Institutional Repository

Too many laws but very little progress! Is South African highly acclaimed information security legislation redundant?

UnisaIR/Manakin Repository

Show simple item record

dc.contributor.author Dagada, R.
dc.contributor.author Eloff, Mariki M.
dc.contributor.author Venter, L.M.
dc.date.accessioned 2009-10-08T07:47:17Z
dc.date.available 2009-10-08T07:47:17Z
dc.date.issued 2009
dc.identifier.citation Proceedings of the 8th Annual ISSA Conference, 6 -8 July 2009, University of Johannesburg's School of Tourism and Hospitality facility, Auckland Park, Johannesburg, South Africa. en
dc.identifier.isbn 978-1-86854-740-1
dc.identifier.uri http://hdl.handle.net/10500/2660
dc.description.abstract South Africa has myriad laws that address information security related issues. One such law is the Electronic Communications and Transactions Act of 2002 (ECTA), which is highly regarded internationally. A study, which forms the basis of this paper, found that not all provisions of this legislation that deal with information security are implemented by both the government and information security practitioners in corporate South Africa. The study found that the South African government has a relaxed approach to implementing some of the legal provisions regarding information security. The ECT Act agitates for the appointment of cyber inspectors who have powers to inspect, search and seize. A magistrate or a judge may issue a warrant requested by the cyber inspector. Although the legislation had good intentions, the government has not yet appointed the cyber inspectors. Although the ECT Act was in part intended to curb the spam emails, the effect of the Act is practically very little. The study also found that some of the information security laws are ambiguous, for example, the Patent Act. Some of the laws pertaining to information security are very old; they were in effect introduced before the Internet was used for commercial purposes. These include the Merchandise Marks Act of 1941 and Copyright Act of 1978. The findings of this study reflect that information security practitioners were not really familiar with the avalanche of information security related legislation. Be that as it may, the contents of the IT policies from some of the organisations that participated in this study contain the provisions of legislation were catered for in the policies. This should be attributed to the fact that although information security practitioners were not consciously trying to comply with legislation, they relied heavily on the international standards. Most of these standards are in line with the requirements of the South African information security related legislation. In other words, corporate information security policies are within the framework of the Constitution of the Republic and the applicable legislation by default. They are not consistent with constitutional and legislative provisions by conscious effort on the part of the information security practitioners. It is in this premise that this study contains a concept model for legal compliance for information security at the corporate environment. This model embodies the contribution of the study. en
dc.language.iso en en
dc.publisher Information Security for South Africa (ISSA) en
dc.relation.ispartofseries Proceedings of the ISSA 2009 Conference en
dc.subject Information security en
dc.subject Legislative compliance en
dc.subject Model for legal compliance en
dc.subject Information security policies en
dc.title Too many laws but very little progress! Is South African highly acclaimed information security legislation redundant? en
dc.type Article en


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search UnisaIR


Browse

My Account

Statistics