An awareness model for the use of information technology security policies in the petroleum retail sector in South Africa

Abstract

The petroleum (oil and gas) retail industry in South Africa depends on the use of Information Technology (IT) in its operations, including distribution. Consequently, digital transformation has become a necessity in order to improve quality, productivity and efficiency and mitigate the emergence of Information Technology security (IT security) related vulnerabilities and threats. As a result, this study investigates an awareness model for the use of information technology policies in the petroleum retail sector in South Africa. In essence, it has become imperative to ensure that the South African oil and gas industry’s reliance on IT technology is safeguarded and efficient protocols are identified in order to strengthen security and compliance in the petroleum industry in its use of IT. This study uses a mono-quantitative research methodology and a non-probability purposive sampling technique. The data sources for this study were IT managers and non-managerial managers and employees within the IT units. Data analysis was performed using the statistical software SPSS. In this study, it was observed that there are disparities in adherence to access management techniques in order to secure vulnerable IT infrastructures and prevent cybersecurity threats. Also, the results from this study showed that approximately 89% agreed to the use of strong authentication methods, and 92% were favourable to the use of multi-factor authentication procedures, such as the adoption of password and SMS code protocols to be enforced among staff of the targeted oil and gas retail industry. The findings on knowledge, security, training approach, data sharing, and compliance represent the level of awareness of cybersecurity protection strategies, the need for frequent training, and data sharing among different categories of people were some of the observed to be among the control measures, organisational factors and challenges associated with cybersecurity within the oil and gas retail industry. This study reveals that a holistic measure must be developed as an IT security framework to mitigate