Analysis of a South African cyber-security awareness campaign for schools using interdisciplinary communications frameworks

To provide structure to cyber awareness and educational initiatives in South Africa, Kortjan and Von Solms (2014) developed a five-layer cyber-security awareness and education framework. The purpose of the dissertation is to determine how the framework layers can be refined through the integration of communication theory, with the intention to contribute towards the practical implications of the framework. The study is approached qualitatively and uses a case study for argumentation to illustrate how the existing framework can be further developed. Drawing on several comprehensive campaign planning models, the dissertation illustrates that not all important campaign planning elements are currently included in the existing framework. Proposed changes in the preparation layer include incorporating a situational and target audience analysis, determining resources allocated for the campaign, and formulating a communication strategy. Proposed changes in the delivery layer of the framework are concerned with the implementation, monitoring and adjustment, as well as reporting of campaign successes and challenges. The dissertation builds on, and adds to, the growing literature on the development of campaigns for cyber-security awareness and education aimed at children

School-Related Violence

Violence against children is a global problem. It includes physical violence, psychological violence such as insults and humiliation, discrimination, neglect and maltreatment. It has short- and long-term repercussions that are often grave and damaging for children (Pinheiro 2006). Bullying, gender-based violence, accidental violence, discrimination and violence, sexual assault or harassment, physical violence and psychological violence, describe some of the most prevalent forms of school-based violence (South African Human Rights Commission 2006). The evidence base on school-related violence must be improved to inform policies (Antonowicz 2010). To assess the evidence that does exist, this helpdesk report presents a non-systematic review of the evidence on school-related violence. It is based on the evidence found through a rapid internet search and through consultation with experts in this field. The report is broken down into four sections: reducing and preventing school-related violence; safe, inclusive and violence-free schools; cyber bullying; and school-related gender-based violence. It is recognised that the topic of school-related violence is complex and multifaceted. While this report aims to offer a useful synthesis of the evidence available, as well as relevant case studies and policy recommendations, it only scratches the surface of a very large and pressing global problem

Assessing the cyber-security status of the metropolitan municipalities in South Africa.

Doctoral Degree. University of KwaZulu-Natal, Durban.The intention of this enquiry was to assess the status of cyber-security in the metropolitan municipalities in South Africa. The focus on this level of local government was driven by the fact that metropolitan municipalities are the economic hubs with a variety of industrial facilities and are the places with high population densities. The metropolitan municipalities have adopted information infrastructures to support the daily administrative processes and, equally important, to support the delivery of essential services such as the distribution of electricity and clean water to the local citizens and communities. Entrenched in the adoption of information infrastructures are the cyber ills which if left unattended could have devastating consequences on people and industrial facilities. Failures or interruptions to information infrastructures have cascading effects due to interconnectedness of these infrastructures. The study used the Constructivist Grounded Theory Methodology to explore the activities that are performed by the metropolitan municipalities with the intention to determine what needs to be in place to safeguard their information infrastructures from cyber ills. Cyber-security is a serious concern in all types of businesses that are largely supported by information infrastructures in pursuit of the business objectives. Information infrastructures are susceptible to cyber-security threats, which if left unattended can shut the municipality operations down with disastrous consequences. A substantive theory of integrated development cyber-security emerged from the Constructivist Grounded Theory Methodology processes of data collecting through comprehensive interviews, initial coding, focused coding, memoing, and theoretical coding. A municipal cyber-security conceptual framework was developed from the integrated development cyber-security theory constructs of integrated development cyber-security which are the core category, cyber-security governance category, cyber-security technical operations category, and human issues in cyber-security category. The conceptual framework was used to formulate the cyber-security status assessment survey questionnaire that was adopted as an instrument to assess the cyber-security status in the metropolitan municipalities. The cyber-security status assessment instrument was deployed in metropolitan municipalities, wherein data was collected and statistically analysed to test and confirm its validity. The assessment results were analysed and showed the as is posture of cyber-security, the gaps in the current implemented cyber-security controls were identified together with the risks associated with those gaps, corrective actions to address the identified deficiencies were identified and recommended/communicated to the management of relevant municipalities

An analysis of cybersecurity culture in an organisation managing Critical Infrastructure

The 4th industrial revolution (4IR) is transforming the way businesses operate, making them more efficient and data-driven while also increasing the threat-landscape brought on by the convergence of technologies and increasingly so for organisations managing critical infrastructure. Environments that traditionally operated entirely independent of networks and the internet are now connecting in ways that are exposing critical infrastructure to a new level of cyber-risks that now need to be managed. Due to the stable nature of technologies and knowledge in traditional industrial environments, there is a misalignment of skills to emerging technology trends. Globally cyber-crime attacks are on the rise with Cisco reporting in 2018 that 31% of all respondents had seen a cyber-attack in their operational environment[1]. With up to 67% of breaches reported in the Willis Towers report due to employee negligence [2], the importance of cybersecurity culture is no longer in question in organisations managing critical infrastructure. Developing an understanding of the drivers for behaviours, attitudes and beliefs related to cybersecurity and aligning these to an organisations risk appetite and tolerance is crucial to managing cyber-risk. There is a very divergent understanding of cyber-risk in the engineering environment. This study endeavours to investigate employee perceptions, attitudes and values associated with cybersecurity and how these potentially affects their behaviour and ultimately the risk to the plant or organisation. Most traditional culture questionnaires focus on information security with observations focussing more on social engineering, email hygiene and physical controls. This cybersecurity culture study was conducted to gain insight into people's beliefs, attitudes and behaviours related to cybersecurity encompassing people, process and technology focussing on the operational technology environment in Eskom1. Both technical (Engineering and IT) and nontechnical (business support staff) staff were questionnaireed. The questionnaire was categorised into four sections dealing with cybersecurity culture as they relate to individuals, processes and technology, leadership and the organisation at large. The results from the analysis, revealed that collaboration, information sharing, reporting of vulnerabilities, high dependence and trust in technology, leadership commitment, vigilance, compliance, unclear processes and lack of understanding around cybersecurity all contribute to the current levels of cybersecurity culture. Insights from this study will generate recommendations that will form part of a cybersecurity culture transformation journey

The Elimination of the Sexual Exploitation of Children: Two Policy Briefings

The Oak Foundation child-abuse programme has funded and supported a range of civil society actors over the course of the last ten years, with the aim of reducing the incidence of the sexual exploitation of children, focusing primarily on work in East Africa, Eastern and Central Europe, Brazil and India. The Foundation is committed to expanding this work, focusing 50 percent of resources over the next five years, within two priority areas: * The elimination of the sexual exploitation of children; * The positive engagement of men and boys in the fight against the sexual abuse of children. Under the first of these priorities Oak Foundation requested Knowing Children to produce two documents to guide a strategic-planning meeting of the child-abuse team in mid-October 2011: * Reducing societal tolerance of sexual exploitation of children; * Preventing children's entry into all forms of sexual exploitation

Critical Analysis of Strategies Towards Creating an Adequate Level of Awareness on Cybercrime among the Youth in Gauteng Province

This study aims to determine any measures taken by the South African Police Service (SAPS) to create awareness about cybercrime among the youth in the selected policing areas in the Gauteng province. A qualitative research method was applied using semi-structured interviews to find the views of participants, of measures if any, to create youths’ awareness in the area of cybercrime. A total of 37 participants comprised of 29 youths aged between 19 and 35 years, including an additional eight participants from the SAPS Crime Intelligence Unit who agreed to participate. Among these participants, there were 18 females and 19 males. The findings highlighted that there was a lack of awareness on the measures taken by the SAPS in educating the youth about the risks associated with cybercrime. The other challenges highlighted by the SAPS were a lack of capacity, resources, and training to increase the technical skills amongst the SAPS members to work effectively on cybercrime-related challenges, lack of collaboration among role players to respond adequately to cybercrime, and ineffective implementation of cybercrime policies, therefore, there was a lack of cybercrime-related campaigns. Based on the findings, five themes were explored in this study, including a lack of capacity, resources, and training to increase the technical skills amongst the SAPS members to work effectively on cybercrime-related challenges, lack of collaboration among role players to respond adequately to cybercrime and ineffective implementation of cybercrime policies. The recommendations are provided as a potential step towards tailoring education packages and awareness programs to ensure at-risk groups are equipped with actionable mechanisms to protect themselves against cybercrimes

Global Risks 2014, Ninth Edition.

The Global Risks 2014 report highlights how global risks are not only interconnected but also have systemic impacts. To manage global risks effectively and build resilience to their impacts, better efforts are needed to understand, measure and foresee the evolution of interdependencies between risks, supplementing traditional risk-management tools with new concepts designed for uncertain environments. If global risks are not effectively addressed, their social, economic and political fallouts could be far-reaching, as exemplified by the continuing impacts of the financial crisis of 2007-2008

Factors Affecting Compliance with the National Cybersecurity Policy by SMMEs in South Africa

Technological advancements enable Small, Micro and Medium Enterprises (SMMEs) to increase business value and gain a competitive advantage. However, despite the myriad benefits of Information and Communication Technologies (ICTs), they have ushered in cyber threats. Cyberattacks have become more prevalent, especially in developing countries. As a result, most SMMEs in developing countries face challenges securing their digital environment. Governments worldwide have developed a National Cybersecurity Policy to protect their citizens, businesses and critical information infrastructure from cyberattacks. However, compliance with cybersecurity policy remains a challenge in many developing countries, especially among SMMEs. The study investigated the factors affecting compliance with the National Cybersecurity Policy by SMMEs in developing countries. This will aid policymakers in formulating National Cybersecurity Policies and providing an enabling environment for effective compliance by SMMEs in developing countries. We employed a qualitative approach using semi- structured interviews as a means of data collection. The sample for the study was 20 SMMEs in South Africa and was purposively selected. The findings showed that lack of awareness of the National Cybersecurity Policy, lack of understanding of the policy, resource constraints and lack of perceived benefits affect how SMMEs comply with the National Cybersecurity Policy

Guidelines for cybersecurity education campaigns

In our technology- and information-infused world, cyberspace is an integral part of modern-day society. As the number of active cyberspace users increases, so too does the chances of a cyber threat finding a vulnerable target increase. All cyber users who are exposed to cyber risks need to be educated about cyber security. Human beings play a key role in the implementation and governing of an entire cybersecurity and cybersafety solution. The effectiveness of any cybersecurity and cybersafety solutions in a societal or individual context is dependent on the human beings involved in the process. If these human beings are either unaware or not knowledgeable about their roles in the security solution they become the weak link in these cybersecurity solutions. It is essential that all users be educated to combat any threats. Children are a particularly vulnerable subgroup within society. They are digital natives and make use of ICT, and online services with increasing frequency, but this does not mean they are knowledgeable about or behaving securely in their cyber activities. Children will be exposed to cyberspace throughout their lifetimes. Therefore, cybersecurity and cybersafety should be taught to children as a life-skill. There is a lack of well-known, comprehensive cybersecurity and cybersafety educational campaigns which target school children. Most existing information security and cybersecurity education campaigns limit their scope. Literature reports mainly on education campaigns focused on primary businesses, government agencies and tertiary education institutions. Additionally, most guidance for the design and implementation of security and safety campaigns: are for an organisational context, only target organisational users, and mostly provide high-level design recommendations. This thesis addressed the lack of guidance for designing and implementing cybersecurity and cybersafety educational campaigns suited to school learners as a target audience. The thesis aimed to offer guidance for designing and implementing education campaigns that educate school learners about cybersecurity and cybersafety. This was done through the implementation of an action research process over a five-year period. The action research process involved cybersecurity and cybersafety educational interventions at multiple schools. A total of 18 actionable guidelines were derived from this research to guide the design and implementation of cybersecurity and cybersafety education campaigns which aim to educate school children