ISGOP: A model for an information security governance platform

Manjezi, Zandile

Title: ISGOP: A model for an information security governance platform
Creator: Manjezi, Zandile
Subject: Electronic data processing departments -- Security measures
Subject: Computer networks -- Security measures Data protection
Date Issued: 2020
Date: 2020
Type: Thesis
Type: Masters
Type: MIT
Identifier: http://hdl.handle.net/10948/46130
Identifier: vital:39505
Description: Sound information security governance is an important part of every business. However, the widespread ransomware attacks that occur regularly cast a shadow of doubt on information security governance practices. Countermeasures to prevent and mitigate ransomware attacks are well known, yet knowledge of these countermeasures is not enough to ensure good information security governance. What matters is how the countermeasures are implemented across a business. Therefore, an information security governance structure is needed to oversee the deployment of these countermeasures. This research study proposes an information security governance model called ISGoP, which describes an information security governance platform comprising a data aspect and a functional aspect. ISGoP adopted ideas from existing frameworks. An information security governance framework known as the Direct-Control Cycle was analyzed. This provided ISGoP with conceptual components, such as information security-related documents and the relationships that exist between them. It is important to understand these conceptual components when distributing information security-related documents across all level of management for a holistic implementation. Security related documents and their relationships comprise the data aspect of ISGoP. Another framework that influenced ISGoP is the SABSA framework. The SABSA framework is an enterprise architecture framework that enables interoperability. It ensures collaboration between the people working for a business. Ideas from the SABSA framework were used to identify roles within the information security governance framework. The SABSA life cycle stages were also adopted by ISGoP. Various functions define the functional aspect of ISGoP. These functions are organised according to the life cycle stages and the views defined for the various roles. A case study was used to evaluate the possible utility of ISGoP. The case study explored a prototype implementation of ISGoP in a company. In addition to demonstrating its utility, the case study also allowed the model to be refined. ISGoP as a model must be refined and modified for specific business circumstances but lays a solid foundation to assist businesses in implementing sound information security governance.
Format: xiii, 152 leaves
Format: pdf
Publisher: Nelson Mandela University
Publisher: Faculty of Engineering, the Built Environment and Technology
Language: English
Rights: Nelson Mandela University

Hits: 1030
Visitors: 1075
Downloads: 138

Collections

NMU School of Information and Communication Technology

		Thumbnail	File	Description	Size	Format
View Details Download			SOURCE1	Manjezi, Z 211115770 Dissertation April 2020.pdf	1 MB	Adobe Acrobat PDF	View Details Download