How does intellectual capital align with cyber security?

Purpose – To position the preservation and protection of intellectual capital as a cyber security concern. We outline the security requirements of intellectual capital to help Boards of Directors and executive management teams to understand their responsibilities and accountabilities in this respect.Design/Methodology/Approach – The research methodology is desk research. In other words, we gathered facts and existing research publications that helped us to define key terms, to formulate arguments to convince BoDs of the need to secure their intellectual capital, and to outline actions to be taken by BoDs to do so.Findings – Intellectual capital, as a valuable business resource, is related to information, knowledge and cyber security. Hence, preservation thereof is also related to cyber security governance, and merits attention from boards of directors.Implications – This paper clarifies boards of directors’ intellectual capital governance responsibilities, which encompass information, knowledge and cyber security governance.Social Implications – If boards of directors know how to embrace their intellectual capital governance responsibilities, this will help to ensure that such intellectual capital is preserved and secured.Practical Implications – We hope that boards of directors will benefit from our clarifications, and especially from the positioning of intellectual capital in cyber space.Originality/Value – This paper extends a previous paper published by Von Solms and Von Solms (2018), which clarified the key terms of information and cyber security, and the governance thereof. The originality and value is the focus on the securing of intellectual capital, a topic that has not yet received a great deal of attention from cyber security researchers

Cloud-based Email Adoption at Higher Education Institutions in South Africa

Cloud computing, in general, is having an impact on organizations today. Cloud-based email, in particular, is being adopted by educational institutions around the world on a large scale. This paper reports on the state of cloud-based email adoption at higher education institutions in South Africa; it does this by describing the findings of a survey of IT managers at sixteen of these institutions. It will show that South Africa follows the global trend of a large uptake of cloud- based email for higher education institutions. The fact that although organizations are satisfied with the service they receive from cloud-based email service providers, they have several noteworthy concerns regarding the adoption of this service. The fact that IT managers at such South African higher education institutions feel that they would benefit from the guidelines for the compliant adoption of cloud-based email is also highlighted

Customers repurchase intention formation in e-commerce

Background: Electronic loyalty (e-loyalty) has become important in the context of electronic commerce (e-commerce) in recent years. Loyal customers bring long-term revenue to companies and are known to be a valuable asset to them. However, firms lose their customers in a competitive environment on the Internet because of a lack of trust, satisfaction and loyalty. Objectives: This study explains how e-loyalty, e-trust and e-satisfaction form in e-commerce with a focus on customer purchase intention formation. Method: A conceptual framework was formed based upon the literature review. Data were collected from e-customers of online firms in South Africa. After data clarification, confirmatory factor analysis was conducted. The structural equation modelling was applied to test the hypotheses. IBM SPSS AMOS 20 was used for this purpose. Results: Firstly, convenience, customer benefit and enjoyment affect customer satisfaction in e-commerce. In other words, when customers do business activities easily with enjoyment and take benefit, they are satisfied and they will purchase again in future. Secondly, our study demonstrated that customer perception of security, clear shopping process and reliable payment system have a positive relationship with e-trust. Finally, e-satisfaction and e-trust have a positive and strong relationship with e-loyalty formation in e-commerce. Conclusion: The results of the study shed light on important issues relating to e-loyalty formation from a new perspective. Online companies are interested in launching e-loyalty programmes because of the long-term benefits that come from loyal customers. To remain competitive, e-commerce companies should constantly work at enhancing customer trust, satisfaction and loyalty

The reticent effect of ICT on tourism: A case study of Zimbabwe

The rapid developments in ICT have revolutionised tourism operations and the way companies and countries lure tourists, resulting in stiff competition in the global tourism industry. ICT has become the ‘umbilical cord’ of tourism as it has assumed a crucial role in the survival and performance of tourism destinations. However, ICT is a double-edged sword as it can be used with considerable effect either in promoting or downgrading tourism destinations. For example, in situations where a tourism destination is receiving negative publicity, ICT has the disadvantage of spreading that adverse information quickly to a global audience. This study is an important contribution to the body of knowledge on the demise of tourism in Zimbabwe in general but specifically focusing on the role of ICTs between 2000 and 2016.This research was conducted through a comprehensive literature review,mainly focusing on multiple peer-reviewed journal articles, books and conference papers from 2000 to 2016, before the Emmerson Mnangagwa-led government came to power. The selection of articles was purposive. Only those that provided deep insights and in-depth understanding as well as a proper representation of Zimbabwe’s tourism sector in line with the purpose of the research were selected. The available literature strongly points out that a combination of ICT, especially the internet, government policies deemed retrogressive and economic refugees emigrating from tourist-seeking countries have contributed to the soiling of the image, reputation and identity of Zimbabwe as an attractive tourism destination on a global scale. This has had an adverse effect on the growth of the tourism sector in the country. Thus, ICT can negatively impact tourism, and thus, countries intending to lure visitors to their tourism destinations should avoid policies, events and activities that can result in bad publicity in the international media. On the other hand, there is no denying that if used properly ICT can also help to successfully rebrand a tourism destination. For this reason, it is important for national tourism strategies to encompass and interconnect both physical and virtual tourism promotion methods

Motivation and opportunity based model to reduce information security insider threats in organisations

This is an accepted manuscript of an article published by Elsevier in Journal of Information Security and Applications, available online: https://doi.org/10.1016/j.jisa.2017.11.001 The accepted version of the publication may differ from the final published version.Information technology has brought with it many advantages for organisations, but information security is still a major concern for organisations which rely on such technology. Users, whether with intent or through negligence, are a great source of potential of risk to information assets. A lack of awareness, negligence, resistance, disobedience, apathy and mischievousness are root causes of information security incidents in organisations. As such, insider threats have attracted the attention of a number of experts in this domain. Two particularly important considerations when exploring insider threats are motivation and opportunity. Two fundamental theories relating to these phenomena, and on which the research presented in this paper relies, are Social Bond Theory (SBT), which can be used to help undermine motivation to engage in misbehaviour, and Situational Crime Prevention Theory (SCPT), which can be used to reduce opportunities for misbehaviour. The results of our data analysis show that situational prevention factors such as increasing the effort and risk involved in a crime, reducing the rewards and removing excuses can significantly promotes the adoption of negative attitudes towards misbehaviour, though reducing provocations does not have any effect on attitudes. Further, social bond factors such as a commitment to organisational policies and procedures, involvement in information security activities and personal norms also significantly promotes the adoption of negative attitudes towards misbehaviour. However, attachment does not significantly promote an attitude of misbehaviour avoidance on the part of employees. Finally, our findings also show that a negative attitude towards misbehaviour influences the employees’ intentions towards engaging in misbehaviour positively, and this in turn reduces insider threat behaviour. The outputs of this study shed some light on factors which play a role in reducing misbehaviour in the domain of information security for academics and practitioners.Published versio

Cyber Safety Education in Developing Countries

Cyber safety has become critical in today's world. Young children specifically need to be educated to operate in a safe manner in cyberspace and to protect themselves in the process. Unfortunately, African and developing countries do not necessarily possess the required resources to run extensive educational programmes for children. Using open educational resources, a cyber-safety curriculum has been developed. This curriculum will empower teachers in junior or primary schools to educate their learners about cyber safety. Once all the tests have been completed, the curriculum will be made available to primary schools in countries where governments or education departments do not provide such educational material

Information security management : processes and metrics

PhD. (Informatics)Organizations become daily more dependent on information. Information is captured, processed, stored and distributed by the information resources and services within the organization. These information resources and services should be secured to ensure a high level of availability, integrity and privacy of this information at all times. This process is referred to as Information Security Management. The main objective of this, thesis is to identify all the processes that constitute Information Security Management and to define a metric through which the information security status of the organization can be measured and presented. It is necessary to identify an individual or a department which will be responsible for introducing and managing the information security controls to maintain a high level of security within the organization. The position .and influence of this individual, called the Information Security officer, and/or department within the organization, is described in chapter 2. The various processes and subprocesses constituting Information Security Management are identified and grouped in chapter 3. One of these processes, Measuring and Reporting, is currently very ill-defined and few guidelines and/or tools exist currently to help the Information Security officer to perform this task. For this reason the rest of the thesis is devoted to providing an effective means to enable the Information Security officer to measure and report the information security status in an effective way..

'n Bestuurshulpmiddel vir die evaluering van 'n maatskappy se rekenaarsekerheidsgraad

M.Sc. (Informatics)Information is power. Any organization must secure and protect its entire information assets. Management is responsible for the well-being of the organization and consequently for computer security. Management must become and stay involved with the computer security situation of the organization, because the existence of any organization depends on an effective information system. One way in which management can stay continually involved and committed with the computer security situation of the organization, is by -, the periodic evaluation of computer security. The results from this evaluation process can initiate appropriate actions to increase computer security in areas needed. For effective management involvement, a tool is needed to aid management in monitoring the status of implementing computer security on a regular basis. The main objective of this dissertation is to develop such a management tool. Basically the thesis consists of three parts, namely framework for effective computer security evaluation, the definition of the criteria to be included in the tool and lastly, the tool itself. The framework (chapters 1 to 6) defines the basis on which the tool (chapters 7 to 9) is built, e.g. that computer security controls need to be cost-effective and should aid the organization in accomplishing its objectives. The framework is based on a two dimensional graph: firstly, tho various risk areas in which computer security should be applied and secondly, the severity of controls in each of these areas. The tool identifies numerous risk areas critical to the security of the computer and its environment. Each of these risk areas need to be evaluated to find out how well it is secured. From these results an overall computer security situation is pictured. The tool is presented as a spreadsheet, containing a number of questions. The built -in formulae in the spreadsheet perform calculations resulting in an appreciation of the computer security situation. The results of the security evaluation can be used by management to take appropriate actions regarding the computer security situation

Publish or Perish – But where?

It becomes more and more difficult for young researchers to decide how and where to disseminate their research results. Several factors impact on such decisions – and making the correct ones is important for building a reputable research profile. This position paper investigates several of those factors that researchers and supervisors need to take into account. The paper also attempts to provide some guidelines for making decisions on where to publish, in order to attain maximum career benefit from one’s research publications. This paper focuses on the Computing discipline with reference to some factors specific to the South African context