- Title
- A framework to prepare an information security awareness and training programme for a provincial government department in the Eastern Cape, South Africa.
- Creator
- Potelwa, Zandile
- Subject
- Information technology--Security measures.
- Subject
- Employees--Training of.
- Subject
- Data encryption (Computer science)
- Date Issued
- 2022-03
- Date
- 2022-03
- Type
- Master's theses
- Type
- text
- Identifier
- http://hdl.handle.net/10353/22289
- Identifier
- vital:52016
- Description
- Provincial government departments do not have good audit reports on the information security section. The underlying issues are human factors associated with employee interaction with Information and Communication Technology (ICT). The problem to be addressed is how a provincial government needs to focus on employees’ information security awareness so that there is a residual improvement in information security culture to realise unqualified government audits for information security. A case study approach that focused on the provincial government departments in the Eastern Cape Province was used. The primary data was collected using semi-structured interviews containing questions related to information security awareness. Microsoft Teams was used to conduct online semi-structured interviews with 12 provincial government IT staff from two identified provincial departments. The data was analysed using thematic analysis and MS Excel for coding. The findings then were used to determine the outcome of this study which is the framework for preparing an information security awareness programme. The outcome of the study was achieved by condensing the themes that emerged in both the primary and secondary data. The framework was then explained as a way of recommending the importance of preparing information security awareness and training programmes in changing information security behaviour. The derived artefact of this study is an information security awareness framework that can be utilised in a provincial government department to increase the awareness of information security amongst government employees. The contribution of this study is a framework based on the Protection Motivation Theory and the Organisational Culture, to ascertain employees’ actions in relation to information risks and threats; requirements for preparing an information security awareness program for public sector employees and to determine the requirements to be considered when building information security culture in provincial government departments. The proposed framework can then be used to establish an information security culture within the government departments, which will mitigate security risks and threats. The significance of this study as per the constructs of ISA and training show that it can challenge thinking of how ISA can be prepared for not only provincial government but also for state-owned entities or local government.
- Description
- Thesis (MCom) (Information Systems) -- University of Fort Hare, 2022
- Format
- computer
- Format
- online resource
- Format
- application/pdf
- Format
- 1 online resource (158 pages)
- Format
- Publisher
- University of Fort Hare
- Publisher
- Faculty of Management and Commerce
- Language
- English
- Rights
- University of Fort Hare
- Rights
- All Rights Reserved
- Rights
- Open Access
- Hits: 987
- Visitors: 1015
- Downloads: 78
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details Download | SOURCE1 | Potelwa _201600492_Information_Systems.pdf | 2 MB | Adobe Acrobat PDF | View Details Download |