Institutional Repository

A risk based approach for managing information technology security risk within a dynamic environment

Show simple item record

dc.contributor.advisor Abdulla, H.
dc.contributor.advisor Mujinga, M.
dc.contributor.author Mahopo, Ntombizodwa Bessy
dc.date.accessioned 2017-01-17T08:47:50Z
dc.date.available 2017-01-17T08:47:50Z
dc.date.issued 2015-11
dc.identifier.citation Mahopo, Ntombizodwa Bessy (2015) A risk based approach for managing information technology security risk within a dynamic environment, University of South Africa, Pretoria, <http://hdl.handle.net/10500/21925> en
dc.identifier.uri http://hdl.handle.net/10500/21925
dc.description.abstract Information technology (IT) security, which is concerned with protecting the confidentiality, integrity and availability of information technology assets, inherently possesses a significant amount of known and unknown risks. The need to manage IT security risk is regarded as an important aspect in the daily operations within organisations. IT security risk management has gained considerable attention over the past decade due to the collapse of some large organisations in the world. Previous investigative research in the field of IT security has indicated that despite the efforts that organisations use to reduce IT security risks, the trend of IT security attacks is still increasing. One of the contributing factors to poor management of IT security risk is attributed to the fact that IT security risk management is often left to the technical security technologists who do not necessarily employ formal risk management tools and reasoning. For this reason, organisations find themselves in a position where they do not have the correct approach to identify, assess and treat IT security risks. The IT security discipline is complex in nature and requires specialised skills. Organisations generally struggle to find a combination of IT security and risk management skills in corporate markets. The scarcity of skills leaves organisations with either IT security technologists who do not apply risk management principles to manage IT security risk or risk management specialists who do not understand IT security in order to manage IT security risk. Furthermore, IT is dynamic in nature and introduces new threats and vulnerabilities as it evolves. Taking a look at the development of personal computers over the past 20 years is indicative of how change has been constant in this field, from big desktop computers to small mobile computing devices found today. The requirement to protect IT against threats associated with desktops was far less than the requirement associated with protecting mobile devices. There is pressure for organisations to ensure that they stay abreast with the current technology and associated risks. Failure to understand and manage IT security risk is often cited as a major cause of concern within most organisations’ IT environments because comprehensive approaches to identify, assess and treat IT security risk are not consistently applied. This is due to the fact that the trend of IT security attacks across the globe is on the increase, resulting in gaps when managing IT security risk. Employing a formal risk based approach in managing IT security risk ensures that risks of importance to an organisation are accounted for and receive the correct level of attention. Defining an approach of how IT security risk is managed should be seen as a fundamental task and is the basis of this research. This study aims to contribute to the field of IT security by developing an approach that assists organisations in treating IT security risk more effectively. This is achieved through the use of a combination of existing best practice IT security frameworks and standards principles, basic risk management principles, as well as existing threat modelling processes. The approach developed in this study serves to encourage formal IT security risk management practices within organisations to ensure that IT security risk is accounted for by senior leadership. Furthermore, the approach is anticipated to be more proactive and iterative in nature to ensure that external factors that influence the increasing trend of IT security threats within the IT environment are acknowledged by organisations as technology evolves. en
dc.format.extent 1 online resource (xv, 151 leaves) : illustrations en
dc.language.iso en en
dc.subject IT en
dc.subject IT security en
dc.subject Risk en
dc.subject Risk management en
dc.subject IT security threat modelling en
dc.subject IT security management en
dc.subject OCTAVE en
dc.subject COBIT en
dc.subject ITIL en
dc.subject ISO 27001/2 en
dc.subject ISF Standard of Good Practice en
dc.subject.ddc 005.82
dc.subject.lcsh Information technology -- Security measures en
dc.subject.lcsh Information technology -- Risk management en
dc.subject.lcsh Computer security -- Standards en
dc.subject.lcsh Cyberterrorism en
dc.subject.lcsh COBIT (Information technology management standard) en
dc.subject.lcsh ITIL (Information technology management standard) en
dc.title A risk based approach for managing information technology security risk within a dynamic environment en
dc.type Dissertation en
dc.description.department Computing en
dc.description.degree M. Sc. (Computing) en


Files in this item

This item appears in the following Collection(s)

  • Unisa ETD [8906]
    Electronic versions of theses and dissertations submitted to Unisa since 2003

Show simple item record

Search UnisaIR


Browse

My Account

Statistics