Abstract
Information for individual organisations should always be secured. Organisations need to protect their information from attackers or competitors as these could lead to law suits or loss of business. With the more advanced network technology, information security risks and threats are believed to be on the increase and becoming even more sophisticated. This paper assesses how South African organisations integrate legal and policy aspects when they deal with information security issues. Qualitative research methods were employed to gather and analyse data for the study. Results show that participation by top management in the provision of information security policies is very minimal in organisations. Again, most information security practitioners are not familiar with the legal and policy aspects that they are supposed to integrate in the implementation of information security and thus most organisations in the country are not complying with the law. Key words: Security risks, South African, organisations, Information Security Policies, legal compliance.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
