Show simple item record

dc.contributor.advisorKruger, H.A.
dc.contributor.authorSerfontein, Rudi
dc.date.accessioned2020-07-20T07:10:21Z
dc.date.available2020-07-20T07:10:21Z
dc.date.issued2020
dc.identifier.urihttps://orcid.org/0000-0002-0428-6494
dc.identifier.urihttp://hdl.handle.net/10394/35189
dc.descriptionPhD (Computer Science), North-West University, Potchefstroom Campusen_US
dc.description.abstractOne of the primary factors that determines the efficacy of information security is addressing the risks associated with the human actors involved. This is usually accomplished through the use of security policies that aim to manage user behaviour, and security awareness programmes that aim to improve both the knowledge users have of information security threats, and their behaviour. Unfortunately, while these methods do often reduce information security risk, they have certain shortcomings that may have an impact on how effectively they can help mitigate these risks. Awareness programmes, for example, may not necessarily address new risks, whereas overreaching policies could lead to information security fatigue. An additional approach is to implement Social Network Analysis (SNA) in order to identify and manage information security risks by addressing structural risks in the social networks of organisations. These social networks describe the interactions between people, tasks, and resources, and by investigating them hidden information security risks can potentially be identified. In this study a framework is proposed that aims to use SNA in order to identify the information security risks present in social networks. The proposed framework also presents a structured approach to developing risk mitigation strategies that can be used to reduce these risks, as well as the implementation of these strategies. In order to develop a complete framework, the study also presents a number of methods that were adapted for use with SNA. These novel applications include, among others, an implementation of Self-Organising Maps that can be used to evaluate information security risks in a social network graphically, and an adapted network optimisation technique. A real-world network, built using data from a Corporate Risk Report, is used in conjunction with multiple smaller networks to demonstrate the validity and utility of the framework.en_US
dc.language.isoenen_US
dc.publisherNorth-West University (South Africa)en_US
dc.subjectRisk Managementen_US
dc.subjectInformation securityen_US
dc.subjectSocial network analysisen_US
dc.subjectSelf-organising mapsen_US
dc.subjectNetwork optimisationen_US
dc.subjectRisk mitigation strategiesen_US
dc.subjectSecurity awareness programmesen_US
dc.titleSocial network analysis in the context of information security risk managementen_US
dc.typeThesisen_US
dc.description.thesistypeDoctoralen_US
dc.contributor.researchID12066621 - Kruger, Hendrik Abraham (Supervisor)


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record