Privacy and Legal Issues in Cloud Computing - The SMME Position in South Africa

Cloud computing (CC) brings substantial benefits to organizations and their clients. Information technology (IT) users in developing countries, especially those in underdeveloped communities, are gaining easy and cost‐effective access to a variety of services, from entertainment to banking. South Africa has outlined a national e‐strategy that aims to improve those communities, by providing frameworks for access to information and communications technology (ICT). The products and services of small‐, medium and micro‐sized enterprises (SMME) are now reaching a wider audience through the use of technology. CC can go a long way to help government realize the national e‐strategy. There are numerous barriers to CC adoption; among the main concerns are security, privacy and availability. CC adoption is rising globally, but in South Africa it hasn’t penetrated the mainstream operations of small and large organizations. The major inhibitor is security, though it is losing ground to other factors, especially privacy concerns, and The absence of security and data privacy legislation in South Africa makes it difficult for organizations to adopt CC. The objective of this paper is to highlight CC inhibitors especially privacy and legal issues in the context of South African SMMEs and how they contribute to low rate of CC adoption

Towards a framework to promote the development of secure and usable online information security applications

The proliferation of the internet and associated online activities exposes users to numerous information security (InfoSec) threats. Such online activities attract a variety of online users who include novice computer users with no basic InfoSec awareness knowledge. Information systems that collect and use sensitive and confidential personal information of users need to provide reliable protection mechanisms to safeguard this information. Given the constant user involvement in these systems and the notion of users being the weakest link in the InfoSec chain, technical solutions alone are insufficient. The usability of online InfoSec systems can play an integral role in making sure that users use the applications effectively, thereby improving the overall security of the applications. The development of online InfoSec systems calls for addressing the InfoSec problem as a social problem, and such development must seek to find a balance between technical and social aspects. The research addressed the problem of usable security in online InfoSec applications by using an approach that enabled the consideration of both InfoSec and usability in viewing the system as a socio-technical system with technical and social sub-systems. Therefore, the research proposed a socio-technical framework that promotes the development of usable security for online information systems using online banking as a case study. Using a convergent mixed methods research (MMR) design, the research collected data from online banking users through a survey and obtained the views of online banking developers through unstructured interviews. The findings from the two research methods contributed to the selection of 12 usable security design principles proposed in the sociotechnical information security (STInfoSec) framework. The research contributed to online InfoSec systems theory by developing a validated STInfoSec framework that went through an evaluation process by seven field experts. Although intended for online banking, the framework can be applied to other similar online InfoSec applications, with minimum adaptation. The STInfoSec framework provides checklist items that allow for easy application during the development process. The checklist items can also be used to evaluate existing online banking websites to identify possible usable security problems.Computer ScienceD. Phil. (Computer Science

Cloud computing concerns in developing economies

Cloud computing promises to bring substantial benefits to how organizations conduct their businesses and the way their services reach out to potential consumers. Cloud computing is a welcome initiative for small businesses that cannot afford to invest in ICT infrastructure but need to benefit from the rewards of conducting business online. In developing economies, there are challenges that face cloud services providers and their consumers. Broadband network access was identified as the main essential service for a successful cloud computing offering. The objective of this paper is to give background information on the security issues in cloud computing, and highlight the potential of cloud computing and the associated challenges in utilizing services on the cloud for small businesses in developing economies. We discuss security concerns specifically related to the small businesses, such as service availability, privacy and SLA terms

Towards a Heuristic Model for Usable and Secure Online Banking

The main purpose of this paper is to propose a heuristic model for usable and secure online banking. The model is based on identified heuristics that contribute to the design of usable security in the context of online banking security. Little research has focused on the balance between usability and security in online banking authentication mechanisms when evaluating the effectiveness of security systems. Nielsen’s ten usability principles are still fundamentally important in designing usable secure systems, as indicated by the analysis of heuristics developed from recent studies. Online banking users are vulnerable to numerous old and new sophisticated online security threats that are increasingly being developed and targeting this unsuspecting group of users. An investigation into this aspect of security design can certainly benefit both the online banking users and online banking merchants, and foster a secure and usable banking environment. In this paper, a heuristic model for usable online banking security is developed, based on security design principles found in literature. Using data collected from users of online banking in South Africa through a questionnaire and banking security personnel interviews, we envisaged refining the identified heuristics and developing a checklist for each heuristic used, for heuristic evaluation by field experts

A Socio-Technical Approach to Information Security

The main objective of this paper is to present a preliminary socio-technical information security (STInfoSec) framework for the development of online information security applications that addresses both social and technical aspects of information security design. The paper looks at theoretical aspects related to a view of information security as a soci0-technical system in the context of online banking. The STInfoSec framework investigates usability and security requirements for an improved online banking system that seeks to improve the adoption and continued use of the service. The STInfoSec framework proposes 12 usable security design principles that assist in addressing security and usability requirements in online applications such as online banking. The framework seeks to influence the behaviour of designers of online information security applications by incorporating principles that consider the end user behaviour of such applications. The validation of the framework is beyond the scope of this paper

System usability scale evaluation of online banking service: A South African study

Online banking is a critical service offered by financial institutions to their clientele to facilitate easier and faster access to financial services and transactions. Banks currently spend huge amounts of money on development and maintenance of websites and backend systems that offer online banking facilities to clients. Here we address the effect of moderating factors on online banking usability assessment in South Africa. Using statistical analysis techniques that included t-tests, ANOVA and correlation, we investigated whether there are statistically significant mean differences in system usability scale (SUS) scores based on a variety of moderating factors in South Africa. Findings based on a sample of 540 respondents show that SUS scores differ significantly based on factors such as age, experience and income, whereas factors such as gender, use frequency and employment did not affect the mean SUS scores. Given the individual SUS scores for a variety of users based on different demographics, the financial institutions might improve service usability to target specific user groups and realise their return on investment in digital banking channels. Therefore improving service usability might go a long way in encouraging online banking adoption in South Africa.School of Computin

A Reference Point for Designing a Cybersecurity Curriculum for Universities

The objective of this study is to propose a cybersecurity curriculum from a best practice perspective for universities and other higher educational institutions. Cybersecurity is a fast-growing part of the overall job market and cybersecurity skills shortage is a factor that needs attention worldwide. An updated approach is needed to build the cybersecurity labour force. A scoping literature review was applied on academic databases for proposed cybersecurity skills cur-ricula. It was also applied on cybersecurity curricula offered by top universities as well as by studying cybersecurity curriculum frameworks and guidelines. The knowledge, skills, abilities and modules from the aforementioned were integrated to compile a holistic reference point for a cybersecurity curriculum. The study found that there is a global need for cybersecurity degrees and specifically for African countries like South African. More cybersecurity professionals need to be trained in the necessary technical abilities, combined by the necessary soft skills to be productive and fill the gaps in industry. This is possible by concentrating on this study’s proposal namely a reference point for cybersecurity modules to be included in a cybersecurity curriculum.School of Computin

Towards a framework for online information security applications development: A socio-technical approach

The paper presents a validated socio-technical information security (STInfoSec) framework for the development of online information security (InfoSec) applications. The framework addresses both social and technical aspects of InfoSec design. The preliminary framework was developed using a mixed methods research design that collected data from 540 surveys by online banking users and six interviews with online banking personnel. The preliminary framework was presented in another publication and it is beyond the scope of this paper. The scope of this paper is limited to the validation findings of the evaluation process that involves seven evaluators. In the socio-technical context, the STInfoSec framework facilitates acceptance and usability of online applications based on online banking as a case study. The authors argue that usability of online InfoSec applications such as online banking significantly affects the adoption and continued use of such applications. As such, the paper investigates design principles for usable security and proposes a validated STInfoSec framework that consists of 12 usable security design principles. The design principles have been validated through heuristic evaluation by seven field experts for inclusion in the final STInfoSec framework. The development of InfoSec applications can be improved by applying these design principles.School of Computin

SAICSIT Conference 2021: Proceedings of the South African Institute of Computer Scientists and Information Technologists

SAICSIT has been hosting its annual conference from 1987, while over the years the shape and nature of the society has changed. This year the School of Computing at the University of South Africa hosted this virtual conference. The theme of the conference was “Reimagining the Interconnected World”.UNIVERSITY OF SOUTH AFRICACollege of Engineering, Science and Technolog