Towards a risk assessment matrix for information security workarounds associated with acceptable use policies
- Authors: Slabbert, Eugene
- Date: 2022-04
- Subjects: Information networks--security measures , Computer security--South africa
- Language: English
- Type: Master's theses
- Identifier: http://hdl.handle.net/10948/55533 , vital:52811
- Description: Acceptable Use Policies (AUPs) are used to influence employees’ information security behaviour. Some employees feel that the AUPs and related procedures interfere with their ability to work efficiently and may, therefore, choose not to comply by utilising information security workarounds associated with the AUP. An AUP workaround is a form of information security non compliance that may result in unnecessary information security risk exposure for an organisation. Some AUP workarounds may be useful as they identify more efficient ways to complete tasks that may not impact the information security of an organisation. However, these efficiencies should only be considered for incorporation into standard procedures when the information security risk exposure of an AUP workaround is known. This leads to the problem statement. Many organisations do not have a formal way in which to assess the information security risks posed by workarounds associated with their Acceptable Use Policies, and related procedures. This study provides a solution to the identified problem through the primary objective, to develop a Risk Assessment Matrix for Information Security Workarounds associated with Acceptable Use Policies, and related procedures. Four secondary research objectives were proposed to achieve the primary research objective. The first secondary objective determines the role of information security risk management and how it relates to information security governance through the utilisation of a literature review. The second secondary objective firstly utilises a literature review to determine the role that the AUP and its related procedures play within an organisation, followed by a content analysis which identifies the key content that should be considered in a comprehensive AUP. The third secondary objective determines the factors that influence the use of AUP workarounds within an organisation through the utilisation of a literature review. Lastly, the fourth secondary objective utilises a literature review to determine the key components required for the development of the risk assessment matrix for information security workarounds. In addition, critical reasoning is used to create the risk assessment matrix for information security workarounds. The solution to this study contributes to the body of knowledge by proposing a risk assessment matrix to assess the information security risk exposure of AUP workarounds and find possible efficiency gains while keeping information security risk exposure to a minimum. , Thesis (MTech) -- Faculty of Engineering, the Built Environment and Information Technology , Information Technology, 2022
- Full Text:
- Date Issued: 2022-04
Towards a Risk Assessment Matrix for Information Security Workarounds Associated with Acceptable Use Policies
- Authors: Slabbert, Eugene
- Date: 2022-04
- Subjects: Information technology -- Security measures
- Language: English
- Type: Master's theses , text
- Identifier: http://hdl.handle.net/10948/58473 , vital:59519
- Description: Acceptable Use Policies (AUPs) are used to influence employees’ information security behaviour. Some employees feel that the AUPs and related procedures interfere with their ability to work efficiently and may, therefore, choose not to comply by utilising information security workarounds associated with the AUP. An AUP workaround is a form of information security non-compliance that may result in unnecessary information security risk exposure for an organisation. Some AUP workarounds may be useful as they identify more efficient ways to complete tasks that may not impact the information security of an organisation. However, these efficiencies should only be considered for incorporation into standard procedures when the information security risk exposure of an AUP workaround is known. This leads to the problem statement. Many organisations do not have a formal way in which to assess the information security risks posed by workarounds associated with their Acceptable Use Policies, and related procedures. This study provides a solution to the identified problem through the primary objective, to develop a Risk Assessment Matrix for Information Security Workarounds associated with Acceptable Use Policies, and related procedures. Four secondary research objectives were proposed to achieve the primary research objective. The first secondary objective determines the role of information security risk management and how it relates to information security governance through the utilisation of a literature review. The second secondary objective firstly utilises a literature review to determine the role that the AUP and its related procedures play within an organisation, followed by a content analysis which identifies the key content that should be considered in a comprehensive AUP. The third secondary objective determines the factors that influence the use of AUP workarounds within an organisation through the utilisation of a literature review. Lastly, the fourth secondary objective utilises a literature review to determine the key components required for the development of the risk assessment matrix for information security workarounds. In addition, critical reasoning is used to create the risk assessment matrix for information security workarounds. The solution to this study contributes to the body of knowledge by proposing a risk assessment matrix to assess the information security risk exposure of AUP workarounds and find possible efficiency gains while keeping information security risk exposure to a minimum. , Thesis (MA) -- Faculty of Engineering, the Built Environment, and Technology, 2022
- Full Text:
- Date Issued: 2022-04