Please use this identifier to cite or link to this item:
https://etd.cput.ac.za/handle/20.500.11838/2802
Title: | Perception of employees concerning information security policy compliance : case studies of a European and South African university | Authors: | Lububu, Steven | Keywords: | Computer security;Computer networks -- Security measures;Information technology -- Security measures;Data protection;Information resources management -- Security measures | Issue Date: | 2018 | Publisher: | Cape Peninsula University of Technology | Abstract: | This study recognises that, regardless of information security policies, information about institutions continues to be leaked due to the lack of employee compliance. The problem is that information leakages have serious consequences for institutions, especially those that rely on information for its sustainability, functionality and competitiveness. As such, institutions ensure that information about their processes, activities and services are secured, which they do through enforcement and compliance of policies. The aim of this study is to explore the extent of non-compliance with information security policy in an institution. The study followed an interpretive, qualitative case study approach to understand the meaningful characteristics of the actual situations of security breaches in institutions. Qualitative data was collected from two universities, using semi-structured interviews, with 17 participants. Two departments were selected: Human Resources and the Administrative office. These two departments were selected based on the following criteria: they both play key roles within an institution, they maintain and improve the university’s policies, and both departments manage and keep confidential university information (Human Resources transects and keeps employees’ information, whilst the Administrative office manages students’ records). This study used structuration theory as a lens to view and interpret the data. The qualitative content analysis was used to analyse documentation, such as brochures and information obtained from the websites of the case study’s universities. The documentation was then further used to support the data from the interviews. The findings revealed some factors that influence non-compliance with regards to information security policy, such as a lack of leadership skills, favouritism, fraud, corruption, insufficiency of infrastructure, lack of security education and miscommunication. In the context of this study, these factors have severe consequences on an institution, such as the loss of the institution’s credibility or the institution’s closure. Recommendations for further study are also made available. | Description: | Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2018. | URI: | http://hdl.handle.net/20.500.11838/2802 |
Appears in Collections: | Information Technology - Master's Degree |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
209002409-Lububu-Steven-MTech-Information Technology-FID-2018.pdf | Thesis | 1.15 MB | Adobe PDF | View/Open |
Page view(s)
878
Last Week
0
0
Last month
5
5
checked on Nov 24, 2024
Download(s)
544
checked on Nov 24, 2024
Google ScholarTM
Check
This item is licensed under a Creative Commons License