Show simple item record

dc.contributor.advisorvan Niekerk, Brett.
dc.contributor.advisorNaidoo, Karna.
dc.creatorPretorius, Barend Hendrik.
dc.date.accessioned2018-06-08T07:20:48Z
dc.date.available2018-06-08T07:20:48Z
dc.date.created2016
dc.date.issued2016
dc.identifier.urihttp://hdl.handle.net/10413/15261
dc.descriptionMaster of Commence in Information Systems and Technology. University of KwaZulu-Natal, Westville 2016.en_US
dc.description.abstractIndustrial control systems (ICS) and supervisory, control, and data acquisition (SCADA) systems have evolved from operating in a relatively trusting environment to the current prevalence of public networks. Cyber-threats are evolving to become more sophisticated. The Stuxnet malware brought home how vulnerable ICS/SCADA systems potentially are. There is no or limited information available as to the current state of ICS/SCADA in South Africa including the factors influencing ICS/SCADA and how they are secured and governed. Due to the nature of the systems, ICS/SCADA cyber-security and governance faces additional challenges compared to the corporate networks, and critical systems may be left exposed. There exists control frameworks internationally, however there are new South African legislation that needs to be taken into account. South Africa is also falling behind in cyber-security, therefore there is a concern in securing ICS controlling key infrastructure critical to the South African economy as there are little known facts about this. This aim of the study is to assess the current state of ICS/SCADA in South Africa, determine the main governance frameworks employed, and to develop a control framework addressing the shortfalls. Elements of the Technology Acceptance Model (TAM) and the Protection Motivation Theory (PMT) are used to guide the study. Quantitative methods are used to determine the perceived susceptibility, security confidence, and governance for ICS/SCADA environment. Qualitative methods were used to review the current control frameworks, standards and legislation relevant to this environment. The study found that the top threat/risk for ICS/SCADA are malware and the top vulnerability is unpatched systems. Furthermore, the framework used most in South Africa to secure and govern ICS/SCADA environments are Control Objectives for Information and Related Technology (COBIT) and from the document analysis the best suited framework overall is Centre for the Protection of National Infrastructure (CPNI). Taking these frameworks into account as well as relevant risks, threats and vulnerabilities, a consolidated framework aligned to South Africa were developed suggesting leading practices for securing and governing ICS/SCADA systems in South Africa.en_US
dc.language.isoen_ZAen_US
dc.subjectInformation Systems and Technology.en_US
dc.subject.otherCyber-Security.en_US
dc.subject.otherGovernance.en_US
dc.subject.otherIndustrial control systems.en_US
dc.subject.otherData acquisition (SCADA) systems.en_US
dc.subject.otherControl systems (ICS)en_US
dc.titleCyber-security and governance for industrial control systems (ICS) in South Africa.en_US
dc.typeThesisen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record