• Login
    View Item 
    •   NWU-IR Home
    • Electronic Theses and Dissertations (ETDs)
    • Natural and Agricultural Sciences
    • View Item
    •   NWU-IR Home
    • Electronic Theses and Dissertations (ETDs)
    • Natural and Agricultural Sciences
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Social network analysis in the context of information security risk management

    Thumbnail
    View/Open
    Serfontein R 21165750.pdf (13.73Mb)
    Date
    2020
    Author
    Serfontein, Rudi
    Metadata
    Show full item record
    Abstract
    One of the primary factors that determines the efficacy of information security is addressing the risks associated with the human actors involved. This is usually accomplished through the use of security policies that aim to manage user behaviour, and security awareness programmes that aim to improve both the knowledge users have of information security threats, and their behaviour. Unfortunately, while these methods do often reduce information security risk, they have certain shortcomings that may have an impact on how effectively they can help mitigate these risks. Awareness programmes, for example, may not necessarily address new risks, whereas overreaching policies could lead to information security fatigue. An additional approach is to implement Social Network Analysis (SNA) in order to identify and manage information security risks by addressing structural risks in the social networks of organisations. These social networks describe the interactions between people, tasks, and resources, and by investigating them hidden information security risks can potentially be identified. In this study a framework is proposed that aims to use SNA in order to identify the information security risks present in social networks. The proposed framework also presents a structured approach to developing risk mitigation strategies that can be used to reduce these risks, as well as the implementation of these strategies. In order to develop a complete framework, the study also presents a number of methods that were adapted for use with SNA. These novel applications include, among others, an implementation of Self-Organising Maps that can be used to evaluate information security risks in a social network graphically, and an adapted network optimisation technique. A real-world network, built using data from a Corporate Risk Report, is used in conjunction with multiple smaller networks to demonstrate the validity and utility of the framework.
    URI
    https://orcid.org/0000-0002-0428-6494
    http://hdl.handle.net/10394/35189
    Collections
    • Natural and Agricultural Sciences [2767]

    Copyright © North-West University
    Contact Us | Send Feedback
    Theme by 
    Atmire NV
     

     

    Browse

    All of NWU-IR Communities & CollectionsBy Issue DateAuthorsTitlesSubjectsAdvisor/SupervisorThesis TypeThis CollectionBy Issue DateAuthorsTitlesSubjectsAdvisor/SupervisorThesis Type

    My Account

    LoginRegister

    Copyright © North-West University
    Contact Us | Send Feedback
    Theme by 
    Atmire NV