Elmarie Kritzinger

Cyber security for home users: A new way of protection through awareness enforcement

We are currently living in an age, where the use of the Internet has become second nature to millions of people. Not only businesses depend on the Internet for all types of electronic transactions, but more and more home users are also experiencing the immense benefit of the Internet. However, this dependence and use of the Internet bring new and dangerous risks. This is due to increasing attempts from unauthorised third parties to compromise private information for their own benefit - the whole wide area of cyber crime. It is therefore essential that all users understand the risks of using Internet, the importance of securing their personal information and the consequences if this is not done properly. It is well known that home users are specifically vulnerable, and that cyber criminals have such users squarely in their target. This vulnerability of home users is due to many factors, but one of the most important one is the fact that such home users in many cases are not aware of the risks of using the Internet, and often venture into cyber space without any awareness preparation for this journey. This paper specifically investigates the position of the home user, and proposes a new model, the E-Awareness Model (E-AM), in which home users can be forced to acquaint themselves with the risks involved in venturing into cyber space. The E-AM consists of two components: the awareness component housed in the E-Awareness Portal, and the enforcement component. This model proposes a way to improve information security awareness among home users by presenting some information security content and enforcing the absorption of this content. The main difference between the presented model and other existing information security awareness models is that in the presented model the acquiring/absorption of the awareness content is compulsory - the user is forced to proceed via the E-Awareness Portal without the option of bypassing it.

Information security management: An information security retrieval and awareness model for industry

The purpose of this paper is to present a conceptual view of an Information Security Retrieval and Awareness (ISRA) model that can be used by industry to enhance information security awareness among employees. A common body of knowledge for information security that is suited to industry and that forms the basis of this model is accordingly proposed. This common body of knowledge will ensure that the technical information security issues do not overshadow the non-technical human-related information security issues. The proposed common body of knowledge also focuses on both professionals and low-level users of information. The ISRA model proposed in this paper consists of three parts, namely the ISRA dimensions (non-technical information security issues, IT authority levels and information security documents), information security retrieval and awareness, and measuring and monitoring. The model specifically focuses on the non-technical information security that forms part of the proposed common body of knowledge because these issues have, in comparison with the technical information security issues, always been neglected.

E-learning: Incorporating Information Security Governance

Introduction Education methods within the education environment have undergone a paradigm shift of over the last few years. This is primarily due to the introduction of newer and better technologies for example the Internet. One new education method that emerged from using these new technologies is Electronic Learning (E-learning). E-learning can be defined as technology-based learning in which learning material is delivered electronically to remote learners via a computer network (Zhang, Zhao, & Nunamaker, 2004). A great deal of research has already been done in the e-learning environment. However, one aspect that has not received much attention is the important role Information Security plays within the e-learning environment. The primary reason why Information Security is so important within the e-learning environment is that e-learning is mainly dependent on information as well as communication technologies (ICT). The use of ICT however, could lead to many possible Information Security risks that could compromise information. These Information Security risks are not necessarily unique to the e-learning environment but should however be addressed as if it where. It is therefore vital that all necessary steps be taken by educational institutions to ensure information is properly secured within the e-learning environment. Possible Information Security Risks Regarding E-Learning Let us envisage the following scenario where an e-learning environment allows students to access a system from remote access points. This scenario is not uncommon and many such scenarios could already be found in educational institutions all around the globe. A comprehensive e-learning environment exists, where lecturers (L) and students (S) can do the following: * (L): Load course material onto course web sites for students to retrieve, * (S): Retrieve course material and lectures from a course web site, * (S): Submit assignments to a course web site from where lecturers retrieve and mark such assignments, * (L): Store assignment marks on a course web site, * (S): Access a course web site to retrieve their marks for assignments, * (L): Store tests to be written directly on the course web site, * (S): Write different types of tests directly on their work stations with results marked by the system and stored on a course database, and * (S): Access course web sites to get the results of tests. Please note that the examples above are not the only actions with in e-learning, however it is sufficient enough to illustrate the scenario. Information Security risks that can arise from the above mentioned examples without proper Information Security include the following: * Course material may be altered by unauthorized people, * Bogus course material may be loaded on course web sites, or web sites may be defaced, * Submitted assignments can be copied from course web sites by unauthorized parties, * Submitted assignments can be changed or deleted by unauthorized parties, * Marks can be changed/deleted, * Access to test papers may be gained, test contents can be changed, or the test can be deleted before the scheduled test date, * People may masquerade as students and write tests on behalf of such students, * Students may get unauthorized help during the writing of tests, * The destruction of course web sites and course databases containing marks * Denial of service attempts against course web sites preventing authorized students from accessing the web site. * Logon information (student/user ID and passwords) of lecturers and students can be intercepted and misused. The Information Security risks identified above should be addressed by ensuring that the e-learning Information Security countermeasures are implemented thought out the e-learning environment. …

Information security in an e-learning environment

In the last few years the education environment underwent a paradigm shift due to the rapid growth in technology. This growth made it possible for the education environment to utilize electronic services to enhance their education methods. It is, however, vital that all education environments (traditional or new ones) ensure that all resources (lectures, students and information) are properly protected against any possible security threats. This paper identifies technical and procedural (non-technical) information security countermeasures that could enhance the security of information within the education environments.

A conceptual analysis of information security education, information security training and information security awareness definitions

The importance of information security education, information security training, and information security awareness in organisations cannot be overemphasised. This paper presents working definitions for information security education, information security training and information security awareness. An investigation to determine if any differences exist between information security education, information security training and information security awareness was conducted. This was done to help institutions understand when they need to train or educate employees and when to introduce information security awareness programmes. A conceptual analysis based on the existing literature was used for proposing working definitions, which can be used as a reference point for future information security researchers. Three important attributes (namely focus, purpose and method) were identified as the distinguishing characteristics of information security education, information security training and information security awareness. It was found that these information security concepts are different in terms of their focus, purpose and methods of delivery.

A proposed cyber threat incident handling framework for schools in South Africa

In South Africa, there is a lack of structure or guidance for schools on how to deal with cyber threats. There are no clear procedures that are consistently followed by schools, governing boards and educators, and the cyber threat process is not widely known and understood by educators, learners and their parents/guardians. As a result, many learners remain vulnerable to the negative effects of cyber threats. An example is a Krugersdorp High School girl who was attacked after a cyber-threat ordeal, (The Star 9 February 2012: 1). In this paper a framework is therefore proposed that schools can implement to assist learners with cyber threat incidents. The methodology that will be followed in this article is, firstly, to determine from the literature how a victim of cyber threat can be helped, secondly, to develop an incident handling structure that will assist learners in reporting cyber threats, and thirdly, to develop a framework which will address the lack of structure, guidance or procedures when dealing with cyber threats in schools. The gap which exists now deters learners from reporting cyber threat incidents. To fill this gap, the authors propose an incident handling structure which will assist learners to report and receive protection against online threats. It is hoped that, in the end, learners will know what to do when they are threatened online. In addition, cyber threat policies and procedures are proposed to protect and inform learners and their parents about cyber threats. These procedures collate, outline legislation and the policies of the Department of Basic Education. The aim is to give schools rights and responsibilities in addressing cyber threat incidents. Practical considerations such as time and costs limit the study to a sample of schools in South Africa. The framework for intervention in cyber threat incidents as part of school policies in South Africa is merely a proposal to the rightful stake holders, since policies for schools are determined by the Department of Basic Education which the authors are not members of.

A Framework for Cyber Security in Africa

This paper deals with at least four major cyber safety concerns in Africa discussed in recent literature. These cyber concerns include aspects such as policies, procedure, awareness, research and the provision of technical security measures. Each concern is examined, the main focus areas are highlighted and a solution is proposed. This paper concludes by combining all relevant solutions into a proposed cyber security framework to assist Africa in decreasing its cybercrime rate especially among home users with no or limited cyber safety knowledge.

Enhancing cyber safety awareness among school children in South Africa through gaming

Information Communication Technology (ICT) is becoming an integral part of our lives. ICTs form part of our working, social and educational environment. Access to ICT devices is rapidly increasing and more ICT users in developing countries are becoming cyber users. One group of cyber users that is fast becoming active cyber citizens in the online community are children (school children). School children are exposed to ICTs from a young age and access to these devices is becoming easier and more affordable. However, school children in developing countries are not properly educated about using ICTs safely. With the use of ICTs, school children can be exposed to a number of cyber risks and threats that can range from sexting and cyber bullying to identity theft. It is, therefore, of vital importance that all school children are aware on how to use ICT devices properly and safely. In developed countries, for example the UK and Austria, this educational process has been implemented; however, this is not the case in many developing countries, including South Africa. Currently, South Africa does not have any initiatives to ensure cyber safety among school children. This research is an attempt to address this gap in cyber education by proposing the concept of cyber safety games that can be distributed (at no cost) to schools and translated into different languages. The research methodology includes a meta-analysis search and a proposed framework that can be used to design offline cyber safety games in an attempt to grow a cyber-safety culture among school children in South Africa.

Online safety in South Africa - A cause for growing concern

We live in a technology-driven world, where information communication technology (ICT) is increasingly affordable, obtainable and accessible to all technology users, especially to school learners. Information communication technologies (ICTs) include a wide range of devices such as mobile phones, internet access, tablets and desktops. More and more school learners are exposed to ICT devices at school, at home and among friends. Besides being used for social purposes, these devices greatly assist school learners with education. However, a number of disadvantages in the form of risks and threats also prevail if learners do not protect themselves and their personal information. ICT or online risks are a cause for growing concern, and awareness and education are urgently required to ensure that school learners understand the risks and threats and how to avoid them. A number of countries have already started to focus on online safety, but South Africa is numbered among those that are falling behind. This paper investigates the current online safety situation of high school learners in South Africa. A number of short- and long-term initiatives are proposed for incorporating online safety into the school environment in an effort to improve online safety among school learners in South Africa.

Five Non-Technical Pillars of Network Information Security Management

Securing information is vital for the survival of many organizations. Therefore, information must be proactively secured against harmful attacks. This securing of information becomes more complex when such information is transmitted over networks. This paper identifies five non-technical pillars (essentials) for network security management. For each pillar a number of specific actions are specified, resulting in a check list for a high level evaluation of the security status of these 5 pillars in a networked environment.