https://ir.unisa.ac.za/handle/10500/2748 2026-06-19T14:32:39Z https://ir.unisa.ac.za/handle/10500/32552 Developing a contextual framework for establishing a cybersecurity culture in the public e-health institutions: a case study of South Africa Mwim, Nwanneka Emili The adoption and use of information and communication technology has transformed the way healthcare institutions perform administrative and clinical operations. The everyday use of this technology in the health sector requires an E-Health information system and this, when combined with telecommunication, is commonly known as E-Health. E-Health systems have many benefits for the wide variety of stakeholders in healthcare institutions. However, these systems are beset by a variety of risks, including challenges related to cybercrime, security, privacy and integrity. Healthcare institutions find it difficult to keep up with existing and evolving cybersecurity threats, making them very vulnerable. Coordinated and unified cybersecurity strategies must be implemented to counter these cyber threats and risks in E-Health institutions. However, a technological cybersecurity solution on its own is not sufficient as factors, such as a lack of security awareness, need for training, and irresponsible or careless digital behaviour, point to the need to create a cybersecurity culture as well. Studies related to cybersecurity culture form an emerging research area and this has not been thoroughly investigated in the E-Health sector. The main objective of this research was to develop a contextual framework for establishing a cybersecurity culture in public E-Health institutions. The study adopted a pragmatic world view supported by a case study strategy. Mixed-method research (quantitative and qualitative) accommodated both deductive and inductive research approaches in the collection and analysis of data. The data collection took place in three cycles using four data collection techniques (a systematic literature review, questionnaires, interviews and an expert review). Data were collected from one tertiary hospital as well as district hospitals in Mpumalanga province of South Africa. The proposed contextual framework was developed by following the conceptual framework analysis phases and was evaluated through a defined use case, comparative analysis and expert reviews. Hence, the methodological contribution of the study is to demonstrate the design and development of the contextual framework using the conceptual framework analysis phases. Practically, the framework of the study will be able to guide the establishment of a cybersecurity culture in healthcare institutions. The study contributed by providing a step-by-step guideline as implementation support for the framework. A limitation of this research was that data collection was limited to Mpumalanga Province. Data from Mpumalanga alone may not be a true representation of data from national health vi departments in all provinces of South Africa. Additionally, the proposed Cybersecurity Culture Framework only considered a use case demonstrated in hospitals in the one province. Future work could expand the scope of the research to other provinces and different healthcare categories. It is proposed that future work should include conducting real-time implementation tests to assess the effectiveness of the proposed framework. 2025-07-01T00:00:00Z https://ir.unisa.ac.za/handle/10500/32473 Towards an integrated dynamic model for managing insider threats for risks and vulnerabilities mitigation Chaipa, Sarathiel Despite the continuous advancement and deployment of technical information security controls, such as firewalls, endpoint protection, intrusion detection systems, anti-malware software, and comprehensive information security policies, standards, and guidelines, the human element, specifically the organisation's employees or insiders, persists as the most critical vulnerability in the information security framework. The fundamental challenge posed by insider threats stems from the paradox of authorised access. While insiders require legitimate credentials to perform their designated functions, this same access can be exploited to subvert security mechanisms, operate undetected, and obfuscate malicious activity. Such threats manifest when individuals, motivated by factors such as financial incentives, workplace disaffection, or personal retribution, leverage their privileged access to deliberately compromise the confidentiality, integrity, or availability of critical organisational assets. Accordingly, the failure to systematically address the insider threat challenge constitutes a material risk exposure, significantly increasing an organisation's susceptibility to severe insider threat security incidents. This research therefore sought to investigate and develop an integrated dynamic model for managing insider threats, with a focus on risks and vulnerabilities, employing a design science research methodology which resulted in the development of an artifact. It employs a positivist approach, since the objectives are indisputable facts about maintaining the confidentiality, integrity, and availability of organisational information in the face of insider threats. A review of existing insider threat taxonomies revealed a diverse range of classification schemes intended to characterise the insider threat agent. However, a critical observation was that the insider threat agent was not a static entity but rather a dynamic and adaptive target. It was conjectured that an adversary could traverse multiple categories within a single taxonomy, or transition across different taxonomic frameworks, thereby generating an insider threat agent traversal mutation path designed to evade precise characterisation and subsequent detection. Consequently, the integration of disparate taxonomies, while necessary to capture this complexity, results in an exponential proliferation of theoretical insider threat categories, highlighting the inherent challenge of achieving a definitive and stable classification. The research established that insider threats have a more devastating impact than external threats, as insiders have full knowledge of their organisation and authorised access to sensitive and confidential organisational information. It was noted that detecting insider threats was extremely difficult due to the subtle, dynamic nature of the insider threat problem. It was noted, further, that compared to external threats, whose footprints are difficult to conceal, internal threats were hard to detect because insiders had privileged access to internal applications, networks, and systems. This research, therefore, focused on understanding insider threats, their characterisation and taxonomies, and developing an integrated dynamic model for insider threat mitigation. The major outcome of the research was the development of an artifact, the MOCR (Motivation, Opportunity, Capability, Rationalisation) model, that enables organisations to track, profile, and detect insider threats. The model was premised on the development of a new taxonomy of insider threat agents that leverages tracking of these agents, since they follow combinatoric mutation paths throughout their lifecycle in the organisation. The model further proposed risk profiling of insider threat agents and classifying them into low, medium, high, and critical risk categories, with a view to directing threat identification, protection, detection, prevention, and mitigation efforts on high-risk insider threat agents. The development of the MOCR model advances the state-of-the-art solution in insider threat research by adding advanced mechanisms to proactively detect threat agents, propose organisational asset protection models, and recommend solutions to manage and mitigate insider threats 2025-10-24T00:00:00Z https://ir.unisa.ac.za/handle/10500/32468 Embedding formal methods in the development of enterprise resource planning (ERP) systems Senaya, Stephen Kwame Enterprise resource planning (ERP) systems have been widely adopted in business and industry to streamline operations, automate processes and improve efficiency. However, ERP systems often experience system failures, resulting in financial losses and operational disruptions. A pragmatic stance is followed in the development and validation of a practical and effective framework for resolving ERP challenges. This research investigates the key components of ERP systems, identifies common failure points and proposes a Formal Methods Framework to enhance the development and deployment of ERP systems. A comprehensive literature review on ERP challenges and formal specification was conducted, following a mixed interpretivist and positivist research philosophy, combined with an inductive and deductive approach to theory development. A mixed qualitative and quasi-quantitative research choice was employed, along with a case study strategy and a cross-sectional time horizon. The findings highlighted that inadequate specification during the early stages of system development is a primary cause of ERP system failure. The researcher subsequently synthesised the failures into five main categories, namely, complexity, traceability, hidden information, SDLC alignment and ambiguity. To address these challenges, a Formal Methods-driven framework is presented for facilitating the correctness of ERP systems. The proposed framework integrates formal methods (FMs) as a systematic approach to defining requirements for ERP systems. Specifically, the Z specification language, coupled with an enhanced Jackson’s problem frame approach, is utilised to further investigate the said ERP challenges. Through enhanced problem frames, formal specification solutions are proposed to address the five key ERP challenges. The formal methods framework is subsequently enhanced through the enhanced problem frame approach. Following the development of the enhanced framework, the research entered the deductive phase by specifying a hypothetical ERP case study to illustrate the utility of the enhanced problem frames in addressing the five challenges. The case study illustrated the usefulness of the enhanced problem frames, providing a structured approach for software practitioners to specify ERP systems correctly. Future work in this area is noted as further validating the enhanced framework in the ERP industry through surveys among practitioners and case studies in companies.; Ondernemingshulpbronbeplanning- (OHB-) stelsels is wyd aangeneem in die sakewêreld en bedryf om bedrywighede te stroomlyn, prosesse te outomatiseer en doeltreffendheid te verbeter. OHB-stelsels ervaar egter dikwels stelselfoute, wat lei tot finansiële verliese en operasionele ontwrigtings. ʼn Pragmatiese houding word gevolg in die ontwikkeling en validering van ʼn praktiese en effektiewe raamwerk vir die oplossing van OHB-uitdagings. Hierdie navorsing ondersoek die sleutelkomponente van OHB-stelsels, identifiseer algemene foutpunte en stel ʼn formele metodesraamwerk voor om die ontwikkeling en ontplooiing van OHB-stelsels te verbeter. ʼn Omvattende literatuuroorsig oor OHB-uitdagings en formele spesifikasie is uitgevoer, volgens ʼn gemengde interpretivistiese en positivistiese navorsingsfilosofie, gekombineer met ʼn induktiewe en deduktiewe benadering tot teorie-ontwikkeling. Die bevindinge het uitgelig dat onvoldoende spesifikasie tydens die vroeë stadiums van stelselontwikkeling ʼn primêre oorsaak van OHB-stelselfoute is. Die navorser het vervolgens die foute in vyf hoofkategorieë gesintetiseer, naamlik kompleksiteit, naspeurbaarheid, verborge inligting, sagtewareontwikkelingslewensiklus-belyning en dubbelsinnigheid. Om hierdie uitdagings aan te spreek, word ʼn formele metodes-gedrewe raamwerk aangebied om die korrektheid van OHB-stelsels te fasiliteer. Die voorgestelde raamwerk integreer formele metodes (FM’s) as ʼn sistematiese benadering om vereistes vir OHB-stelsels te definieer. Die Z-spesifikasietaal, asook ʼn verbeterde Jackson-probleemraamwerkbenadering, word spesifiek gebruik om die genoemde OHB-uitdagings verder te ondersoek. Deur verbeterde probleemraamwerke word formele spesifikasie-oplossings voorgestel om die vyf belangrikste OHB-uitdagings te hanteer. Die formele metoderaamwerk word vervolgens verbeter deur die verbeterde probleemraamwerkbenadering. Na die ontwikkeling van die verbeterde raamwerk, het die navorsing die deduktiewe fase betree deur ʼn hipotetiese OHB-gevallestudie te spesifiseer om die nut van die verbeterde hantering van die vyf uitdagings te illustreer. Die gevallestudie het die nut van die verbeterde probleemraamwerke geïllustreer en bied ʼn gestruktureerde benadering vir sagtewarepraktisyns om OHB-stelsels korrek te spesifiseer. Kennis word geneem van toekomstige werk op hierdie gebied wat as verdere bevestiging dien van die verbeterde raamwerk in die OHB-bedryf deur middel van opnames onder praktisyns en gevallestudies in maatskappye.; Izixokelelwano zocwangciso lwezixhobo zeshishini (ERP) zisetyenziswa kakhulu ngamashishini ngenjongo yokulungelelanisa imisebenzi, ukwenza iinkqubo ezizenzekelayo kunye nokuphucula ukusebenza ngokufezeka kwishishini. Kodwa ke, izixokelelwano zeERP ziye zisilele ngamanye amaxesha nto leyo idala ilahleko yemali kunye nokuphazamiseka komsebenzi. Xa kuveliswa naxa kuqinisekiswa inkqubo-sikhokelo esebenzisekayo nefezekileyo yokusombulula imiceli-mngeni yeERP kusetyenziswa indlela eqiqileyo. Olu phando-nzulu luphanda ngezinto ezingundoqo zezixokelelwano zeERP, lufumanisa iindawo zentsilelo eziqhelekileyo kwaye luphakamisa iNkqubo-sikhokelo yeeNdlela eziseSikweni ngenjongo yokuphucula ukuveliswa nokusetyenziswa kwezixokelelwano zeERP. Kolu phando kwenziwe uphengululo olunabileyo loncwadi olujongene nemiceli-mngeni yokusilela kweERP kunye nengcaciso esesikweni kulandelwa indlela yophando-nzulu esekelwe kumava omntu ngamnye kwizinto zobomi kwakunye nendlela yophando-nzulu esebenzisa ubunzululwazi ukufumana ubunyaniso bezinto, ezi ndlela zidityaniswa nethiyori yokuvelisa eqala ngolwazi oluncinane ilwandise kwakunye naleyo iqala ngolwazi oluninzi ilunciphise ekugqibeleni. Iziphumo zidalule ukuba ingcaciso engonelanga enikwa kwizigaba ezisekuqaleni zokuveliswa kwesixokelelwano ingoyena nobangela wokusilela kwesixokelelwano seERP. Umphandi-nzulu udibanise oku kusilela wakwenza kwaba ngamacandelo amahlanu angundoqo ekungala: ukuntsokotha, ukulandeleleka, ingcombolo efihlakeleyo, ukungqalana nobumbaxa beSDLC. Kwiinzame zokulungisa le miceli-mngeni kuziswe inkqubo-sikhokelo ejolise kwiindlela ezisesikweni elungelelanisa ukuchaneka kwezixokelelwano zeERP. Le nkqubo-sikhokelo iphakanyiswayo imanya iindlela ezisesikweni (FM) njengendlela ecwangcisiweyo yokuchaza iimfuno zezixokelelwano zeERP. Ukuze kuphandisisiswe imiceli-mngeni exeliweyo yeERP kusetyenziswa ulwimi olucacisiweyo lweZ ludityaniswa kunye nendlela yezakhelo zengxaki kaJackson ephuculweyo. Izakhelo zengxaki eziphuculweyo zinceda ekubeni kuphakanyiswe izisombululo zengcaciso ezisesikweni eziza kulungisa imiceli-mngeni emihlanu engundoqo yeERP. Inkqubo-sikhokelo yeendlela ezisesikweni iphuculwa ngokuthi kusetyenziswe indlela yesakhelo sengxaki ephuculweyo. Emva kokuvelisa inkqubo-sikhokelo ephucukileyo, uphando-nzulu lungene kwisigaba sokuqala ngolwazi oluninzi oluncitshiswayo ekugqibeleni ngokuchaza ingqikelelo yophononongo lweERP ngelibonisa ukusebenza kwezakhelo zengxaki eziphuculweyo ekulungiseni le miceli-mngeni mihlanu. Uphononongo lubonise ukusebenziseka kwezakhelo zengxaki eziphuculweyo nto leyo inika iingcali zesoftware indlela ecwangcisiweyo yokuchaza izixokelelwano zeEPR ngokuchanekileyo. Umsebenzi osaza kwenziwa kulo mmandla uphawulwa njengokukuyiqinisekisa nangakumbi inkqubo-sikhokelo ephuculweyo yeERP ngokuthi kwenziwe uphononongo kwiingcali kunye nophononongo kwiinkampani. Abstract in English, Afrikaans and IsiXhosa 2026-04-01T00:00:00Z https://ir.unisa.ac.za/handle/10500/32331 Investigating how Artificial Intelligence (AI) can be leveraged to optimise the distribution and allocation of social grants in South Africa Hlatshwayo, Mthokozisi Alfred This study investigates the potential of Artificial Intelligence (AI) technologies to enhance the distribution and allocation of social grants in South Africa, addressing inefficiencies, high costs, and administrative complexities. Social grants are vital for reducing poverty and improving welfare, but the current system faces challenges such as lengthy processing times, inconsistent data, and limited accessibility. A qualitative research design was employed, utilising semi-structured interviews with 20 stakeholders, including policymakers, officials from the South African Social Security Agency (SASSA), and beneficiaries. Data analysis used thematic analysis to assess the feasibility of AI integration. Pilot studies of Electronic Know Your Client (EKYC) and biometric verification across select provinces provided empirical insights. In order to enhance decision-making, lower fraud, expedite beneficiary verification, and optimise resource allocation within South Africa's social grant ecosystem, this study explores the potential applications of artificial intelligence (AI) technologies, including machine learning, predictive analytics, natural language processing, automated document verification, and anomaly detection. The study looks at international best practices, assesses the possible advantages and disadvantages of integrating AI in South Africa, and reviews policy preparedness in light of the nation's larger Fourth Industrial Revolution (4IR) goal. Findings reveal that AI technologies could mitigate inefficiencies by automating data verification, enhancing fraud detection, and streamlining decision-making processes. Pilot implementations of Electronic Know Your Client (EKYC) and biometric systems across Gauteng, Eastern Cape, and North West provinces demonstrated varied outcomes. Gauteng saw a 5% improvement in fraud detection but faced challenges with system integration. The Eastern Cape struggled with downtimes, while the North West achieved a 10% reduction in identity theft but encountered transaction inaccuracies. This research contributes a comprehensive AI integration model tailored to South Africa’s socio-economic context, providing actionable recommendations for policymakers. Key considerations include robust infrastructure, workforce training, regulatory updates, and ethical safeguards to ensure fair and inclusive AI deployment. The study advances the discourse on AI in public administration, offering practical insights for achieving greater efficiency, transparency, and equity in social grant distribution.; Lolu cwaningo luhlola ukuhlanganiswa kobuchwepheshe be-Artificial Intelligence (AI) ohlelweni lokusabalalisa izibonelelo zenhlalakahle eNingizimu Afrika ukuze kuthuthukiswe ukusebenza kahle, kuncishiswe ukukopela, futhi kwandiswe ukufinyeleleka. Uhlelo lwezibonelelo zenhlalakahle lwaseNingizimu Afrika, olulawulwa yi-South African Social Security Agency (SASSA), lubalulekile ekunciphiseni ububha nasekuthuthukiseni inhlalakahle yezenhlalo. Nokho, izinselelo ezinjengokungasebenzi kahle kokuphatha, ukukopela, nokulinganiselwa kwezinsiza kuthinta ukusebenza kahle kwalo hlelo. Lolu cwaningo lusebenzisa indlela yokucwaninga yekhwalithethivu, lusebenzisa izingxoxo ezihlelekile neziphathimandla ezibalulekile, okuhlanganisa izikhulu ze-SASSA, abenzi benqubomgomo, nabathola izibonelelo. Ukuhlaziywa kwezindikimba zedatha, okuhlangene nocwaningo lwamapayona lwe-Electronic Know Your Client (EKYC) kanye nebiometric verification ezifundazweni ezikhethiwe, kuhlaziywe imiphumela yocwaningo. Ucwaningo lwapayona lubonise amandla e-AI ekutholeni ukukopela, kwathi eGauteng kwaba nokwehla ngo-5% kokukopela, kwathi eNyakatho Ntshonalanga kwaba nehlazo lokuncipha kuka-10% ekuntshontshweni kobunikazi. Nokho, izinselelo ezifana nokwehla kwezinhlelo zesistimu nokungahlangani kahle kwezinhlelo eMpumalanga Kapa ziveza isidingo sokuthuthukiswa kwezingqalasizinda. Imiphumela ikhombisa ukuthi i-AI ingathuthukisa kakhulu ukuphathwa kwezibonelelo zenhlalakahle ngokuzenzekelayo ekuqinisekisweni kwabamukeli, ekunciphiseni izikhathi zokucubungula, nasekukholeni ukusebenza kwamasistimu atholayo. Nokho, ukuthuthukiswa kwe-AI okuphumelelayo kudinga ingqalasizinda eqinile, ukuqeqeshwa kwabasebenzi, kanye nokuqapha kwezomthetho ukuze kuqinisekiswe ukusetshenziswa okuzuzisayo nokulungile. Lolu cwaningo lunikeza isibonelo sokuqaliswa kwe-AI esenzelwe isimo seNingizimu Afrika, lunikeza izincomo ezisebenzayo kubenzi benqubomgomo. Ucwaningo lufaka isandla engxoxweni enkulu mayelana nokwethulwa kwe-AI ezinsizeni zomphakathi, lugqamisa isidingo sendlela elinganiselayo eqhathanisa izinzuzo zokusebenza kahle kanye nemithelela yesimilo nezenhlalo. Ngokubhekana nezinselelo zokwethulwa kwe-AI, lolu cwaningo lunikeza isiqondiso sendlela yokusebenzisa i-AI ukwenza uhlelo lwezibonelelo zenhlalakahle eNingizimu Afrika lube olusebenzayo, olungcono, nolungagwegwesi.; Patlisiso ena e hlahloba ho kenyelletsoa ha mahlale a Artificial Intelligence (AI) tsamaisong ea kabo ea meputso ea sechaba Afrika Boroa ho ntlafatsa ts'ebetso, ho fokotsa bomenemene, le ho ntlafatsa phihlello. Tsamaiso ea meputso ea sechaba ea Afrika Boroa, e tsamaisoang ke South African Social Security Agency (SASSA), e bohlokoa ho fokotseng bofuma le ho ntlafatsa boiketlo ba sechaba. Leha ho le joalo, mathata a kang ho se sebetse hantle tsamaisong, bomenemene, le mefokolo ea lisebelisoa a sitisa katleho ea tsamaiso ena. Patlisiso ena e sebelisa mokhoa oa lipatlisiso tsa boleng bo phahameng, e sebelisa lipuisano tse hlophisitsoeng le ba boholong, ho kenyeletsoa liofisiri tsa South African Social Security Agency (SASSA), ba etsang melao, le ba amohelang meputso ea sechaba. Tlhatlhobo ea data e entsoeng ka ho sekaseka lihlooho tsa bohlokoa, hammoho le teko ea pele ea Electronic Know Your Client (EKYC) le biometric verification liprofinseng tse ling, e fana ka leseli ka bokhoni ba AI tsamaisong ena. Teko ena e bontšitse hore AI e ka fokotsa bomenemene, moo Gauteng ho bileng le phokotso ea 5% ea bomenemene, ha Profense ya North West e bone phokotso ea 10% bosholu ba boitsebiso. Leha ho le joalo, mathata a kang ho putlama ha tsamaiso le mathata a kopano ea sistimi Profinseng ea Eastern Cape a bontša tlhoko ea lintlafatso tsa motheo. Liphuputso li bontša hore AI e ka ntlafatsa tsamaiso ea meputso ea sechaba ka ho nolofatsa ts'ebetso ea netefatso ea ba amohelang meputso, ho fokotsa nako ea ts'ebetso, le ho ntlafatsa lits'ebetso tsa tlhahlobo ea bomenemene. Leha ho le joalo, katleho ea AI e hloka hore ho be le motheo o tiileng oa meaho, koetliso ea basebetsi, le taolo e matla ho netefatsa hore AI e sebelisoa ka toka le ka nepo. Patlisiso ena e fana ka mohlala oa ho kenya AI ts'ebetsong ka mokhoa o lumellanang le maemo a Afrika Boroa, e fana ka likhothaletso tse sebetsang ho ba etsang melao le ba ikarabellang ho tsamaiso ea meputso ea sechaba. Patlisiso ena e kenya letsoho lipuisanong tse pharalletseng mabapi le AI le lits'ebeletso tsa sechaba, e hatisa tlhokahalo ea mokhoa o leka-lekaneng o hlahlobang melemo ea ts'ebetso hammoho le litlamorao tsa boitšoaro le tsa sechaba. Ka ho sebetsana le mathata a kenyelletsong ea AI, patlisiso ena e fana ka tataiso ea ho sebelisa AI ka tsela e ntlafatsang le e lumellanang le litlhoko tsa sechaba tsa Afrika Boroa. Abstract in English, Isizulu and Sesotho 2025-08-01T00:00:00Z