The management of information security : a South African case study
CITATION: Fourie, L. C. H. 2003. The management of information security : a South African case study. South African Journal of Business Management, 34(2):a679, doi:10.4102/sajbm.v34i2.679.
The original publication is available at https://sajbm.org
The growing misuse of information technology and the increased dependence on computer technology and systems heightened the requirements for information security. Unfortunately there often is a feeling of apathy towards information security by management, which leads to an ad hoc approach to information security and resultant information and financial losses. The main objective of the research thus was to determine the current state of information security at a large manufacturing company in South Africa. The methodology entailed a field study of which three sets of structured questionnaires on information security were an important component. Based on a literature study concerning the ideal information security and control situation and the results of the three sets of questionnaires it was possible to determine the gap, problem areas and issues of information security and control at the manufacturing company. The research clearly indicated that numerous areas for improvement exist and therefore proposes a framework for the management of information security. Although a completely secure information system may not be attainable, the valuable information asset can to a large extent be protected through proper management.