Institutional Repository

Towards a framework to promote the development of secure and usable online information security applications

Show simple item record

dc.contributor.advisor Eloff, M.M.
dc.contributor.advisor Kroeze, J.H.
dc.contributor.author Mujinga, Mathias
dc.date.accessioned 2018-11-28T15:12:12Z
dc.date.available 2018-11-28T15:12:12Z
dc.date.issued 2018-01
dc.identifier.citation Mujinga, Mathias (2018) Towards a framework to promote the development of secure and usable online information security applications, University of South Africa, Pretoria, <http://hdl.handle.net/10500/25087>
dc.identifier.uri http://hdl.handle.net/10500/25087
dc.description.abstract The proliferation of the internet and associated online activities exposes users to numerous information security (InfoSec) threats. Such online activities attract a variety of online users who include novice computer users with no basic InfoSec awareness knowledge. Information systems that collect and use sensitive and confidential personal information of users need to provide reliable protection mechanisms to safeguard this information. Given the constant user involvement in these systems and the notion of users being the weakest link in the InfoSec chain, technical solutions alone are insufficient. The usability of online InfoSec systems can play an integral role in making sure that users use the applications effectively, thereby improving the overall security of the applications. The development of online InfoSec systems calls for addressing the InfoSec problem as a social problem, and such development must seek to find a balance between technical and social aspects. The research addressed the problem of usable security in online InfoSec applications by using an approach that enabled the consideration of both InfoSec and usability in viewing the system as a socio-technical system with technical and social sub-systems. Therefore, the research proposed a socio-technical framework that promotes the development of usable security for online information systems using online banking as a case study. Using a convergent mixed methods research (MMR) design, the research collected data from online banking users through a survey and obtained the views of online banking developers through unstructured interviews. The findings from the two research methods contributed to the selection of 12 usable security design principles proposed in the sociotechnical information security (STInfoSec) framework. The research contributed to online InfoSec systems theory by developing a validated STInfoSec framework that went through an evaluation process by seven field experts. Although intended for online banking, the framework can be applied to other similar online InfoSec applications, with minimum adaptation. The STInfoSec framework provides checklist items that allow for easy application during the development process. The checklist items can also be used to evaluate existing online banking websites to identify possible usable security problems. en
dc.format.medium 1 online resource (xiv, 306 leaves) : illustrations, color graphs en
dc.language.iso en en
dc.subject Information security en
dc.subject Usable security en
dc.subject Socio-technical en
dc.subject Online banking en
dc.subject STInfoSec en
dc.subject Design principles en
dc.subject User behaviour en
dc.subject South Africa en
dc.subject Heuristic evaluation en
dc.subject Mixed methods research en
dc.subject.ddc 332.102854978
dc.subject.lcsh Sociotechnical systems -- South Africa en
dc.subject.lcsh Electronic funds transfers -- Security measures -- South Africa en
dc.subject.lcsh Banks and banking -- Data processing en
dc.title Towards a framework to promote the development of secure and usable online information security applications en
dc.type Thesis en
dc.description.department Computer Science en
dc.description.degree D. Phil. (Computer Science) en


Files in this item

This item appears in the following Collection(s)

  • Unisa ETD [12743]
    Electronic versions of theses and dissertations submitted to Unisa since 2003

Show simple item record

Search UnisaIR


Browse

My Account

Statistics