Integration of policy aspects into information security issues in South African organisations

Abstract

Information for individual organisations should always be secured. Organisations need to protect their information from attackers or competitors as these could lead to law suits or loss of business. With the more advanced network technology, information security risks and threats are believed to be on the increase and becoming even more sophisticated. This paper assesses how South African organisations integrate legal and policy aspects when they deal with information security issues. Qualitative research methods were employed to gather and analyse data for the study. Results show that participation by top management in the provision of information security policies is very minimal in organisations. Again, most information security practitioners are not familiar with the legal and policy aspects that they are supposed to integrate in the implementation of information security and thus most organisations in the country are not complying with the law.