Information and Cyber Security

This paper conducts a rapid review using the adapted SVOT (Strengths, Vulnerabilities, Opportunities, Threats) framework to synthesize current literature on cybersecurity in higher education institutions (HEIs). The review addresses (1) inherent strengths that enable HEIs to adopt robust cybersecurity measures, (2) specific vulnerabilities exposing HEIs to cyber threats, (3) opportunities to enhance cybersecurity practices, and (4) threats from sophisticated cyberattacks. Findings reveal that HEIs possess strengths like advanced technical resources and collaborative research cultures that could support innovative cybersecurity solutions. However, vulnerabilities can also arise from complex IT systems, open academic settings, and limited security funding. Opportunities include leveraging AI and machine learning for threat detection, implementing comprehensive security frameworks, and expanding cybersecurity education. Key threats involve ransomware, phishing, and state-sponsored espionage. This review underscores the need for HEIs to adopt a holistic, strategic cybersecurity approach, strengthen internal capabilities, and address administrative and cultural challenges to develop more adaptive defenses.

Cyberattacks have been an ever-increasing threat against the cyber infrastructure of organisations. The act of exploiting known network vulnerabilities appears to be highly appealing to hackers, where their potential payout is to find and collect valuable data housed by an organisation. To compensate for this matter, security teams can design and deploy highly advanced security tools to thwart cyberattacks, and one such tool is a honeypot. Honeypots possess the functionality of baiting intruders to interact with them whilst preventing said intruders from affecting real production and service systems. Ultimately, honeypots collect data associated with an intruder and the attack, which reveals valuable information that can be analysed and used to combat similar incidents. However, with the introduction of modern privacy laws, a number of consequences exist with the data honeypots collect. The paper will explore the limitations on processing honeypot data with the aid of related works published regarding honeypots, the POPI Act and the GDPR through literature reviews. Thus, this paper will discuss the privacy and legal implications that arise with processing data collected by a honeypot from the perspective of privacy laws established by both the European Union and the South African government.

Visualisation techniques to aid in email forensic investigations was proposed in the literature, often social network graphs. Current literature does not deal with the interpretation and insights that can be gained from the graphs. When many nodes are depicted in such a graph, it becomes difficult to extract useful insights from social network graphs. This article starts to address this shortcoming by interpreting a social network graph constructed from an email box, containing more than 60 000 emails, with 4 380 email addresses (nodes), and 8 132 edges in the resulting graph.

The main contributions of this paper are, to demonstrate how to interpret social email graphs, simplify the graphs to improve interpretation, and identify structures which provides insights into the possible emails that flowed, e.g. mailing lists. The main results are summarised in the form of 11 deductions taken from the exploratory analysis of the graph from the personal email dataset.

In recent years, the rising issue of burnout and the new phenomenon of quiet quitting have emerged as major concerns within the workforce, especially among cybersecurity professionals. These phenomena not only undermine employee well-being, but also the security of information systems. Addressing the challenges of quiet quitting and burnout requires an understanding of the underlying organisational factors that contribute to quiet quitting and burnout. This paper analyses the sentiments of cybersecurity professionals and identifies the organisational factors contributing to quiet quitting and burnout among cybersecurity professionals. A sentiment analysis together with a thematic content analysis was conducted on comments from the subreddit “cybersecurity”, an online forum frequented by cybersecurity professionals. Through these analyses, five organisational factors were revealed that contribute to the onset of quiet quitting and burnout, namely: Work Overload, Poor Workplace Dynamics, Cybersecurity Skills Gap, High-Risk, High-Pressured Job and Continuous Upskilling. This paper therefore contributes to the ongoing discussion regarding burnout and quiet quitting amongst cybersecurity professionals and provides a foundation for future research in this area.

The 4^th and 5^th industrial revolutions are improving the functioning of the working environment for different industries. However, it also introduces security and privacy challenges that lead to cybercrime which negatively impacts the economy. This article presents a comprehensive analysis of the usage of Zero Knowledge Proofs (ZKP) to protect data in the major technologies for the 4^th and 5^th industrial revolutions. These technologies include cloud computing, big data, Internet of Things, blockchain, 5G, artificial intelligence, and supply chain. Security and privacy challenges and solutions in these technologies were investigated. ZKP, a cryptographic method that enables verification of a party without revealing confidential details, is one of the promising solutions to fight the problem of data security and privacy. In this study, it was determined that Blockchain is the leading technology in terms of using the ZKP to improve security and enhance privacy. The paper provides the future direction to secure these technologies using cryptographic methods such as ZKP.

Biometrical authentication systems are gaining prominence and have become increasingly important to ensure compliance with privacy and safety regulations. In this paper, keystroke dynamics as a behavioral biometric approach to user authentication is evaluated in terms of the impact that stress may have on the typing pattern of a user. To achieve this, several experiments were conducted with a group of users that comprised working users from the industry as well as students. The experiments included stress factors such as a physical limitation (use of the non-dominant hand to type), a time constraint, and a knowledge constraint (typing in a foreign language). The results were compared to a baseline (normal circumstances) typing pattern. Typing data were recorded and analyzed by a keystroke software package called GenoGraphiX-Log 2.0. The study revealed that stress is indeed a factor in keystroke dynamics and that typing patterns in some cases significantly differ from the normal typing patterns. This in turn may influence the efficiency of the use of keystroke dynamics as a biometric authentication system.

Understanding ransomware should extend beyond its technical aspects and include the covert and malicious practices of the ransomware threat actors behind it. By drawing from the strategic wisdom of Sun Tsu, the necessity of understanding the motivations and strategies of one's adversaries to defend oneself better has become a critical aspect within the field of cybersecurity. Therefore, a comprehensive behavioural profile containing aspects such as affiliations, behaviours, business tactics, and attack strategies must be formulated to know one's enemy better. Applying a systematic approach to behavioural profiling will, in turn, enable the ability to deconstruct and identify the aspects that contribute to ransomware threat actors’ success. In turn, proactive cybersecurity strategies can be developed to effectively mitigate the aftermath of a ransomware attack. Thus, organisations can systematically counter threats using insights from in-depth behavioural profiles to negotiate with these ransomware threat actors.

Peer-to-peer (P2P) energy markets are emerging as a promising solution to address the challenges faced by traditional energy systems. However, the decentralised nature of these markets necessitates robust trust mechanisms to ensure secure and reliable energy transactions. This paper presents a comprehensive review of trust requirements and trust-building mechanisms in P2P energy markets. It explores the role of blockchain technology, zero-trust architecture, and reputation systems in establishing trust among market participants. It identifies several trust requirements, including security, privacy, transparency, fairness, and reputation. The study further highlights the limitations of existing works and proposes future research directions to enhance trust and security in P2P energy markets. By addressing these limitations, the full potential of P2P energy trading can be unlocked, contributing to a more sustainable and resilient energy future.

The increase in cybersecurity incidents is a growing concern for governments worldwide, especially in developing countries. Government institutions are among the top targets of cyberattacks. To address cybersecurity issues, various tools and frameworks have been developed to assess the level of cybersecurity maturity and commitments. Despite the calls on governments to develop and implement cybersecurity measures, the commitment level of government institutions toward cybersecurity remains inadequate. The current study considered the contextual factors influencing the cybersecurity commitments of government institutions in developing countries using the Technology, Organisation and Environment (TOE) framework. The study further employed a qualitative case approach of government institutions and agencies responsible for cybersecurity activities in Namibia. Through document reviews and semi-structured interviews with 11 participants from five government institutions and agencies, the study identified contextual factors influencing the cybersecurity commitments of government institutions. Data was analysed using a thematic analysis technique and the NVivo software. The study found that contextual factors, such as underdeveloped information technology infrastructure, a lack of information technology resources, financial resources, a lack of cybersecurity skills and competencies, a lack of cybersecurity legal frameworks, and perceived cyber threats and attacks, affect cybersecurity commitment of government institutions.

Digital forensic investigation (DFI) and linguistic analysis presents unique challenges and opportunities. The study examines how DFI has evolved, noting key theories and models. These are then evaluated based on compliance with established standards and their level of comprehensiveness in terms of addressing important aspects of an investigation. Linguistic analysis of cybercrimes is then explored to establish how it has been incorporated in existing DFI models. The systematic review method is employed to gather literature sources from journals, conference proceedings, and electronic databases. The aim is to identify gaps and propose future research direction for DFI involving linguistic analysis of cybercrime, while guiding practitioners in the field on best practices for conducting DFI of cybercrime. Findings reveal that linguistic analysis in DFI models has historically been limited, as well as research on the incorporation of artificial intelligence and machine learning. However, with the emergence of semantic analysis in digital forensics (DF), linguistic analysis is now receiving more attention and recognition of its significance.

The rapid adoption of digital assets has revolutionised the global financial landscape, bringing new opportunities and challenges. In South Africa, the adoption of digital assets has increased, driven by economic factors and a tech-savvy population. However, this growth has outpaced regulatory development, particularly around tax compliance. This paper proposes a conceptual model aimed at addressing the non-compliance issues among crypto asset holders. The model incorporates advanced mechanisms for visualising crypto address interactions and generating crypto tax Non-Fungible Tokens as a verification tool. By mapping and monitoring crypto transactions, the model provides regulatory bodies with enhanced tools to track, verify, and enforce tax obligations transparently and efficiently.

The development of secure mobile applications is a crucial and complex task. This research focuses on threat modelling techniques to enhance mobile application security. A technique is proposed to analyse mobile application vulnerabilities, categorised by mobile application architectural layers, and classify vulnerabilities using STRIDE and DREAD. By identifying and scrutinising vulnerabilities, the research proposes a practical and comprehensive four-step threat modelling approach to mitigating mobile application security risks and ensuring the robustness of mobile applications. The approach contributes to clarifying the steps to be taken to secure mobile applications.

In the contemporary digital landscape, organisations are increasingly undertaking complex Digital Transformation initiatives to enhance, among other aspects, operational efficiency and drive innovation. However, these transformations expose organisations to heightened risks related to digital crimes. Traditional Digital Forensic Readiness frameworks fail to effectively integrate within the Digital Transformation lifecycle. This shortcoming leaves organisations vulnerable to sophisticated fraudulent activities and hampers their ability to effectively respond to and investigate digital crimes.

This study employs a mixed-methods approach, beginning with a qualitative phase grounded in secondary research. The study concludes with a discussion on the Forensic Readiness Architecture (FORAC) Continuum, a new novel approach designed to embed Digital Forensic Readiness throughout the Digital Transformation lifecycle. Finally, the study presents a guideline on the application of the FORAC Continuum, to facilitate self-assessment and for use by organisations undertaking Digital Transformation initiatives.

Current corporate governance literature emphasizes providing information that maintains integrity to demonstrate accountability through assurance [1]. The Institute of Directors in Southern Africa (IDSA) suggests the implementation of a Combined Assurance Model (CAM) that includes the usage of various assurance controls to support the integrity of information through a strong control environment [1]. IDSA further asserts that “Technology is now part of the corporate DNA” and that the perspective on financial information reporting is evolving, emphasizing that governing bodies cannot claim ignorance of this transformed business/organizational environment [1]. One of the practices that can be used for the directing and controlling of an organization is called Management and Cost Accounting (MCA) [2]. The information produced by cost accounting methods (systems) is the information used for financial accounting and management accounting directing and controlling purposes [2, 3]. In recent years, the practice of MCA has moved to MCA Computerized Information Systems (CIS), also known as Enterprise Resource Planning (ERP), Supply Chain Management (SCM) and Customer Relationship Management (CRM) systems [4‐7]. However, the implementation of prominent existing MCA CISs has proven challenging [4]. These systems often lack the flexibility needed for MCA, leading to information integrity issues [4, 8]. This research paper reviews literature regarding governance and technology to propose guidance on creating a strong technological MCA CIS control environment (an MCA CIS CAM) that maintains flexibility and information integrity for the practice of MCA and ultimately aids the demonstration of accountability through assurance.

Recent Artificial Intelligence (AI) advancements, notably in Large Language Models (LLMs), have enhanced Natural Language Processing (NLP) capabilities like Text-to-SQL. Businesses are increasingly using LLMs for domain-specific applications such as chatbots, but this raises security concerns including data access control. This research addresses these concerns by developing a secure access control mechanism for Text-to-SQL applications. While there exists literature that aims to improve the technical aspects of Text-to-SQL systems, it lacks solutions for access control. This paper proposes a prototype integrating an access control layer within the Text-to-SQL process to ensure secure and authorized data access while maintaining usability and performance. The research is validated through the development of a domain-specific chatbot prototype that demonstrates its effectiveness in mitigating security related access control risks.

The current digital age has resulted in a surge in the use of Information and Communication Technology (ICT) tools that collect, store, and transmit huge volumes of sensitive data. Thus, sensitive data protection is a critical issue for all organisations in South Africa, including public schools. The problem is that schools often prioritize the benefits of using these ICT tools while neglecting the importance of protecting the substantial amounts of sensitive data produced, stored, and managed via these digital tools. The purpose of this paper is to investigate the factors that influence sensitive data protection practices in South African public schools. A qualitative research strategy with semi-structured interviews was applied. Fifteen interviews were conducted among school administrative clerks, teachers, Department of Education finance clerks, and school social media managers. A thematic data analysis approach was used in collaboration with NVIVO to analyze the collected data. The findings revealed both hindering and facilitating factors for sensitive data protection practices in South African public schools. Technological resources, awareness, and training do not hinder sensitive data protection practices in schools. On the other hand, organisational culture and attitudes hinder the practices. The findings revealed a conflicting landscape of compliance with the POPI Act and highlight the importance of using these factors to cultivate a culture of sensitive data protection practices in South African public schools.

This research investigates changes in Internet Background Radiation (IBR) by analysing data captured from network telescopes. Network telescopes, which provide a unique insight into unsolicited network traffic and can be indicative of widespread malicious activity. The primary focus of the study is on a comparative analysis between network data from 2017 and 2023, captured from the same IP netblock. The methodology is grounded in descriptive statistical analysis. Among our findings were changes in protocol distribution, with an increase in TCP traffic, a decrease in UDP traffic, and a substantial increase in ICMP traffic, primarily from Russia, while observing a notable decrease in the Russian overall attributed traffic. A sharp decrease in specific destination port targeting for both TCP and UDP traffic suggests broader scanning activity than before.

The present study investigates if the digital forensics report can be generated automatically by using some of the artificial intelligence techniques, specifically the natural language processing. A model has been developed to assess if it is feasible to automate the generation of a digital forensic report using artificial intelligent techniques. One of the main purposes for this study is coming from a point where human errors, structure of the digital forensic reports, critical evidence that should take part of the digital forensic report are omitted during the generation of digital forensic report as well as the interpretation of the evidence drafted by an investigator during investigation. In addition, the standardization of this report happens to be imminent especially when it is being presented in a court of law. Given the rise of cybercrime, more research is needed to better improve the process of automating the generating digital forensic report using some intelligent techniques.

Cyberattacks frequently target higher educational institutions, making cybersecurity awareness and resilience critical for students. However, limited research exists on cybersecurity awareness, attitudes, and resilience among students in higher education. This study addresses this gap using the Theory of Planned Behavior as a theoretical framework. A modified Human Aspects of Information Security Questionnaire was employed to gather 266 valid responses from undergraduate and postgraduate students at a South African higher education institution. Key dimensions of cybersecurity awareness and behavior, including password management, email usage, social media practices, and mobile device security, were assessed. A significant disparity in cybersecurity awareness and practices, with postgraduate students demonstrating superior performance across several dimensions was noted. This research postulates the existence of a Cybersecurity-Education Inflection Point during the transition to postgraduate studies, coined as the Cybersecurity-Resilience Gap. These concepts provide a foundation for developing targeted cybersecurity education initiatives in higher education, particularly highlighting the need for earlier intervention at the undergraduate level.

This paper presents the design, implementation, and comprehensive evaluation of a decentralized blockchain-based voting system aimed at revolutionizing electronic voting (e-voting). Leveraging blockchain technology, the system offers a transparent, secure, and publicly verifiable voting platform, addressing key limitations found in traditional e-voting approaches. The system employs Proof of Work (PoW) as its consensus mechanism, ensuring strong security through computational challenges. To protect vote integrity, the Digital Signature Algorithm (DSA) with SHA-256 is utilized for signature authentication, while the Advanced Encryption Standard (AES) ensures data confidentiality. Furthermore, Elliptic Curve Cryptography (ECC) enables secure and efficient public vote auditing. Extensive experimental evaluations, including tests against attacks such as vote sniffing, signature spoofing, and denial of service (DoS), demonstrate the system’s robustness and resilience. The results confirm that the proposed blockchain architecture significantly enhances security and transparency, contributing to the evolving landscape of e-voting. This work underscores the potential of decentralized platforms to transform electoral processes by bolstering trust, accessibility, and overall democratic integrity.