Two Approaches to Information Security Doctoral Research

Abstract. Researchers embarking upon doctoral research in information security face numerous challenges at the commencement of their studies. Students often face confusion as they consider where to start and how to progress. The objectives of the research need to be clearly defined before commencing the project. The research questions, methodology, data and analysis are inextricably tied to the objectives, and as such a top-down approach is recommended. This paper discusses two approaches to doctoral research, topdown and bottom-up. The paper is designed to guide students at the commencement of their information security doctoral research. These guidelines may also be of value to the supervisor

The environmental security debate and its significance for climate change

Policymakers, military strategists and academics all increasingly hail climate change as a security issue. This article revisits the (comparatively) long-standing “environmental security debate” and asks what lessons that earlier debate holds for the push towards making climate change a security issue. Two important claims are made. First, the emerging climate security debate is in many ways a re-run of the earlier dispute. It features many of the same proponents and many of the same disagreements. These disagreements concern, amongst other things, the nature of the threat, the referent object of security and the appropriate policy responses. Second, given its many different interpretations, from an environmentalist perspective, securitisation of the climate is not necessarily a positive development

Accredited qualifications for capacity development in disaster risk reduction and climate change adaptation

Increasingly practitioners and policy makers working across the globe are recognising the importance of bringing together disaster risk reduction and climate change adaptation. From studies across 15 Pacific island nations, a key barrier to improving national resilience to disaster risks and climate change impacts has been identified as a lack of capacity and expertise resulting from the absence of sustainable accredited and quality assured formal training programmes in the disaster risk reduction and climate change adaptation sectors. In the 2016 UNISDR Science and Technology Conference on the Implementation of the Sendai Framework for Disaster Risk Reduction 2015–2030, it was raised that most of the training material available are not reviewed either through a peer-to-peer mechanism or by the scientific community and are, thus, not following quality assurance standards. In response to these identified barriers, this paper focuses on a call for accredited formal qualifications for capacity development identified in the 2015 United Nations landmark agreements in DRR and CCA and uses the Pacific Islands Region of where this is now being implemented with the launch of the Pacific Regional Federation of Resilience Professionals, for DRR and CCA. A key issue is providing an accreditation and quality assurance mechanism that is shared across boundaries. This paper argues that by using the United Nations landmark agreements of 2015, support for a regionally accredited capacity development that ensures all countries can produce, access and effectively use scientific information for disaster risk reduction and climate change adaptation. The newly launched Pacific Regional Federation of Resilience Professionals who work in disaster risk reduction and climate change adaptation may offer a model that can be used more widely

A participative research for learning methodology on education doctoral training programmes

Purpose – This paper aims to outline a participative approach to researching education doctoral students’ trajectories that functions both as a form of training in research methodology and as a means of reflection on the doctoral trajectory and what doctoral students have brought to the doctoral process through their experience. Design/methodology/approach – Ten participants formed dyads and acted as both researchers and subjects of research, using narrative accounts and interviews. The collaborative approach aimed to allow “hands-on” experience of the selected methods, as well as full engagement in negotiating each stage of the project. Findings – Project group meetings and the data generated by participants provided a rich source of learning about methodological issues in education research, in addition to the personal understandings emerging from such a project. Originality/value – This project reports an approach to “hands-on” learning of methodological and ethical issues within doctoral development programmes that could be adapted for use on similar programmes. It suggests an alternative to the more common forms of doctoral training (such asexposition, discussion, reading, or simulation) that is of real value to doctoral students in that it enables deep reflection on the journeys that have brought students to doctoral study, whilst at the same time providing a rich resource for methodological learning.</p

Secure requirements engineering in a constrained agile environment.

Doctoral degree. University of KwaZulu-Natal, Durban.Requirements Engineering (RE) is a software engineering process that takes place early in the software development life cycle namely, during the planning phase of software development. A list of highly refined requirements that is the blueprint for the system, is the output of this process. It is vital to address critical issues such as security within RE, to prevent patching and hot fixing later. Exorbitant losses can be prevented through secure systems development. The purpose of this research study was to delineate the Agile RE practices through a sequential explanatory mixed methods study approach to explicate the relationship between RE practices and the security of an application. An in-depth literature review was undertaken to understand RE processes and security approaches during application development. This mixed methods research study was contextualised at seventeen software development companies in South Africa. Data was collected in three phases. In the first phase, the researcher used a field survey questionnaire as the primary research instrument to gather data on Agile RE practices such as elicitation, security approaches and requirements prioritisation. In phase two of the data collection, interviews were used as a qualitative data gathering tool to explain, triangulate and strengthen the survey results. The security of live Agile Software Development artifacts were then randomly evaluated using a dynamic analysis security testing (DAST) tool. To contribute to the body of knowledge, the researcher used fuzzy logics and fuzzy sets to develop an automated fuzzy tool that assists requirements engineers to control client requirements. The Design Science Research Methodology, an Information Systems (IS) theoretical framework, guided the development of the automated fuzzy software tool. The automated fuzzy tool was evaluated in phase three of data collection and showed positive results for ranking client requirements in Agile RE. The major finding of this study was that although Agile RE practices in the real world are aligned to mainstream RE, proper security approaches are lacking. The problem is exacerbated by the lack of web application security knowledge and insufficient application security training by requirements engineers. The study concludes that poor security practices in Agile RE are having a negative impact on the security of the Agile Software Development product. As an implication of this study, the researcher suggests stricter adherences by practitioners to Agile Software Development principles and values as outlined in the Agile Manifesto and Agile Security Manifesto

Mind your step! : How profiling location reveals your identity - and how you prepare for it

Location-based services (LBS) are services that position your mobile phone to provide some context-based service for you. Some of these services – called ‘location tracking’ applications - need frequent updates of the current position to decide whether a service should be initiated. Thus, internet-based systems will continuously collect and process the location in relationship to a personal context of an identified customer. This paper will present the concept of location as part of a person’s identity. I will conceptualize location in information systems and relate it to concepts like privacy, geographical information systems and surveillance. The talk will present how the knowledge of a person's private life and identity can be enhanced with data mining technologies on location profiles and movement patterns. Finally, some first concepts about protecting location information