of law.
- Full Text:
- Date Issued: 2010
- Authors: Lalla, Himal
- Date: 2010
- Subjects: Electronic evidence , Electronic mail systems , Authorship , Electronic mail messages , Signatures (Writing) , Writing -- Identification , Forensic accounting
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11128 , http://hdl.handle.net/10353/360 , Electronic evidence , Electronic mail systems , Authorship , Electronic mail messages , Signatures (Writing) , Writing -- Identification , Forensic accounting
- Description: E-mails have become the standard for business as well as personal communication. The inherent security risks within e-mail communication present the problem of anonymity. If an author of an e-mail is not known, the digital forensic investigator needs to determine the authorship of the e-mail using a process that has not been standardised in the e-mail forensic field. This research project examines many problems associated with e-mail communication and the digital forensic domain; more specifically e-mail forensic investigations, and the recovery of legally admissible evidence to be presented in a court of law. The Research Methodology utilised a comprehensive literature review in combination with Design Science which results in the development of an artifact through intensive research. The Proposed E-Mail Forensic Methodology is based on the most current digital forensic investigation process and further validation of the process was established via expert reviews. The opinions of the digital forensic experts were an integral portion of the validation process which adds to the credibility of the study. This was performed through the aid of the Delphi technique. This Proposed E-Mail Forensic Methodology adopts a standardised investigation process applied to an e-mail investigation and takes into account the South African perspective by incorporating various checks with the laws and legislation. By following the Proposed E-mail Forensic Methodology, e-mail forensic investigators can produce evidence that is legally admissible in a court of law.
- Full Text:
- Date Issued: 2010
Phishing within e-commerce: reducing the risk, increasing the trust
- Authors: Megaw, Gregory M
- Date: 2010
- Subjects: Phishing , Identity theft -- Prevention , Electronic commerce , Computer security , Internet -- Safety measures
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11131 , http://hdl.handle.net/10353/376 , Phishing , Identity theft -- Prevention , Electronic commerce , Computer security , Internet -- Safety measures
- Description: E-Commerce has been plagued with problems since its inception and this study examines one of these problems: The lack of user trust in E-Commerce created by the risk of phishing. Phishing has grown exponentially together with the expansion of the Internet. This growth and the advancement of technology has not only benefited honest Internet users, but has enabled criminals to increase their effectiveness which has caused considerable damage to this budding area of commerce. Moreover, it has negatively impacted both the user and online business in breaking down the trust relationship between them. In an attempt to explore this problem, the following was considered: First, E-Commerce’s vulnerability to phishing attacks. By referring to the Common Criteria Security Model, various critical security areas within E-Commerce are identified, as well as the areas of vulnerability and weakness. Second, the methods and techniques used in phishing, such as phishing e-mails, websites and addresses, distributed attacks and redirected attacks, as well as the data that phishers seek to obtain, are examined. Furthermore, the way to reduce the risk of phishing and in turn increase the trust between users and websites is identified. Here the importance of Trust and the Uncertainty Reduction Theory plus the fine balance between trust and control is explored. Finally, the study presents Critical Success Factors that aid in phishing prevention and control, these being: User Authentication, Website Authentication, E-mail Authentication, Data Cryptography, Communication, and Active Risk Mitigation.
- Full Text:
- Date Issued: 2010
- Authors: Megaw, Gregory M
- Date: 2010
- Subjects: Phishing , Identity theft -- Prevention , Electronic commerce , Computer security , Internet -- Safety measures
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11131 , http://hdl.handle.net/10353/376 , Phishing , Identity theft -- Prevention , Electronic commerce , Computer security , Internet -- Safety measures
- Description: E-Commerce has been plagued with problems since its inception and this study examines one of these problems: The lack of user trust in E-Commerce created by the risk of phishing. Phishing has grown exponentially together with the expansion of the Internet. This growth and the advancement of technology has not only benefited honest Internet users, but has enabled criminals to increase their effectiveness which has caused considerable damage to this budding area of commerce. Moreover, it has negatively impacted both the user and online business in breaking down the trust relationship between them. In an attempt to explore this problem, the following was considered: First, E-Commerce’s vulnerability to phishing attacks. By referring to the Common Criteria Security Model, various critical security areas within E-Commerce are identified, as well as the areas of vulnerability and weakness. Second, the methods and techniques used in phishing, such as phishing e-mails, websites and addresses, distributed attacks and redirected attacks, as well as the data that phishers seek to obtain, are examined. Furthermore, the way to reduce the risk of phishing and in turn increase the trust between users and websites is identified. Here the importance of Trust and the Uncertainty Reduction Theory plus the fine balance between trust and control is explored. Finally, the study presents Critical Success Factors that aid in phishing prevention and control, these being: User Authentication, Website Authentication, E-mail Authentication, Data Cryptography, Communication, and Active Risk Mitigation.
- Full Text:
- Date Issued: 2010
Quality assessment of information systems in SMEs: a study of Eldoret Town in Kenya
- Authors: Ndiege, Joshua Rumo Arongo
- Date: 2010
- Subjects: Small business -- Kenya , Financial institutions -- Kenya , Small business -- Kenya -- Data processing , Information technology -- Kenya -- Evaluation
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11132 , http://hdl.handle.net/10353/d1000973 , Small business -- Kenya , Financial institutions -- Kenya , Small business -- Kenya -- Data processing , Information technology -- Kenya -- Evaluation
- Full Text: false
- Date Issued: 2010
- Authors: Ndiege, Joshua Rumo Arongo
- Date: 2010
- Subjects: Small business -- Kenya , Financial institutions -- Kenya , Small business -- Kenya -- Data processing , Information technology -- Kenya -- Evaluation
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11132 , http://hdl.handle.net/10353/d1000973 , Small business -- Kenya , Financial institutions -- Kenya , Small business -- Kenya -- Data processing , Information technology -- Kenya -- Evaluation
- Full Text: false
- Date Issued: 2010
Small hospitality enterprises and the internet: an IT governance model for conducting business online
- Authors: Ngoqo, Bukelwa
- Date: 2010
- Subjects: Hospitality industry -- South Africa , Tourism -- South Africa , Organizational effectiveness -- South Africa , Electronic commerce , Internet , Risk management , Electronic data processing
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11133 , http://hdl.handle.net/10353/382 , Hospitality industry -- South Africa , Tourism -- South Africa , Organizational effectiveness -- South Africa , Electronic commerce , Internet , Risk management , Electronic data processing
- Description: The Internet has made a considerable impact on how business is conducted. Empowered by technology consumers are using the Internet as a tool to communicate and transact online. E-commerce (electronic commerce) presents opportunities for business to gain a competitive advantage, however it also posses certain challenges. Small and Medium Hospitality Enterprises (SMHEs) sector within the tourism industry, is one of the sectors which stands to benefit from using the Internet for business. Researchers agree that the contribution made by the tourism sector in developing economies is substantial. However, SMHEs are noted for their failure to derive optimal benefits from using the Internet for business to improve their competitiveness. This study which seeks to develop a model for use by SMHEs as a guide when making the decision to adopt technology was necessitated by the importance of SMHE’s contribution in the economy of developing countries. This model is based on the examination of existing theories and models such as; the Delone and McLean IS success model (2004), and the ITGI’s (2007) IT governance focus areas model. To elicit the desired outcomes, additional data was collected using questionnaires, interviews, and observations. The collected data was analysed and resulted in the development of a model that can be used by SMHEs in order to derive value from IT and to gain a competitive advantage.
- Full Text:
- Date Issued: 2010
- Authors: Ngoqo, Bukelwa
- Date: 2010
- Subjects: Hospitality industry -- South Africa , Tourism -- South Africa , Organizational effectiveness -- South Africa , Electronic commerce , Internet , Risk management , Electronic data processing
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11133 , http://hdl.handle.net/10353/382 , Hospitality industry -- South Africa , Tourism -- South Africa , Organizational effectiveness -- South Africa , Electronic commerce , Internet , Risk management , Electronic data processing
- Description: The Internet has made a considerable impact on how business is conducted. Empowered by technology consumers are using the Internet as a tool to communicate and transact online. E-commerce (electronic commerce) presents opportunities for business to gain a competitive advantage, however it also posses certain challenges. Small and Medium Hospitality Enterprises (SMHEs) sector within the tourism industry, is one of the sectors which stands to benefit from using the Internet for business. Researchers agree that the contribution made by the tourism sector in developing economies is substantial. However, SMHEs are noted for their failure to derive optimal benefits from using the Internet for business to improve their competitiveness. This study which seeks to develop a model for use by SMHEs as a guide when making the decision to adopt technology was necessitated by the importance of SMHE’s contribution in the economy of developing countries. This model is based on the examination of existing theories and models such as; the Delone and McLean IS success model (2004), and the ITGI’s (2007) IT governance focus areas model. To elicit the desired outcomes, additional data was collected using questionnaires, interviews, and observations. The collected data was analysed and resulted in the development of a model that can be used by SMHEs in order to derive value from IT and to gain a competitive advantage.
- Full Text:
- Date Issued: 2010
A model for user requirements elicitation specific to users in rural areas
- Authors: Isabirye, Naomi
- Date: 2009
- Subjects: Internet marketing , Electronic commerce , Land reform -- South Africa -- Eastern Cape , Sustainable development -- South Africa -- Eastern Cape , Rural poor -- South Africa -- Eastern Cape , Information resources management
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11130 , http://hdl.handle.net/10353/145 , Internet marketing , Electronic commerce , Land reform -- South Africa -- Eastern Cape , Sustainable development -- South Africa -- Eastern Cape , Rural poor -- South Africa -- Eastern Cape , Information resources management
- Description: Dwesa is a rural town situated in South Africa's Eastern Cape Province that has been selected as a testing site for an e-commerce project to address some of the challenges faced by the community. These challenges include difficulties stemming from poverty, poor access to public services, unemployment and low levels of literacy. The Siyakhula Living Lab project’s aim is to develop an e-commerce platform that will 'connect' the residents with the necessary access to services and markets by providing them with the necessary tools that can help in alleviating some of their challenges. In order for the project to achieve its objectives, a deeper understanding into the needs of the prospective users is required. User requirements elicitation deals with the process of interacting with the prospective users to understand and document their needs. This research aims at evaluating existing requirements elicitation techniques and methodologies in the context of rural information technology implementations. The primary objective is to develop a model for user requirements elicitation in Dwesa. Many requirements elicitation techniques and frameworks exist, but few have been evaluated in the context of rural software implementations. Requirements elicitation techniques should not be applied simply as steps to gather information. Instead this research project proposes a model that can be applied to assimilate the contribution of knowledge regarding the stakeholders, problem and solution characteristics, and other characteristics into the software development process for the effective elicitation of requirements.
- Full Text:
- Date Issued: 2009
- Authors: Isabirye, Naomi
- Date: 2009
- Subjects: Internet marketing , Electronic commerce , Land reform -- South Africa -- Eastern Cape , Sustainable development -- South Africa -- Eastern Cape , Rural poor -- South Africa -- Eastern Cape , Information resources management
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11130 , http://hdl.handle.net/10353/145 , Internet marketing , Electronic commerce , Land reform -- South Africa -- Eastern Cape , Sustainable development -- South Africa -- Eastern Cape , Rural poor -- South Africa -- Eastern Cape , Information resources management
- Description: Dwesa is a rural town situated in South Africa's Eastern Cape Province that has been selected as a testing site for an e-commerce project to address some of the challenges faced by the community. These challenges include difficulties stemming from poverty, poor access to public services, unemployment and low levels of literacy. The Siyakhula Living Lab project’s aim is to develop an e-commerce platform that will 'connect' the residents with the necessary access to services and markets by providing them with the necessary tools that can help in alleviating some of their challenges. In order for the project to achieve its objectives, a deeper understanding into the needs of the prospective users is required. User requirements elicitation deals with the process of interacting with the prospective users to understand and document their needs. This research aims at evaluating existing requirements elicitation techniques and methodologies in the context of rural information technology implementations. The primary objective is to develop a model for user requirements elicitation in Dwesa. Many requirements elicitation techniques and frameworks exist, but few have been evaluated in the context of rural software implementations. Requirements elicitation techniques should not be applied simply as steps to gather information. Instead this research project proposes a model that can be applied to assimilate the contribution of knowledge regarding the stakeholders, problem and solution characteristics, and other characteristics into the software development process for the effective elicitation of requirements.
- Full Text:
- Date Issued: 2009
A model to measure the maturuty of smartphone security at software consultancies
- Authors: Allam, Sean
- Date: 2009
- Subjects: Computer networks -- Security measures , Capability maturity model (Computer software) , Smartphones , Wireless Internet , Mobile communication systems , Mobile computing
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11135 , http://hdl.handle.net/10353/281 , Computer networks -- Security measures , Capability maturity model (Computer software) , Smartphones , Wireless Internet , Mobile communication systems , Mobile computing
- Description: Smartphones are proliferating into the workplace at an ever-increasing rate, similarly the threats that they pose is increasing. In an era of constant connectivity and availability, information is freed up of constraints of time and place. This research project delves into the risks introduced by smartphones, and through multiple cases studies, a maturity measurement model is formulated. The model is based on recommendations from two leading information security frameworks, the COBIT 4.1 framework and ISO27002 code of practice. Ultimately, a combination of smartphone specific risks are integrated with key control recommendations, in providing a set of key measurable security maturity components. The subjective opinions of case study respondents are considered a key component in achieving a solution. The solution addresses the concerns of not only policy makers, but also the employees subjected to the security policies. Nurturing security awareness into organisational culture through reinforcement and employee acceptance is highlighted in this research project. Software consultancies can use this model to mitigate risks, while harnessing the potential strategic advantages of mobile computing through smartphone devices. In addition, this research project identifies the critical components of a smartphone security solution. As a result, a model is provided for software consultancies due to the intense reliance on information within these types of organisations. The model can be effectively applied to any information intensive organisation.
- Full Text:
- Date Issued: 2009
- Authors: Allam, Sean
- Date: 2009
- Subjects: Computer networks -- Security measures , Capability maturity model (Computer software) , Smartphones , Wireless Internet , Mobile communication systems , Mobile computing
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11135 , http://hdl.handle.net/10353/281 , Computer networks -- Security measures , Capability maturity model (Computer software) , Smartphones , Wireless Internet , Mobile communication systems , Mobile computing
- Description: Smartphones are proliferating into the workplace at an ever-increasing rate, similarly the threats that they pose is increasing. In an era of constant connectivity and availability, information is freed up of constraints of time and place. This research project delves into the risks introduced by smartphones, and through multiple cases studies, a maturity measurement model is formulated. The model is based on recommendations from two leading information security frameworks, the COBIT 4.1 framework and ISO27002 code of practice. Ultimately, a combination of smartphone specific risks are integrated with key control recommendations, in providing a set of key measurable security maturity components. The subjective opinions of case study respondents are considered a key component in achieving a solution. The solution addresses the concerns of not only policy makers, but also the employees subjected to the security policies. Nurturing security awareness into organisational culture through reinforcement and employee acceptance is highlighted in this research project. Software consultancies can use this model to mitigate risks, while harnessing the potential strategic advantages of mobile computing through smartphone devices. In addition, this research project identifies the critical components of a smartphone security solution. As a result, a model is provided for software consultancies due to the intense reliance on information within these types of organisations. The model can be effectively applied to any information intensive organisation.
- Full Text:
- Date Issued: 2009
Deriving value from IT investments within botique hotels: a Buffalo City case study
- Authors: Mathe, Thabelang
- Date: 2009
- Subjects: Information technology , Hotels -- Finance , Boardinghouses -- Finance , Small business -- South Africa -- Eastern Cape , Small business -- Finance
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11134 , http://hdl.handle.net/10353/d1000975 , Information technology , Hotels -- Finance , Boardinghouses -- Finance , Small business -- South Africa -- Eastern Cape , Small business -- Finance
- Description: Even though many organizations invest in IT, the value that IT is expected to contribute is still not clearly understood. Researchers agree that IT has become a crucial element to business operations and business existence. However, while there is continued investment in new information technologies and systems, organizations are not certain whether significant value is derived from IT investments. The failure to realize good return on IT investments is ascribed to a lack of understanding of IT by organizations and also the failure by organizations to align IT strategies with business strategies. The lack of alignment leads to the failure to match the right IT to the correct task, which leads to the poor application of systems and poor allocation of human resources to tasks. Therefore, organizations such as Small and Medium Enterprises (SMEs) in particular Boutique Hotels, are noted for their failure to derive better IT value. Their unique characteristics are understood to be influential in the way IT is used and managed by affecting the delivery of value from technology. In order to enable Boutique Hotels to derive more value from IT, the IT governance frameworks, Val IT and CobiT (ITGI, 2007), were examined as these integrate good practices to ensure that an organization‘s IT supports the business objectives. In addition, the Task Technology Fit (TTF) (Goodhue and Thompson, 1995) and Gap Analysis (Heeks, 2001) theories were highlighted as these prescribe the platform ideal for more value to be derived from IT. The current status of Boutique Hotels in Buffalo City was assessed through the use of questionnaires and interviews. The collected data was analyzed and resulted in the development of a model that can be used by Boutique Hotels in order to derive more value from IT and to maximize the use of IT.
- Full Text:
- Date Issued: 2009
- Authors: Mathe, Thabelang
- Date: 2009
- Subjects: Information technology , Hotels -- Finance , Boardinghouses -- Finance , Small business -- South Africa -- Eastern Cape , Small business -- Finance
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11134 , http://hdl.handle.net/10353/d1000975 , Information technology , Hotels -- Finance , Boardinghouses -- Finance , Small business -- South Africa -- Eastern Cape , Small business -- Finance
- Description: Even though many organizations invest in IT, the value that IT is expected to contribute is still not clearly understood. Researchers agree that IT has become a crucial element to business operations and business existence. However, while there is continued investment in new information technologies and systems, organizations are not certain whether significant value is derived from IT investments. The failure to realize good return on IT investments is ascribed to a lack of understanding of IT by organizations and also the failure by organizations to align IT strategies with business strategies. The lack of alignment leads to the failure to match the right IT to the correct task, which leads to the poor application of systems and poor allocation of human resources to tasks. Therefore, organizations such as Small and Medium Enterprises (SMEs) in particular Boutique Hotels, are noted for their failure to derive better IT value. Their unique characteristics are understood to be influential in the way IT is used and managed by affecting the delivery of value from technology. In order to enable Boutique Hotels to derive more value from IT, the IT governance frameworks, Val IT and CobiT (ITGI, 2007), were examined as these integrate good practices to ensure that an organization‘s IT supports the business objectives. In addition, the Task Technology Fit (TTF) (Goodhue and Thompson, 1995) and Gap Analysis (Heeks, 2001) theories were highlighted as these prescribe the platform ideal for more value to be derived from IT. The current status of Boutique Hotels in Buffalo City was assessed through the use of questionnaires and interviews. The collected data was analyzed and resulted in the development of a model that can be used by Boutique Hotels in order to derive more value from IT and to maximize the use of IT.
- Full Text:
- Date Issued: 2009
Establishing the benefits of implementing an I.T. project management office in the Nelson Mandela Metropolitan area
- Martin, Michael Ronald Charles
- Authors: Martin, Michael Ronald Charles
- Date: 2007
- Subjects: Project management -- South Africa -- Port Elizabeth -- Computer network resources , Information technology -- South Africa -- Port Elizabeth -- Management
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9266 , http://hdl.handle.net/10948/558 , Project management -- South Africa -- Port Elizabeth -- Computer network resources , Information technology -- South Africa -- Port Elizabeth -- Management
- Description: The well-known concept of a Project Manager managing an I.T. project in relative isolation is no longer a viable option for organisations that are running numerous projects simultaneously. Due to the enormous costs and risks involved in many of these projects, there needs to be a means to ensure success. This has led to the establishment of the concept of a Project Management Office (PMO). An autonomous business unit that is responsible for managing all projects within an organisation. The need for a Project Management Office (PMO) to effectively manage multiple projects is becoming more and more accepted worldwide. The benefits of a PMO are well documented, but whether these benefits will apply to organisations within the NMM area needed to be investigated. A detailed analysis of the benefits of Project Management and in particular a PMO, have been investigated by means of a literature study. An investigation into the effectiveness of PMO’s in South Africa in general, was conducted by means of a survey targeted at a group of I.T. Project Managers located in all the major centres. A further survey was conducted among local I.T. managers to determine their current level of success and their expectations for the future. When reviewing the expectations of local I.T. management against the performance of Project Managers that are currently operating within PMOs, it is clear that organisations within the NMM area are in need of PMO’s and would certainly benefit from their establishment.
- Full Text:
- Date Issued: 2007
- Authors: Martin, Michael Ronald Charles
- Date: 2007
- Subjects: Project management -- South Africa -- Port Elizabeth -- Computer network resources , Information technology -- South Africa -- Port Elizabeth -- Management
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: vital:9266 , http://hdl.handle.net/10948/558 , Project management -- South Africa -- Port Elizabeth -- Computer network resources , Information technology -- South Africa -- Port Elizabeth -- Management
- Description: The well-known concept of a Project Manager managing an I.T. project in relative isolation is no longer a viable option for organisations that are running numerous projects simultaneously. Due to the enormous costs and risks involved in many of these projects, there needs to be a means to ensure success. This has led to the establishment of the concept of a Project Management Office (PMO). An autonomous business unit that is responsible for managing all projects within an organisation. The need for a Project Management Office (PMO) to effectively manage multiple projects is becoming more and more accepted worldwide. The benefits of a PMO are well documented, but whether these benefits will apply to organisations within the NMM area needed to be investigated. A detailed analysis of the benefits of Project Management and in particular a PMO, have been investigated by means of a literature study. An investigation into the effectiveness of PMO’s in South Africa in general, was conducted by means of a survey targeted at a group of I.T. Project Managers located in all the major centres. A further survey was conducted among local I.T. managers to determine their current level of success and their expectations for the future. When reviewing the expectations of local I.T. management against the performance of Project Managers that are currently operating within PMOs, it is clear that organisations within the NMM area are in need of PMO’s and would certainly benefit from their establishment.
- Full Text:
- Date Issued: 2007
- «
- ‹
- 1
- ›
- »