Abstract
The study has been triggered by the increase in information breaches in financial organizations worldwide. Such organizations may have policies and procedures, strategies and systems in place in order to mitigate the risk of information breaches, but data breaches are still on the rise. The objectives of this study are to explore the shortfalls of information security on a South African financial institution and further investigate whether business processes are responsive to organization’s needs. This study employed both quantitative and qualitative research methods. Questionnaires were sent to staff level employees, and semi-structured in-depth interviews were conducted with senior management at the organization. The study revealed that employees require training on information management and that there are major training deficiencies for training officers to conduct beneficial information management training at the organization. Information security program that include business risk analysis were not implemented, which results in inadequate information management planning and decisions. A standardized or uniform house rule policy was not consistently implemented across the organization, which resulted in certain areas not protecting information. The qualitative findings revealed that the external cleaning company could obtain access to customer information, if customer data are left lying around. Furthermore, there is major misalignment between policy setters and employees in this organization. The findings allow senior managers to construct projects and program with their teams to improve the state of information management in the organization which spans across the people aspect, technology systems and general information management processes. Furthermore, external companies should start signing Non-Disclosure Agreements - which is not being done currently as this opens the door for data fraud. The organization has information management and security policies in place, but the study concluded that employees do not understand these policies and should receive specialized training to ensure understanding and, ultimately, have employees following these information security policies. Keywords: data breach, information management, business processes, information legislation. JEL Classification: G2
Highlights
There has been a perception in financial institutions that employees breach data and fail to secure their organizational personal information. Duncan (2015) states that South Africa faces unique challenges in relation to hacking and the intentions of stealing personal information; it is, important for South African organizations to understand their vulnerabilities
Based on all of these factors highlighted far, the primary objectives of this study are to: explore the short falls of information security on a South African financial institution, investigate if data remain separate and privacy is ensured, investigate responsiveness of business processes on information management; investigate the capability of systems on information management, investigate the strategies formulated for information management; investigate projects and program aimed at addressing information management; and investigate contingency plans on how to respond to the financial risk in respect to information management
The results of the analysis conclude that there are big deficiencies for training officers to conduct beneficial information management training at the organization. This training covers a number of different aspects of information management. This implies that all areas of the organization were under-skilled on various characteristics or aspects of information management which could have detrimental consequences for potential data breaches
Summary
There has been a perception in financial institutions that employees breach data and fail to secure their organizational personal information. Duncan (2015) states that South Africa faces unique challenges in relation to hacking and the intentions of stealing personal information; it is, important for South African organizations to understand their vulnerabilities. Bethuel Sibongiseni Ngcamu, Doctor of Public Management, Cape Peninsula University of Technology, South Africa. There have been high profile data breaches in the United Kingdom, which has resulted in guidance and recommendations to help organizations to implement and monitor policies on personal information standards (Young, 2010). Based on all of these factors highlighted far, the primary objectives of this study are to: explore the short falls of information security on a South African financial institution, investigate if data remain separate and privacy is ensured, investigate responsiveness of business processes on information management; investigate the capability of systems on information management, investigate the strategies formulated for information management; investigate projects and program aimed at addressing information management; and investigate contingency plans on how to respond to the financial risk in respect to information management. This paper further concludes and provides recommendations for the study and for future researchers, as well as the limitations of the study
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call