Masters Degrees (Information Science)

Permanent URI for this collection

https://scholar.sun.ac.za/handle/10019.1/628

Browse

Browsing Masters Degrees (Information Science) by browse.metadata.advisor "Dewald, Blaauw"

Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    Digital risk management : investigating human-factor security with a behaviourist approach
    (Stellenbosch : Stellenbosch University, 2022-04) Ruan, Pretorius; Dewald, Blaauw; Bruce, Watson; Stellenbosch University. Faculty of Arts and Social Sciences. Dept. of Information Science.
    ENGLISH SUMMARY: The successful digitisation of modern organisations relies on the cohesion between information technology and the workforce responsible for managing and operating it. Without proper management and operation, even the most sophisticated technologies may become vulnerable when operated by a low skilled worker. Numerous studies acknowledge human vulnerability in cyber security, also known as human-factor security, as the “weakest link” in a digitised organisation’s security posture. Existing literature suggests that there is a lack of focus on the impact of human-factor security on information and data security in organisations. The focus is on the risks posed by technologies, whereas the risks presented by workers implementing, managing, or interacting with these technologies are neglected. In addition, existing literature proposes risk management frameworks to aid in digital risk management as a whole. Thus, the need to investigate how risk management frameworks could be applied to human-factor security in digitised organisations arise. This paper provides a comprehensive understanding of the behavioural and cognitive science of people in relation to digital threat awareness and response. This is achieved through a qualitative assessment of responses to survey questions on an authentic dataset. This authentic dataset consists of South African employees working in digitised orginisations. The survey questions utilise the Behaviourist Learning Theory. The Behaviourist Learning Theory relies on understanding human behaviour by investigating the person’s behvioural response when exposed to environmental stimuli. For this survey, the behaviour is understood by investigating the partcipants’ behvioural response when exposed to digital threats. The survey results give an indication of the strength of the security posture of the dataset. Additionally, from the survey results, insight is gained on how the human-factor security may be improved. Therefore, a risk management plan is presented to assist in managing human-factor security. The risks management plan involves the identification, assessment, response to the risks found in the behaviour from the dataset. Thus, this research project provides security- and risk managers with insight into human vulnerabilities and behaviour when interacting with information systems and technology in digitised organisations. The insights presented in this paper may be utilised to enhance the organisation’s security posture through the implementation of a risk management plan. From the survey responses, it is evident that most respondents show a high level of awareness of security and competence when exposed to potential threats. However, there can be observed that few employees do portray risky behaviour. The risky behviour may still result in devastating consequences, regardless of the low probability of occurrence.
  • Thumbnail Image
    Item
    A study and analysis of human behaviour influence on cybersecurity. a human behaviourist approach to mitigate social engineering attacks
    (Stellenbosch : Stellenbosch University, 2023-12) Smit, Vian; Dewald, Blaauw; Watson, Bruce; Stellenbosch University. Faculty of Arts and Social Sciences. Dept. of Information Science.
    ENGLISH SUMMARY: Protecting intellectual property has become one of the biggest challenges organisations are facing. Information contains private and sensitive data about employees, customers and business dealings that is protected by cybersecurity systems. Oftentimes, these systems which have been developed to protect data, become attractive to thieves, called cybercriminals. Cybercriminals infiltrate information systems to view, steal, corrupt and cause malicious activity by exploiting the most vulnerable areas of the system. Most cybersecurity mitigation techniques focus on improving software, hardware or policies, but rarely focus on the common denominator in all these elements. People are known as the weakest link in any cybersecurity system because they fall prey to human error and external manipulation. Social engineering attacks encompass deceitful techniques which are used by cyberattackers to manipulate human beings into sharing sensitive data. Victims succumb to these attack types because they incorporate clever psychological techniques that trigger basic human needs. Research indicates that human beings have different psychological needs based on their personality types, which cyber offenders exploit by executing social engineering attacks. The purpose of this study is to research which personality type is more susceptible to social engineering attacks in order to better understand the cyber weaknesses present in each personality trait. This will be executed by determining the personality type of participants and how susceptible they are towards social engineering attacks. The first part of the survey makes use of the Five Factor Model (FFM), which has been created by Costa Jr. and McCrae (1990). The second section of the survey will present respondents with the ten known social engineering attack types that contain a combination of Cialdini’s six principles of persuasion. The taxonomy developed from the research results indicates that the agreeableness personality type is most susceptible towards social engineering attacks and pose the highest cybersecurity risk. Neuroticism was found to have the lowest social engineering susceptibility and associated cybersecurity risk. A framework has been created that showcases each personality type’s susceptibility towards the ten social engineering attacks. A second framework indicates the vulnerability level each personality type has towards the various principles of persuasion. This research will help cybersecurity experts better understand key vulnerabilities in system that will help offer better protection.