We Want To Do It Our Way: The Neutralisation Approach to Managing Information Systems Security by Small Businesses

Small businesses thrive in the developing economy of South Africa and address the important issue of unemployment and poverty that exists in the country. A large number of these businesses can be found in the province of Gauteng due to the large and diverse economic contribution the province delivers to the economy of South Africa. With the increased use of Information Systems (IS) by small businesses across the Gauteng province and in South Africa generally, there is increasingly constant exposure to information security risks. Interestingly, standards such as NISTIR 7621 specifically tailored to small businesses and which could offer great insights on how to manage security risks are by and large not followed to the letter. We find in our work that owner-managers prefer to handle matters of security ‘in their own terms’ and apply neutralisation (termed rationalisation) techniques to overcome the effects posed by security threats. We used four instrumental cases for this purpose. Our findings suggest that neutralisation manifests as values held by owner-managers and this can often create the unintended consequences of exacerbating security risk to these small businesses

Information security awareness in small information technology-dependent business organisations

M.A. (Business Management)Small businesses thrive in the developing economy of South Africa and address the important issue of unemployment and poverty that exist in the country. A large number of these business organisations can be found in the province of Gauteng because of the large and diverse economic contribution the province delivers to the economy of South Africa. With the increased use of technology in the small businesses of Gauteng and South Africa, the risks around cyber-security, information security and other IT-related threats that can harm the businesses increase. As part of the related IT risks comes the information security awareness of the businesses. Research findings show that little to no information security awareness exists in the small IT-dependent business organisations of Gauteng, South Africa. New knowledge has been gained from the information technology uses and information security awareness that exists in small business organisations. This knowledge is specific to the small business organisations of South Africa which places an African context to a global debate of information security awareness

Bisnesmetriikan kerääminen ja visualisointi pilvipohjaisessa kehitysympäristössä

Monitoring cloud computing resources is a straightforward and common task for any cloud application developer. The problem with current monitoring solutions is that they only focus on infrastructure resources. Many companies on the other hand would need data about the business side of their applications. This thesis extends the current monitoring solutions to capture business metrics from within applications. The metrics are then visualized to quickly allow for better analysis of the data. The tool is composed of three main components. The metrics are captured with a Node.js library that is imported in the monitored application. The library sends the captured data to InfluxDB timeseries database. The data is visualized with Grafana which implements tables, graphs, and gauges. The provided command-line tool creates a file that can be imported in Grafana to create a new dashboard with graphs in it. The requirements for the tool were created through the needs of software developers and clients of web- and mobile-developer Codemate. An architectural design was made based on the requirements and then implemented on the AWS cloud platform on top of Kubernetes. The implementation was evaluated by testing it in a real production server. The tool is functional and it works as intended. The results from the evaluation prove that the tool created in this thesis can help companies gain better information about their products. Future work includes adding the metrics capture for other languages such as Go and Ruby as well as integrating the tool to Codemate’s new development environment. Further research can be done especially in improving performance of the solution in large systems.Pilviresurssien monitorointi on selkeä ja yleinen tehtävä jokaiselle pilvipalvelun kehittäjälle. Monitorointisovellukset keskittyvät vain infrastruktuuriresursseihin, vaikka monet nykyajan yritykset tarvitsisivat tarkempaa tietoa sovellusten bisnespuolesta. Tämä diplomityö laajentaa nykyisiä monitorointisovelluksia kattamaan bisnesmetriikan keräämisen applikaatioiden sisältä sekä visualisoi datan paremman analyysin mahdollistamiseksi. Diplomityössä kehitetty työkalu koostuu kolmesta osasta. Metriikat kerätään sovelluksista Node.js-kirjaston avulla, joka lisätään sovelluksen koodiin. Kirjasto lähettää dataa InfluxDB-tietokantaan, josta se visualisoidaan Grafanalla interaktiivisten kuvaajien sekä taulukoiden avulla. Grafanaan voidaan lisäksi luoda työpöytiä diplomityötä varten luodulla ohjelmalla. Bisnesmetriikan keräämiseen ja visualisointiin luotu työkalu määriteltiin ohjelmistokehittäjä Codematen ohjelmistoinsinöörien sekä asiakkaiden tarpeiden mukaan. Määrittelyä käytettiin työkalun arkkitehtuurin luomiseen, joka ohjasi käytännön toteutusta. Työkalu rakennettiin Amazonin AWS-palveluun Kuberneteksen päälle. Toteutetun työkalun toimivuus testattiin lopuksi asiakasympäristössä tuotantopalvelimella. Työkalun todettiin toimivan tarkoituksenmukaisesti. Testauksesta saadut tulokset osoittavat, että työkalu voi auttaa yrityksiä saamaan parempaa informaatiota ohjelmistotuotteistaan sekä niiden käytöstä. Työkalun kehitystä voidaan jatkaa laajentamalla sen toimintaa Go- ja Ruby-kielille sekä integroimalla se tiiviimmin Codematen uuteen kehitysympäristöön. Lisätutkimus erityisesti suorituskyvyn parantamiseen laajoissa järjestelmissä on tarpeen