Browsing by Author "Butler, R."

Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    Beyond King III : assigning accountability for IT governance in South African enterprises
    (AOSIS, 2010) Butler, R.; Butler, M. J.
    With the increasing dependence on IT in modern enterprises and the significant risks associated with omnipresent IT systems in business, IT governance is becoming imperative to all organisations. King III is based on the "apply or explain" approach, that forces South African entities for the first time to apply the IT governance principles as contained in the report, or explain the reasons for not applying these principles. This paper provides a macrolevel view of IT governance, derived from King III, and determined that it correlates strongly with the growing body of knowledge on IT governance. The paper investigates the responsibilities for IT governance within organisations and provides clear guidelines on the responsibilities of management roles, from the board to the operational level, involved in IT governance to ensure accountability.
  • Thumbnail Image
    Item
    Investigation of phishing to develop guidelines to protect the Internet consumer's identity against attacks by phishers
    (AOSIS OpenJournals, 2005-12) Butler, R.
    As widely publicized in the local media (Business Times 2005; Independent Online 2005; Mail & Guardian 2005), the first phishing scam imitating South African banks hit South Africa in May 2005 (Cobbett 2005; Vegter 2005a). Bank clients countrywide received emails purporting to come from local banks, requesting them to verify their personal account information. In response to the scam, all four of the major South African banks posted warnings regarding phishing on their Web sites during the same month (Cobbett 2005). A White Paper on phishing explains that the word phishing originates in the term 'password harvesting fishing' (Honeynet Project and Research Alliance 2005). The Anti-Phishing Working Group (APWG), an industry association focused on eliminating identity theft and fraud that results from the growing phishing problem, describes phishing as a process using spoofed e-mails, designed to lure recipients to Web sites, where phishers attempt to trick consumers into divulging personal financial information, such as passwords and account numbers, in order to commit fraud (Anti-Phishing Working Group 2005). In the often anonymous world of e-commerce, key factors such as passwords and account numbers identify consumers uniquely, in such a way that the Internet user can interact with others and conduct transactions via the Internet. Phishing is an online method that identity thieves can use to obtain the particular sensitive personal information necessary to commit identity theft. According to Roland le Sueur, head of Internet banking at First National Bank, the primary objective of phishing is to obtain money fraudulently from customers (Vegter 2005a). A phisher uses a stolen identity to contact the organization concerned, claiming to be the victim of the phishing attack, in order to illegally transact business with the organization, in the name of the client concerned. Successful phishing of identities therefore leads to significant financial costs and losses for the victims. Identity theft cost Americans $52,6 billion in 2004 alone (Reuters 2005b).