Dissertations / Theses on the topic 'Reengineering of corporate computer networks'

Information Security is currently viewed from a technical point of view only. Some authors believe that Information Security is a process that involves more than merely Risk Management at the department level, as it is also a strategic and potentially legal issue. Hence, there is a need to elevate the importance of Information Security to a governance level through Information Security Governance and propose a framework to help guide the Board of Directors in their Information Security Governance efforts. IT is a major facilitator of organizational business processes and these processes manipulate and transmit sensitive customer and financial information. IT, which involves major risks, may threaten the security if corporate information assets. Therefore, IT requires attention at board level to ensure that technology-related information risks are within an organization’s accepted risk appetite. However, IT issues are a neglected topic at board level and this could bring about enronesque disasters. Therefore, there is a need for the Board of Directors to direct and control IT-related risks effectively to reduce the potential for Information Security breaches and bring about a stronger system of internal control. The IT Oversight Committee is a proven means of achieving this, and this study further motivates the necessity for such a committee to solidify an organization’s Information Security posture among other IT-related issues.

Data-centric security is significant in understanding, assessing and mitigating the various risks and impacts of sharing information outside corporate boundaries. Information generally leaves corporate boundaries through mobile devices. Mobile devices continue to evolve as multi-functional tools for everyday life, surpassing their initial intended use. This added capability and increasingly extensive use of mobile devices does not come without a degree of risk - hence the need to guard and protect information as it exists beyond the corporate boundaries and throughout its lifecycle. Literature on existing models crafted to protect data, rather than infrastructure in which the data resides, is reviewed. Technologies that organisations have implemented to adopt the data-centric model are studied. A utopian model that takes into account the shortcomings of existing technologies and deficiencies of common theories is proposed. Two sets of qualitative studies are reported; the first is a preliminary online survey to assess the ubiquity of mobile devices and extent of technology adoption towards implementation of data-centric model; and the second comprises of a focus survey and expert interviews pertaining on technologies that organisations have implemented to adopt the data-centric model. The latter study revealed insufficient data at the time of writing for the results to be statistically significant; however; indicative trends supported the assertions documented in the literature review. The question that this research answers is whether or not current technology implementations designed to mitigate risks from mobile devices, actually address business requirements. This research question, answered through these two sets qualitative studies, discovered inconsistencies between the technology implementations and business requirements. The thesis concludes by proposing a realistic model, based on the outcome of the qualitative study, which bridges the gap between the technology implementations and business requirements. Future work which could perhaps be conducted in light of the findings and the comments from this research is also considered.

The purpose of this project is to build a working intranet containing core applications that create the framework for a small business intranet. Small businesses may benefit from an intranet because of its ability to effectively streamline the processes for retrieving and distributing information. Intranets are internal networks using TCP/IP protocols, Web server software, and browser client software to share information created in HTML within an organization, and to access company databases.

Empirical studies into IT governance have considerably advanced our understanding of the mechanisms and practices used by contemporary organisations to govern their current and future use of IT. However, despite the progress made in identifying the various elements employed by contemporary IT governance arrangements, there has been relatively little research into the formulation of a holistic model of IT governance that integrates the growing collection of parts into a coherent whole. To further advance the concept of IT governance, the Viable Governance Model (VGM) is proposed. The VGM is a theoretical model of IT governance within a corporate setting that is based on the laws and principles of cybernetics as embodied in Stafford Beer's Viable System Model (VSM). Cybernetics, the science of control and communication in biological and artificial systems, establishes a firm theoretical foundation upon which to design a system that directs and controls the IT function in a complex enterprise. The VGM is developed using an approach based on design science. Given the theoretical nature of the artefact that is being designed, the development and evaluation activities are primarily conceptual in nature. That is, the development activity involves the design of a theoretical model of IT governance using theoretical concepts and constructs drawn from several reference disciplines including cybernetics, organisation theory, and complexity theory. The conceptual evaluation of the VGM indicates that the model is sufficiently robust to incorporate many of the empirical findings arising from academic and professional research. The resultant model establishes a "blueprint", or set of design principles, that can be used by IS practitioners to design and implement a system of IT governance that is appropriate to their organisational contingencies. Novel aspects of this research include: the integration of corporate and IT governance; the reinterpretation of the role of the enterprise architecture (EA) within a complex enterprise; the exposition of the relationship between the corporate and divisional IT groups; and the resolution of the centralisation versus decentralisation dilemma that confront designers of IT governance arrangements.

The main goal of this thesis is to provide a sociologically informed analysis of tax avoidance and tax evasion in contemporary Mexico and Sweden, focusing particular attention on the explanatory role of social networks, social interactions, and positive feedback mechanisms. Two major data sources are used: (1) A panel dataset that includes all persons, 16 years or older, who resided in Stockholm County during at least one of the years 1990 to 2003 (N=1,967,993). The dataset includes detailed information on the socio-demographic characteristics, kinship networks, and criminal offences of these individuals; (2) A random sample of 36,949 firms that appeared in the Mexican Federal Register of Taxpayers for the year 2002. The records of the Mexican Federal Administrative Fiscal Tribunal provided data on all types of tax claims appealed before them during the 2002-2008 period. A variety of approaches and techniques are used such as agent-based simulation models, discrete time event history models, random effect logit models, and hierarchical linear models. These models are used to test different hypotheses related to the role of social networks, social interactions, and positive feedback mechanisms in explaining tax behaviour. There are five major empirical findings. (1) Networks seem to matter for individuals' tax behaviour because exposure to tax crimes of family members appears to increase a person’s likelihood of committing a tax crime. (2) Positive feedback mechanisms appear relevant because if a person commits a tax crime, it seems to increase the likelihood that the person will commit more tax crimes in the future. (3) Positive feedback mechanisms are also important for explaining corporate tax behaviour because a firm that has engaged in legal tax avoidance in the past appears to be more likely to engage in tax avoidance in the future. (4) Network effects are important in the corporate world because exposure to the tax avoidance of other firms increase the propensity of a firm to engage in tax avoidance. (5) Substitution effects between tax evasion and tax avoidance are likely to exist because when tax evasion becomes more prevalent in a firm’s environment, their likelihood of engaging in legal tax avoidance is lowered. The results underscore the importance of a sociological perspective on tax behaviour that takes into account social interactions and positive feedback mechanisms. In order to understand microscopic as well as macroscopic tax evasion patterns, the results presented in this thesis suggest that much more attention must be given to mechanisms through which taxation crimes breed more taxation crimes.

La complexité de l'environnement dans lequel évoluent les organisations se traduit par la coexistence permanente d'interprétations multiples et contradictoires de la situation. Perturbées dans leurs capacités de décision et d'action, les organisations déploient des dispositifs sophistiqués de vigilance collective qui permettent de faire face à cette complexité, restaurant leur capacité à dégager du sens et à orienter leur action. La gestion de l'information en fait partie. Parmi toutes les sources disponibles, internet en général, et le web en particulier, constituent les principaux points d'accès à l’information, faisant désormais partie intégrante de ces processus de création de sens. L'évolution récente du paysage informationnel, tant du point de vue des outils que de celui des pratiques, suscite de nouveaux défis. Par leur facilité d’utilisation et leur accessibilité croissante, de nouveaux types de sources en ligne ont remis en question la façon dont les utilisateurs partagent, consomment et produisent du contenu. 

Cette thèse examine la remise en cause des processus habituels de vigilance collective, et en particulier celle de l'adaptation, chez les spécialistes de l'information, des stratégies d'évaluation de la qualité de l'information provenant des sources en ligne. La question de recherche mobilise trois éléments principaux :les professionnels de la gestion de l'information, l'évaluation de la qualité de l'information et l'évolution du paysage informationnel, qu'on appelle communément le Web 2.0. Pour répondre à cette question, une enquête de terrain a été menée auprès de 53 professionnels de la gestion de l'information en Belgique, entre novembre 2007 et juillet 2008. En l'absence de bases théoriques stables et largement acceptées, un cadre conceptuel spécifique a été développé pour assurer l'adéquation entre les éléments de la question de recherche et le dispositif. Ce cadre conceptuel a permis de faire la lumière sur ces éléments. Le recours à une approche sociopsychologique a permis de les articuler, notamment par emprunt aux travaux de Karl Weick et au concept de sensemaking. 

La gestion de l'information (GI), considérée comme un processus de vigilance collective, est un concept générique, comprenant les activités de surveillance, de veille ou encore d'intelligence (économique, stratégique, compétitive, etc.).

Sa conceptualisation, construite par une analyse de définitions des principaux termes qui lui sont associés, a mis en évidence l'importance de son rôle de médiateur d'information dans l'organisation, qui s'articule autour des étapes récurrentes de collecte, de traitement et de distribution de l'information. Le recours au concept d'organizational learning a permis de dépasser les approches purement mécaniques, mettant en évidence sa capacité à créer du de sens. 

C'est au coeur de cette médiation, à l'intersection de la collecte et du traitement de l'information, qu'intervient un autre type de sensemaking: l'évaluation de la qualité de l'information. Elle est envisagée comme un processus de réduction de l'ambiguïté, dont l'action permet la sélection (ou non) d'une source ou d'une information dans la suite de la médiation. La qualité de l'information est abordée sous l'angle de l'information seeking qui permet de faire la lumière sur cette création de sens. Elle est généralement traitée dans la littérature en termes de pertinence, de crédibilité ou de fitness for use. Des études de terrain et des contributions émanant des praticiens ont permis de mettre en évidence les attributs et les critères de la qualité qui peuvent être mobilisés pour construire un jugement de qualité des sources en ligne. Dans le cadre de l'enquête de terrain, une check-list composée de 72 critères renvoyant à 9 attributs a été choisie comme cadre de référence pour l'observer: les objectifs de la source, sa couverture, son autorité et sa réputation, sa précision, sa mise à jour, son accessibilité, sa présentation, sa facilité d'utilisation et sa comparaison avec d'autres sources. 

 

Pour pouvoir mettre en évidence de manière concrète les aspects du paysage informationnel en transformation, une analyse des définitions et descriptions du Web 2.0 a permis de construire une description morphologique qui reprend ses caractéristiques principales. Il peut ainsi être considéré comme un ensemble d'outils, de pratiques et de tendances. Les outils permettent d'identifier cinq types de sources qui lui sont spécifiques: les blogs, les wikis, les podcasts, les plates-formes de partage de fichiers et les sites de réseaux sociaux. Ces types de sources sont éclairés dans cette recherche sous l'angle du concept de genre et, ensemble, sont positionnés en tant que répertoire, qu'il est nécessaire de comparer avec celui des genres "classiques" de sources en ligne. 

L'examen du changement des stratégies d'évaluation de la qualité de l'information a été concrétisé à l'aide d'un questionnaire administré par téléphone, qui visait à croiser les critères de qualité de la liste choisie comme référence avec les cinq genres typiques du Web 2.0. C'est l'importance relative accordée à un critère pour évaluer une information qui a été choisie comme indicateur à observer. Les répondants ont été invités à indiquer s'ils considèrent que l'importance des critères "change" ("≠") ou "ne change pas" ("=") quand ils évaluent un de ces genres, en comparaison de celle qu'ils accorderaient à un genre classique de source en ligne. En cas de changement, le questionnaire a prévu la possibilité de noter s'il s'agissait d'une hausse (">") ou d'une baisse ("<") d'importance. Pour compléter ce dispositif, 14 entretiens semi-dirigés en face à face ont été menés avec des répondants à ce questionnaire, de manière à pouvoir saisir les éléments explicatifs de leurs réponses. 

L'analyse des données a montré qu'une majorité des réponses (57% de "=") indiquent que l'importance des critères d'évaluation ne change pas quand une information est mise à disposition par l'intermédiaire d'un genre Web 2.0, plutôt que par celui d'un genre classique de source en ligne. Pourtant, cela implique que 43% des critères changent d'une manière ou d'une autre. C'est sur base de ce constat que cette recherche soutient l'existence d'un changement perçu qui, s'il ne remet pas fondamentalement en cause le processus de jugement de qualité, suscite néanmoins une adaptation de ce dernier par les professionnels de la GI interrogés. La lecture des données à l'aide de variables secondaires a montré notamment une forte disparité des distributions de réponses entre les répondants; ce qui plaide en faveur du caractère subjectif, personnel et dépendant du contexte du processus d'évaluation. De même, elle a permis de déterminer l'existence de deux groupes d'attributs qui se différencient par le fait que le premier comporte des attributs liés au contenu de la source (les objectifs, l'autorité, la précision, etc.) alors que le second est composé d'attributs liés à la forme (présentation, facilité, etc.).

Les entretiens de la seconde phase de l'enquête ont permis d'affiner l'analyse en éclairant, d'une part, sur la nature du changement et, d'autre part, sur les raisons de celui-ci. Les répondants ont indiqué que fondamentalement le processus d'évaluation est identique quel que soit le répertoire envisagé. Ils admettent toutefois que les genres typiques du Web 2.0 peuvent être à l'origine d'une perte de repères. Elle s'explique par la perception d'une familiarité moins grande à l'égard des sources et se traduit par une perte de la confiance qu'ils accordent aux sources et à leur jugement. Le changement perçu se manifeste donc par une hausse d'importance de certains attributs, qui aide les répondants à restaurer cette confiance. L'élément explicatif de ce changement peut être considéré comme un flou dans les modalités de création de contenu. Ce flou comporte trois dimensions: la façon dont est créé le contenu (How?), l'identité de celui qui le crée (Who?) et sa nature (What?). Ces dimensions peuvent être synthétisées par l'idée selon laquelle n'importe qui peut publier n'importe quoi. 

Les entretiens approfondis confirment que les groupes d'attributs liés au contenu d'une part, et ceux liés à la forme d'autre part, sont bien des éléments explicatifs de la manière dont se manifeste le changement.  Dans le cas des attributs qui augmentent d'importance, les raisons invoquées renvoient au fait que la facilité de création de contenu à l'aide de ces genres permet à "n'importe qui" de créer du contenu. C'est pour cette raison que l'autorité et les objectifs de la source peuvent faire l'objet d'une attention plus forte que sur les genres classiques de sources en ligne. Le fait que n'importe qui puisse publier "n'importe quoi" renvoie à la nature du contenu créé par ces genres. Il est considéré comme dynamique, personnel, indicateur de tendances, source de signaux faibles, subjectifs, etc. Cela pousse les répondants qui sont sensibles à ces questions à remettre plus sérieusement en cause la précision par exemple. C'est aussi en raison de la facilité de création de contenu, et du fait que les outils du Web 2.0 réduisent la responsabilité de l'auteur dans la qualité de la conception de sa source, que des attributs de forme, quand ils changent d'importance, voient leur niveau baisser. Le second groupe a été signalé par les répondants comme étant davantage des indicateurs de sérieux et des arbitres dans leur processus d'évaluation.

Que ce soit pour discuter des divergences de vue entre répondants ou pour déterminer les spécificités des genres, il apparaît qu'un aspect capital de la qualité de l'information tient à sa capacité à répondre aux besoins du moment, le fitness for use. Cette notion est intimement liée à celle de pertinence et toutes deux ont été résolument présentées comme déterminantes dans les stratégies, à la fois du point de vue du jugement d'une information ponctuelle, que dans l'attitude face à aux sources en général. Dans tous les cas, c'est d'abord les besoins d'information qui guident le choix. Toutes observations permettent d'apporter une réponse claire, riche et nuancée à la question de recherche.
Doctorat en Information et communication
info:eu-repo/semantics/nonPublished

The formalization of the multi criteria task of reengineering of a corporate computer network is carried out, which assumes its structural, topological, parametric and technological optimization according to the complex indicator "effect-costs". The proposed detailing of indicators in the form of particular criteria of costs, efficiency, reliability and survivability allows us to reduce it to a traditional optimization problem with a scalar criterion

M.Comm.
The problem of establishing and controlling remote access to corporate networks has become one of the most difficult issues facing network administrators and information security professionals (Tipton & Krause (b), 2001:99). As the connection devices become more powerful and less expensive, more and more personally owned devices make their way to the connected edge of the network. The rise of the Internet as an accepted vehicle for business use has dramatically increased the points of entry to the corporate network. As employees and third parties gain mobility through the use of laptops, smart phones and Personal Digital Assistants (PDAs), the threat to organisational security grows (Cartwright, 2001). There are three main reasons why remote access connections are often insecure: Lack of awareness regarding security risks associated with remote access; Protecting a remote access connection is a complex task which is unlikely to be done well unless a methodical approach is taken; and Remote locations are not under the direct control of the organisation and are inherently insecure (Information Security Forum (a), 1999). The purpose of this short dissertation is to: Provide an overview of remote access, including concepts and definitions; Identify the risks associated with remote access to corporate networks; Identify possible controls to mitigate these risks; and highlight possible future trends regarding remote access.

M.Sc. (Computer Science)
Corporations throughout the world are facing numerous challenges in today’s competitive marketplace and are continuously looking for new and innovative means and methods of gaining competitive advantage. One of the means used to gain this advantage is that of information technology, and all the associated technologies and principles. These are primarily used to facilitate business processes and procedures that are designed to provide this competitive advantage. Significant attention has been given to each of the individual technologies and principles of Artificial Intelligence, Knowledge Management, Information Security, and Intranets and how they can be leveraged in order to improve efficiency and functionality within a corporation. However, in order to truly reap the benefits of these technologies and principles, it is necessary to look at them as a collaborative system, rather as individual components. This dissertation therefore investigates each of these individual technologies and principles in isolation, as well as in combination with each other to outline potential advantages, associated risks, and disadvantages when combining them within the corporate world. Based on these, the Intelligently Generated Knowledge (IGK) framework is outlined to implement such a collaborative system. Thereafter, an investigation of a theoretical situation is conducted based on this framework to examine the impact of the implementation of this type of collaborative system. The potential increase in cost savings, efficiency and functionality of corporations that would employ the IGK framework is clearly outlined in the theoretical example, and should this approach be adopted, it would be able to provide significant competitive advantage for any corporation.

碩士
銘傳大學
管理研究所碩士在職專班
96
A Study on the Relation between Leadership, Group Collaboration and Corporate Reengineering- A Case Study on a Computer Company Student: Su-YingYeh Advisors: Dr. Chun-Cheng Lu Dr. Yi-Ching Tsai Graduate School of Management Ming Chuan University ABSTRACT In the wake of globalization, new technologies are applied to business activities and new modes of consumption and business models come onto the scene without a pause. As such, competition among enterprises also undergoes significant change. Such change challenges the wisdom and ability of the business owners to change. Reengineering is a necessary condition for adapting to changes of the business environment. For maintaining flexibility in organization, upgrading competitiveness and materializing sustained development in operation, enterprises never cease to seek appropriate means of reengineering. Yet, reengineering dictates for the participation of all in the enterprise. Guided by the leader of the organization and initiated from the core team of the group, reengineering reverberates through to the entire organization and requires the participation of employees at the basic level. This is the way that all employees may understand the operating status of the organization and the process of handling things. This way of launching corporate reengineering may help to stabilize the sentiment of people, boost morale and coalesce group consensus. This study is an attempt to explore how leadership style, group consensus, and team collaboration affect corporate reengineering based on the case study of a company under different leadership in different periods of time. The findings of this study indicated that the leader exhibited different patterns of leadership styles at different stages as responses to organizational situation. Group consensus and group collaboration varied with different leadership styles. At the initial stage and development stage of the organization, the leader adopted different leadership styles interchangeably, which was favorable for reaching team consensus and top-down communication and demonstrated resulting group collaboration benefit. This prompted the growth of the organization. If, however, the leader inclined towards a minority of individuals or a unique leadership style, it neglected the importance of the support of the members and hence impeded the communication among managers at different levels and the members of the whole organization. The members of the organization did not know what the purpose of reengineering is and tended to resist, which resulted in contention in the organization. Each of the teams were only concerned about their own performance and lacked a consensus on organizational goal, which made inter-department cooperation impossible. Inappropriate reengineering caused internal consumption of the organization, and in turn affected competitive power rather than enhancing it. As such, sustained development of the organization was challenged. This study is based on one case whose representation and scope will inevitably affect the inference of this study on general situations. Researchers are recommended to cover more cases in subsequent studies or involve different industries for comparative analysis so that the scope of research and the subject matters may be enhanced and the results more reliable. The contribution will then be more significant. Keywords: Leadership style, group consensus, group collaboration,corporate reengineering.

Successful enterprises are those that consistently create new knowledge, disseminate it widely throughout the enterprise and quickly embed it in new technologies and products. These ‘knowledge-creating’ enterprises understand what knowledge is and what they should do to exploit it. In other words, they successfully manage and share their knowledge throughout their enterprise. When launching a knowledge management initiative, it is important to identify which knowledge management processes are most relevant to the enterprise’s environment and systems, and steps should be taken to support these activities and integrate them into daily operations. Broader elements and issues should also be identified and recognised for the influence they have on the knowledge management process. For example that enterprises should encourage individuals to interact, to work together on projects, or to share their ideas on an informal basis and systems are needed to codify the knowledge of individuals so that others can use it. Applying these elements involves: information technology; formal and informal structures; and specific knowledge management tools. Another important factor in the success of a knowledge management project is to ground knowledge management and knowledge sharing within the context of the enterprise’s business strategy seeing that the intranet can assist in the creation of economic value and competitive advantage for the enterprise. The knowledge sharing or knowledge contribution part of the knowledge management process seems to be the most difficult for enterprises. Knowledge sharing often takes place in enterprises via employees’ informal networks. Knowledge management could turn this informal, ad hoc process into a more systematic process. Creating a corporate culture where knowledge is valued and shared effectively is a challenge. Part of the solution could be for an enterprise to be aware of their specific corporate culture and how it influences their behaviour and attitude towards knowledge sharing. Because the employee’s behaviour determines the sharing of knowledge, leadership has an important role to play and they could use various motivational practices to encourage knowledge sharing. Leadership should commit to creating an environment, within which employees are able to share, assess and experiment with new knowledge gained. The corporate intranet could be used as such an environment, but employees need to be trained to use their knowledge management IT tools, making it as easy as possible for employees to contribute to the enterprise knowledge base. Effective intranet usage should be embedded in the enterprise’s general corporate and knowledge sharing culture. The intranet should be seen as an essential part of the enterprise’s knowledge management system and should be designed to suit and enhance the enterprise knowledge sharing activities and culture. It is also important that intranets should be evaluated regularly to determine its current contribution to as well as future potential of the knowledge sharing capability of the enterprise. The importance of evaluating and measuring the enterprise intranet and various measurement tools were discussed in depth, which consequently led to the formulation of an intranet evaluation tool in the form of a questionnaire. The prototype questionnaire was compiled by using measurement tools developed previously. The questionnaire brought together the concepts of knowledge management, knowledge sharing cultures and intranet functionalities. The evaluation tool was then applied to measure the effectiveness of a management consulting business’s intranet in enhancing the enterprise’s knowledge sharing culture. Recommendations were made to enterprises use the questionnaire when using the questionnaire in similar environments. An intranet represents a tool of potentially high value to any enterprise, but in order to realise this value, the intranets should be properly measured and managed and every employee needs to take ownership and buy into the concept of the intranet as a knowledge sharing enabler. This calls for an employee to be motivated to participate in knowledge sharing, so that they can experience the value they could add and receive by using the intranet for knowledge sharing activities.
Prof. P.A. van Brakel Mnr. J.A. Kok

M.B.A.
As e-commerce becomes a more accepted and important way of doing business, the strategist's stock-and-status will rise accordingly. With more of a company's communications and revenue moving through the Internet, Web work will be seen less as a separate project and more as a core business process. Web business strategy will become of such fundamental importance that it will fall under the CEO's purview (Cutler, 1996:3). The Internet is an area of high seismographic activity, increasing the danger that strategies will be built along a fault line. The technology advances so rapidly, and the numbers change so often, that time scales have to be compressed, and planners must learn to make decisions in an environment filled with ambiguity (Cutler, 1996:3). Learning, comparing and evaluating how companies devise their e-commerce strategies could explore common factors, which could be summarised into key steps aimed at assisting management in the future, who plan to embark on a project of implementing Internet technologies...

This study investigates to what extent "e"-communication is used successfully by Zimbabwean commercial banks. The study was done using the literature survey method and the questionnaire. The closed and open-ended questionnaires used for gathering data were administered personally by the researcher leading to 99% return rate of questionnaires. The major conclusions from this study are that "e"-communication is widely adopted by the commercial banks in Zimbabwe, examples being the use of email, statement enquiries or bill payment services. Recommendations drawn from this research are that commercial banks' top management should be committed to the establishment of more effective information systems programmes and invest substantially more in Information Technology to meet the demanding needs and expectations of customers. The study could be replicated in other sectors of business in order to strengthen the reliability and validity of the results revealed here.
Financial Accounting
M. Com. (Accounting)

E-commerce is growing rapidly due to the massive usage of the Internet to conduct commercial transactions. This growth has presented both customers and merchants with many advantages. However, one of the challenges in E-commerce is information security. In order to mitigate e-crime, the South African government promulgated laws that contain information security legal aspects that should be integrated into the establishment of information security. Although several authors have written about legal and policy aspects regarding information security in the South African context, it has not yet been explained how these aspects are used in the provision of information security in the South African corporate environment. This is the premise upon which the study was undertaken. Forty-five South African organisations participated in this research. Data gathering methods included individual interviews, website analysis, and document analysis. The findings of this study indicate that most organisations in South Africa are not integrating legal aspects into their information security policies. One of the most important outcomes of this study is the proposed Concept Model of Legal Compliance in the Corporate Environment. This Concept Model embodies the contribution of this study and demonstrates how legal requirements can be incorporated into information security endeavours. The fact that the proposed Concept Model is technology-independent and that it can be implemented in a real corporate environment, regardless of the organisation’s governance and management structure, holds great promise for the future of information security in South Africa and abroad. Furthermore, this thesis has generated a topology for linking legislation to the provision of information security which can be used by any academic or practitioner who intends to implement information security measures in line with the provisions of the law. It is on the basis of this premise that practitioners can, to some extent, construe that the integration of legislation into information security policies can be done in other South African organisations that did not participate in this study. Although this study has yielded theoretical, methodological and practical contributions, there is, in reality, more research work to be done in this area.
School of Computing
D. Phil. (Information Systems)

The purpose of the research is to propose and evaluate a methodology for implementing EDI to assist organisations in reaping the anticipated benefits. The research involved the systematic analysis of the state of the art of EDI and paradigms of methodologies, to define a model for the EDI implementation methodology, and to define criteria for evaluating such a model. The methodology was developed and modelled utilising the software process model, as adopted by Boehm (1988) and later duPlessis and van der Walt (1992), as a framework. Next a synthesis of the assimilated knowledge and brainstorming of project teams involved in EDI pilot projects, was used to systematically develop an EDI implementation methodology. The methodology was evaluated by utilising it in the implementation of EDI between two organisations, Computer Equipment Brokers (PTY) and Marksec (PTY). It was concluded that the methodology was efficient for implementing EDI.
Computing
M. Sc. (Information Systems)