Abstract

Background: The deployment of information and communications technology (ICT) in the public sector, has been exposed to increasing security breaches and cyber-related crimes that have resulted in unauthorised access, theft, fraud and misuse of highly confidential, classified and sensitive public sector data and information (PSDI) assets. The government, as one of the biggest collectors and distributors of PSDI assets, needs to be constantly aware of the risks associated with the collection, classification, storage and dissemination of critical PSDI assets. The lack of sufficient data and information security measures could pose significant security risks that could impact on state security, thus causing national working relationships to be strained, which presents gaps and opportunities for external intruders to capitalise on the mistrust of the government to infiltrate further attacks on critical Information Technology (IT) infrastructure and systems. In order to mitigate and counteract critical and sensitive data and information-related crimes, the government must understand and analyse the importance of data and information security governance (DISG) and how it should be institutionalised through an integrated approach to improve and protect PSDI assets. Aim: The aim of this article is to analyse the institutionalisation of DISG measures government has implemented towards the protection of PSDI assets. Setting: The research setting is in three national government departments, namely the Department of Energy (DoE), the Department of Environmental Affairs (DEA) and the Department of Science and Technology (DST). This study investigates how the strategic combination of data governance (DG) and information security governance (ISG) practices and principles could be implemented and incorporated as one of the various approaches in public sector institutions to improve the DISG management functions of an organisation’s overall data and information systems and processes. Methods: The research approach is qualitative, and the research methodology includes a multiple case study design. Data were collected through semi-structured interviews and was triangulated with literature review. Primary data was analysed using thematic analysis. Results: The research findings are presented according to the McKinsey 7S model, which served as the analytical framework in the study. The research findings indicate that the institutionalisation of DISG management practices and functions in the South African public sector context are very limited, and there is a dominant focus on IT and IT security. It was also identified that DISG policies, practices, and systems have been found to be lacking in public sector management and governance functions. Conclusion: The study concludes that there is currently a lack of sufficient DISG policies, management practices and systems, particularly in the national sphere of government.

Highlights

  • The changing global environment influenced and driven by the Fourth Industrial Revolution (4IR) through the introduction of new and advanced technological theories, processes, systems and practices requires the government to formulate and implement conducive policies, frameworks, laws, rules and regulations in order for the 4IR to successfully achieve, accommodate and transition South Africa’s efforts towards improved security http://www.apsdpr.orgOpen Access practices and measures towards its public sector data and information (PSDI) assets

  • The research findings indicate that the institutionalisation of data and information security governance (DISG) management practices and functions in the South African public sector context are very limited, and there is a dominant focus on information technology (IT) and IT security

  • Public sector institutions are focussed on the protection of their IT systems and infrastructure and lack effective DISG systems to improve the protection of PSDI

Read more

Summary

Background

The deployment of information and communications technology (ICT) in the public sector, has been exposed to increasing security breaches and cyber-related crimes that have resulted in unauthorised access, theft, fraud and misuse of highly confidential, classified and sensitive public sector data and information (PSDI) assets. The lack of sufficient data and information security measures could pose significant security risks that could impact on state security, causing national working relationships to be strained, which presents gaps and opportunities for external intruders to capitalise on the mistrust of the government to infiltrate further attacks on critical Information Technology (IT) infrastructure and systems. In order to mitigate and counteract critical and sensitive data and information-related crimes, the government must understand and analyse the importance of data and information security governance (DISG) and how it should be institutionalised through an integrated approach to improve and protect PSDI assets. Aim: The aim of this article is to analyse the institutionalisation of DISG measures government has implemented towards the protection of PSDI assets. This study investigates how the strategic combination of data governance (DG) and information security governance (ISG) practices and principles could be implemented and incorporated as one of the various approaches in public sector institutions to improve the DISG management functions of an organisation’s overall data and information systems and processes

Results
Conclusion
Introduction
Findings
Ethical consideration
Data availability statement
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call