Please use this identifier to cite or link to this item:
https://etd.cput.ac.za/handle/20.500.11838/4080
Title: | An analysis of cyber-security policy compliance in organisations | Authors: | Okigui, Hugues Hermann | Keywords: | Business enterprises -- Computer security;Business enterprises -- Computer networks -- Security measures;Data protection;Internet -- Security measures;Internet -- Safety measures | Issue Date: | 2023 | Publisher: | Cape Peninsula University of Technology | Abstract: | n the contemporary digital landscape, cyber-attacks and incidents have placed cyber-security at the forefront of priorities in organizations. As organizations face cyber risks, it becomes imperative to implement and comply with various cyber-security policies. However, due to factors such as policy complexity and resistance from employees, compliance can be a challenging task. The study investigated the variables that affect an organization's adherence to cyber-security policies. A case study design was chosen as part of a qualitative approach to answer the research question. For data gathering, semi-structured interviews were performed, and existing documents were also considered when available to supplement interviews. The gathered data was meticulously organized, coded, and analyzed using the Actor-Network Theory perspective, with a focus on its four moments of translation: problematization, interessement, enrolment, and mobilization. The analysis revealed that insider threats and phishing attempts are the two cyber threats that affect organizations, behavioral challenges and enforcement limitations are factors influence and contribute to the non-compliance of cyber-security policy, phishing exercises and policy development process are used to enforce cyber-security policies. The study concludes that both insider Threats, involving staff or internal end-users, and Phishing Attempts perpetrated by external individuals, pose significant risks to organizations. Despite awareness initiatives, behavioral challenges persist among internal end-users, which complicate adherence to available security measures. A one-size-fit cyber-security policies are sometimes inadequate due to the diversity in business sectors, necessitating a tailored solution. Periodic phishing exercises serve to evaluate the readiness of internal end-users or staff, and identify areas for improvements. Ultimately, for effectiveness, cyber-security policies development process should follow a collaborative and inclusive approach where organization stakeholders will be participating. | Description: | Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2023 | URI: | https://etd.cput.ac.za/handle/20.500.11838/4080 |
Appears in Collections: | Information Technology - Master's Degree |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
Okigui_Hugues_210051124.pdf | 860.41 kB | Adobe PDF | View/Open |
Page view(s)
158
Last Week
3
3
Last month
20
20
checked on Dec 25, 2024
Download(s)
104
checked on Dec 25, 2024
Google ScholarTM
Check
Items in Digital Knowledge are protected by copyright, with all rights reserved, unless otherwise indicated.