Protection of personal information in the South African cloud computing environment: a framework for cloud computing adoption
- Authors: Skolmen, Dayne Edward
- Date: 2016
- Subjects: Cloud computing -- Security measures Data protection -- Law and legislation -- South Africa , Privacy, Right of
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: http://hdl.handle.net/10948/12747 , vital:27117
- Description: Cloud Computing has advanced to the point where it may be considered an attractive proposition for an increasing number of South African organisations, yet the adoption of Cloud Computing in South Africa remains relatively low. Many organisations have been hesitant to adopt Cloud solutions owing to a variety of inhibiting factors and concerns that have created mistrust in Cloud Computing. One of the top concerns identified is security within the Cloud Computing environment. The approaching commencement of new data protection legislation in South Africa, known as the Protection of Personal Information Act (POPI), may provide an ideal opportunity to address the information security-related inhibiting factors and foster a trust relationship between potential Cloud users and Cloud providers. POPI applies to anyone who processes personal information and regulates how they must handle, store and secure that information. POPI is considered to be beneficial to Cloud providers as it gives them the opportunity to build trust with potential Cloud users through achieving compliance and providing assurance. The aim of this dissertation is, therefore, to develop a framework for Cloud Computing adoption that will assist in mitigating the information security-related factors inhibiting Cloud adoption by fostering a trust relationship through compliance with the POPI Act. It is believed that such a framework would be useful to South African Cloud providers and could ultimately assist in the promotion of Cloud adoption in South Africa.
- Full Text:
- Date Issued: 2016
- Authors: Skolmen, Dayne Edward
- Date: 2016
- Subjects: Cloud computing -- Security measures Data protection -- Law and legislation -- South Africa , Privacy, Right of
- Language: English
- Type: Thesis , Masters , MTech
- Identifier: http://hdl.handle.net/10948/12747 , vital:27117
- Description: Cloud Computing has advanced to the point where it may be considered an attractive proposition for an increasing number of South African organisations, yet the adoption of Cloud Computing in South Africa remains relatively low. Many organisations have been hesitant to adopt Cloud solutions owing to a variety of inhibiting factors and concerns that have created mistrust in Cloud Computing. One of the top concerns identified is security within the Cloud Computing environment. The approaching commencement of new data protection legislation in South Africa, known as the Protection of Personal Information Act (POPI), may provide an ideal opportunity to address the information security-related inhibiting factors and foster a trust relationship between potential Cloud users and Cloud providers. POPI applies to anyone who processes personal information and regulates how they must handle, store and secure that information. POPI is considered to be beneficial to Cloud providers as it gives them the opportunity to build trust with potential Cloud users through achieving compliance and providing assurance. The aim of this dissertation is, therefore, to develop a framework for Cloud Computing adoption that will assist in mitigating the information security-related factors inhibiting Cloud adoption by fostering a trust relationship through compliance with the POPI Act. It is believed that such a framework would be useful to South African Cloud providers and could ultimately assist in the promotion of Cloud adoption in South Africa.
- Full Text:
- Date Issued: 2016
An information privacy model for primary health care facilities
- Authors: Boucher, Duane Eric
- Date: 2013
- Subjects: Data protection , Privacy, Right of , Medical records -- Access control , Primary health care , Medical care , Caregivers , Community health nursing , Confidential communications , Information technology -- Management
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11139 , http://hdl.handle.net/10353/d1007181 , Data protection , Privacy, Right of , Medical records -- Access control , Primary health care , Medical care , Caregivers , Community health nursing , Confidential communications , Information technology -- Management
- Description: The revolutionary migration within the health care sector towards the digitisation of medical records for convenience or compliance touches on many concerns with respect to ensuring the security of patient personally identifiable information (PII). Foremost of these is that a patient’s right to privacy is not violated. To this end, it is necessary that health care practitioners have a clear understanding of the various constructs of privacy in order to ensure privacy compliance is maintained. This research project focuses on an investigation of privacy from a multidisciplinary philosophical perspective to highlight the constructs of information privacy. These constructs together with a discussion focused on the confidentiality and accessibility of medical records results in the development of an artefact represented in the format of a model. The formulation of the model is accomplished by making use of the Design Science research guidelines for artefact development. Part of the process required that the artefact be refined through the use of an Expert Review Process. This involved an iterative (three phase) process which required (seven) experts from the fields of privacy, information security, and health care to respond to semi-structured questions administered with an interview guide. The data analysis process utilised the ISO/IEC 29100:2011(E) standard on privacy as a means to assign thematic codes to the responses, which were then analysed. The proposed information privacy model was discussed in relation to the compliance requirements of the South African Protection of Personal Information (PoPI) Bill of 2009 and their application in a primary health care facility. The proposed information privacy model provides a holistic view of privacy management that can residually be used to increase awareness associated with the compliance requirements of using patient PII.
- Full Text:
- Date Issued: 2013
- Authors: Boucher, Duane Eric
- Date: 2013
- Subjects: Data protection , Privacy, Right of , Medical records -- Access control , Primary health care , Medical care , Caregivers , Community health nursing , Confidential communications , Information technology -- Management
- Language: English
- Type: Thesis , Masters , MCom (Information Systems)
- Identifier: vital:11139 , http://hdl.handle.net/10353/d1007181 , Data protection , Privacy, Right of , Medical records -- Access control , Primary health care , Medical care , Caregivers , Community health nursing , Confidential communications , Information technology -- Management
- Description: The revolutionary migration within the health care sector towards the digitisation of medical records for convenience or compliance touches on many concerns with respect to ensuring the security of patient personally identifiable information (PII). Foremost of these is that a patient’s right to privacy is not violated. To this end, it is necessary that health care practitioners have a clear understanding of the various constructs of privacy in order to ensure privacy compliance is maintained. This research project focuses on an investigation of privacy from a multidisciplinary philosophical perspective to highlight the constructs of information privacy. These constructs together with a discussion focused on the confidentiality and accessibility of medical records results in the development of an artefact represented in the format of a model. The formulation of the model is accomplished by making use of the Design Science research guidelines for artefact development. Part of the process required that the artefact be refined through the use of an Expert Review Process. This involved an iterative (three phase) process which required (seven) experts from the fields of privacy, information security, and health care to respond to semi-structured questions administered with an interview guide. The data analysis process utilised the ISO/IEC 29100:2011(E) standard on privacy as a means to assign thematic codes to the responses, which were then analysed. The proposed information privacy model was discussed in relation to the compliance requirements of the South African Protection of Personal Information (PoPI) Bill of 2009 and their application in a primary health care facility. The proposed information privacy model provides a holistic view of privacy management that can residually be used to increase awareness associated with the compliance requirements of using patient PII.
- Full Text:
- Date Issued: 2013
An investigation of issues of privacy, anonymity and multi-factor authentication in an open environment
- Authors: Miles, Shaun Graeme
- Date: 2012-06-20
- Subjects: Electronic data processing departments -- Security measures , Electronic data processing departments , Privacy, Right of , Computer security , Data protection , Computers -- Access control
- Language: English
- Type: Thesis , Masters , MSc
- Identifier: vital:4656 , http://hdl.handle.net/10962/d1006653 , Electronic data processing departments -- Security measures , Electronic data processing departments , Privacy, Right of , Computer security , Data protection , Computers -- Access control
- Description: This thesis performs an investigation into issues concerning the broad area ofIdentity and Access Management, with a focus on open environments. Through literature research the issues of privacy, anonymity and access control are identified. The issue of privacy is an inherent problem due to the nature of the digital network environment. Information can be duplicated and modified regardless of the wishes and intentions ofthe owner of that information unless proper measures are taken to secure the environment. Once information is published or divulged on the network, there is very little way of controlling the subsequent usage of that information. To address this issue a model for privacy is presented that follows the user centric paradigm of meta-identity. The lack of anonymity, where security measures can be thwarted through the observation of the environment, is a concern for users and systems. By an attacker observing the communication channel and monitoring the interactions between users and systems over a long enough period of time, it is possible to infer knowledge about the users and systems. This knowledge is used to build an identity profile of potential victims to be used in subsequent attacks. To address the problem, mechanisms for providing an acceptable level of anonymity while maintaining adequate accountability (from a legal standpoint) are explored. In terms of access control, the inherent weakness of single factor authentication mechanisms is discussed. The typical mechanism is the user-name and password pair, which provides a single point of failure. By increasing the factors used in authentication, the amount of work required to compromise the system increases non-linearly. Within an open network, several aspects hinder wide scale adoption and use of multi-factor authentication schemes, such as token management and the impact on usability. The framework is developed from a Utopian point of view, with the aim of being applicable to many situations as opposed to a single specific domain. The framework incorporates multi-factor authentication over multiple paths using mobile phones and GSM networks, and explores the usefulness of such an approach. The models are in tum analysed, providing a discussion into the assumptions made and the problems faced by each model. , Adobe Acrobat Pro 9.5.1 , Adobe Acrobat 9.51 Paper Capture Plug-in
- Full Text:
- Authors: Miles, Shaun Graeme
- Date: 2012-06-20
- Subjects: Electronic data processing departments -- Security measures , Electronic data processing departments , Privacy, Right of , Computer security , Data protection , Computers -- Access control
- Language: English
- Type: Thesis , Masters , MSc
- Identifier: vital:4656 , http://hdl.handle.net/10962/d1006653 , Electronic data processing departments -- Security measures , Electronic data processing departments , Privacy, Right of , Computer security , Data protection , Computers -- Access control
- Description: This thesis performs an investigation into issues concerning the broad area ofIdentity and Access Management, with a focus on open environments. Through literature research the issues of privacy, anonymity and access control are identified. The issue of privacy is an inherent problem due to the nature of the digital network environment. Information can be duplicated and modified regardless of the wishes and intentions ofthe owner of that information unless proper measures are taken to secure the environment. Once information is published or divulged on the network, there is very little way of controlling the subsequent usage of that information. To address this issue a model for privacy is presented that follows the user centric paradigm of meta-identity. The lack of anonymity, where security measures can be thwarted through the observation of the environment, is a concern for users and systems. By an attacker observing the communication channel and monitoring the interactions between users and systems over a long enough period of time, it is possible to infer knowledge about the users and systems. This knowledge is used to build an identity profile of potential victims to be used in subsequent attacks. To address the problem, mechanisms for providing an acceptable level of anonymity while maintaining adequate accountability (from a legal standpoint) are explored. In terms of access control, the inherent weakness of single factor authentication mechanisms is discussed. The typical mechanism is the user-name and password pair, which provides a single point of failure. By increasing the factors used in authentication, the amount of work required to compromise the system increases non-linearly. Within an open network, several aspects hinder wide scale adoption and use of multi-factor authentication schemes, such as token management and the impact on usability. The framework is developed from a Utopian point of view, with the aim of being applicable to many situations as opposed to a single specific domain. The framework incorporates multi-factor authentication over multiple paths using mobile phones and GSM networks, and explores the usefulness of such an approach. The models are in tum analysed, providing a discussion into the assumptions made and the problems faced by each model. , Adobe Acrobat Pro 9.5.1 , Adobe Acrobat 9.51 Paper Capture Plug-in
- Full Text:
Freedom of the press, or the infringement of the right to privacy?: media coverage of President Kgalema Motlanthe from October 2008 to April 2009 in three newspapers
- Authors: Gamlashe, Thembinkosi
- Date: 2012
- Subjects: Freedom of the press , Privacy, Right of , Press law , Data protection -- Law and legislation
- Language: English
- Type: Thesis , Masters , MA
- Identifier: vital:8402 , http://hdl.handle.net/10948/d1010118 , Freedom of the press , Privacy, Right of , Press law , Data protection -- Law and legislation
- Description: The researcher attempts to assess in which respect the privacy of former President Kgalema Motlanthe may have been invaded during his presidency, in view of journalistic ethics and press codes currently in effect. The study will explore media practices based on media freedom at the time of publication, and assess whether this freedom is understood to suggest the infringement of the right to privacy in the coverage of the private lives of politicians in the media. This study will therefore examine a sample of articles from the Sunday Times, City Press and Mail and Guardian, covering former President Kgalema Motlanthe’s public behaviour that related to his private life, assess which aspects of his demeanour became the subject of media coverage, and correlate such reporting trends with fluctuations in his political career. The researcher will focus on the period when Kgalema Motlanthe was at the helm as the Head of State – from October 2008 to April 2009, and consider particularly the trends in the sampled press reports regarding his private life. The study furthermore examines some of the legislative and normative changes that affected the media in South Africa after democratisation, to correlate the trends observed in the press coverage with legislation. This further serves to identify possible gray areas that arise from reporting on the freedom of the press and may lead to the invasion of privacy.
- Full Text:
- Date Issued: 2012
- Authors: Gamlashe, Thembinkosi
- Date: 2012
- Subjects: Freedom of the press , Privacy, Right of , Press law , Data protection -- Law and legislation
- Language: English
- Type: Thesis , Masters , MA
- Identifier: vital:8402 , http://hdl.handle.net/10948/d1010118 , Freedom of the press , Privacy, Right of , Press law , Data protection -- Law and legislation
- Description: The researcher attempts to assess in which respect the privacy of former President Kgalema Motlanthe may have been invaded during his presidency, in view of journalistic ethics and press codes currently in effect. The study will explore media practices based on media freedom at the time of publication, and assess whether this freedom is understood to suggest the infringement of the right to privacy in the coverage of the private lives of politicians in the media. This study will therefore examine a sample of articles from the Sunday Times, City Press and Mail and Guardian, covering former President Kgalema Motlanthe’s public behaviour that related to his private life, assess which aspects of his demeanour became the subject of media coverage, and correlate such reporting trends with fluctuations in his political career. The researcher will focus on the period when Kgalema Motlanthe was at the helm as the Head of State – from October 2008 to April 2009, and consider particularly the trends in the sampled press reports regarding his private life. The study furthermore examines some of the legislative and normative changes that affected the media in South Africa after democratisation, to correlate the trends observed in the press coverage with legislation. This further serves to identify possible gray areas that arise from reporting on the freedom of the press and may lead to the invasion of privacy.
- Full Text:
- Date Issued: 2012
Email security policy implementation in multinational organisations with special reference to privacy laws
- Authors: Dixon, Henry George
- Date: 2003
- Subjects: Electronic mail systems -- Security measures , Privacy, Right of , Electronic mail systems -- Management , Electronic mail systems -- Law and legislation
- Language: English
- Type: Thesis , Masters , MTech (Business Information Systems)
- Identifier: vital:10790 , http://hdl.handle.net/10948/229 , Electronic mail systems -- Security measures , Privacy, Right of , Electronic mail systems -- Management , Electronic mail systems -- Law and legislation
- Description: In 1971, scientist Ray Tomlinson sent what is now considered the first email message. It was considered as “nothing short of revolutionary … deserv[ing] a spot in the list of great communication inventions such as the printing press, telegraph and telephone” (Festa, 2001). Whereas email was first used exclusively in the military (Arpanet) and in academic circles, it has now become almost ubiquitous, used widely for private, as well as for business correspondence. According to a Berkeley study (Berkeley, 2000), there were approximately 440 million corporate and personal [e-] mailboxes worldwide in 2001, of which more than a third was corporate mailboxes. As a result of the extensive use of email in the corporate environment, Information Officers have to ensure that the use of email adds business value. In an “always on” market place, the efficiency, immediacy and cost effectiveness of email communication are immediately evident. A study by Ferris Research, quoted by Nchor (2001), shows that there is “an overall productivity gain of US$9000 per employee as they send and receive emails to get projects done.” However, the use of email in the corporate envi-ronment also poses business risks that need to be uniquely addressed. Among these “key business risks” (Surfcontrol, 2001) are security risks, viruses, legal liability, pro-ductivity loss and bandwidth abuse. To address the risks mentioned above and to protect the business value of email, spe-cific policies have to be implemented that address email usage. Information Security Policies are defined in most corporate environments. In a study done by Elron Soft-ware (2001), 83% of respondents who have abused email have company policies regu-lating email usage. There appears to be a gap between policy conception and policy implementation. Various factors inhibit effective policy implementation – ethical, legal and cultural. The implementation of corporate policy becomes especially complex in multinational environments where differing information law Email usage is ubiquitous in the modern business environment, but few companies adequately manage the risks associated with email.
- Full Text:
- Date Issued: 2003
- Authors: Dixon, Henry George
- Date: 2003
- Subjects: Electronic mail systems -- Security measures , Privacy, Right of , Electronic mail systems -- Management , Electronic mail systems -- Law and legislation
- Language: English
- Type: Thesis , Masters , MTech (Business Information Systems)
- Identifier: vital:10790 , http://hdl.handle.net/10948/229 , Electronic mail systems -- Security measures , Privacy, Right of , Electronic mail systems -- Management , Electronic mail systems -- Law and legislation
- Description: In 1971, scientist Ray Tomlinson sent what is now considered the first email message. It was considered as “nothing short of revolutionary … deserv[ing] a spot in the list of great communication inventions such as the printing press, telegraph and telephone” (Festa, 2001). Whereas email was first used exclusively in the military (Arpanet) and in academic circles, it has now become almost ubiquitous, used widely for private, as well as for business correspondence. According to a Berkeley study (Berkeley, 2000), there were approximately 440 million corporate and personal [e-] mailboxes worldwide in 2001, of which more than a third was corporate mailboxes. As a result of the extensive use of email in the corporate environment, Information Officers have to ensure that the use of email adds business value. In an “always on” market place, the efficiency, immediacy and cost effectiveness of email communication are immediately evident. A study by Ferris Research, quoted by Nchor (2001), shows that there is “an overall productivity gain of US$9000 per employee as they send and receive emails to get projects done.” However, the use of email in the corporate envi-ronment also poses business risks that need to be uniquely addressed. Among these “key business risks” (Surfcontrol, 2001) are security risks, viruses, legal liability, pro-ductivity loss and bandwidth abuse. To address the risks mentioned above and to protect the business value of email, spe-cific policies have to be implemented that address email usage. Information Security Policies are defined in most corporate environments. In a study done by Elron Soft-ware (2001), 83% of respondents who have abused email have company policies regu-lating email usage. There appears to be a gap between policy conception and policy implementation. Various factors inhibit effective policy implementation – ethical, legal and cultural. The implementation of corporate policy becomes especially complex in multinational environments where differing information law Email usage is ubiquitous in the modern business environment, but few companies adequately manage the risks associated with email.
- Full Text:
- Date Issued: 2003
WSP3: a web service model for personal privacy protection
- Authors: Ophoff, Jacobus Albertus
- Date: 2003
- Subjects: Data protection , Computer security , Privacy, Right of
- Language: English
- Type: Thesis , Masters , MTech (Information Technology)
- Identifier: vital:10798 , http://hdl.handle.net/10948/272 , Data protection , Computer security , Privacy, Right of
- Description: The prevalent use of the Internet not only brings with it numerous advantages, but also some drawbacks. The biggest of these problems is the threat to the individual’s personal privacy. This privacy issue is playing a growing role with respect to technological advancements. While new service-based technologies are considerably increasing the scope of information flow, the cost is a loss of control over personal information and therefore privacy. Existing privacy protection measures might fail to provide effective privacy protection in these new environments. This dissertation focuses on the use of new technologies to improve the levels of personal privacy. In this regard the WSP3 (Web Service Model for Personal Privacy Protection) model is formulated. This model proposes a privacy protection scheme using Web Services. Having received tremendous industry backing, Web Services is a very topical technology, promising much in the evolution of the Internet. In our society privacy is highly valued and a very important issue. Protecting personal privacy in environments using new technologies is crucial for their future success. These facts, combined with the detail that the WSP3 model focusses on Web Service environments, lead to the following realizations for the model: The WSP3 model provides users with control over their personal information and allows them to express their desired level of privacy. Parties requiring access to a user’s information are explicitly defined by the user, as well as the information available to them. The WSP3 model utilizes a Web Services architecture to provide privacy protection. In addition, it integrates security techniques, such as cryptography, into the architecture as required. The WSP3 model integrates with current standards to maintain their benefits. This allows the implementation of the model in any environment supporting these base technologies. In addition, the research involves the development of a prototype according to the model. This prototype serves to present a proof-of-concept by illustrating the WSP3 model and all the technologies involved. The WSP3 model gives users control over their privacy and allows everyone to decide their own level of protection. By incorporating Web Services, the model also shows how new technologies can be used to offer solutions to existing problem areas.
- Full Text:
- Date Issued: 2003
- Authors: Ophoff, Jacobus Albertus
- Date: 2003
- Subjects: Data protection , Computer security , Privacy, Right of
- Language: English
- Type: Thesis , Masters , MTech (Information Technology)
- Identifier: vital:10798 , http://hdl.handle.net/10948/272 , Data protection , Computer security , Privacy, Right of
- Description: The prevalent use of the Internet not only brings with it numerous advantages, but also some drawbacks. The biggest of these problems is the threat to the individual’s personal privacy. This privacy issue is playing a growing role with respect to technological advancements. While new service-based technologies are considerably increasing the scope of information flow, the cost is a loss of control over personal information and therefore privacy. Existing privacy protection measures might fail to provide effective privacy protection in these new environments. This dissertation focuses on the use of new technologies to improve the levels of personal privacy. In this regard the WSP3 (Web Service Model for Personal Privacy Protection) model is formulated. This model proposes a privacy protection scheme using Web Services. Having received tremendous industry backing, Web Services is a very topical technology, promising much in the evolution of the Internet. In our society privacy is highly valued and a very important issue. Protecting personal privacy in environments using new technologies is crucial for their future success. These facts, combined with the detail that the WSP3 model focusses on Web Service environments, lead to the following realizations for the model: The WSP3 model provides users with control over their personal information and allows them to express their desired level of privacy. Parties requiring access to a user’s information are explicitly defined by the user, as well as the information available to them. The WSP3 model utilizes a Web Services architecture to provide privacy protection. In addition, it integrates security techniques, such as cryptography, into the architecture as required. The WSP3 model integrates with current standards to maintain their benefits. This allows the implementation of the model in any environment supporting these base technologies. In addition, the research involves the development of a prototype according to the model. This prototype serves to present a proof-of-concept by illustrating the WSP3 model and all the technologies involved. The WSP3 model gives users control over their privacy and allows everyone to decide their own level of protection. By incorporating Web Services, the model also shows how new technologies can be used to offer solutions to existing problem areas.
- Full Text:
- Date Issued: 2003
- «
- ‹
- 1
- ›
- »