Marthie Grobler

Common challenges faced during the establishment of a CSIRT

A CSIRT is a team of dedicated information security specialists that prepares for and responds to information security incidents. When an incident occurs, members of a CSIRT can assist its constituency in determining what happened and what actions need to be taken to remedy the situation. The establishment of a CSIRT, however, is not without certain difficulties or complications. Such a project requires sustained commitment and relies largely on a circle of international trust that needs time to develop. Without these attributes, a CSIRT establishment project can run into a number of problems that can have varying effects on the successfulness of the project. This article looks at a number of common problems faced during the establishment of a CSIRT, within the set of chronological steps.

Implementation of a Cyber Security Policy in South Africa: Reflection on Progress and the Way Forward

Cyber security is an important aspect of National Security and the safekeeping of a Nation’s constituency and resources. In South Africa, the focus on cyber security is especially prominent since many geographical regions are incorporated into the global village in an attempt to bridge the digital divide. This article reflects on current research done in South Africa with regard to a cyber security policy, and proposes the development of methodologies and frameworks that will enable the implementation of such a policy. The focus of this article is the use of an ontology-based methodology to identify and propose a formal, encoded description of the cyber security strategic environment. The aim of the ontology is to identify and represent the multi-layered organisation of players and their associated roles and responsibilities within the cyber security environment. This will contribute largely to the development, implementation and rollout of a national cyber security policy in South Africa.

Digital Forensic Readiness: An Insight into Governmental and Academic Initiatives

Digital Forensics is a discipline that primarily focuses on the post-incident side of an investigation. However, during the last decade, there is a considerable amount of research that considers proactive measures taken by an organization. Such measures comprise a digital forensic readiness plan. This paper first presents research initiatives on forensic readiness across the public sector and the academia, and then critically evaluates their motivations and objectives by pointing out gaps that need bridging. Lastly, it informally proposes steps to guide the formulation of a forensic readiness policy.

Broadband broadens scope for cyber crime in Africa

Africa has recently seen explosive growth in information and communication technologies, making cyber crime a reality in this part of the world. This paper investigates the possibility of another increase in cyber crime as a result of the planned increased broadband access for the African continent. Currently, Africa has limited or inadequate action and controls to protect computers and networks, making it both a target of attack as well as a medium to attack other parts of the world. Cyber space threats and trends are a reality as the shortage of IT education and the absence of African languages prevents people from acting on warnings of cyber fraud. To address this problem, people need to be made aware of the threats and trends, and the potential adverse effect it may have on them: the use of pirate copies of software and operating systems increases the threats as no security updates are installed; the lack of standardized procedures can lead to uncertainties about the effectiveness of investigating techniques. An increase in broadband access will give Internet access to more users in Africa, effectively broadening the scope for cyber crime.

On the viability of pro-active automated PII breach detection: A South African case study

Various reasons exist why certain types of information is deemed personal both by legislation and society. While crimes such as identity theft and impersonation have always been in existence, the rise of the internet and social media has exacerbated the problem. South Africa has recently joined the growing ranks of countries passing legislation to ensure the privacy of certain types of data. As is the case with most implemented security enforcement systems, most appointed privacy regulators operate in a reactive way. While this is a completely acceptable method of operation, it is not the most efficient. Research has shown that most data leaks containing personal information remains available for more than a month on average before being detected and reported. Quite often the data is discovered by a third party who selects to notify the responsible organisation but can just as easily copy the data and make use of it. This paper will display the potential benefit a privacy regulator can expect to see by implementing pro-active detection of electronic personally identifiable information (PII). Adopting pro-active detection of PII exposed on public networks can potentially contribute to a significant reduction in exposure time. The results discussed in this paper were obtained by means of experimentation on a custom created PII detection system.

Towards a platform to visualize the state of South Africa's information security

Attacks via the Internet infrastructure is increasingly becoming a daily occurrence and South Africa is no exception. In response, certain governments have published strategies pertaining to information security on a national level. These policies aim to ensure that critical infrastructure is protected, and that there is a move towards a greater state of information security readiness. This is also the case for South Africa where a variety of policy initiatives have started to gain momentum. While establishing strategy and policy is essential, ensuring its implementation is often difficult and dependent on the availability of resources. This is even more so in the case of information security since virtually all standardized security improvement processes start off with specifying that a proper inventory is required of all hardware, software, people and processes. While this may be possible to achieve at an organizational level, it is far more challenging on a national level. In this paper, the authors examine the possibility of making use of available data sources to achieve inventory of infrastructure on a national level and to visualize the state of a countrys information security in at least a partial manner.

Collaboration as proactive measure against cyber warfare in South Africa

The international scope of the Internet and wide reach of technological usage requires cyber defence systems to intersect largely with the application and implementation of international legislation. One of the problems associated with the technological revolution is that cyber space comprises complex and dynamic technological innovations to which no current legal system is well suited. A further complication is the lack of comprehensive treaties facilitating international cooperation with regard to cyber defence. The result is that many countries will not be properly prepared or adequately protected by legislation in the event of a cyber attack on a national level. The article investigates this problem by touching on the influence that cyber defence has on the international position of the government. The article addresses the principles of cyber security and cyber warfare acts, and briefly touches on cyber security collaboration efforts for South Africa. The authors are of the opinion that Africa does not follow a coordinated approach in dealing with cyber security, and that the various structures that have been established to deal with cyber security are inadequate to deal with issues holistically. To work towards such a co ordinated approach, it is suggested that specific interventions be developed to address cyber crime. This approach should create and maintain a partnership or collaboration between business, government and civil society. The authors are of the opinion that unless these spheres of society work together, Africas efforts to ensure a secure cyber space may be compromised.

A general morphological analysis: delineating a cyber-security culture

The purpose of this paper is to define and delineate cyber security culture. Cyber security has been a concern for many years. In an effort to mitigate the cyber security risks, technology-centred measures were deemed to be the ultimate solution. Nowadays, however, it is accepted that the process of cyber security requires much more than mere technical controls. On the contrary, it now demands a human-centred approach, including a cyber security culture. Although the role of cultivating a culture in pursuing cyber security is well appreciated, research focusing intensely on cyber security culture is still in its infancy. Additionally, knowledge on the subject is not clearly bounded and defined.,General morphological analysis (GMA) is used to define, structure and analyse the cyber security environment culture.,This paper identifies the most important variables in cultivating a cyber security culture.,The delineation of the national cyber security domain will contribute to the relatively new domain of cyber security culture. They contribute to the research community by means of promoting a shared and common understanding of terms. It is a step in the right direction towards eliminating the ambiguity of domain assumptions.,Practically, the study can assist developing nations in constructing strategies that addresses the key factors that need to be apparent in lieu to cultivating its envisaged national culture of cyber security. Additionally, the GMA will contribute to the development of solutions or means that do not overlook interrelations of such factors.,Delineating and defining the cyber security culture domain more precisely could greatly contribute to realizing the elements that collectively play a role in cultivating such a culture for a national perspective.

Proactive Digital Forensics: The Ever-Increasing Need for Standardization

Proactive digital forensics is a phase within the digital forensics lifecycle that deals with pre-incident preparation. Despite the increasing research on the pre-incident side of forensic investigations, little steps have been taken towards standardizing and regulating the process. This paper expresses the need for the standardization of the proactive forensics domain and argues that the first step towards the realization of a unified standard is the identification and evaluation of current proactive initiatives.