Using Control Frameworks to Map Risks in Web 2.0 Applications

Web 2.0 applications are continuously moving into the corporate mainstream. Each new development brings its own threats or new ways to deliver old attacks. The objective of this study is to develop a framework to identify the security issues an organisation is exposed to through Web 2.0 applications, with specific focus on unauthorised access. An extensive literature review was performed to obtain an understanding of the technologies driving Web 2.0 applications. Thereafter, the technologies were mapped against Control Objectives for Information and related Technology and Trust Service Principles and Criteria and associated control objectives relating to security risks. These objectives were used to develop a framework which can be used to identify risks and formulate appropriate internal control measures in any organisation using Web 2.0 applications. Every organisation, technology and application is unique and the safeguards depend on the nature of the organisation, information at stake, degree of vulnerability and risks. A comprehensive security program should include a multi-layer approach comprising of a control framework, combined with a control model considering the control processes in order to identify the appropriate control techniques.Web 2.0, Security risks, Control framework, Control Objectives for Information and related Technology (CobiT), Trust Service Principles and Criteria

The Influence Of Knowing Web 2.0 Risks And Controls On Web 2.0 Usage And Security Practices Of Online Users

Significant changes have taken place on the internet in recent years. The most prominent is the introduction of Web 2.0 technologies (Web 2.0), which promotes sharing and collaboration. This study investigates the usage patterns, and awareness levels of the risks and controls associated with Web 2.0 by educated and uneducated users. Accounting students (as a proxy for educated users) are taught about the risks and controls of Web 2.0 as part of their studies, whereas Business Strategy students’ (as a proxy for uneducated users) exposure is limited to popular media and their own research. The results indicate that the use of Web 2.0 is popular among South African students irrespective of which course they major in. The Web 2.0 awareness levels of both populations were relatively high with no significant differences. Contrary to expectation, the level of usage; types of Web 2.0 technologies; types of risks; and the manner and frequency of sharing of information by the two populations were not found to differ significantly. The research highlights that although Accounting students are taught about the risks and controls in Web 2.0, they do not take these risks and controls into consideration in their personal life when interacting with Web 2.0. Contrary to expectation, it appears that being formally educated on Web 2.0 does not have a larger impact on user behaviour than awareness gained from popular media. It also indicates how user behaviour influences the effectiveness of online controls

Incorporating Online Tools In Tertiary Education

Students currently studying at tertiary institutions have developed a set of attitudes and aptitudes as a result of growing up in an IT and media-rich environment. These attitudes and aptitudes influence how they learn and in order to be effective, lecturers must adapt to address their learning preferences and use the online teaching tools that these students are familiar with. In a South African context it was found that students spend a significant amount of time in interactive online image-rich environments and are accustomed to this environment. A number of suggestions are made on how to incorporate this in tertiary education

Addressing the incremental risks associated with adopting Bring Your Own Device

CITATION: Weber, L. & Rudman, R. J. 2018. Addressing the incremental risks associated with adopting Bring Your Own Device. Journal of Economic and Financial Sciences, 11(1):a169, doi:10.4102/jef.v11i1.169.The original publication is available at https://jefjournal.org.zaBring Your Own Device (BYOD) involves allowing employees to use their own mobile devices to access their organisations’ networks. Many organisations are embracing this trend as a means to cut information technology (IT) expenditure, enhance employee satisfaction, etc. However, these and other benefits come at a cost in the form of exposing an organisation to new risks. The aim of this research was to assist organisations to identify the incremental risks they could potentially encounter if they implement a BYOD programme and how they can reduce the risks directly related to BYOD to an acceptable level. An extensive literature review was performed to identify the risks which arise as a result of the adoption of a BYOD programme. COBIT 5 was identified as the most appropriate framework which could be used to develop possible safeguards to mitigate the incremental risks associated with a BYOD programme to an acceptable level. Safeguards were developed to address the risks.https://jefjournal.org.za/index.php/jef/article/view/169Publisher's versio

An empirical study on the determinants of net investment flows of South African General Equity unit trusts

Includes bibliographical references (leaves 82-88)