Towards an aligned South African National Cybersecurity Policy Framework

This thesis measured and aligned factors that contribute to the misalignment of the South African National Cybersecurity Policy Framework (SA-NCPF). The exponential growth rate of cyber-attacks and threats has caused more headaches for cybersecurity experts, law enforcement agents, organisations and the global business economy. The emergence of the global Corona Virus Disease-2019 has also contributed to the growth of cyber-attacks and threats thus, requiring concerted efforts from everyone in society to devise appropriate interventions that mitigate unacceptable user behaviour in the reality of cyberspace. In this study, various theories were identified and pooled together into an integrative theoretical framework to provide a better understanding of various aspects of the law-making process more comprehensively. The study identified nine influencing factors that contributed to misalignment of the South African National Cybersecurity Policy Framework. These influencing factors interact with each other continuously producing complex relationships, therefore, it is difficult to measure the degree of influence of each factor, hence the need to look at and measure the relationships as Gestalts. Gestalts view individual interactions between pairs of constructs only as a part of the overall pattern. Therefore, the integrative theoretical framework and Gestalts approach were used to develop a conceptual framework to measure the degree of alignment of influencing factors. This study proposed that the stronger the coherence among the influencing factors, the more aligned the South African National Security Policy Framework. The more coherent the SA-NCPF is perceived, the greater would be the degree of alignment of the country's cybersecurity framework to national, regional and global cyberlaws. Respondents that perceived a strong coherence among the elements also perceived an effective SA-NCPF. Empirically, this proposition was tested using nine constructs. Quantitative data was gathered from respondents using a survey. A major contribution of this study was that it was the first attempt in South Africa to measure the alignment of the SA-NCPF using the Gestalts approach as an effective approach for measuring complex relationships. The study developed the integrative theoretical framework which integrates various theories that helped to understand and explain the South African law making process. The study also made a significant methodological contribution by adopting the Cluster-based perspective to distinguish, describe and predict the degree of alignment of the SA-NCPF. There is a dearth of information that suggests that past studies have adopted or attempted to address the challenge of alignment of the SA-NCPF using the cluster-based and Gestalts perspectives. Practical implications from the study include a review of the law-making process, skills development strategy, a paradigm shift to address the global Covid-19 pandemic and sophisticated cybercrimes simultaneously. The study asserted the importance of establishing an independent cybersecurity board comprising courts, legal, cybersecurity experts, academics and law-makers to provide cybersecurity expertise and advice. From the research findings, government and practitioners can draw lessons to review the NCPF to ensure the country develops an effective national cybersecurity strategy. Limitations and recommendations for future research conclude the discussions of this study

Identifying Security Requirements Body of Knowledge for the Security Systems Engineer

Part 2: TrainingInternational audienceThe interconnected nature of Industry 4.0–driven operations and systems is introducing the use of new digitized and connected industrial systems. These new connected environments impact system security, requirements engineers to include elicitation of security requirements as functional requirements. Academia and industry argue that systems engineers are not adequately prepared for the security- related activities required in the specification of secure systems. This paper utilizes a cybersecurity framework to create the body of knowledge related to Security Requirements Engineering for a module in systems engineering. The determined body of knowledge show Risk Management, Laws and Regulations, and Human Factors related to security must be considered in the changing technological landscape. Although not all systems engineers must have expert knowledge in this field, all systems engineers must have fundamental knowledge in security practice and the ability to apply systems thinking