Advanced Search
Back
3rd European International Conference on Industrial Engineering and Operations Management

Cyber-security Policy Framework and Procedural Compliance in Public Organisations

Download PDF
EDISON LUBUA & Philip Pretorius
Publisher: IEOM Society International
0 Paper Citations
1 Views
1 Downloads
Track: Information Technology and Information Systems
Abstract

This study was motivated by the fact that many organisations in Tanzania and Africa in general fails to meet security requirements suggested through ISO 27001 security standards, due to the lack of a credible cyber-security policy. The purpose was to develop the policy framework suitable in the management of the cyber-security in organisation level. Also, the study determined the compliance of selected cases for study to procedures for cyber policy formulation and review. The study used the qualitative approach. It engaged the literature in the conceptualisation of the study, used the discussion between researchers to formulate themes of the new cyber-security policy, used the focus group to improve the cyber-security policy framework, and used a survey questionnaire to study procedures and the formalisation of the cyber-security policy. Fifteen (15) organisation were represented in the survey, while ten (10) participants from six (6) organisations and four (4) countries were engaged in a focus group discussion. Both purposive and convenient methods were used in sampling. This study formulated a framework for cyber-security policy with seven themes: Data security, Internet and network services governance, uses of company owned devices, physical security, incident handling and reporting, monitoring and compliance, and policy administrative issues. Moreover, the study confirmed that few organisations engages stakeholders in policy formulation and conduct the policy review at the interval not exceeding three years.  Moreover, many organisations uses cyber-security policies without the authorisation of the top authority of their organisation. The study recommends the formulation of a comprehensive cyber-security policy through the use of the Lubua’s cyber-security policy. Further to this, the policy formulation procedure must be inclusive, and guided by existing organisation guidelines. The maximum of three (3) years is recommended for policy review. The formalisation of the policy document must be approved by the top authority of the organisation.

Published in: 3rd European International Conference on Industrial Engineering and Operations Management, Pilsen, Czech Republic

Publisher: IEOM Society International
Date of Conference: July 23-26, 2019

ISBN: 978-1-5323-5949-1
ISSN/E-ISSN: 2169-8767

Related Research

ICT Business Alignment Versus Digital Alignment: Similarities and Differences for Driving Organizational Innovation Management


4th European International Conference on Industrial Engineering and Operations Management


Published: 2021

Improving Efficiency and Effectiveness in the Development of Customised Software Solutions: A Case Study in a Service Oriented Company


4th European International Conference on Industrial Engineering and Operations Management


Published: 2021

Web Application DYAC


4th European International Conference on Industrial Engineering and Operations Management


Published: 2021