Les Labuschagne

• DCom Informatics
• Managing Director at University of South Africa

With the launch of a new academic journal it is timely to reflect on the content and scope of the journal. JoRMA is the Journal of Research Management and Administration – but what is Research Management and Administration (RMA) and why might it deserve your attention?

Erratum to: J.H.P. Eloff et al. (Eds.) Information Security Management & Small Systems Security DOI: 10.1007/978-0-387-35575-7

This paper focuses on the use of cognitive approaches for digital forensic readiness planning. Research has revealed that a well-thought-out and legally contextualized digital forensic readiness strategy can provide organizations with an increased ability to respond to security incidents while maintaining the integrity of the evidence gathered and...

The ever-growing threats of fraud and security incidents present many challenges to law enforcement and organisations across the globe. This has given rise to the need for organisations to build effective incident management strategies, which will enhance the company's reactive capability to security incidents. The aim of this paper is to propose p...

Although electronic business (EB) has become firmly entrenched in the global economy as an indispensable business tool and business development, countless organisations are still struggling to unravel certain IT-related concepts, as well as where these concepts fit into their business scenarios. For a traditional business to heave its entire operat...

Information technology (IT) projects have a poor reputation when it comes to success stories. IT projects are very risky but can deliver returns on investment unheard of in other fields. To improve the chances of completing an IT project successfully, project risk management becomes even more important. This article makes a number of suggestions to...

Information technology (IT) projects are often perceived as adding little or no organisational value despite substantial investments being made. The non-adoption of governance principles might contribute to this perception as unfeasible projects are often approved and initiated without proper discourse. To test this statement, 16 semi-structured in...

Many large organisations find it difficult to develop an e-commerce strategy. Senior management should first develop a comprehensive understanding of what it means to become e-commerce enabled before deciding whether or not to pursue that route. With e-commerce comes major changes that must be carefully planned and coordinated to avoid chaos and co...

Purpose: The article focuses on organisations' capability to deliver their vision and strategies through the use of project management and, in particular, the project delivery capability of organisations themselves. Problem investigated: Although quantitative evidence does exist that organisations do receive value from project management, the trac...

Most organisations considering the adoption of electronic commerce (EC) need to undergo a paradigm shift. The rules that usually govern business change when engaging in cyber trade. In terms of security, a similar paradigm shift needs to take place. In EC, security is no longer the protector, but has become the enabler. This article looks at what i...

Purpose: In developing countries such as South Africa, many organisations are reliant on information and communication technology (ICT) to provide accurate, relevant and timely information. For organisations to obtain and sustain a competitive advantage, ICT systems are constantly implemented, upgraded, modified or replaced. These initiatives are o...

Organisations initiate and execute projects at an ever-increasing rate in order to achieve their strategic intentions. Many of these, however, find it difficult to measure the contribution that these projects make towards the realisation of the organisational vision. In order to effect these changes in a cumulatively beneficial way, a holistic appr...

Several factors have combined to draw attention to the importance of sponsoring projects and programs. One factor is that after several decades of attempting to improve success rates of projects by focusing on project-based management and the project management competence of practitioners, convincing evidence demonstrates that success or failure of...

International Federation for Information Processing The IFIP series publishes state-of-the-art results in the sciences and technologies of information and communication. The scope of the series includes: foundations of computer science; software theory and practice; education; computer applications in technology; communication systems; systems mode...

Small, medium and micro enterprises (SMMEs) in South Africa contribute over 40% to the gross domestic product. However, these organisations have a failure rate of 80%, mostly due to a lack of management skills. SMMEs also do not aspire to corporate governance standards for these management skills due to the lack of awareness of corporate governance...

________________________________________________________________________________________________ Organisations wanting to conduct information security risk analysis may find selecting a methodology problematic. Currently there are numerous risk analysis methodologies available, some of which are qualitative while others are more quantitative in nat...

Purpose This article seeks to provide a conceptual model that explains the complexity of an enterprise resource planning (ERP) system to general and project managers in a non‐technical manner that is easily understood. Design/methodology/approach The 4Ps business model serves as a starting‐point to derive the ERP model because most managers are fa...

ABSTRACT This article provides an information ,security framework ,that can become ,an integrated ,process within an ERP system to support corporate governance. A generic information security framework,servesas a starting point to develop a specific ERP

With COBIT and ITIL at the forefront of IT governance and IT service management, respectively, there is a need to establish if ITIL Security Management complies with COBIT DS5. This paper investigates the possible compliance and any related issues by comparing the requirements of COBIT DS5 against the measures of ITIL Security Management. Results i...

Organisations have over the last couple of years become more aware of the importance of information security risk management and its corresponding due diligence requirements. A cornucopia of information security risk management approaches exist that can assist organisations in determining and controlling risks. However, with these choices organisat...

Computer users are exposed to technology mainly through user interfaces. Most users' perceptions are based on their experience with these interfaces. HCI (human computer interaction) is concerned with these interfaces and how they can be improved. Considerable research has been conducted and major advances have been made in the area of HCI. Informa...

Information security is being sited by many surveys as the biggest inhibitor of electronic commerce (EC), yet when looking at security technologies, this does not seem to hold true. There are many horror, as well as success stories abound which makes it difficult to judge whether security

The major reason why most people are still sceptical about electronic commerce is the perceived security risks associated with electronic transactions over the Internet. The Internet, however, holds many opportunities that could mean survival or competitive advantage for many organisations. To exploit these opportunities, it is important to first a...

This paper suggests a framework that can be used to identify the security requirements for a specific electronic commerce environment. The first step is to identify all the security requirements applicable to this environment. Next, all participants need to be identified. This is following by breaking down the transactions to different autonomous a...

In current times, sending confidential data over the Internet is becoming more commonplace every day. The process of sending confidential data over the Internet is, however, concomitant with great effort: encryption algorithms have to be incorporated and encryption key management and distribution have to take place. Wouldn’t it be easier, more secu...

The 7th Annual Working Conference of ISMSSS (lnformation Security Management and Small Systems Security), jointly presented by WG 11.1 and WG 11.2 of the International Federation for Information Processing {IFIP), focuses on various state-of-art concepts in the two relevant fields. The conference focuses on technical, functional as well as manageri...

As the advantages of being connected to the Internet multiply, so do the risks. Various techniques have, for example, been devised to infiltrate networks connected to the Internet. New vulnerabilities are created and exploited daily. By analysing a communication ses- sion in real time, it is possible to detect attacks as they are being launched. Th...

Using new concepts, such as those on which Java is based, it is now possible to define a new framework within which risk analyses can be performed on electronic communications. In order truly to be effective, risk analyses must be done in real time, owing to the dynamic nature of open, distributed public networks. The strength of these public netwo...

Although there are many different aspects to consider when looking at IT security, one of the most tried and trusted methods of ensuring the safety of systems and data is to control people's access to them. In this article the various complementary system-access control mechanisms will be discussed. In addition, this article is aimed at demonstrati...

Conventional risk analysis methodologies are aimed at the identification of suitable countermeasures for specific risks. In the past, many risk analysis methodologies failed to come up to expectations. The analysis of some commercial methodologies identified key problem areas. This paper proposes a categorization method which was used to investigat...

The past decade has shown the importance of information security, with special emphasis on network security, disaster recovery and risk management. A number of automated approaches for the facilitation of a risk analysis study have appeared on the software market. Organizations today face the difficult task not only of executing a risk analysis stu...

Organisations are under constant pressure from governments and industry to implement risk management methods. There are various information security risk management methods available that organisations can implement, and each has different approaches to identifying, measuring, controlling and monitoring the information security risks. Organisations...

The success rate of IT projects remains questionable as do the benefits that an organisation receives from any IT project. The 2006 CHAOS report states that only one in three IT projects is a success and contributes to the overall success of an organisation. A similar study was conducted in South Africa to determine how the IT project management ma...

In recent years, attention has been called to the importance of having a project or program advocate, or sponsor. After several decades of attempting to improve success rates of projects by focusing on project managers, evidence suggests that success or failure of projects is not entirely within the control of the project manager and project team,...