Dissertations / Theses on the topic 'Computer security Australia Case studies'

Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2018.
This study recognises that, regardless of information security policies, information about institutions continues to be leaked due to the lack of employee compliance. The problem is that information leakages have serious consequences for institutions, especially those that rely on information for its sustainability, functionality and competitiveness. As such, institutions ensure that information about their processes, activities and services are secured, which they do through enforcement and compliance of policies. The aim of this study is to explore the extent of non-compliance with information security policy in an institution. The study followed an interpretive, qualitative case study approach to understand the meaningful characteristics of the actual situations of security breaches in institutions. Qualitative data was collected from two universities, using semi-structured interviews, with 17 participants. Two departments were selected: Human Resources and the Administrative office. These two departments were selected based on the following criteria: they both play key roles within an institution, they maintain and improve the university’s policies, and both departments manage and keep confidential university information (Human Resources transects and keeps employees’ information, whilst the Administrative office manages students’ records). This study used structuration theory as a lens to view and interpret the data. The qualitative content analysis was used to analyse documentation, such as brochures and information obtained from the websites of the case study’s universities. The documentation was then further used to support the data from the interviews. The findings revealed some factors that influence non-compliance with regards to information security policy, such as a lack of leadership skills, favouritism, fraud, corruption, insufficiency of infrastructure, lack of security education and miscommunication. In the context of this study, these factors have severe consequences on an institution, such as the loss of the institution’s credibility or the institution’s closure. Recommendations for further study are also made available.

Zambian copper mines have embraced the use of information technologies for strategic operations and competitive advantage. This dependence on these technologies has not only been seen in the physical aspects of business operations but also in the use of information systems such as Enterprise Resource Planning Systems (ERPs) for strategic decision making and increased usage of Industrial Control Systems (ICS’) that are meant to enhance operational efficiency in production areas. A survey was conducted to explore leadership perceptions on information security practices in Zambian copper mines and an ISO/IEC 27002 Audit Tool was administered to middle management in a particular mine for an in-depth analysis of their information security practices. Results revealed that although information security controls may have been put in place in these organisations, there are still areas that require attention. Senior management and middle management have different perceptions as to the extent to which information security practices are conducted in these copper mines. This implies that management may not be fully involved in certain aspects of these organisations’ information security practices. The results concluded that management needs to be fully involved and provide support for information security programs. Furthermore, these information security programs should be standardised so as to effectively protect these organisations’ information assets. This should also include the involvement of personnel as key players in the information security process.

This research seeks to derive and examine a multidimensional definition of information security awareness, investigate its antecedents, and analyze its effects on compliance with organizational information security policies. The above research goals are tested through the theoretical lens of technology threat avoidance theory and protection motivation theory. Information security awareness is defined as a second-order construct composed of the elements of threat and coping appraisals supplemented by the responsibilities construct to account for organizational environment. The study is executed in two stages. First, the participants (employees of a municipality) are exposed to a series of phishing and spear-phishing messages to assess if there are any common characteristics shared by the phishing victims. The differences between the phished and the not phished group are assessed through multiple discriminant analysis. Second, the same individuals are asked to participate in a survey designed to examine their security awareness. The research model is tested using PLS-SEM approach. The results indicate that security awareness is in fact a second-order formative construct composed of six components. There are significant differences in security awareness levels between the victims of the phishing experiment and the employees who maintain compliance with security policies. The study extends the theory by proposing and validating a universal definition of security awareness. It provides practitioners with an instrument to examine awareness in a plethora of settings and design customized security training activities.

This project "Designing Secure, Java Based Online Registration Systems to Meet Peak Load Performance Targets" is a simulation of a Web-based exposition management system plus a performance testing procedure to examine this web application.

"June 2001." Includes bibliographical references (leaves 346-352) Investigates technical and cultural issues in using three dimensional computer visualisation modelling in a busy Australian city planning office, the local Council of the City of Adelaide, taking two directions: a modelling approach that emphasizes abstract, quick to create 3D models; and, by examining the social and organizational issues. This dual view paints a broader picture of the potential of 3D modelling within planning practice including the impediments and possible solutions to them.

Technology has become intertwined into society daily life which is not only limited to personal life but also extending into the business world. Availability, integrity and confidentiality are critical information security factors to consider when interacting with technology. Conversely many unsuspecting users have fallen prey to cyber criminals. The majority of threats encountered could have been prevented by the victims if they had sufficient knowledge to first identify and then mitigate the threat. The use of information security awareness programs provides a platform whereby users are informed about such threats. The success of these programs is significantly reduced if the content is not transferred in the most effective method to improve understanding and result in a change of behaviour. This dissertation addresses the effectiveness of using a gaming platform within an information security awareness program. The use of games allows for the users to apply knowledge within a potential scenario as seen with pilots using flight simulators. End users who have no information security background should have a safe platform where threats can be identified and methods taught to mitigate the threats. A wide selection of security awareness frameworks exist, the most appropriate framework should be considered first. The different phases of the framework would be applied within the dissertation with the main objective to ultimately determine the effectiveness of games within security awareness programs. Data was collected during the implemented information security awareness program using quantitative instruments. These included questionnaires and a developed online game designed from the literature reviewed during the study. The analysed data highlighted the effects of extrinsic motivation on knowledge transfer and validated the positive impact of game play.
Computing
M. Tech. (Information Technology)

The need for a regional framework for information security in e-Government for the East African Community (EAC) has become more urgent with the signing in 2009 of the EAC Common Market Protocol. This protocol will entail more electronic interactions amongst government agencies in the EAC partner states which are Burundi, Kenya, Rwanda, Tanzania, and Uganda. Government to Government (G2G) transactions are the backbone of e-Government transactions. If a government wants to provide comprehensive services that are easy to use by citizens, employees or businesses, it needs to be able to combine information or services that are provided by different government agencies or departments. Furthermore, the governments must ensure that the services provided are secure so that citizens trust that an electronic transaction is as good as or better than a manual one. Thus governments in the EAC must address information security in ways that take into consideration that these governments have limited resources and skills to use for e-Government initiatives. The novel contribution of this study is an information security framework dubbed the TOG framework, comprising of technical, operational, governance, process and maturity models to address information security requirements for G2G transactions in the EAC. The framework makes reference to standards that can be adopted by the EAC while taking into consideration contextual factors which are resource, legislative and cultural constraints. The process model uses what is termed a ‘Plug and Play’ approach which provides the resource poor countries with a means of addressing information security that can be implemented as and when resources allow but eventually leading to a comprehensive framework. Thus government agencies can start implementation based on the operational and technical guidelines while waiting for governance structures to be put in place, or can specifically address governance requirements where they already exist. Conversely, governments using the same framework can take into consideration existing technologies and operations while putting governance structures in place. As a proof of concept, the proposed framework is applied to a case study of a G2G transaction in Tanzania. The framework is evaluated against critical success factors.
Computing
D. Phil. (Computer Science)

"June 2001."
Includes bibliographical references (leaves 346-352)
vii, 428 leaves : ill., plates (some col.) ; 30 cm.
Investigates technical and cultural issues in using three dimensional computer visualisation modelling in a busy Australian city planning office, the local Council of the City of Adelaide, taking two directions: a modelling approach that emphasizes abstract, quick to create 3D models; and, by examining the social and organizational issues. This dual view paints a broader picture of the potential of 3D modelling within planning practice including the impediments and possible solutions to them.
Thesis (Ph.D.)--University of Adelaide, Dept. of Architecture, 2002

Threats to computerised information systems are always on the rise and compel organisations to invest a lot of money and time amongst other technical controls in an attempt to protect their critical information from inherent security risks. The computerisation of information systems in secondary schools has effectively exposed these organisations to a host of complex information security challenges that they have to deal with in addition to their core business of teaching and learning. Secondary schools handle large volumes of sensitive information pertaining to educators, learners, creditors and financial records that they are obliged to secure. Computerised information systems are vulnerable to both internal and external threats but ease of access sometimes manifest in security breaches, thereby undermining information security. Unfortunately, school managers and users of computerised information systems are ignorant of the risks to their information systems assets and the consequences of the compromises that might occur thereof. One way of educating school managers and users about the risks to their computerised information systems is through a risk management programme in which they actively participate. However, secondary schools do not have the full capacity to perform information security risk management exercises due to the unavailability of risk management experts and scarce financial resources to fund such programmes. This qualitative case study was conducted in two secondary schools that use computerised information systems to support everyday administrative operations. The main objective of this research study was to assist secondary schools that used computerised information systems to develop a set of guidelines they would use to effectively manage information security risks in their computerised information systems. This study educated school managers and computerised information systems users on how to conduct simple risk management exercises. The Operationally Critical Threats, Assets and Vulnerability Evaluation for small-scale organisations risk management method was used to evaluate the computerised information systems in the two schools and attain the goals of the research study. Data for this study were generated through participatory observation, physical inspections and interview techniques. Data were presented, analysed and interpreted qualitatively. This study found that learners‟ continuous assessment marks, financial information, educators‟ personal information, custom application software, server-computers and telecommunication equipment used for networking were the critical assets. The main threats to these critical assets were authorised and unauthorised systems users, malware, system crashes, access paths and incompatibilities in software. The risks posed by these threats were normally led to the unavailability of critical information systems assets, compromise of data integrity and confidentiality. This also led to the loss of productivity and finance, and damage to school reputation. The only form of protection mechanism enforced by secondary schools was physical security. To mitigate the pending risks, the study educated school managers and users in selecting, devising and implementing simple protection and mitigation strategies commensurate with their information systems, financial capabilities and their level of skills. This study also recommended that secondary schools remove all critical computers from open-flow school networks, encrypt all critical information, password-protect all computers holding critical information and train all users of information systems of personal security. The study will be instrumental in educating school managers and computerised information systems users in information security awareness and risk management in general.
Science Engineering and Technology
M.Sc. (Information Systems)

The National Museum of Australia (NMA) (1997- 2001) by architects Ashton Raggatt McDougall (ARM) in association with Robert Peck von Hartel Trethowan was commissioned by the Australian Commonwealth Government for the Centenary of Federation in 2001. It was conceived as a gift to the people of Australia and now stands on Acton Peninsula in Canberra, the nation's Capital. It is a visually complex manifestation of the design architects' (ARM) dialogue with the ambiguities of Australian history and national identity. The architectural realisation of these complexities was facilitated through advances in computer technologies and a complementary non-traditional procurement method, both at the leading edge of Australian architectural practice of the time. Completed three years earlier was probably the most debated work of architecture of the 1990s, the Guggenheim Museum (GMB) (1991-98) in Bilbao, Spain, by Frank O. Gehry and Associates (FOG&A). This satellite museum of the Guggenheim Foundation of New York was heralded as the quintessential example of a kind of architecture only possible because of advances in computer technologies. Both visually complex museums were conceived as flagship projects and consequently share many political, functional, and cultural expectations. Both were procured outside the usual adversarial designer/builder paradigm of western architecture and featured the innovative use of three-dimensional (CAD) software for design, documentation and analysis. The NMA project used a government instigated procurement method which was embraced by a group of design and construction companies who formed a joint venture known as the Acton Peninsula Alliance. This non-traditional or relationship-based procurement method required ARM to reassess their approach to generate and disseminate design data and their traditional relationship with other design and construction professionals. As part of this process, ARM were required to devolve some of their design authority to a project delivery team via a Design Integrity Panel and an Independent Quality Panel; both innovations integral to the Acton Peninsula Alliance. The NMA project reframed many of the enduring professional relationships of Australian architecture and in so doing extended the skill set and expectations of the architects and others to include a more substantial engagement with 3D CAD and a procurement system which was less subject to many of the common impediments inherent in the more traditional processes. Through a series of interviews with the architects and other stakeholders, a qualitative methodology was used to investigate the NMA as a case study which uses the GMB as an internationally recognised comparison. This thesis examines how these two projects have been successfully completed within time and budgetary constraints in an environment where flagship projects have had a history of highly publicised difficulties. It reveals that the successful realisation of the NMA was due to the relationships built or reframed as a result of this cooperative approach in conjunction with high levels of engagement with computer technologies. This is in contrast to the seamless flow of data and high levels of prefabrication integral to the success of the GMB.
http://proxy.library.adelaide.edu.au/login?url= http://library.adelaide.edu.au/cgi-bin/Pwebrecon.cgi?BBID=1255317
Thesis (Ph.D.) -- University of Adelaide, School of Architecture, Landscape Architecture and Urban Design, 2006.

The National Museum of Australia (NMA) (1997- 2001) by architects Ashton Raggatt McDougall (ARM) in association with Robert Peck von Hartel Trethowan was commissioned by the Australian Commonwealth Government for the Centenary of Federation in 2001. It was conceived as a gift to the people of Australia and now stands on Acton Peninsula in Canberra, the nation's Capital. It is a visually complex manifestation of the design architects' (ARM) dialogue with the ambiguities of Australian history and national identity. The architectural realisation of these complexities was facilitated through advances in computer technologies and a complementary non-traditional procurement method, both at the leading edge of Australian architectural practice of the time. Completed three years earlier was probably the most debated work of architecture of the 1990s, the Guggenheim Museum (GMB) (1991-98) in Bilbao, Spain, by Frank O. Gehry and Associates (FOG&A). This satellite museum of the Guggenheim Foundation of New York was heralded as the quintessential example of a kind of architecture only possible because of advances in computer technologies. Both visually complex museums were conceived as flagship projects and consequently share many political, functional, and cultural expectations. Both were procured outside the usual adversarial designer/builder paradigm of western architecture and featured the innovative use of three-dimensional (CAD) software for design, documentation and analysis. The NMA project used a government instigated procurement method which was embraced by a group of design and construction companies who formed a joint venture known as the Acton Peninsula Alliance. This non-traditional or relationship-based procurement method required ARM to reassess their approach to generate and disseminate design data and their traditional relationship with other design and construction professionals. As part of this process, ARM were required to devolve some of their design authority to a project delivery team via a Design Integrity Panel and an Independent Quality Panel; both innovations integral to the Acton Peninsula Alliance. The NMA project reframed many of the enduring professional relationships of Australian architecture and in so doing extended the skill set and expectations of the architects and others to include a more substantial engagement with 3D CAD and a procurement system which was less subject to many of the common impediments inherent in the more traditional processes. Through a series of interviews with the architects and other stakeholders, a qualitative methodology was used to investigate the NMA as a case study which uses the GMB as an internationally recognised comparison. This thesis examines how these two projects have been successfully completed within time and budgetary constraints in an environment where flagship projects have had a history of highly publicised difficulties. It reveals that the successful realisation of the NMA was due to the relationships built or reframed as a result of this cooperative approach in conjunction with high levels of engagement with computer technologies. This is in contrast to the seamless flow of data and high levels of prefabrication integral to the success of the GMB.
Thesis (Ph.D.) -- University of Adelaide, School of Architecture, Landscape Architecture and Urban Design, 2006.

In a traditional business environment, companies set up their organisation’s IT data infrastructure, install their applications and carry out the maintenance and management of their infrastructures. Whereas Cloud computing removes the need for companies to set up own data centers and run enterprise applications. Cloud computing technology provides businesses with the advantage of on-demand access, agility, scalability, flexibility and reduced cost of computing. An appreciable increase is being observed in the acceptance and migration to this new IT model in developing economies. In Nigeria, it has been observed that there is a somewhat unimpressive rate of adoption of Cloud computing by the microfinance operators. This research investigates the reason for the slow adoption of Cloud computing by SMEs in Nigeria with special consideration to the Microfinance subsector and to develop a model for improving the adoption of cloud computing by microfinance organisations. The research was conducted using a qualitative research design method. Interview was the main data collection instrument and data collected was analysed using thematic content analysis method. The analysis of the study revealed that SMEs in Nigeria, with particular reference to microfinance subsector in Akwa Ibom State are yet fully to embrace cloud technology. It was discovered that most of the SMEs studied, has some level of reservation about cloud computing arising from not having appropriate education and enlightenment about the cloud economic offerings and potentials. From the outcome of the research, the researcher identified that most people’s concerns are as a result of lack of knowledge about cloud computing and so the researcher concluded that appropriate enlightenment by industry stakeholders, cloud service providers, cloud enthusiasts and even the government on the risks and overwhelming economic incentives of cloud computing as well as the provision of a monitored free trial services will encourage the adoption of cloud computing by SMEs.
College of Engineering, Science and Technology
M.Tech. (Information Technology)