Hanifa Abdullah

A formal qualitative risk management approach for IT security

Information technology (IT) security, which is concerned about protecting the confidentiality, integrity and availability of information technology assets, inherently possesses a significant amount of risk, some known and some unknown. IT security risk management has gained considerable attention over the past decade due to the collapsing of some large organisations in the world. Previous investigative research in the field of IT security have indicated that despite the efforts that organisations employ to reduce IT security risks, the trend of IT security attacks are still increasing. One of the contributing factors to poor management of IT security risk is attributed to the fact that IT security risk management is often left to the technical security technologist who do not necessarily employ formal risk management tools and reasoning. For this reason, organisations find themselves in a position where they do not have the correct approach to identify, assess and treat IT security risks. Employing a formal risk based approach in managing IT security risk assist in ensuring that risks that matter to an organisation are accounted for and as a result, receive the correct level of attention. Defining an approach of how IT security risk is managed should be seen as a fundamental task, which is the basis of this research. The objective of this paper is to propose an approach for identifying, assessing and treating IT security risk which incorporates a robust risk analysis and assessment process. The risk analysis process aims to make use of a comprehensive IT security risk universe which caters for the complex and dynamic nature of IT security. The research will contribute to the field of IT security by using a consolidated approach that utilises coherent characteristics of the available qualitative risk management frameworks to provide a stronger approach that will enable organisations to treat IT security risk better.

A conceptual framework for proactively planning and retrospectively evaluating e-learning readiness within an open distance learning (ODL) institution

The University of South Africa (UNISA) is the largest committed open distance learning (ODL) institution in South Africa. In line with ODL principles, UNISA has rolled out electronic (e)-learning to all undergraduate modules as from 2013. An important challenge for the university has been the transition from the traditional paper-based mode of instruction to e-learning. This transition requires an e-readiness strategic plan prior to the e-learning rollout. E-learning readiness comprises an intricate, in-depth, continuous process of identifying critical issues that may impede the successful rollout of e-learning within the institution. There are a host of factors that need to be considered prior to embarking on an e-learning initiative which have not been considered prior to the e-learning rollout initiative of 2013. This paper proposes a conceptual framework for an e-learning readiness framework that can be used proactively for new e-learning initiatives and retrospectively to evaluate existing e-learning interventions to identify weaknesses in current e-learning practices. The objective of this paper is to improve interactive technology-enriched teaching with regard to e-learning practices.

A conceptual framework for integrated information privacy protection

Successful organizations strive to achieve a high degree of corporate governance, effective techniques for risk management, and an assurance regarding the fulfilment of compliance requirements. This effort bears the Governance, Risk and Compliance (GRC) label, which entails integrating these three disparate disciplines to achieve effectiveness and efficiency in meeting the organizations strategic objectives. An interesting development has been the integration of privacy within a GRC context. Privacy has a number of elements, including governance, management, legal, technical aspects, compliance, risk management, information security, business processes and organizational issues which fall into the GRC processes. A large number of privacy breaches and a growing number of privacy regulations will steer organizations in the realm of managing privacy protection within a GRC context. There are a number of privacy facets but the focus of this paper is specifically on information privacy protection. This paper seeks to develop a formalized and repeatable conceptual framework to address information privacy protection within a GRC frame of reference.