|The Cape Peninsula University of Technology (CPUT) Electronic Theses and Dissertations (ETD) repository holds full-text theses and dissertations submitted for higher degrees at the University (including submissions from former Cape Technikon and Peninsula Technikon).|
Perception of employees concerning information security policy compliance : case studies of a European and South African university
This study recognises that, regardless of information security policies, information about institutions continues to be leaked due to the lack of employee compliance. The problem is that information leakages have serious consequences for institutions, especially those that rely on information for its sustainability, functionality and competitiveness. As such, institutions ensure that information about their processes, activities and services are secured, which they do through enforcement and compliance of policies. The aim of this study is to explore the extent of non-compliance with information security policy in an institution. The study followed an interpretive, qualitative case study approach to understand the meaningful characteristics of the actual situations of security breaches in institutions. Qualitative data was collected from two universities, using semi-structured interviews, with 17 participants. Two departments were selected: Human Resources and the Administrative office. These two departments were selected based on the following criteria: they both play key roles within an institution, they maintain and improve the university’s policies, and both departments manage and keep confidential university information (Human Resources transects and keeps employees’ information, whilst the Administrative office manages students’ records). This study used structuration theory as a lens to view and interpret the data. The qualitative content analysis was used to analyse documentation, such as brochures and information obtained from the websites of the case study’s universities. The documentation was then further used to support the data from the interviews. The findings revealed some factors that influence non-compliance with regards to information security policy, such as a lack of leadership skills, favouritism, fraud, corruption, insufficiency of infrastructure, lack of security education and miscommunication. In the context of this study, these factors have severe consequences on an institution, such as the loss of the institution’s credibility or the institution’s closure. Recommendations for further study are also made available.
Except where otherwise noted, this item's license is described as https://creativecommons.org/licenses/by-nc-sa/4.0
Showing items related by title, author, creator and subject.
The institutionalisation of an information security culture in a petroleum organisation in the Western Cape Michiel, Michael (Cape Peninsula University of Technology, 2018)In today’s world, organisations cannot exist without having information readily available. The protection of information relies not only on technology but also on the behaviour of employees. The failure to institutionalise ...
Ncubukezi, Tabisa (Cape Peninsula University of Technology, 2012)Learning management systems (LMSs) have become the central aspects of educational processes in modern universities. Arguments are that LMSs improve educational efficiencies including the processes of storage, retrieval ...
Desai, Mohammed Reza (Cape Peninsula University of Technology, 2016)The aim of this research is to identify and explore the factors affecting information security compliance of information security policies and regulations, in a financial services organisation. The organisation has to ...