Mm Eloff

• University of South Africa

For businesses to benefit from the many opportunities of cloud computing, they must first address a number of security challenges, such as the potential leakage of confidential data to unintended third parties. An inter‐VM (where VM is virtual machine) attack, also known as cross‐VM attack, is one threat through which cloud‐hosted confidential data...

The paper presents a validated socio-technical information security (STInfoSec) framework for the development of online information security (InfoSec) applications. The framework addresses both social and technical aspects of InfoSec design. The preliminary framework was developed using a mixed methods research design that collected data from 540 s...

The increasing demand for online and real-time interaction with IT infrastructures by end users is facilitated by the proliferation of user-centric devices such as laptops, iPods, iPads, and smartphones. This trend is furthermore propounded by the plethora of apps downloadable to end user devices mostly within mobile-cum-cloud environments. It is c...

To allow access to educational information for all people, including those with disabilities, the Internet and websites should be accessible and usable. Websites should provide timely and precise information effectively, efficiently and satisfactorily. Accessible and usable websites will create the necessary platforms for students to learn at open...

Online banking is a critical service offered by financial institutions to their clientele to facilitate easier and faster access to financial services and transactions. Banks currently spend huge amounts of money on development and maintenance of websites and backend systems that offer online banking facilities to clients. Here we address the effec...

This paper investigates how to effectively stop an attacker from using compromised user credentials to gain authorized entry to systems that they are otherwise not authorised to access. The proposed solution extends previous work to move beyond a risk-based multi-factor authentication system. It adds a behavioural analytics component that uses keys...

The main objective of this paper is to present a preliminary socio-technical information security (STInfoSec) framework for the development of online information security applications that addresses both social and technical aspects of information security design. The paper looks at theoretical aspects related to a view of information security as a...

MANETs are exp osed to numerous security threats due to their characteristic features, which include absence of centralised control unit, open communication media, infrastructure-less and dynamic topology. One of commonest attack is known as black hole attack, which mostly targets the MANETs reactive routing protocols, such as AODV and DSR. Simulat...

The main objective of this paper is to investigate the factors that influence users' adoption and acceptance of online banking in South Africa, based on 324 respondents' current perceptions of the service. This paper reports empirical findings of an exploratory study in South Africa. The findings confirm security risk as main concern, while conveni...

The Protection of Personal Information (PoPI) Act was created to promote the constitutional right to privacy in South Africa by safeguarding personal identifiable information (PII). This Act respects the right to privacy of customers and employees and also acknowledges the need for businesses to collect and use personal information[1]. Having this...

Cloud lntrastructures are vulnerable to serious data leakage threats. Tenants with conflicting interests, residing on a shared cloud infrastructure, can potentially view the data of other potentially conflicting tenants' by means of inter-VM attacks. This paper discusses an innovative solution to overcome this data leakage problem by proposing the...

The recent adoption of the privacy law, Protection of Personal Information (PoPI) Act in South Africa, mandates notable changes from both government departments and the public sector when dealing with personal identifiable information (PII). Recent research has shown that the level of change still required to comply with the new Act is significant....

The main purpose of this paper is to propose a heuristic model for usable and secure online banking. The model is based on identified heuristics that contribute to the design of usable security in the context of online banking security. Little research has focused on the balance between usability and security in online banking authentication mechan...

A wireless Mobile Ad-hoc Network (MANET) provides the possibility of communicating anytime anywhere in a temporary arrangement in the absent of a pre-existing network infrastructure. However, this presents new security challenges in comparison to the conventional wired and wireless networks, as it is more vulnerable to malicious attacks due to its...

Digital forensics is an established research and application field. Various process models exist describing the steps and processes to follow during digital forensic investigations. During such investigations, it is not only the digital evidence itself that needs to prevail in a court of law; the process followed and terminology used should also be...

Information for individual organisations should always be secured. Organisations need to protect their information from attackers or competitors as these could lead to law suits or loss of business. With the more advanced network technology, information security risks and threats are believed to be on the increase and becoming even more sophisticat...

Wireless MANET presents new security problems in comparison to the conventional wired and wireless networks, as it is more vulnerable to malicious attacks due to its unique features. The MANET routing protocols require that the mobile nodes that form such temporal network cooperate with each other to achieve the desired routing purpose for the exch...

Purpose The purpose of this paper is to highlight the relation of psychosocial risks to information security (IS). Although psychosocial risks at the workplace have been extensively researched from a managerial point of view, their effect on IS has not been formally studied to the extent required by the gravity of the topic. Design/methodology/app...

This chapter demonstrates how interoperability can serve as a catalyst for business innovation. It explores its core definitions and illustrates relevance and applicability thereof through a use case: Business in Your Pocket (BiYP) use case, that enforces value co-creation amongst business ecosystem partners. The BiYP use case clearly indicates tha...

The increasing demand for on-line and real-time interaction with IT infrastructures by endusers are facilitated by the proliferation of user centric devices such as laptops, iPods, iPads, and smartphones. This trend is furthermore propounded by the plethora of apps down loadable to end-user devices mostly within mobile-cum-cloud environments. It is...

The government of Tanzania adopted an e-Government strategy in 2009 that is aimed at improving efficiency in government and providing better services to citizens. Information security is identified as one of the requirements for the successful e-Government implementation although the government has not adopted any standards or issued guidelines to...

A majority of African Internet users do not have access to the Internet. The lack of infrastructure in rural areas affects Internet usage. Since costs are high and the bandwidth low, these factors encourage users to access the Internet using shared resources. This is an efficient solution to access the Internet. However users might not be aware of...

A large proportion of students who enroll for postgraduate degrees never finish their studies, with non-completion rates yielding 30% for a sample size of 2000 students. A number of empirical studies have been conducted indicating the possible factors for the non-completion rate. This chapter briefly highlights such factors and proposes a possible...

Mobile Ad-hoc Network (MANET) is a group of heterogeneous mobile nodes, forming a temporary network which is infrastructure less, multi-hop and dynamic in nature. MANET requires that nodes cooperate to be able to communicate. The nodes, which act as hosts as well as routers, communicate with each other through multiple hops due to limited transmiss...

Social networking sites are a popular medium of interaction and communication. Social networking sites provide the ability to run applications and games to test users' knowledge. The popularity of social networks makes it an ideal tool through which awareness can be created on existing and emerging security threats. This paper proposes an interacti...

Digital Data Collection in South Africa is continuously evolving as technology and infrastructural networks gain momentum with respect to its development. In-field data collection is critical for any national government department who is mandated to supply the country and the international community with official data. The paper aims to illustrate...

Cloud computing has elevated IT to newer limits by offering the market environment data storage and capacity with flexible scalable computing processing power to match elastic demand and supply, whilst reducing capital expenditure. However the opportunity cost of the successful implementation of Cloud computing is to effectively manage the security...

Social Engineering (SE) attacks exploit vulnerabilities that are based on principles of human psychology. In conjunction with loopholes in the security structure of the organisation, these attacks can yield results that would be difficult, if not impossible, to obtain through the use of purely technical hacking methods. As SE attacks are based on d...

The entire business landscape finds itself on the verge of a recession because of ongoing global economic turmoil. Thus, there is a heightened need to minimise and mitigate business risk and scrutinise information spending while ensuring compliance with regulatory mandates. This calls for decision makers to become vigilant in their spending and mov...

Information security has evolved from addressing minor and harmless security breaches to managing those with a huge impact on organisations' economic growth. This paper investigates the evolution of information security; where it came from, where it is today and the direction in which it is moving. It is argued that information security is not abou...

Software project management is a relatively recent discipline that emerged during the second half of the 20 th century (Kwak, 2003). Many of the software project management methodologies available today were developed in Western/European countries and research showed that there was a need to formalise a software project management framework for dev...

Software project management is a relatively recent discipline that emerged during the second half of the 20th century (Kwak, 2003). Many of the software project management methodologies available today were developed in Western/European countries and research showed that there was a need to formalise a software project management framework for deve...

International Federation for Information Processing The IFIP series publishes state-of-the-art results in the sciences and technologies of information and communication. The scope of the series includes: foundations of computer science; software theory and practice; education; computer applications in technology; communication systems; systems mode...

Denial-of-Service and Distributed Denial-of-Service is costing the economy world-wide billions of dollars. The economy is the cornerstone of our society and its collapse will certainly change the way in which humanity exists today. The three main goals of computer security are availability, confidentiality and integrity. The focus of this paper is...

Implementing information security is a complex, time-consuming and costly process. Codes of practice for information security management indicate that information security is a multidisciplinary concept cutting horizontally across an. All aspects regarding information security must be addressed in a well-structured and holistic manner, failure of w...

To work best information security must be holistic and fit into a company seamlessly. The practice should take account of personnel security, user access control, network security and regulatory aspects. Holistic security should integrate technology, people and processes. Information security architecture is a concept that specialists have come up...

Software project management probably is a sector that has witnessed the highest rate of project failure in the world. This is not the case with project management concerned with other disciplines due to better management of their inherent strengths and weaknesses. Hard skills, often described as a science and comprising processes, tools and techniq...

Abstract Software project management,probably is a sector that has witnessed the highest rate of project failure in the world. This is not the case with project management,concerned with other disciplines due to better management,of their inherent strengths and weaknesses. Hard skills, often described as a science and comprising processes, tools an...

It is sometimes very difficult for an organization to adopt a specific software project management methodology in a short space of time. It requires sufficient time, adequate financial support and skilled human resources in order to start with a comprehensive methodology. It is, however, often more appropriate to use a maturity model so as to progr...

Information security management needs a paradigm shift in order to successfully protect information assets. Organisations must change to the holistic management of information security, requiring a well-established Information Security Management System (ISMS). An ISMS addresses all aspects in an organisation that deals with creating and maintainin...

The executive and operational management of organisations today realise that the successful protection of information assets depend on a holistic approach towards the implementation of safeguards. A holistic approach requires that the focus of management should rather be on minimising overall risk exposure as opposed to “tick-off” security safeguar...

The use of computers is becoming increasingly more important in everyday life, not only in the work environment, but also in domestic environments. As computer usage increases, so do the things that can go wrong. The Internet has opened up many new ways of communication — sending documents and other personal information via email for whatever reaso...

Information Security (IS) is the key to the effective management of any organisation in today’s commercial and industrial sectors. Line managers’ performance, for instance, is rated according to the extent to which their operations conform to the IS policies of their respective organizations. In the same way, senior management’s performance is judg...

The present article is aimed at clarifying the oft-times confusing terminology and at elucidating the various approaches obtaining to the realm of Information Security (IS) management. The IS management approaches selected for discussion in this article will specifically address those rudiments and concepts that play a key role in the assessment of...

Effective management in any organisation requires a holistic approach in focusing on information security. Senior managers have to know how well their organisations are performing as measured against internationally accepted best practices. Part of the information security management problem is that it is viewed either from a technological perspect...

3rd CompanionAble Workshop – IoPTS, Novotel Brussels - Brussels, 2 December 2009 The Future Internet will consist of billions of people, things and services having the potential to interact with each other and their environment. This highly interconnected global network structure presents new types of challenges from a security, trust and privacy p...

Southern Africa Telecommunication Networks and Applications Conference (SATNAC 2009), Swaziland, 30 August-2 September 2009 Information security is becoming a major concern for most worldwide telecommunication companies and more so as we move towards the future Internet of Things. In this era, a plethora of digital devices, people and other physica...