• Login
    View Item 
    •   ResearchSpace Home
    • College of Law and Management Studies
    • School of Management, IT and Governance
    • Information Systems and Technology
    • Masters Degrees (Information Systems and Technology)
    • View Item
    •   ResearchSpace Home
    • College of Law and Management Studies
    • School of Management, IT and Governance
    • Information Systems and Technology
    • Masters Degrees (Information Systems and Technology)
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Cyber-security and governance for industrial control systems (ICS) in South Africa.

    Thumbnail
    View/Open
    Pretorius_Barend_H_2016.pdf (6.361Mb)
    Date
    2016
    Author
    Pretorius, Barend Hendrik.
    Metadata
    Show full item record
    Abstract
    Industrial control systems (ICS) and supervisory, control, and data acquisition (SCADA) systems have evolved from operating in a relatively trusting environment to the current prevalence of public networks. Cyber-threats are evolving to become more sophisticated. The Stuxnet malware brought home how vulnerable ICS/SCADA systems potentially are. There is no or limited information available as to the current state of ICS/SCADA in South Africa including the factors influencing ICS/SCADA and how they are secured and governed. Due to the nature of the systems, ICS/SCADA cyber-security and governance faces additional challenges compared to the corporate networks, and critical systems may be left exposed. There exists control frameworks internationally, however there are new South African legislation that needs to be taken into account. South Africa is also falling behind in cyber-security, therefore there is a concern in securing ICS controlling key infrastructure critical to the South African economy as there are little known facts about this. This aim of the study is to assess the current state of ICS/SCADA in South Africa, determine the main governance frameworks employed, and to develop a control framework addressing the shortfalls. Elements of the Technology Acceptance Model (TAM) and the Protection Motivation Theory (PMT) are used to guide the study. Quantitative methods are used to determine the perceived susceptibility, security confidence, and governance for ICS/SCADA environment. Qualitative methods were used to review the current control frameworks, standards and legislation relevant to this environment. The study found that the top threat/risk for ICS/SCADA are malware and the top vulnerability is unpatched systems. Furthermore, the framework used most in South Africa to secure and govern ICS/SCADA environments are Control Objectives for Information and Related Technology (COBIT) and from the document analysis the best suited framework overall is Centre for the Protection of National Infrastructure (CPNI). Taking these frameworks into account as well as relevant risks, threats and vulnerabilities, a consolidated framework aligned to South Africa were developed suggesting leading practices for securing and governing ICS/SCADA systems in South Africa.
    URI
    http://hdl.handle.net/10413/15261
    Collections
    • Masters Degrees (Information Systems and Technology) [67]

    DSpace software copyright © 2002-2013  Duraspace
    Contact Us | Send Feedback
    Theme by 
    @mire NV
     

     

    Browse

    All of ResearchSpaceCommunities & CollectionsBy Issue DateAuthorsTitlesSubjectsAdvisorsTypeThis CollectionBy Issue DateAuthorsTitlesSubjectsAdvisorsType

    My Account

    LoginRegister

    DSpace software copyright © 2002-2013  Duraspace
    Contact Us | Send Feedback
    Theme by 
    @mire NV