An integrated approach for information security compliance in a financial services organisation

• Main Author: Desai, Mohammed Reza
• Other Authors: de la Harpe, AC
• Language: en
• Published: Cape Peninsula University of Technology 2017
• Subjects: Financial services industry > Computer networks > Safety measures; Computer networks > Security measures; Information technology > Security measures; Computer security; Financial services industry > Computer networks > Law and legislation
• Online Access: http://hdl.handle.net/20.500.11838/2396

Thesis (MTech (Information Technology))--Cape Peninsula University of Technology, 2016. === The aim of this research is to identify and explore the factors affecting information security compliance of information security policies and regulations, in a financial services organisation. The organisation has to comply with information security regulations and legislations by righteousness of its operations in light of the fact that any wrong doing together with misuse of data, are continually expanding. Corporate embarrassments comes about due to rupture of security, results in expanded thoughtfulness regarding corporate consistency. Legislature and policies have been set up to counter information security issues. This legislature and policies are not adequately addressing the compliance issues that arise, but are needed within organisations. Compliance targets are not met due to inconsistent guidelines that turns out to be significant in diminishing the financial position, reputation and security of information. This research further aims to explore whether employees comply with laws and regulations regarding information in an organisation. This is done in order to confirm whether governance and human factors play any significant part in compliance. The research is an exploratory study and specifically analyses the governance function and which stakeholders influence its operations in information compliance. The research investigates certain questions on organisational culture and the human factor, do influence employee’s compliance to laws and regulations. The objectives of the research are to investigate which factors, and how such factors influence compliance of information security policies and compliance with the goal of designing an integrated framework to assist in counteracting these findings. The research is underpinned by the Neo-institutional theory, Agency Theory and Rational choice theory. The Denison organisational cultural model and a framework proposed by von Solms are used as lenses to interpret the data of the research.