A framework for a cybersecurity policy in South African schools
- Authors: Mhlaba, Surety Aleta
- Date: 2024-04
- Subjects: Computer security -- Government policy -- South Africa , Computer security -- South Africa , Cyber intelligence (Computer security) , Computer security -- South Africa Educational technology -- Security measures
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/64651 , vital:73835
- Description: Today, learners at school grow up within an Information and Communication Technology (ICT) environment and have become technology users. A growing number of learners have access to ICT devices, such as mobile phones, tablets and desktop computers owing to their affordability. Access to ICT devices enables learners to interact in cyberspace which offers them numerous advantages and benefits. Cyberspace enables learners to improve their learning by providing ease of access to information and other learning material. Additionally, it allows them to socialise and to communicate with each without having to be in the same place. Furthermore, it allows them to participate in games, including educational games, to help with their learning. Despite these benefits, learners are prone to falling victim to a range of cyber risks and attacks. These cyber risks and attacks include cyberbullying, accessing inappropriate content and being exposed to sexual grooming. This is due to the fact that cyberspace is an unregulated platform and its complex nature does not make it easy to govern. Thus, there is a need to implement a policy that can govern and educate school learners on how to protect and conduct themselves when accessing cyberspace to avoid and reduce exposure to cyber risks. Countries like the United Kingdom (UK), Australia (AU) and Rwanda (RW) have developed cybersecurity policies to assist schools to develop and implement a cybersecurity policy to create a cybersecurity environment for learners with the support and commitment of the government. These countries continue to implement cybersecurity strategies and advocate for a cybersecurity policy to be implemented in schools to foster a cybersecurity culture. However, this does not seem to be the case for South Africa. The South African education system does not have a standard national cybersecurity policy to be implemented in all schools to handle cyber risks and incidents. The Department of Basic Education (DBE) drafted guidelines to assist schools to implement cybersecurity strategies such as a cybersecurity-related policy; however, these guidelines do not include guidance on how to implement them and they have not been enacted. Because of the lack of commitment from the government to implement a cybersecurity policy at school level, learners continue to be exposed to cyber risks. Hence, it is up to each school to create and implement a cybersecurity policy that is unique to that school to help keep their learners safe. In terms of South African law, schools are ultimately responsible for the safety and well-being of school learners. School Governing Bodies (SGBs) have a legal obligation to ensure that cybersecurity measures are in place to protect learners from cyber risks, especially when schools provide access or expect learners to have and use ICT devices during school hours. However, schools (including SGBs) are ill-equipped to implement cybersecurity initiatives by themselves. They lack knowledge about ICT and are hampered by severe time and financial constraints. This study proposes a framework to assist SGBs in implementing a cybersecurity policy in South African schools. To address this need, the study first performed a literature review to identify the problem area, that schools in South Africa have no cybersecurity policy to guide them and protect school learners from cyber risks. There is a need for cybersecurity policies in schools and the SGBs entrusted with such a responsibility lack the resources and capacity to develop them. Moreover, many schools do not have cybersecurity policies in place to protect school learners if cyber risk incidents occur. This led to identifying research objectives together with research methods to address the problem area. The primary objective is to develop a framework to assist SGBs in implementing a basic cybersecurity policy in South African schools. In order to achieve the primary objective, the study determined cybersecurity policy implementation components and characteristics of cybersecurity policies using the literature review method to obtain the framework design components. Thereafter, cybersecurity-related policies, guidelines and best practices in South Africa and globally were identified and analysed for the school environment through the use of a literature review and qualitative content analysis to obtain cybersecurity policy content suitable for the school environment. Once these actions were performed, the formulation and design of the framework for implementing a basic cybersecurity policy using the relevant policy components and characteristics took place, which resulted in the proposed framework solution. , Thesis (MIT) -- Faculty of Engineering, the Built Environment, and Technology, School of Information Technology, 2024
- Full Text:
- Date Issued: 2024-04
- Authors: Mhlaba, Surety Aleta
- Date: 2024-04
- Subjects: Computer security -- Government policy -- South Africa , Computer security -- South Africa , Cyber intelligence (Computer security) , Computer security -- South Africa Educational technology -- Security measures
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/64651 , vital:73835
- Description: Today, learners at school grow up within an Information and Communication Technology (ICT) environment and have become technology users. A growing number of learners have access to ICT devices, such as mobile phones, tablets and desktop computers owing to their affordability. Access to ICT devices enables learners to interact in cyberspace which offers them numerous advantages and benefits. Cyberspace enables learners to improve their learning by providing ease of access to information and other learning material. Additionally, it allows them to socialise and to communicate with each without having to be in the same place. Furthermore, it allows them to participate in games, including educational games, to help with their learning. Despite these benefits, learners are prone to falling victim to a range of cyber risks and attacks. These cyber risks and attacks include cyberbullying, accessing inappropriate content and being exposed to sexual grooming. This is due to the fact that cyberspace is an unregulated platform and its complex nature does not make it easy to govern. Thus, there is a need to implement a policy that can govern and educate school learners on how to protect and conduct themselves when accessing cyberspace to avoid and reduce exposure to cyber risks. Countries like the United Kingdom (UK), Australia (AU) and Rwanda (RW) have developed cybersecurity policies to assist schools to develop and implement a cybersecurity policy to create a cybersecurity environment for learners with the support and commitment of the government. These countries continue to implement cybersecurity strategies and advocate for a cybersecurity policy to be implemented in schools to foster a cybersecurity culture. However, this does not seem to be the case for South Africa. The South African education system does not have a standard national cybersecurity policy to be implemented in all schools to handle cyber risks and incidents. The Department of Basic Education (DBE) drafted guidelines to assist schools to implement cybersecurity strategies such as a cybersecurity-related policy; however, these guidelines do not include guidance on how to implement them and they have not been enacted. Because of the lack of commitment from the government to implement a cybersecurity policy at school level, learners continue to be exposed to cyber risks. Hence, it is up to each school to create and implement a cybersecurity policy that is unique to that school to help keep their learners safe. In terms of South African law, schools are ultimately responsible for the safety and well-being of school learners. School Governing Bodies (SGBs) have a legal obligation to ensure that cybersecurity measures are in place to protect learners from cyber risks, especially when schools provide access or expect learners to have and use ICT devices during school hours. However, schools (including SGBs) are ill-equipped to implement cybersecurity initiatives by themselves. They lack knowledge about ICT and are hampered by severe time and financial constraints. This study proposes a framework to assist SGBs in implementing a cybersecurity policy in South African schools. To address this need, the study first performed a literature review to identify the problem area, that schools in South Africa have no cybersecurity policy to guide them and protect school learners from cyber risks. There is a need for cybersecurity policies in schools and the SGBs entrusted with such a responsibility lack the resources and capacity to develop them. Moreover, many schools do not have cybersecurity policies in place to protect school learners if cyber risk incidents occur. This led to identifying research objectives together with research methods to address the problem area. The primary objective is to develop a framework to assist SGBs in implementing a basic cybersecurity policy in South African schools. In order to achieve the primary objective, the study determined cybersecurity policy implementation components and characteristics of cybersecurity policies using the literature review method to obtain the framework design components. Thereafter, cybersecurity-related policies, guidelines and best practices in South Africa and globally were identified and analysed for the school environment through the use of a literature review and qualitative content analysis to obtain cybersecurity policy content suitable for the school environment. Once these actions were performed, the formulation and design of the framework for implementing a basic cybersecurity policy using the relevant policy components and characteristics took place, which resulted in the proposed framework solution. , Thesis (MIT) -- Faculty of Engineering, the Built Environment, and Technology, School of Information Technology, 2024
- Full Text:
- Date Issued: 2024-04
Pro-active visualization of cyber security on a National Level : a South African case study
- Authors: Swart, Ignatius Petrus
- Date: 2015
- Subjects: Internet -- Security measures -- South Africa , Computer security -- Government policy -- South Africa
- Language: English
- Type: Thesis , Doctoral , PhD
- Identifier: vital:4718 , http://hdl.handle.net/10962/d1017940
- Description: The need for increased national cyber security situational awareness is evident from the growing number of published national cyber security strategies. Governments are progressively seen as responsible for cyber security, but at the same time increasingly constrained by legal, privacy and resource considerations. Infrastructure and services that form part of the national cyber domain are often not under the control of government, necessitating the need for information sharing between governments and commercial partners. While sharing of security information is necessary, it typically requires considerable time to be implemented effectively. In an effort to decrease the time and effort required for cyber security situational awareness, this study considered commercially available data sources relating to a national cyber domain. Open source information is typically used by attackers to gather information with great success. An understanding of the data provided by these sources can also afford decision makers the opportunity to set priorities more effectively. Through the use of an adapted Joint Directors of Laboratories (JDL) fusion model, an experimental system was implemented that visualized the potential that open source intelligence could have on cyber situational awareness. Datasets used in the validation of the model contained information obtained from eight different data sources over a two year period with a focus on the South African .co.za sub domain. Over a million infrastructure devices were examined in this study along with information pertaining to a potential 88 million vulnerabilities on these devices. During the examination of data sources, a severe lack of information regarding the human aspect in cyber security was identified that led to the creation of a novel Personally Identifiable Information detection sensor (PII). The resultant two million records pertaining to PII in the South African domain were incorporated into the data fusion experiment for processing. The results of this processing are discussed in the three case studies. The results offered in this study aim to highlight how data fusion and effective visualization can serve to move national cyber security from a primarily reactive undertaking to a more pro-active model.
- Full Text:
- Date Issued: 2015
- Authors: Swart, Ignatius Petrus
- Date: 2015
- Subjects: Internet -- Security measures -- South Africa , Computer security -- Government policy -- South Africa
- Language: English
- Type: Thesis , Doctoral , PhD
- Identifier: vital:4718 , http://hdl.handle.net/10962/d1017940
- Description: The need for increased national cyber security situational awareness is evident from the growing number of published national cyber security strategies. Governments are progressively seen as responsible for cyber security, but at the same time increasingly constrained by legal, privacy and resource considerations. Infrastructure and services that form part of the national cyber domain are often not under the control of government, necessitating the need for information sharing between governments and commercial partners. While sharing of security information is necessary, it typically requires considerable time to be implemented effectively. In an effort to decrease the time and effort required for cyber security situational awareness, this study considered commercially available data sources relating to a national cyber domain. Open source information is typically used by attackers to gather information with great success. An understanding of the data provided by these sources can also afford decision makers the opportunity to set priorities more effectively. Through the use of an adapted Joint Directors of Laboratories (JDL) fusion model, an experimental system was implemented that visualized the potential that open source intelligence could have on cyber situational awareness. Datasets used in the validation of the model contained information obtained from eight different data sources over a two year period with a focus on the South African .co.za sub domain. Over a million infrastructure devices were examined in this study along with information pertaining to a potential 88 million vulnerabilities on these devices. During the examination of data sources, a severe lack of information regarding the human aspect in cyber security was identified that led to the creation of a novel Personally Identifiable Information detection sensor (PII). The resultant two million records pertaining to PII in the South African domain were incorporated into the data fusion experiment for processing. The results of this processing are discussed in the three case studies. The results offered in this study aim to highlight how data fusion and effective visualization can serve to move national cyber security from a primarily reactive undertaking to a more pro-active model.
- Full Text:
- Date Issued: 2015
- «
- ‹
- 1
- ›
- »