|The Cape Peninsula University of Technology (CPUT) Electronic Theses and Dissertations (ETD) repository holds full-text theses and dissertations submitted for higher degrees at the University (including submissions from former Cape Technikon and Peninsula Technikon).|
The institutionalisation of an information security culture in a petroleum organisation in the Western Cape
In today’s world, organisations cannot exist without having information readily available. The protection of information relies not only on technology but also on the behaviour of employees. The failure to institutionalise an information security culture inside an organisation will cause the continued occurrence of security breaches. The aim of the research is to explore how an information security culture can be institutionalised within a petroleum organisation in the Western Cape. The primary research question is posed as follows: “What are the factors affecting the institutionalisation of an information security culture?” To answer the research question, a study was conducted at a petroleum organisation in the Western Cape. A subjectivist ontological and interpretivist epistemological stance has been adopted and an inductive research approach was followed. The research strategy was a case study. Data for this study were gathered through interviews (12 in total) using semi-structured questionnaires. The data collected were transcribed, summarised, and categorised to provide a clear understanding of the data. For this study, twenty-four findings and seven themes were identified. The themes are: i) user awareness training and education; ii) user management; iii) compliance and monitoring; iv) change management; v) process simplification; vi) communication strategy; and vii) top management support. Guidelines are proposed, comprising four primary components. Ethical clearance to conduct the study was obtained from the Ethics committee of CPUT and permission to conduct the study was obtained from the Chief Information Officer (CIO) of the petroleum organisation. The findings point to collaboration between employees, the Information Security department, and management in order to institute a culture of security inside the organisation.
Showing items related by title, author, creator and subject.
Perception of employees concerning information security policy compliance : case studies of a European and South African university Lububu, Steven (Cape Peninsula University of Technology, 2018)This study recognises that, regardless of information security policies, information about institutions continues to be leaked due to the lack of employee compliance. The problem is that information leakages have serious ...
Ncubukezi, Tabisa (Cape Peninsula University of Technology, 2012)Learning management systems (LMSs) have become the central aspects of educational processes in modern universities. Arguments are that LMSs improve educational efficiencies including the processes of storage, retrieval ...
Desai, Mohammed Reza (Cape Peninsula University of Technology, 2016)The aim of this research is to identify and explore the factors affecting information security compliance of information security policies and regulations, in a financial services organisation. The organisation has to ...