Дисертації з теми "Human aspects of cyber security"

SCADA systems have been successfully implemented in industries like oil, gas and electricity for maintenance, monitoring and control. While these systems provide immense advantage in terms of productivity, management and performance, they are also prone to exploitation and problems. These SCADA systems largely consist of network infrastructure which is subject to cyber security issues. Most of the weaknesses, or threats posed to these systems can be eliminated or reduced if the human aspect associated with them can be explored and corrected if needed. Because of human involvement in planning, designing, developing, deployment and operating of such systems, probability of flaws will always be present. This study focuses on such human aspects which effect cyber security in SCADA systems. We identified common mistakes which can be attributed to human error or negligence. A set of causes was then identified by use of interviews and finally, a Bayesian model was developed to simulate the identified cases and mistakes. We analyzed the influence and probability of occurrence of mistakes using this model. Our results prove that causes of the mistakes resulting in security problems for SCADA systems are directly related to human aspects. Furthermore, we identified some of the most prominent of these causes in this study. Based on the identified causes and mistakes, we suggested mitigation strategies to cater the problems faced.

The internet has permeated the lives of the modern men in more respects than can be tabulated simply. The ease of access to online shopping, social networking, simplified communication, etc. make the internet a modern panacea for a number of problems. However, the internet also opens up avenues that expose the user to vulnerabilities at the hand of hackers and malicious software coders. The use of the internet to exchange personal and fiscal information makes attacks all the more inviting. This is compounded by the fact that most online users are unaware of threats that affect them on a daily basis and how to protect themselves against such threats. Despite the fact that the level of awareness of the contemporary cyber threats, has significantly increased among online users within the last few years, there is a growing need to improve the efficiency and effectiveness of the countermeasures currently being used. Fortunately, there are a number of Human Computer Interaction (HCI) principles that can effectively be used to enhance online user interaction and reduce internet security threats.

The analysis of security defense processes is of utmost importance in the management of various cyber-security attacks, which are increasing in scope and rapidity. Organizations need to optimize their resources based on a sound understanding of the level of their security defense processes' efficiency and the impact of their investment. Modeling and characterization of the dynamics of cyber security management are essential to risk prediction, damage assessment, and resource allocations. This dissertation addresses the interactions between human factors and information systems. On the basis of the spiral life cycle model of software development processes, we develop a realistic, holistic security attack-defense model - Man-Machine Model (M3), which combines human factors and information systems' (i.e., machine) states under an integrated analytical framework. M3 incorporates man and machine components. The man component is comprised of several variables such as Skill & Knowledge (SKKN) and Teamwork Quality (TWQ). The machine component is composed of variables such as traffic volume and the amount of downtime. M3 enables the analysis of intrusion detection and incident response process efficiency, i.e., security defense team performance. With data analysis, we formulate and test four major research hypotheses based on the data collected during security experiments. Through hypothesis testing, we evaluate regression models to estimate the security defense team performance (i.e. efficiency) at different levels of human intelligence (e.g., skill and knowledge) and teamwork (e.g., teamwork quality). We assess the fitness and significance of the regression models, and verify their assumptions. Based on these results, organizations can hire those who have an appropriate level of skill and knowledge when it concerns investments to increase the level of skill and knowledge of security personnel. They also can attempt to increase the level of skill and knowledge of security personnel.

This mixed-methods study focused on the internal human factors responsible for data breaches that could cause adverse impacts on organizations. Based on the Swiss cheese theory, the study was designed to examine preventative measures that managers could implement to minimize potential data breaches resulting from internal employees' behaviors. The purpose of this study was to provide insight to managers about developing strategies that could prevent data breaches from cyber-threats by focusing on the specific internal human factors responsible for data breaches, the root causes, and the preventive measures that could minimize threats from internal employees. Data were collected from 10 managers and 12 employees from the business sector, and 5 government managers in Ivory Coast, Africa. The mixed methodology focused on the why and who using the phenomenological approach, consisting of a survey, face-to-face interviews using open-ended questions, and a questionnaire to extract the experiences and perceptions of the participants about preventing the adverse consequences from cyber-threats. The results indicated the importance of top managers to be committed to a coordinated, continuous effort throughout the organization to ensure cyber security awareness, training, and compliance of security policies and procedures, as well as implementing and upgrading software designed to detect and prevent data breaches both internally and externally. The findings of this study could contribute to social change by educating managers about preventing data breaches who in turn may implement information accessibility without retribution. Protecting confidential data is a major concern because one data breach could impact many people as well as jeopardize the viability of the entire organization.

Cyber-physical systems (CPSs) are large-scale systems that seamlessly integrate physical and human elements via a cyber layer that enables connectivity, sensing, and data processing. Key examples of CPSs include smart power systems, smart transportation systems, and the Internet of Things (IoT). This wide-scale cyber-physical interconnection introduces various operational benefits and promises to transform cities, infrastructure, and networked systems into more efficient, interactive, and interconnected smart systems. However, this ubiquitous connectivity leaves CPSs vulnerable to menacing security threats as evidenced by the recent discovery of the Stuxnet worm and the Mirai malware, as well as the latest reported security breaches in a number of CPS application domains such as the power grid and the IoT. Addressing these culminating security challenges requires a holistic analysis of CPS security which necessitates: 1) Determining the effects of possible attacks on a CPS and the effectiveness of any implemented defense mechanism, 2) Analyzing the multi-agent interactions -- among humans and automated systems -- that occur within CPSs and which have direct effects on the security state of the system, and 3) Recognizing the role that humans and their decision making processes play in the security of CPSs. Based on these three tenets, the central goal of this dissertation is to enhance the security of CPSs with human actors by developing fool-proof defense strategies founded on novel theoretical frameworks which integrate the engineering principles of CPSs with the mathematical concepts of game theory and human behavioral models. Towards realizing this overarching goal, this dissertation presents a number of key contributions targeting two prominent CPS application domains: the smart electric grid and drone systems. In smart grids, first, a novel analytical framework is developed which generalizes the analysis of a wide set of security attacks targeting the state estimator of the power grid, including observability and data injection attacks. This framework provides a unified basis for solving a broad set of known smart grid security problems. Indeed, the developed tools allow a precise characterization of optimal observability and data injection attack strategies which can target the grid as well as the derivation of optimal defense strategies to thwart these attacks. For instance, the results show that the proposed framework provides an effective and tractable approach for the identification of the sparsest stealthy attacks as well as the minimum sets of measurements to defend for protecting the system. Second, a novel game-theoretic framework is developed to derive optimal defense strategies to thwart stealthy data injection attacks on the smart grid, launched by multiple adversaries, while accounting for the limited resources of the adversaries and the system operator. The analytical results show the existence of a diminishing effect of aggregated multiple attacks which can be leveraged to successfully secure the system; a novel result which leads to more efficiently and effectively protecting the system. Third, a novel analytical framework is developed to enhance the resilience of the smart grid against blackout-inducing cyber attacks by leveraging distributed storage capacity to meet the grid's critical load during emergency events. In this respect, the results demonstrate that the potential subjectivity of storage units' owners plays a key role in shaping their energy storage and trading strategies. As such, financial incentives must be carefully designed, while accounting for this subjectivity, in order to provide effective incentives for storage owners to commit the needed portions of their storage capacity for possible emergency events. Next, the security of time-critical drone-based CPSs is studied. In this regard, a stochastic network interdiction game is developed which addresses pertinent security problems in two prominent time-critical drone systems: drone delivery and anti-drone systems. Using the developed network interdiction framework, the optimal path selection policies for evading attacks and minimizing mission completion times, as well as the optimal interdiction strategies for effectively intercepting the paths of the drones, are analytically characterized. Using advanced notions from Nobel-prize winning prospect theory, the developed framework characterizes the direct impacts of humans' bounded rationality on their chosen strategies and the achieved mission completion times. For instance, the results show that this bounded rationality can lead to mission completion times that significantly surpass the desired target times. Such deviations from the desired target times can lead to detrimental consequences primarily in drone delivery systems used for the carriage of emergency medical products. Finally, a generic security model for CPSs with human actors is proposed to study the diffusion of threats across the cyber and physical realms. This proposed framework can capture several application domains and allows a precise characterization of optimal defense strategies to protect the critical physical components of the system from threats emanating from the cyber layer. The developed framework accounts for the presence of attackers that can have varying skill levels. The results show that considering such differing skills leads to defense strategies which can better protect the system. In a nutshell, this dissertation presents new theoretical foundations for the security of large-scale CPSs, that tightly integrate cyber, physical, and human elements, thus paving the way towards the wide-scale adoption of CPSs in tomorrow's smart cities and critical infrastructure.
Ph. D.
Enhancing the efficiency, sustainability, and resilience of cities, infrastructure, and industrial systems is contingent on their transformation into more interactive and interconnected smart systems. This has led to the emergence of what is known as cyber-physical systems (CPSs). CPSs are widescale distributed and interconnected systems integrating physical components and humans via a cyber layer that enables sensing, connectivity, and data processing. Some of the most prominent examples of CPSs include the smart electric grid, smart cities, intelligent transportation systems, and the Internet of Things. The seamless interconnectivity between the various elements of a CPS introduces a wealth of operational benefits. However, this wide-scale interconnectivity and ubiquitous integration of cyber technologies render CPSs vulnerable to a range of security threats as manifested by recently reported security breaches in a number of CPS application domains. Addressing these culminating security challenges requires the development and implementation of fool-proof defense strategies grounded in solid theoretical foundations. To this end, the central goal of this dissertation is to enhance the security of CPSs by advancing novel analytical frameworks which tightly integrate the cyber, physical, and human elements of a CPS. The developed frameworks and tools enable the derivation of holistic defense strategies by: a) Characterizing the security interdependence between the various elements of a CPS, b) Quantifying the consequences of possible attacks on a CPS and the effectiveness of any implemented defense mechanism, c) Modeling the multi-agent interactions in CPSs, involving humans and automated systems, which have a direct effect on the security state of the system, and d) Capturing the role that human perceptions and decision making processes play in the security of CPSs. The developed tools and performed analyses integrate the engineering principles of CPSs with the mathematical concepts of game theory and human behavioral models and introduce key contributions to a number of CPS application domains such as the smart electric grid and drone systems. The introduced results enable strengthening the security of CPSs, thereby paving the way for their wide-scale adoption in smart cities and critical infrastructure.

To provide structure to cyber awareness and educational initiatives in South Africa, Kortjan and Von Solms (2014) developed a five-layer cyber-security awareness and education framework. The purpose of the dissertation is to determine how the framework layers can be refined through the integration of communication theory, with the intention to contribute towards the practical implications of the framework. The study is approached qualitatively and uses a case study for argumentation to illustrate how the existing framework can be further developed. Drawing on several comprehensive campaign planning models, the dissertation illustrates that not all important campaign planning elements are currently included in the existing framework. Proposed changes in the preparation layer include incorporating a situational and target audience analysis, determining resources allocated for the campaign, and formulating a communication strategy. Proposed changes in the delivery layer of the framework are concerned with the implementation, monitoring and adjustment, as well as reporting of campaign successes and challenges. The dissertation builds on, and adds to, the growing literature on the development of campaigns for cyber-security awareness and education aimed at children.

Video gaming has always been a blooming industry. With the emergence of online multi- player video games , this industry’s worth have sky rocketed. Online multiplayer video games store data of player’s credentials, in-game progress, in-game virtual assets and payment details etc. Which mean security threats to these systems are nothing new and securing these games have always meant to protect player’s data from unauthorized breach. Integration of Blockchain technology in online multiplayer video games apart from other amazing features, provides a way to prove digital ownership of virtual assets with their verifiable scarcity. Trade of these in-game virtual assets have always been a goal for online multiplayer gaming companies, but there was none enough trust-able infrastructure available which can be relied on. Blockchain just solved that problem. It provided a platform for these asset’s secure and transparent transaction between players. Topic for our research not only consider the security challenges in online games but specifi- cally blockchain based online multiplayer games. This adaptation is still new and there is need of consideration of new security challenges. In this dissertation we try to bring out some important challenges related to security of blockchain based online multiplayer video games. There are currently no studies around security concerns and challenges of the integration of the online multiplayer video games in the emerging blockchain systems. In order to fill in the gap, this dissertation discusses and identifies two main security concerning questions related to this domain. Also this dissertation provides basic steps for expanding future research and application in this joint domain.

yes
Arms embargoes are one of the principal tools of states in seeking to prevent, limit and bring an end to armed conflict and human rights abuses. Despite the frequency with which arms embargoes have been imposed, there are significant problems with their implementation. Pressure is therefore growing for the international governmental community to act in order to ensure that the political commitment embodied by the imposition of arms embargoes is matched by the commitment to ensure their rigorous enforcement and to achieve enhanced human security on the ground. Increasing the effectiveness of arms embargoes is a specific aim of the United Nations Programme of Action for Preventing and Combating the Illicit Trade in Small Arms and Light Weapons in All Its Aspects1 which specifically calls upon states "To take appropriate measures, including all legal or administrative means, against any activity that violates a United Nations Security Council arms embargo in accordance with the Charter of the United Nations".2 Accordingly, within the context of the implementation of the UN PoA, the overall aim of this paper is to explore ways in which the international community can act in order to strengthen the impact of arms embargoes and enhance human security. It will begin by examining the purposes, processes and effects relating to arms embargoes, with particular attention to those agreed at international (UN) level, and by highlighting issues of concern in each regard. An overview of the main issues and challenges facing implementation of arms embargoes will include the elaboration of three case-study examples showing the impact of UN arms embargoes on the availability of arms and on human security and a further five that illustrate the dilemmas faced by states in seeking to implement arms embargoes. Priority areas for attention in any international effort to strengthen the effectiveness of arms embargoes will be followed by more extensive proposals for enhancing international embargo regimes within the context of implementing the UN PoA. Whilst it is recognised that the UN PoA contains measures that relate only to the illicit trade in small arms and light weapons (SALW), if implemented fully, many of these would serve to strengthen the international apparatus of control, information exchange and provision of assistance relating to arms proliferation and misuse as a whole. In turn, this would greatly enhance the implementation of UN arms embargoes. Therefore, as well as providing an opportunity for reviewing progress on implementing the PoA, the first Biennial Meeting of States in July 2003 is clearly a major opportunity for states to address a number of the pressing challenges facing states in the implementation of UN embargoes.

The Internet of Things is a growing area with growing security concerns, new threat emerge almost everyday. Keeping up to date, monitor the network and devices and responding to compromised devices and networks are a hard and complex matters.  This bachelor’s thesis aims to discover how a IT-company can work with security management within the Internet of Things, this is done by looking into how a IT-company can work with updating, monitoring and responding within the Internet of Things, as well what challenges there are with working with this.  A qualitative research approach was used for this case study along with an interpretative perspective, as well as abductive reasoning. Interviews were performed with employees of a large IT-company based in Sweden, along with extensive document analysis.  Our bachelor’s thesis results in challenges with Security Management within the areas updating, monitoring and responding along with how our Case Company works with these security challenges. Largely these challenges can be summarized that everything is harder with the number of devices there are within the Internet of Things
Internet of Things eller Sakernas internet är ett växande område med en växande hotbild och nya hot uppkommer dagligen. Att hålla sig uppdaterad, övervaka nätverk och enheter samt att reagera på att enheter och nätverk blir hackade är en svår och komplicerad uppgift. Den här uppsatsen ämnar undersöka hur ett IT-företag kan arbeta med säkerhetshantering inom Internet of Things. Detta har gjorts genom att kolla utmaningar och säkerhetslösningar inom de tre områdena uppdatera, övervaka och reagera.  En kvalitativ forskningsmetod har använts i denna fallstudie tillsammans med ett tolkande synsätt och en abduktiv ansats. Vi har utfört intervjuer på ett stort IT-företag baserat i Sverige tillsammans med en utförlig dokumentanalys.  Resultatet av denna uppsats påvisar ett antal utmaningar inom säkerhetshanteringen inom områdena uppdatera, övervaka och reagera tillsammans med hur vårt fallföretag jobbar med att motarbeta dessa utmaningar. I stort sett kan utmaningarna sammanfattas till att allting är svårare när mängden enheten är så hög som den är inom Internet of Things.

Securitisation theory has made significant contributions to security studies. However, the theory is not without theoretical and empirical shortcomings. Notably, a lack of operationalisation and differentiation has led to a binary classification of results as either ‘securitised or not’. In addition, the presence of Euro-centric assumptions has weakened the theory’s applicability in non-Western contexts. This thesis develops a new framework featuring a typology with eight branches of securitisation. The thesis then uses that framework to study HIV/AIDS securitisation in two Asian countries: China and India. The process of HIV/AIDS securitisation in both countries is illustrated chronologically. Following the international HIV/AIDS securitisation obtained in 2000, the study shows that HIV/AIDS has been fully securitised by both national governments since 2004. However, the Chinese government addressed HIV/AIDS through a stand-alone programme, whereas India’s national HIV/AIDS programme was integrated into its primary health care system. Six cities were included in the detailed empirical analysis: Beijing, Shanghai, and Kunming in China, and New Delhi, Mumbai, and Imphal in India. Semi-structured interviews were conducted amongst 62 individuals working in HIV/AIDS-related non-governmental organisations, and 10 officials working in government agencies. Chinese respondents were receptive to framing the threat and handling of HIV/AIDS, yet many grassroots organizations lacked opportunities to participate in the national HIV/AIDS programme. In contrast, such groups were strongly involved in national HIV/AIDS interventions; however, Indian government efforts in fully securitising HIV/AIDS were largely faded out. The thesis therefore responds to the major theoretical and empirical shortcomings identified by security scholars. The thesis also advances the existing knowledge of security studies in general, and HIV/AIDS securitisation processes in the non-Western world in particular.
published_or_final_version
Humanities and Social Sciences
Doctoral
Doctor of Philosophy

Insecure cyber behavior of end users may expose their computers to cyber-attack. A first step to improve their cyber behavior is to identify their tendency toward insecure cyber behavior. Unfortunately, not much work has been done in this area. In particular, the relationship between end users cyber behavior and their personality traits is much less explored. This paper presents a comprehensive review of a newly developed, easily configurable, and flexible software SPICE for psychologist and cognitive scientists to study personality traits and insecure cyber behavior of end users. The software utilizes well-established cognitive methods (such as dot-probe) to identify number of personality traits, and further allows researchers to design and conduct experiments and detailed quantitative study on the cyber behavior of end users. The software collects fine-grained data on users for analysis.

Security Operation Centers (SOCs) have become an integral component of business organizations all over the world. The concept of a SOC has existed for a few years now yet there is no systematic study documenting the occurrences of their operations. A lack of documented operational knowledge makes it a challenge for security researchers interested in improving operational efficiency through algorithms, tools, and processes. SOC environments operate under a secrecy culture as a result of which researchers are not trusted by analysts and their managers. This lack of trust leads to only superficial information through methods such as interviews. Moreover, security analysts perform their tasks using hunches that are difficult to articulate and express to an interviewing researcher. This knowledge is called tacit knowledge. Capturing rich tacit knowledge is crucial for researchers to build useful and usable operational tools. This thesis proposes use of long-term participant observation from cultural anthropology as a research methodology for security researchers to study SOC analysts and their managers. Over a period of four and a half years seven students in Computer Science, graduate and undergraduate, were trained by an anthropologist in using fieldwork techniques to study humans. They then took jobs as security analysts at five different SOCs belonging to academia and corporations. We made unexpected discoveries in pursuit of tacit operational knowledge. The first discovery was identification of human capital mismanagement of analysts as the root cause of analyst burnout. Specifically, a vicious cycle among analyst skills, empowerment, creativity, and growth causes analysts to lose morale and eventually leave the job. In fact burnout is a manifestation of number of tensions that are inherent in a security operations setting. This leads to our second discovery of recognizing and managing contradictions as a prerequisite for SOC innovation. Failure to acknowledge them can lead to dysfunctions in a SOC such as analyst burnout. Informed by the findings regarding the social aspects of SOC operations we attained the intended goal of capturing tacit operational knowledge. The thesis documents our experience in tacit knowledge capture through design of a framework for detecting phishing emails in near real-time. Studying human aspects of security operations and cyber-security in general must be done within a social and organizational context. This thesis proposes long-term participant observation of practitioners and end-users as a viable methodology to conduct cyber-security research in general.

In Africa, the fight against poverty has a great deal in common with the struggle for political and economic security. For many migrant workers around the continent and elsewhere, the need for socio-economic security serves as the underlining motive for migration to boundaries beyond their own, in search of ‘greener pastures’ - a life of dignity, respect and socio-economic security. The high level of infrastructure, economic and political stability remains an attractive incentive for irregular migrants to migrate to South Africa. Thousands of migrant workers make annually the journey to South Africa with the hope of finding a better life. However, their arrival in South Africa marks the beginning of an even more tenacious struggle against unimaginable odds. For many irregular migrants, the dream of a better life soon becomes a nightmare highlighted by constant struggle against xenophobia, police brutality, exploitation by unscrupulous employers, marginalisation and disregard for fundamental human rights by the state.
Mini Dissertation (LLM (Human Rights and Democratisation in Africa)) -- University of Pretoria, 2011.
http://www.chr.up.ac.za/
nf2012
Centre for Human Rights
LLM

Cyber aggression came about as a result of advances in information communication technology and the aggressive usage of the technology in real life. Cyber aggression can take on many forms and facets. However, the main focus of this study is cyberbullying and cyberstalking through information sharing practices that might constitute digital aggressive acts. Human aggression has been extensively investigated. Studies focusing on understanding the causes and effects that can lead to physical and digital aggression have shown the prevalence of cyber aggression in different settings. Moreover, these studies have shown strong relationship between cyber aggression and the physiological and physical trauma on both perpetrators and their victims. Nevertheless, the literature shows a lack of studies that could measure the level of acceptance and tolerance of these dangerous digital acts. This study is divided into two main stages; Stage one is a qualitative pilot study carried out to explore the concept of cyber aggression and its existence in Saudi Arabia. In-depth interviews were conducted with 14 Saudi social media users to collect understanding and meanings of cyber aggression. The researcher followed the Colaizzi’s methods to analyze the descriptive data. A proposed model was generated to describe cyber aggression in social media applications. The results showed that there is a level of acceptance to some cyber aggression acts due to a number of factors. The second stage of the study is focused on developing scales with reliable items that could determine acceptability and tolerability of cyber aggression. In this second stage, the researcher used the factors discovered during the first stage as source to create the scales’ items. The proposed methods and scales were analyzed and tested to increase reliability as indicated by the Cronbach’s Alpha value. The scales were designed to measure how acceptable and tolerable is cyber-bullying, cyber-stalking in Saudi Arabia and the sharing of some information in social media applications. The results show a strong tolerance level of those activities. This study is a valuable resource for advanced-level students, educators, and researchers who focus on cyber security, cyber psychology, and cyber aggression in social network sites.

Remote working is a practice that provides economic benefits to both the employing organisation and the individual. However, evidence suggests that organisations implementing remote working have limited appreciation of the security risks, particularly those impacting upon the confidentiality and integrity of information and also on the integrity and availability of the remote worker’s computing environment. Other research suggests that an organisation that does appreciate these risks may veto remote working, resulting in a loss of economic benefits. With the implementation of high speed broadband, remote working is forecast to grow and therefore it is appropriate that improved approaches to managing security risks are researched. This research explores the use of secure portable execution and storage environments (secure PESEs) to improve information security for the remote work categories of telework, and mobile and deployed working. This thesis with publication makes an original contribution to improving remote work information security through the development of a body of knowledge (consisting of design models and design instantiations) and the assertion of a nascent design theory. The research was conducted using design science research (DSR), a paradigm where the research philosophies are grounded in design and construction. Following an assessment of both the remote work information security issues and threats, and preparation of a set of functional requirements, a secure PESE concept was defined. The concept is represented by a set of attributes that encompass the security properties of preserving the confidentiality, integrity and availability of the computing environment and data. A computing environment that conforms to the concept is considered to be a secure PESE, the implementation of which consists of a highly portable device utilising secure storage and an up-loadable (on to a PC) secure execution environment. The secure storage and execution environment combine to address the information security risks in the remote work location. A research gap was identified as no existing ‘secure PESE like’ device fully conformed to the concept, enabling a research problem and objectives to be defined. Novel secure storage and execution environments were developed and used to construct a secure PESE suitable for commercial remote work and a high assurance secure PESE suitable for security critical remote work. The commercial secure PESE was trialled with an existing telework team looking to improve security and the high assurance secure PESE was trialled within an organisation that had previously vetoed remote working due to the sensitivity of the data it processed. An evaluation of the research findings found that the objectives had been satisfied. Using DSR evaluation frameworks it was determined that the body of knowledge had improved an area of study with sufficient evidence generated to assert a nascent design theory for secure PESEs. The thesis highlights the limitations of the research while opportunities for future work are also identified. This thesis presents ten published papers coupled with additional doctoral research (that was not published) which postulates the research argument that ‘secure PESEs can be used to manage information security risks within the remote work environment’.

The amount of personal identifiable information that people distribute over different online services has grown rapidly and considerably over the last decades. This has led to increased probabilities for identity theft, profiling and linkability attacks, which can in turn not only result in a threat to people’s personal dignity, finances, and many other aspects of their lives, but also to societies in general. Methods and tools for securing people’s online activities and protecting their privacy on the Internet, so called Privacy Enhancing Technologies (PETs), are being designed and developed. However, these technologies are often seen by ordinary users as complicated and disruptive of their primary tasks.   In this licentiate thesis, I investigate the usability aspects of three main privacy and security enhancing mechanisms. These mechanisms have the goal of helping and encouraging users to protect their privacy on the Internet as they engage in some of the steps necessary to complete a digital transaction. The three mechanisms, which have been investigated within the scope of different research projects, comprise of (1) graphical visualizations of service providers’ privacy policies and user-friendly management and matching of users’ privacy preferences “on the fly”, (2) methods for helping users create appropriate mental models of the data minimization property of anonymous credentials, and (3) employing touch-screen biometrics as a method to authenticate users into mobile devices and verify their identities during a digital transaction.   Results from these investigations suggest that these mechanisms can make digital transactions privacy-friendly and secure while at the same time delivering convenience and usability for ordinary users.

This thesis examines the interplay between the effects of climate change and human rights. It seeks to interrogate the contribution of human rights in addressing the effects of climate change on the enjoyment of the right to food in Kenya. Climate change has been recognised as a human rights issue. Despite this acknowledgement, many states are yet to deal with climate change as a growing threat to the realisation of human rights. The situation is made worse by the glacial pace in securing a binding legal agreement to tackle climate change. The thesis also reveals that despite their seemingly disparate and disconnected nature, both the human rights and climate change regimes seek to achieve the same goal albeit in different ways. The thesis argues that a considerable portion of the Kenyan population has not been able to enjoy the right to food as a result of droughts and floods. It adopts the view that, with the effects of climate change being evident, the frequency and magnitude of droughts and floods has increased with far reaching consequences on the right to food. Measures by the Kenyan government to address the food situation have always been knee jerk and inadequate in nature. This is despite the fact that Kenya is a signatory to a number of human rights instruments that deal with the right to food. With the promulgation of a new Constitution with a justiciable right to food, there is a need for the Kenyan government to meet its human rights obligations. This thesis concludes by suggesting ways in which the right to food can be applied in order to address some of the effects of climate change. It argues that by adopting a human rights approach to the right to food, the State will have to adopt measures that take into consideration the impacts of climate change. Furthermore, the State is under an obligation to engage in activities that will not contribute to climate change and negatively affect the right.

The more digital the healthcare sector gets, the more considerable is the need for good information security within the sector. A group that, already during its education, gets in contact with sensitive information is medical students. Previous studies show that medical students run a significant risk of mishandling sensitive information during their medicinal internship. The goal of this study is to investigate what level of knowledge the medicinal students possess about information security and to see to what extent that affects their attitude towards information security and behavior in information security contexts. A survey based research method is used with an online questionnaire and the study has its theoretical base in the knowledge-attitude-behavior model and in prior studies performed within the same area of research. The questionnaire is created with inspiration from the HAIS-Q, which is an already tested questionnaire that is used to examine information security awareness. The result shows that the medicinal students have a higher level of knowledge about information security compared to their attitude towards information security and behavior in information security contexts. The result also indicates that higher levels of knowledge lead to better attitudes and behaviors. A recommendation for further studies within the topic is suggested, preferably on a larger sample where researchers can look at differences between universities in order to get a more holistic picture of the situation. The HAIS-Q should be evaluated more thoroughly as a research method since this study identifies shortcomings associated with the method.
Med ökad digitalisering inom vården ökar behovet av god informationssäkerhet inom hälso- och sjukvård. Läkarstudenter är en grupp som redan under sin utbildning kommer i kontakt med mycket känslig information och studier visar på att studenter inom hälso- och sjukvård löper stor risk att hantera känslig information felaktigt under sin praktik. Syftet med den här studien är att mäta hur bra kunskap läkarstudenter har om informationssäkerhet och hur stor inverkan detta har på deras attityd och beteende i informationssäkerhetsfrågor. För att testa detta utförs en enkätundersökning online med teoretisk utgångspunkt i kunskap-attityd-beteende-modellen samt tidigare studier gjorda inom samma område. Enkäten utformas med stor inspiration från HAIS-Q, vilket är en beprövad enkätmetod för att mäta informationssäkerhetsmedvetenhet. Resultatet visar på att läkarstudenterna uppvisar bättre kunskap än attityd och beteende i informationssäkerhetsfrågor. Genom studien identifieras även att kunskap har en positiv inverkan på attityd och beteende, där det går att se att ökad kunskap leder till bättre attityd och beteende. Slutsatserna innefattar bland annat rekommendationer om fortsatta undersökningar inom området med större urvalsgrupp där jämförelser mellan olika lärosäten bör göras för att få en med holistisk bild av situationen. En mer noggrann utvärdering av HAIS-Q som enkätmetod bör också genomföras då denna undersökning identifierar brister med metoden.

Uppsatsen ämnar undersöka det interna hotet inom organisationer som medförs av mänskliga misstag och ovarsamhet hos anställda. Syftet med uppsatsen är att identifiera orsaker bakom misstagen och ovarsamheten, redogöra för några konsekvenser av det och även undersöka hur utformningen och arbetet med IT-regler, som är regler och riktlinjer för IT-säkerhetsarbete, bör utföras för att minimera misstag och ovarsamhet. Till det har en undersökning av tidigare litteratur och en kvalitativ datainsamling gjorts, den kvalitativa undersökningen innefattade intervjuer med ett E-handelsföretag, ett IT-konsultföretag samt en IT-säkerhetskonsult. Teori och insamlad data har analyserats och genererat ett antal förslag, där bland annat ett anpassat språkbruk och kategorisering av IT-regler men även kontinuerlig utbildning av anställda förespråkas för att förebygga anställdas misstag och ovarsamhet. Därigenom förebyggs det interna hotet. Uppsatsens framförda förslag kan användas av alla typer av företag som vill förbättra sin IT-säkerhet genom att förebygga det interna hotet som orsakas av de anställda.
The study aims to investigate the internal threat within organizations caused by human mistakes and negligence amongst employees. The purpose of this paper is to identify reasons for the mistakes and the negligence, describe some of the consequences and also investigate how the design of and work with IT policies, which is a set of rules and guidelines for IT security work, should be performed to minimize mistakes and negligence. A survey of previous literature has been conducted and a qualitative data collection has been made. The qualitative data collection included interviews with an e-commerce company, an IT consulting company and an IT security consultant. Previous literature and collected data have been analysed which resulted in a set of suggestions, for instance that customized language usage and categorization of IT policies, together with continuous training of employees is advocated to help prevent employees' mistakes and negligence. Thereby minimizing the internal threat. Any type of company that wants to improve its IT security by preventing the internal threat caused by its employees will benefit from these suggestions.

Information har idag kommit att bli så viktigt att det av många aktörer kallas för den nya digitala oljan, och med anledning av just detta är information idag en av de främsta tillgångar en organisation kan besitta. För att skydda informationen lägger organisationer massiva summor pengar på tekniska och fysiska åtgärder. Tillsammans med dessa åtgärder utfärdas även interna bestämmelser och riktlinjer för hur IT-system och information får eller inte får hanteras. Trots detta sker både intrång och andra säkerhetsrelaterade incidenter som kan härledas till mänskligt felaktigt beteende, eller den så kallade mänsklig faktorn. I den här uppsatsen har därför författaren gjort en djupdykning i ämnet för att studera vilka samband som kan finnas mellan beteendevetenskapliga teorier och efterlevnad av informationssäkerhet. Med kvalitativa metoder har bland annat litteraturstudier genomförts för att ta reda på vilka teorier som är mest relevanta i sammanhanget. Intervjuer har sedan nyttjats för att bredda författarens uppfattning om vilka faktorer som kan påverka mänskligt beteende. De personer som intervjuats har bland varit yrkesverksamma som säkerhetschefer, säkerhetskyddshandläggare och ledande forskare inom det specifika området.

Climate variability and change as well as sea level rise poses significant challenges to livelihoods, water and food security in small island developing states (SIDSs) including the Zanzibar Islands. Thus, without planned strategic adaptation, the future projected changes in climate and sea level will intensify the vulnerability of these sensitive areas. This thesis is based on research conducted in two sites located in the north eastern parts of each island, namely Kiuyu Mbuyuni, Pemba Island and Matemwe, Unguja Island. The research focused firstly on assessing the vulnerability of these two coastal communities to climate variability and change and other stressors. This included investigation of (1) the perceptions of fishers, farmers and seaweed farmers regarding climate stressors and shocks and associated risks and impacts, (2) existing and possible future water and food security issues, and (3) household's access to important livelihood assets. This was followed by an exploration of the coping and adaptive responses of farmers, fishers and seaweed farmers to perceived shocks and stresses and some of the barriers to these responses. Lastly, an analysis of the implications of the findings for achieving sustainable coastal livelihoods and a resilient coastal community was undertaken. The general picture that emerges is that local people along the east coasts of both islands are already vulnerable to a wide range of stressors. Although variability in rainfall is not a new phenomenon in these areas, increasing frequency of dry spells and coastal floods resulting from the influence of El Niño and La Niña events exert enormous pressures on local activities (fishing, farming and seaweed farming) which are the crux of the local economy. The main argument of the study is that the nature and characteristics of these activities are the main source of sensitivity amongst these communities and this creates high levels of vulnerability to climate shocks and trends. This vulnerability is evidenced by the reoccurrence of localised food shortages and the observed food and water insecurity. The study found that food insecurity is a result of unreliable rainfall, drought and seasonality changes. These interacted with other contextual factors such as poor soil, low purchasing power and the lack of livelihood diversification options. In addition to exposure to these almost unavoidable risks from climate variability, the vulnerability of the local communities along the east coasts is also influenced by the low level of capital stocks and limited access to the assets that are important for coping and adaptation. Despite this, some households managed to overcome barriers and adapt in various ways both within the three main livelihood sectors (fishing, farming and seaweed farming) as well as through adopting options outside these sectors resulting in diversification of the livelihood portfolio. However, the study found that most of the strategies opted for by fishers, farmers and seaweed farmers were mainly spontaneous. Few planned adaptation measures supported by state authorities were observed across the sites, with the exception of the provision of motorised boats which were specifically meant to increase physical assets amongst fishers, reduce pressure in the marine conservation areas and prevent overfishing in-shore. Furthermore, numerous strategies that people adopted were discontinued when further barriers were encountered. Interestingly, some of the barriers that prevented households adapting were the same ones that forced households that had responded to abandon their adaptations. To increase resilience amongst east coast communities to current and future predicted changes in climate and sea level, the study argues that traditional livelihood activities (fishing, farming and seaweed farming) need to be better supported, and access to a range of livelihood assets improved. This may be achieved through increased access to local sources of water and facilitation of rainwater harvesting, expanding the livelihood options available to people and increasing climate change awareness, and access to sources of credit.

Globally, most organisations are powerless to protect their information assets against the constant threat of hostile intruders, and leaders are uncomfortable with the potential threat and disruption to the deep-seated norms, patterns, and systems in their organisational setting. Yet little research exists on Leadership in Cyber security and existing cyber research is splintered across literature specific to individual disciplines that are only component domains of the broader cyber security multidiscipline. This study identifies and addresses “the role of strategic leadership in the complex issue of organisational cyber security”. This thesis argues that cyber security is a complex multidisciplinary leadership issue that must be – but usually is not – addressed systemically. This premise was formulated during employment in the cyber domain and my and colleagues’ experiences provided empirical drivers to investigate this phenomenon. Experience and anecdotal evidence indicated absence of corporate governance in organisational cyber security and ill-defined cyber-OAR (Ownership, Accountability and Responsibility). Chief Information Security Officers (CISOs) lack requisite status, and despite multiple stakeholders and government publications, most executives remain cyber-unaware and have no relationship with the CISO – if they have a CISO at all. Yet these vital issues remain unaddressed in academic publications. ii In late 2017, almost no literature existed on the topic and the focus issues were largely unrecognised and ignored. In ensuing years, some recognition and changes have emerged. Promising regulations have been introduced, previously unrecognised aspects researched and published, and visionary cyber leadership has emerged – which might suppose the research topic to be obsolete and unnecessary. But in 2022, the situation is unresolved and despite visionaries, and increased government spending and awareness-building efforts, organisational cyber security is still not understood or practised by most executives. As an academic discipline and organisational practice, cyber security is still in its infancy. An emerging stream of research reveals multiple issues, including fragmentation across multiple academic and practitioner disciplines. Focus has typically remained on technical issues and challenges as computer science and information technology disciplines contribute the majority of published cyber security research, and only scattered articles address non-technology aspects of cyber security. Despite burgeoning interest in the ‘human aspects of cyber security’, when first scoped – with one exception – no research addressed cyber corporate leadership and/or cyber governance ecosystems. This accumulation of worrisome issues is increasingly critical for organisational survival and wellbeing and is substantive evidence of the need for research to address organisational cyber security and leadership. Planned as a thesis-by-publication, this research was purposefully designed as a three-phase study spanning five–six years. An exploratory study, the approach had to be qualitative and emergent. As an infant multidisciplinary domain, the first phase needed to be a scoping review to explore and compare literature across the principal sub-domains. Research commenced with exploring cyber security as a strategic, corporate governance issue that is complex, multidisciplinary, and currently fragmented. Analysis of the scoping review findings confirmed the original premise sufficiently to require a targeted literature review and permitted early conceptual models to be developed, graphically depicting the issues and their interrelationships, and to shape potential solutions and an aspirational future state of organisational cyber security and leadership. The Phase 2 targeted review led to the design of an empirical investigation. Guided by review findings, participants were selected, and questions designed. Interviews were conducted with 31 participants from 24 organisations from the Finance sector, following guidelines approved in HREC (H-2019-127). Analysis was primarily conducted using a series of coding passes; constant comparison, pattern and theme, and reduction of the multiple produced theme-codes to a few tightly focussed supra-codes. Graphic analysis was used throughout, creating a series of models to illustrate and synthesise findings, and develop conceptual frameworks. This coding method of analysis was also used for the literature reviews. Stakeholder theory was the primary filter for all analysis, selected due to the original premise that organisational cyber security is multidisciplinary but siloed and fragmented in academia and praxis. In Phase 3, the principal focus was deeper exploration through theoretical lenses and to develop new theory. Stakeholder theory remained the foundation, but all findings were revisited using a theoretical filter of Triple-loop learning. Papers for each of the three phases have been submitted to a leading journal. The body of this thesis is comprised of these papers in entirety, preceded and followed by a whole-of-work introduction and conclusion. The three papers are co-authored but all the initial foundations, including premises, questions, research objectives, interviews, analysis, and models are my original work. Therefore, from Chapter 4 onwards, I refer to the researcher/ author in the plural, acknowledging the contribution of my supervisor/co-author, Dr Cate Jerram. Findings, conclusions, and recommendations are documented in the three abstracts, but briefly recapitulated here. Phase 1 concluded that traditional silos must be bridged or discarded, and a new common lexicon developed. Cyber security lexicons and approaches must align with corporate strategy. Organisational executives must acknowledge and take ownership, accountability, and responsibility for their organisation's cyber security, and immediately address the role, status, and budget of the CISO. Phase 2, building from Phase 1, revealed that key mechanisms of corporate governance must promote a shared stewardship approach. The CEO and the CISO must work together and resolve cyber-OAR issues, and the corporate governance system and mechanisms need to simultaneously change and align with the CEO-CISO-OAR relationship. Any aspirational future state cyber security must be embedded in a cyber corporate governance ecosystem. Phase 3 concluded our study with theoretical development and found Triple-loop learning approaches can reinvent and transform organisational cyber security. Clear and coherent cyber security must be directed by strategic leadership and the business and cyber ecosystems must be integrated and intrinsically link. As evidenced by the dearth of quality literature discussing the issues addressed here, few resources are available in this domain and all work in this thesis is original, except where referenced. This study makes three major contributions to theory and practice. Firstly, organisational safety and wellbeing requires corporate cyber governance that is led by the Executive. Secondly, it is imperative that the CISO be a strategic trusted advisor in cyber corporate governance, security, and resilience. Thirdly, any progress in advancing organisational cyber security is dependent on eliminating disciplinary fragmentation based in academic and professional silos, instead building cooperation and co-opetition, collaboration, and eventually a coherent, systemic multidiscipline. Finally, models are provided to illustrate these three major contributions and subsidiary contributions, culminating in the proffered concept of an aspirational future state of what we refer to as – ‘cyber corporate governance ecosystem’. This research has produced contributions of value to research and praxis, and frequently to both. The contributions have significant implications that should affect current practice in organisational cyber security and leadership and pave the way for important new fields of research. Significant secondary contributions to practice include the recommendation that silos be discarded to enable a strong and holistic multidiscipline of cyber security. The first implication is that disciplines, professional bodies, and cyber educators (and all extended enterprise) need to strengthen collaboration and establish synergies. Government and quasi-governmental regulators play a vital lead role in cyber security but need to improve dissemination for wider uptake. Organisations, however, need both to become more aware and adoptive of regulations and government provisions, but must improve their ability to adapt any such adoptions to ensure appropriate cultural alignment. Principally, however, Executives must lead and coordinate, determine priorities, and break down barriers to meet organisational need, starting with recognition of the strategic value of cyber security and trusting the CISO as a vital strategic advisor. This research was conducted part-time over six–years in a rapidly changing digital environment that preceded and included the COVID-19 pandemic and its aftermath (and ongoing ‘new normal’), which has inevitably affected the results. This is, though timely, a date-specific limitation. The span of time also saw changes eventuating in the cyber security domain that is the focus of the study. Nevertheless, though the constantly changing cyber landscape has been an impediment to conducting the research, effects on results, conclusions and recommendations have been minimised as much as possible. Primary research limitations are those inherent to qualitative approaches. Empirical investigation through semi-structured interviews provided depth but prohibited large numbers for generalisability. Transferability to other sectors is a possibility, but the original field of enquiry was restricted to the Finance sector. Although an investigation into leadership in organisational cyber security, few participants were themselves CEOs or organisational Board members. Further research is needed across different industry-sectors, qualitative research directly engaging with Executive and Board members is needed, and sufficient explorative studies are required to eventually enable broader, generalisable studies.
Thesis (Ph.D.) -- University of Adelaide, Business School, 2022

This dissertation is comprised of three separate papers that address how cyber power contributes to national power and the implications for international security posed by cyber operations. The first paper, “Cyber Power and International Stability: Assessing Deterrence and Escalation in Cyberspace,” posits that there are unique attributes that define the cyber domain and that have direct implications on deterrence and escalation dynamics between state actors. The second paper, “Arms Control and Confidence Building Measures for the Cyber Domain,” explores at various mechanisms that states have traditionally used to foster stability and prevent inadvertent conflict and assesses their applicability to controlling cyber operations. Finally, “The Logic of Coercion in Cyberspace” delves into the role of cyber operations as both inadvertent and deliberate signals and assesses their utility as a coercive instrument of statecraft.

This qualitative research sought to examine the actual impact of HIV/AIDS on the human security of households in Bulawayo. The two research questions in this study where, how does HIV/AIDS affect the seven areas of human security? and has the economic crisis in Zimbabwe increased the impact of HIV/AIDS on households? This study utilized both primary and secondary data in which the later was consulted in constructing the literature review and to address specific aims one and two. These specific aims were: to assess the human security conditions in Zimbabwe and to examine the potential impact of HIV/AIDS on human security. Data was gathered in the form of two focus group discussions held in Bulawayo with faith-based support groups and also in the form of in-depth interviews with households which were not connected to the faith based support groups in Bulawayo. A total of 29 participants took part in this research representing 29 households. 19 of these households were represented in the two focus group discussions while the remainder of, 10 households were represented in the in-depth interviews. Human security is presented as different from traditional security in that the later seeks to protect nations from external threats while the former seeks to protect people from both external and internal threats such as threats of chronic diseases, hunger, unemployment, crimes, social conflicts, political repressions, environmental hazards and HIV/AIDS. These threats can be natural, manmade or both. Human security was assessed in light of the seven areas of threats to human security which are economic, food, health, environment, personal, community, and political security. Four major themes emanated from this research these being: the financial, health, nutritional and societal impacts of HIV/AIDS on the households in Bulawayo, chief of these being the financial impact in form of increased expenditure, reduced income and diverted investments of households. This study came up with recommendations that aim at reducing and ultimately eradicating the impact of HIV/AIDS on households these being economic empowerment, food aid, ARVs provisions, training in survival skills and orphan care. The major challenge was given to individuals, families, society and NGOs especially the FBOs to take the lead in implementing these recommendations as the government is not yet in a position to do so.
Thesis (M.Com.)-University of KwaZulu-Natal, Westville, 2009.

Cyber attacks can target any nodes of the space infrastructure, and while these attacks are called non-violent, there is a credible capability to use cyber attacks to cause direct or indirect physical damage, injury or death. However, the vulnerability of satellites and other space assets to cyber attack is often overlooked, which is a significant failing given society's substantial and ever increasing reliance on satellite technologies. Through a policy analysis, this dissertation assess the set of political provisions provided by the European Union to address the cyber security issue of the space infrastructure. Such study aims at exploring the geopolitical consequences linked to space cyber security risks, and at assessing the political preparedness of the European Union to address these challenges. The perspective of transatlantic cooperation to further support both American and European effort to tackle this security risk is also addressed. The overarching value of the study is to contribute to future European cyber security for space and transatlantic debates by providing useful perspectives and key takeaways on these two domains. Ultimately, he existing set of policies are not sufficient to address the cyber security issue in Outer Space, a unified approach by the European Union and the United...

Typically we think of security as a good like any other, something with a fairly determinate content which is enjoyed by individuals or groups. There have been many conceptions of what this good consists in but little agreement. In this thesis I conduct an analysis of the concept of security, arguing that while conceptions of security disagree about the content of this good, they all rely on an underlying thin concept: a mode of enjoying that content 'securely.' I provide an account what it means for an entity to enjoy a good securely from both a fact-relative and an evidence-relative perspective. From the fact-relative perspective I argue against a commonly held conception of secure enjoyment as protection from the interference of the powerful and instead suggest that it should be understood purely as the objective probability of enjoying the good in the future. From the evidence-relative perspective, I argue that we should understand the security of a good as the minimum degree of credence an agent may justifiably assign to enjoying that good. Securely enjoying a good therefore implies a reasonable guarantee of enjoying that good in the future, even in instances where the available evidence is limited or imprecise. I argue that the secure enjoyment of goods, from both a fact-relative and an evidence-relative perspective, has an important role to play in moral decision-making. In particular, the importance an agent places on the fact-relative security of a good models the agent's attitude towards outcome risks. Likewise, in situations where there are multiple credence functions compatible with the evidence, placing special weight on the secure expected utility of an act, appears to model the importance of avoiding an epistemic risk. In this respect, the value of security may amount to ensuring the achievement of a minimally decent future despite the limits of the available evidence.

The study aimed to investigate Human Security and Development: A Case of Diepsloot, extension 12 in Johannesburg. There are in total 30 participants who took part in the research, they were all living in this informal settlement. A case study design was used in conjunction with a qualitative research approach. Thirty (30) participants were identified using purposive sampling. Semi-structured interviews were conducted through an interview guide on their human security and development. The interviews were also recorded. A thematic analysis was used to extract the essence from the data as it emphasises identifying, analysing and interpreting patterns of meaning within qualitative data and presenting the findings according to themes supported by quotes. The research findings demonstrate that the residents of Diepsloot, extension 12, were not provided with human security and opportunities to promote development. The South African government claims to provide service delivery to its citizens in support of the objective of the government’s National Development Plan (NDP) to eradicate poverty by 2030. Yet, the study proved that inhabitants of the Diepsloot settlement were in dire need of support and job opportunities to upgrade their living conditions. The study recommends that: Human security and development should be the government’s priority, focussing on the implementation of development policies, especially in informal settlements
Lesifundvolucwaningo sihlose kuphenya Kuvikeleka Kweluntfu Nentfutfuko: Sehlakalolucwaningo saseDiepsloot Extension 12 eJozi. Linani selilonkhe lalabangenela lolucwaningo bebangu-30; bonkhe bebahlala eDiepsloot Extension 12, lokuyindzawo lehlala bantfu lekangahleleki eJozi. Lesifundvolucwaningo lesehlakalo sisetjentiswe ngekuhlanganisa nendlela yelizingasimo. Kwakhetfwa labatawungenela lolucwaningo labangu-30 ngekusebentisa kukhetsa emasamphula ngenhloso. Kwasetjentiswa inkhombandlela yekwenta i-inthaviyu kute kubanjwe ema-inthaviyu lasakuhleleka nalabo labangenele lolucwaningo. Lama-inthaviyu bekagcile ekuvikelekeni kweluntfu nentfutfuko, futsi arekhodwa. Kwasetjentiswa luhlatiyo ngekwengcikitsi kutfola bunjalo kuleyo datha. Kwakugcilwe ekuboneni, ekuhlatiyeni nasekuhumusheni emaphethini enshokutsi kuleyo datha yelizingasimo, kanye nekwetfula loko lokutfoliwe ngekulandzela tingcikitsi letesekelwa ticashunwa. Lokutfolwe ngulolucwaningo kuveta kutsi bahlali baseDiepsloot Extension 12 bebanganikwa kuvikeleka kweluntfu kanye nematfuba langagcugcutela intfutfuko yabo. Hulumende waseNingizimu Afrika utitjela kutsi yena unika takhamuti tawo tinsita ekwesekeleni inhloso yeLisu lakhe Lavelonkhe Lentfutfuko (i-NDP) kute kucedvwe buphuya nga-2030. Nanome kunjalo, lesifundvolucwaningo siveta kutsi bahlali basendzweni lengakahleli yaseDiepsloot badzinga kakhulu kwesekelwa kanye nematfuba emisebenti kute bente ncono timo tabo tekuphila.Lesifundvolucwaningo sincoma kutsi kuvikeleka kweluntfu kanye nentfutfuko kufanele kutsi kube tintfo hulumende latibeka embili kutsi utawucala ngato atente; kanye nekutsi kugcilwe ekufezekiseni tinchubomgomo tentfutfuko, ikakhulu etindzaweni letihlala bantfu letingakahleleki
Esi sifundo sajolisa ukuphanda Ukhuseleko Nophuhliso Loluntu: Imeko yase D Diepsloot Extension 12 eRhawutini (Human Security and Development: A Case of Diepsloot Extension 12 in Johannesburg). Bangama-30 abantu abathatha inxaxheba kolu phando; bonke babehlala eDiepsloot Extension 12, indawo yokuhlala engekho sesikweni eRhawutini. Kwasetyenziswa uyilo lophando lwesifundo esingumzekelo kunye nendlela yophando ngokuphonononga izimvo (ukuzathuza). Kwachongwa ngononophelo isampulu yabathathi nxaxheba abangama-30. Kwasetyenziswa isikhokelo sodliwano ndlebe ekuqhubeni iindliwano ndlebe ezingaqingqwanga nabathathi nxaxheba. Iindliwano ndlebe zagxininisa kukhuseleko nophuhliso loluntu kwaye zashicilelwa njengengxelo. Kwasetyenziswa uhlalutyo lwemixholo ukuze kuhluzwe ingxam/undoqo womcimbi kwidatha. Kwakugxininiswe ekuchongeni, ekuhlalutyeni nasekutolikeni iipatheni zeentsingiselo kwidatha yozathuzo, nasekunikezeleni okufunyanisiweyo ngokwemixholo exhaswa kokucatshuliweyo. Okufunyaniswe kuphando kwadiza ukuba abemi baseDiepsloot Extension 12 abanamathuba okhuseleko anokukhuthaza uphuhliso lwabo. URhulumente woMzantsi Afrika uthi unikezela ngeenkonzo zoluntu kubemi bakhe ngeenjongo zokuxhasa iCebo Lophuhliso Likazwelonke (iNational Development Plan - NDP) ukuze uthi ufika owama-2030 kube kupheliswe tu ubuhlwempu. Noxa kunjalo, olu phando lububungqina bokuba abemi baseDiepsloot badinga ngamandla inkxaso namathuba emisebenzi ukuze baphucule iimeko zabo zentlalo. Esi sifundo siphakamisa ukuba ukhuseleko nophuhliso loluntu ibe yimiba esentloko kulungiselelo karhulumente; kwaye kufuneka kugxininiswe ekusetyenzisweni kweenkqubo zophuhliso, ngakumbi kwiindawo zokuhlala ezingekho sesikweni.
Development Studies
M.A. (Development studies)

Security breaches nowadays are not limited to technological orientation. Research in the information security domain is gradually shifting towards human behavioral orientation toward breaches that target weaknesses arising from human behaviors (Workman et al., 2007). Currently, social engineering breaches are more effective than many technical attacks. In fact, the majority of cyber assaults have a social engineering component. Social Engineering is the art of manipulating human flaws towards a malicious objective (Breda et al., 2017). In the likely future, social engineering will be the most predominant attack vector within cyber security (Breda et al., 2017). Human failures, persuasion and social influences are key elements to understand when considering security behaviors. With the increasing concerns for social engineering and advancements in human factors-based technology, phishing emails are becoming more prevalent in exploiting human factors and external factors. Such factors have been researched upon in pairs, not overall. Till date, there is not much research done to identify the collaborative links between authority, urgency, risk perception and human factors such as personality traits, and knowledge. This study investigates about phishing email characters, external influences, human factors influences, and their collaborative effects.

Information security (InfoSec) policies are widely used by institutions as a form of InfoSec control measure to protect their information assets. InfoSec policies are commonly documented in natural language, which is prone to ambiguity and misinterpretation, thereby making it hard, if not impossible, for users to comply with. These misinterpretations may lead the students or staff members to wrongfully execute the required actions, thereby making institutions vulnerable to InfoSec attacks. According to the literature review conducted in this work, InfoSec policy documents are often not followed or complied with; and the key issues facing InfoSec policy compliance include the lack of management support for InfoSec, organisational cultures of non-compliance, intentional and unintentional policy violation by employees (the insider threat), lack of policy awareness and training as well as the policy being unclear or ambiguous. This study is set in the higher education context and explores the extent to which the non-compliance problem is embedded within the policy documents themselves being affected by ambiguity. A qualitative method with a case study research strategy was followed in the research, in the form of an inductive approach with a cross-sectional time horizon, whereby a selection case of relevant institutional InfoSec policies were analysed. The data was collected in the form of academic literature and InfoSec policies of higher education institutions to derive themes for data analysis. A qualitative content analysis was performed on the policies, which identified ambiguity problems in the data. The findings indicated the presence of ambiguity within the policy documents, making it possible to misinterpret some of the policy statements. Formal methods were explored as a possible solution to the policy ambiguity. A framework was then proposed to address ambiguity and improve on the clarity of the semantics of policy statements. The framework can be used by policy writers in paying attention to the presence of ambiguity in their policies and address these when drafting or revising their policy documents.
School of Computing

Although many counter-drone systems such as drone jammers and anti-drone guns have been implemented, drone incidents are still increasing. These incidents are categorized as deviant act, a criminal act, terrorist act, or an unintentional act (aka system failure). Examples of reported drone incidents are not limited to property damage, but include personal injuries, airport disruption, drug transportation, and terrorist activities. Researchers have examined only drone incidents from a technological perspective. The variance in drone architectures poses many challenges to the current investigation practices, including several operation approaches such as custom commutation links. Therefore, there is a limited research background available that aims to study the intercomponent mapping in unmanned aircraft system (UAS) investigation incorporating three critical investigative domains---behavioral analysis, forensic intelligence (FORINT), and unmanned aerial vehicle (UAV) forensic investigation. The UAS forensic intelligence-led taxonomy (U-FIT) aims to classify the technical, behavioral, and intelligence characteristics of four UAS deviant actions --- including individuals who flew a drone too high, flew a drone close to government buildings, flew a drone over the airfield, and involved in drone collision. The behavioral and threat profiles will include one criminal act (i.e., UAV contraband smugglers). The UAV forensic investigation dimension concentrates on investigative techniques including technical challenges; whereas, the behavioral dimension investigates the behavioral characteristics, distinguishing among UAS deviants and illegal behaviors. Moreover, the U-FIT taxonomy in this study builds on the existing knowledge of current UAS forensic practices to identify patterns that aid in generalizing a UAS forensic intelligence taxonomy. The results of these dimensions supported the proposed UAS forensic intelligence-led taxonomy by demystifying the predicted personality traits to deviant actions and drone smugglers. The score obtained in this study was effective in distinguishing individuals based on certain personality traits. These novel, highly distinguishing features in the behavioral personality of drone users may be of particular importance not only in the field of behavioral psychology but also in law enforcement and intelligence.

The purpose of this study was to develop a support programme for facilitating the integration of nutrition and food security with HIV prevention, treatment and care. The study was organised in three phases. Phase one was a quantitative cross-sectional survey that employed a structured interview with people living with HIV among selected two public hospitals and three health centres. The second phase employed focus group discussion with senior health experts to explore their perspective and experience in integrating nutrition and food security with HIV prevention, treatment, and care. The findings indicated that malnutrition and food insecurity were highly prevalent and significantly affected the treatment outcome and quality of life of PLWHA in the region. Socio-economic, clinical features and structural factors, such as educational status, place of residence, household income, source of drinking water, kind of toilet facility, inadequate dietary diversity, poor asset possession, opportunistic infections, duration on ART, CD4 cell count, and health system-related factors such as lack of viral and CD4 analysis laboratories and inconsistent antiretroviral medication supply were found as predictors of malnutrition and food insecurity. To cope up with the dire impact of malnutrition and food insecurity, short term, erosive and unsustainable food consumption coping strategies were employed. Based on the findings, the researcher developed a support programme for facilitating the integration of nutrition and food security with HIV prevention, treatment and care as phase three of the study. The developed programme is holistic and focuses on multi- and intersectoral collaboration to improve the treatment outcome, quality of life and overall wellbeing people living with HIV.
Health Studies
D. Litt. et Phil. (Health Studies)

MA (Political Science)
Department of Development Studies
South Africa attracts a variety of migrants, largely from the Southern African region. It has become the largest recipient of foreign nationals in Africa. South Africa’s porous borders linked to its neighbouring countries contribute to the influx of foreign nationals. Mozambique has been the largest supplier of workers in mining and agricultural sectors of South Africa. However, along the way and upon arrival, migrants are surrounded by treacherous conditions. This is because both documented and undocumented migrants are susceptible to xenophobic sentiments, violence and discrimination. Therefore, in search for security, migration initiates a new risk of insecurity. This study employed the qualitative approach to explore the causes of migration and experiences of Mozambican migrants in Johannesburg, South Africa. Research findings reveal that migrants come to South Africa for different reasons, not limited to economic factors. Some migrants come to South Africa for education and to seek refuge. Foreign nationals’ experiences vary from one person to another, as the findings show that some migrants get the privilege to start a thriving business and employ the locals. Therefore, migrants also contribute to the South African economy.
NRF

This is an exploratory study on “Evaluation of Pass-on the Gift Concept on the Socioeconomic Welfare of Rural Households: The Case of SACHZEP and ELITE Projects in Katete District, Zambia. The main research objective of the study was to evaluate the impact of the PoG concept on the socioeconomic welfare of rural households. A mixed methods approach was used involving 124 household in the survey interviews, 5 FGDs and 18 key informant interviews. Study findings showed relationships existing between type of livestock with compliance to pass on the gift (p-=0.001), food security (p=0.001), income security (p=0.007) and education at 9th grade level (p=0.002). No relationship exists between livestock type with shelter status of beneficiaries. Livestock type, water scarcity, IKS and practices, sharing of knowledge, skills and livestock affects PoG impact on socioeconomic welfare of rural households. PoG is compatible with indigenous knowledge systems and supports Human Centred Development approach.
Development Studies
M.A. (Development Studies)

Food insecurity in South Africa is not due to a shortage of food in the country but to inadequate access to food by poor groups of individuals and households. Many people, who lost their jobs due to retrenchments or can’t find suitable jobs for various reasons, revert to street trading or other activities of the informal economy as a survival strategy. There is limited information on understanding the food security status and strategies used by street traders and their households in Durban. This study aims to understand the extent of food insecurity among street traders in terms of their access to food, the quality of food consumed and the strategies they used to cope with food shortage. A mixed research method composed of a survey, face to face interviews and observations were conducted with a sample population of 120. The findings of this study confirmed that the sector was dominated by semi-literate people who generated R2000 per month which was to be shared with an average of 4 members of their respective households. Consequently, the majority of street traders’ households lived below the poverty line, thus food insecure. Limited income compromised the quality of food consumed: energy dense food dominated their food; hence 59.2% suffered from communicable lifestyle diseases. The study recommended more studies in this field, the extension of the Isipingo census to the entire municipality and the decriminalization of street trading by the municipality in order to improve the food security situation of street traders.
Geography
M.A. (Human Ecology)