Electronic Theses and Dissertations (Masters/MBA)
Permanent URI for this collectionhttps://hdl.handle.net/10539/37942
Browse
4 results
Search Results
Item The perceived impact of Emerging Technologies on Cybersecurity in the South African financial sector(University of the Witwatersrand, Johannesburg, 2022) Philips, Denzil; Pillay, KiluThis study is based on the investigation of what is the perceived impact of emerging technologies on cybersecurity in South African financial institutions. New and emerging technologies have made significant advancements in many industries that can be very disruptive in nature, and the majority of these technologies have changed the cyber threat landscape as well. These include, among other things, cloud computing, artificial intelligence, and machine learning. The study offers insight into how these emerging technologies affect the cybersecurity of financial institutions in South Africa. The study consisted of Information technology risk and cybersecurity individuals. The sample size of 11 individuals was seen as sufficient based on the spread across the financial sector and the experience within the various industries. The individuals were from banks, insurers and market infrastructures within the South African financial sector. The sample focused on key financial institutions specifically banks, insurers, and market infrastructures, based in different provinces in South Africa such as Johannesburg and Cape Town where the impact could be systemic in the country. A qualitative study was adopted by the researcher based on systems theory to determine the relationship between the adoption of emerging or new technologies and the impact it has on cybersecurity. There were various responses from the different institutions, focusing on the adoption of emerging technologies, the effects of this adoption on the cybersecurity environment, the risk and vulnerability management processes, and the ability to adapt and respond to new cybersecurity risks introduced by emerging technologies. The results of the study found that there is a clear link between the adoption of emerging technologies and the increase in cybersecurity requirements with emerging technologies significantly impacting the cybersecurity domain/functioItem The impact of work from home and hybrid mode on cybersecurity practices in South Africa(University of the Witswatersrand, Johannesburg, 2023) Pather, RavashalinAs the trend of work-from-home and remote work grows in South Africa, adopting adequate cybersecurity measures and evaluating the human aspect of security perceptions is critical in protecting organisational information and maintaining corporate integrity. Over the past two decades, cybersecurity has been viewed from technological perspective of protecting networks and information assets, this study invokes the behavioural and social concerns, and how this affects an organisation’s cybersecurity strategy in South Africa. Covid-19 and the lockdown rules triggered a national emergency, compelling a considerable proportion of South Africa's workforce to embrace a work-from-home culture. While this study began during the lockdown, leaders at large enterprises in South Africa are adopting a more hybrid way of working permanently, due to the subsequent benefits. This study aimed to evaluate employee behaviour when working environments are suddenly affected by work-from-home policies and how an employee’s behaviour transposes to a different location. The overarching question was: How has cybersecurity behaviour in South Africa manifested during work-from-home policies and what are the determinants that force correct cybersecurity compliant behaviour?. Four key factors (“Subjective Norms & Response Efficacy”, “Attitude & Perceived Vulnerability”, “Self- Efficacy” and “Perceived Severity”) were identified and combined into a new framework based of two theoretical frameworks (The Theory of Planned Behaviour and Protection Motivation theory). This study utilised a quantitative cross-sectional design using a structured closed questionnaire that was distributed electronically. The data collected from 186 participants were analysed using Exploratory factor analysis, correlation analysis and multiple regression. Overall, “Subjective Norms & Response Efficacy” emerged as a significant and most influential predicator of “Cybersecurity Compliant behaviour”. “Attitude & Perceived Vulnerability”, “Self-Efficacy” and “Perceived Severity” were insignificant. It is apparent that there is a positive perception of correct Cyber security practices amongst South African organisations however there is a recommendation for future research, due to the diversity of organisational leadership in both the private and state-owned entities, to provide a better understanding of security compliant behaviourItem Investigating online learning and its role in addressing the cybersecurity skills shortage in South Africa(University of the Witswatersrand, Johannesburg, 2023) Kgosiatsela, Lefa; Pillay, KiruThis study explores the pivotal role of online learning in addressing the shortage of cybersecurity skills within the South African financial services sector. The study investigates the preferred learning formats of cybersecurity professionals, scrutinizes the strengths and weaknesses of online learning, and evaluates its efficacy in imparting cybersecurity skills. Emphasis is placed on the principles of attention, retention, and motivation in cybersecurity training, focusing on their implications for different learning formats. The decision to use a qualitative approach was influenced by the research questions, data requirements, and theoretical framework. A cross-sectional research design was chosen for its suitability in answering the research questions efficiently, considering the time constraints and the need for broad coverage in the complex field of cybersecurity. The advantages of this design include speedy data collection, simplicity in analysis, and suitability for exploratory research. Semi-structured interviews, conducted through Microsoft Teams, were employed for data collection from a sample of ten cybersecurity professionals, selected through a combination of purposive and snowball sampling methods. The interviews, comprising 16 open ended questions organised into four sections, aimed to explore participant preferences, critical factors for successful online learning, and the efficacy of online learning in imparting cybersecurity skills. Thematic Content Analysis (TCA) was employed for data analysis, involving the organization of data, identification of common themes, and the interpretation of findings. Online learning emerges as a flexible and accessible avenue for acquiring cybersecurity skills and knowledge. Despite its advantages, careful attention must be given to addressing potential drawbacks stemming from the absence of physical interaction and engagement. Instructors play a pivotal role in mitigating these challenges by incorporating interactive discussions, offering timely feedback, and fostering a sense of community among learners. The evaluation of online learning effectiveness should prioritize factors such as retention and practical skill application. Online platforms can contribute to this by providing diverse resources and tools. Success in online learning hinges on self-regulation iv and time management skills, underscoring the importance of adequate support and tools within the online learning environment. In essence, online learning holds the potential to motivate cybersecurity professionals, fostering not only skill development but also a lasting enthusiasm for lifelong learning. The research revealed distinct impacts of various training formats—physical on- the-job training, physical classroom training, and online training—on attention and engagement levels. Participants exhibited diverse preferences, with the majority favouring online self-paced and physical classroom training. Moreover, the study underscored the critical role of retention in cybersecurity training, emphasising the necessity for professionals to retain and recall knowledge and skills for effective application, necessitating continuous training to match the rapidly evolving nature of the field. Finally, the principle of motivation emerged as a key factor, indicating that participants driven to learn and apply their skills are more likely to excel in the cybersecurity field, as evidenced by their active participation in multiple training programs and specific formItem Assessing cybersecurity vulnerabilities in the disposal of ewaste in South African public & private institutions(University of the Witwatersrand, Johannesburg, 2022) Khumalo, DimitriOver the years there have been numerous studies conducted, focusing on the various facets of waste electronic and electrical equipment, also termed electronic waste or e-waste, and the impact it has on the environment. However, little attention has been placed on the management of personal data during the disposal phases of e-waste and the inherent ramifications it poses if this data were retrieved. This study sought to assess the vulnerabilities to which organisations are exposed, specifically financial and government institutions, by interrogating the management policies, processes, and procedures for stored data when disposing of e-waste at the end of the asset life cycle. A qualitative research method, through semi-structured interviews was conducted. The population selected were very senior individuals, selected based on the specific roles and experiences they fulfilled within the financial services sector, various government institutions, and e-waste recycling companies. From the findings, it emerged that there were growing concerns around the effective policy regulations put in place to manage the disposal practices of ewaste and that of personal identifiable and sensitive data of individuals. This has driven a need for policies and robust mechanisms to be instituted to try and minimise the overall impact these vulnerabilities could pose to the environment and the entire value chain, at that juncture where electronic devices have reached their EOL and are now being disposed of. iii The results demonstrate that more focus has to be placed on the managing of ewaste in industry, providing policy directives in relation to how organisations need to prescribe and conform to effective disposal practices of electronic devices that have reached their EOL. Further to this, government, in consultation with various industry role players, needs to look at ways to formalise and regulate the e-waste sector and institute measures to ensure conformance for every part of the value chain.