Search results

The purpose of this paper is to position the preservation and protection of intellectual capital as a cyber security concern. The paper outlines the security requirements of intellectual capital to help boards of directors (BoDs) and executive management teams to understand their responsibilities and accountabilities in this respect.

The research methodology is desk research. In other words, we gathered facts and existing research publications that helped us to define key terms, to formulate arguments to convince BoDs of the need to secure their intellectual capital and to outline actions to be taken by BoDs to do so.

Intellectual capital, as a valuable business resource, is related to information, knowledge and cyber security. Hence, preservation thereof is also related to cyber security governance and merits attention from BoDs.

This paper clarifies BoDs intellectual capital governance responsibilities, which encompass information, knowledge and cyber security governance.

The authors hope that BoDs will benefit from the clarifications, and especially from the positioning of intellectual capital in cyber space.

If BoDs know how to embrace their intellectual capital governance responsibilities, this will help to ensure that such intellectual capital is preserved and secured.

This paper extends a previous paper published by Von Solms and Von Solms, which clarified the key terms of information and cyber security, and the governance thereof. The originality and value is the focus on the securing of intellectual capital, a topic that has not yet received a great deal of attention from security researchers.

The purpose of this paper is to define cybersecurity and cybersecurity governance in simplified terms – to explain to the boards of directors and executive management their responsibilities and accountabilities in this regard.

The primary research methodology utilized in this paper is desk research. A literature study is followed by some discussion in terms of the contribution made.

Clearly define the relationship between cybersecurity and information security, especially from a governance perspective.

The paper is based predominantly on an ISO standard.

The simplification of terminology to be used in the governance of cybersecurity, together with assistance to the guiding of boards of directors regarding their duties and responsibilities as far as cybersecurity is concerned.

This article has been withdrawn as it was published elsewhere and accidentally duplicated. The original article can be seen here: 10.1108/09685229710168006. When citing the article, please cite: Rossouw von Solms, (1997), “Driving safely on the information superhighway”, Information Management & Computer Security, Vol. 5 Iss: 1, pp. 20 - 22.

The purpose of this paper is to define and delineate cyber security culture. Cyber security has been a concern for many years. In an effort to mitigate the cyber security risks, technology-centred measures were deemed to be the ultimate solution. Nowadays, however, it is accepted that the process of cyber security requires much more than mere technical controls. On the contrary, it now demands a human-centred approach, including a cyber security culture. Although the role of cultivating a culture in pursuing cyber security is well appreciated, research focusing intensely on cyber security culture is still in its infancy. Additionally, knowledge on the subject is not clearly bounded and defined.

General morphological analysis (GMA) is used to define, structure and analyse the cyber security environment culture.

This paper identifies the most important variables in cultivating a cyber security culture.

The delineation of the national cyber security domain will contribute to the relatively new domain of cyber security culture. They contribute to the research community by means of promoting a shared and common understanding of terms. It is a step in the right direction towards eliminating the ambiguity of domain assumptions.

Practically, the study can assist developing nations in constructing strategies that addresses the key factors that need to be apparent in lieu to cultivating its envisaged national culture of cyber security. Additionally, the GMA will contribute to the development of solutions or means that do not overlook interrelations of such factors.

Delineating and defining the cyber security culture domain more precisely could greatly contribute to realizing the elements that collectively play a role in cultivating such a culture for a national perspective.

This paper aims to provide guidance on cloud computing assurance from an IT governance point of view. The board and executive management are tasked with ensuring proper governance of organizations, which should in the end contribute to a sense of assurance. Assurance is understood to be a part of corporate governance which provides stakeholders with confidence in a subject matter by evaluating evidence about that subject matter. Evidence will include proof that proper controls and structures are in place, that risks are managed and that compliance with internal and external requirements is demonstrated with regard to the subject matter. Decisions regarding the use of cloud computing in organizations bring these responsibilities to the fore.

The design of this paper is based on an extensive review of literature, predominantly best practices and standards, from the fields covering IT governance, cloud computing and assurance.

The results from this paper can be used to formulate cloud computing assurance evidence statements, as part of IT governance mandates.

This paper aims to add value by highlighting the responsibility of managers to ensure assurance when exploiting opportunities presented through IT advances, such as cloud computing; serving to inform management about the advances that have and are being made in the field of cloud computing guidelines; and motivating that these guidelines be used for assurance on behalf of organizations adopting and using cloud computing.

The purpose of this paper is to argue that information security should be regarded as a critical cross‐field outcome (CCFO). This could assist in narrowing the evident “information security gap” that currently exists in undergraduate information technology/information systems/computer science (IT/IS/CS) curricula at South African universities.

This paper briefly reviews existing literature relating to outcomes‐based education in South Africa with a specific focus on CCFOs. A literature review was also carried out to determine existing approaches to education in information security. A survey was carried out to establish the extent to which information security is currently incorporated into the IT/IS/CS curricula at South African universities and a discussion group was used to provide insight into the current situation at undergraduate level.

Education in information security has matured much more rapidly in postgraduate than in undergraduate programmes at South African universities. In addition, the extent to which information security is addressed at undergraduate level is on an ad hoc basis, with isolated attention being paid to a few information security aspects. An integrated approach to information security education is therefore proposed by considering information security as a CCFO.

Further research is required to determine how appropriate information security aspects can be seamlessly integrated into the various learning programmes at undergraduate level.

The proposed integrated approach to information security education will require that IT/IS/CS educators develop strategies to incorporate relevant information security aspects into their learning programmes.

This paper proposes an integrated approach to information security education by considering information security as a CCFO.

Authenticating an individual through voice can prove convenient as nothing needs to be stored and cannot easily be stolen. However, if an individual is authenticating under duress, the coerced attempt must be acknowledged and appropriate warnings issued. Furthermore, as duress may entail multiple combinations of emotions, the current f-score evaluation does not accommodate that multiple selected samples possess similar levels of importance. Thus, this study aims to demonstrate an approach to identifying duress within a voice-based authentication system.

Measuring the value that a classifier presents is often done using an f-score. However, the f-score does not effectively portray the proposed value when multiple classes could be grouped as one. The f-score also does not provide any information when numerous classes are often incorrectly identified as the other. Therefore, the proposed approach uses the confusion matrix, aggregates the select classes into another matrix and calculates a more precise representation of the selected classifier’s value. The utility of the proposed approach is demonstrated through multiple tests and is conducted as follows. The initial tests’ value is presented by an f-score, which does not value the individual emotions. The lack of value is then remedied with further tests, which include a confusion matrix. Final tests are then conducted that aggregate selected emotions within the confusion matrix to present a more precise utility value.

Two tests within the set of experiments achieved an f-score difference of 1%, indicating, Mel frequency cepstral coefficient, emotion detection, confusion matrix, multi-layer perceptron, Ryerson audio-visual database of emotional speech and song (RAVDESS), voice authentication that the two tests provided similar value. The confusion matrix used to calculate the f-score indicated that some emotions are often confused, which could all be considered closely related. Although the f-score can represent an accuracy value, these tests’ value is not accurately portrayed when not considering often confused emotions. Deciding which approach to take based on the f-score did not prove beneficial as it did not address the confused emotions. When aggregating the confusion matrix of these two tests based on selected emotions, the newly calculated utility value demonstrated a difference of 4%, indicating that the two tests may not provide a similar value as previously indicated.

This approach’s performance is dependent on the data presented to it. If the classifier is presented with incomplete or degraded data, the results obtained from the classifier will reflect that. Additionally, the grouping of emotions is not based on psychological evidence, and this was purely done to demonstrate the implementation of an aggregated confusion matrix.

The f-score offers a value that represents the classifiers’ ability to classify a class correctly. This paper demonstrates that aggregating a confusion matrix could provide more value than a single f-score in the context of classifying an emotion that could consist of a combination of emotions. This approach can similarly be applied to different combinations of classifiers for the desired effect of extracting a more accurate performance value that a selected classifier presents.

The dependence on human involvement and human behavior to protect information assets necessitates an information security awareness program to make people aware of their roles and responsibilities towards information security. The purpose of this paper is to examine the feasibility of an information security vocabulary test as an aid to assess awareness levels and to assist with the identification of suitable areas or topics to be included in an information security awareness program.

A questionnaire has been designed to test and illustrate the feasibility of a vocabulary test. The questionnaire consists of two sections – a first section to perform a vocabulary test and a second one to evaluate respondents' behavior. Two different class groups of students at a university were used as a sample.

The research findings confirmed that the use of a vocabulary test to assess security awareness levels will be beneficial. A significant relationship between knowledge of concepts (vocabulary) and behavior was observed.

The paper introduces a new approach to evaluate people's information security awareness levels by employing an information security vocabulary test. This new approach can assist management to plan and evaluate interventions and to facilitate best practice in information security. Aspects of cognitive psychology and language were taken into account in this research project, indicating the interaction and influence between apparently different disciplines.

Electronic commerce has become a reality, but unfortunately it is held back by the lack of information security associated with it. Business partners will have to prove to each other that they are adequately secured, before electronic commerce will really blossom. This can best be done through a scheme whereby information security can be evaluated and certified. To enable this, some international or generally accepted information security standard needs to act as a memorandum against which evaluation can be conducted. The British Standard, BS 7799, can fulfill this role as it is becoming very well known internationally. This paper proposes a scheme whereby information security, within an organization, can be evaluated against BS 7799 and certification can take place, if successful. This scheme will provide the mutual trust between business partners, as far as information security is concerned, that is required in electronic commerce.

A survey recently completed by the Computer Security Institute and the Federal Bureau of Investigation revealed that corporations, banks, and governments all face a growing threat from computer crime, and in particular computer hacking. The computer hacking activities caused well over $100 million in losses last year in the USA and the trend toward professional computer crime, such as computer hacking, is on the rise. Different methods are currently used to control the computer crime problem, for example, to control the access to and from a network by implementing a firewall. As the survey highlighted, most of these methods are inefficient. New means and ways which will minimise and control the hacking problem must therefore continuously be researched and defined. This paper will propose a method, based on trend analysis, that could be utilized to minimise and control the hacking problem in an organisation.