Please use this identifier to cite or link to this item: https://etd.cput.ac.za/handle/20.500.11838/4080
Title: An analysis of cyber-security policy compliance in organisations
Authors: Okigui, Hugues Hermann 
Keywords: Business enterprises -- Computer security;Business enterprises -- Computer networks -- Security measures;Data protection;Internet -- Security measures;Internet -- Safety measures
Issue Date: 2023
Publisher: Cape Peninsula University of Technology
Abstract: n the contemporary digital landscape, cyber-attacks and incidents have placed cyber-security at the forefront of priorities in organizations. As organizations face cyber risks, it becomes imperative to implement and comply with various cyber-security policies. However, due to factors such as policy complexity and resistance from employees, compliance can be a challenging task. The study investigated the variables that affect an organization's adherence to cyber-security policies. A case study design was chosen as part of a qualitative approach to answer the research question. For data gathering, semi-structured interviews were performed, and existing documents were also considered when available to supplement interviews. The gathered data was meticulously organized, coded, and analyzed using the Actor-Network Theory perspective, with a focus on its four moments of translation: problematization, interessement, enrolment, and mobilization. The analysis revealed that insider threats and phishing attempts are the two cyber threats that affect organizations, behavioral challenges and enforcement limitations are factors influence and contribute to the non-compliance of cyber-security policy, phishing exercises and policy development process are used to enforce cyber-security policies. The study concludes that both insider Threats, involving staff or internal end-users, and Phishing Attempts perpetrated by external individuals, pose significant risks to organizations. Despite awareness initiatives, behavioral challenges persist among internal end-users, which complicate adherence to available security measures. A one-size-fit cyber-security policies are sometimes inadequate due to the diversity in business sectors, necessitating a tailored solution. Periodic phishing exercises serve to evaluate the readiness of internal end-users or staff, and identify areas for improvements. Ultimately, for effectiveness, cyber-security policies development process should follow a collaborative and inclusive approach where organization stakeholders will be participating.
Description: Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2023
URI: https://etd.cput.ac.za/handle/20.500.11838/4080
Appears in Collections:Information Technology - Master's Degree

Files in This Item:
File Description SizeFormat 
Okigui_Hugues_210051124.pdf860.41 kBAdobe PDFView/Open
Show full item record

Page view(s)

158
Last Week
3
Last month
20
checked on Dec 25, 2024

Download(s)

104
checked on Dec 25, 2024

Google ScholarTM

Check


Items in Digital Knowledge are protected by copyright, with all rights reserved, unless otherwise indicated.