Legal implications of information security governance

LL.M. === Organisations are being placed under increased pressure by means of new laws, regulations and standards, to ensure that adequate information security exists within the organisation. The King II report introduced corporate South Africa to the concept of information security in 2002. In the...

Full description

Bibliographic Details
Main Author: Etsebeth, Verine
Published: 2009
Subjects:
Online Access:http://hdl.handle.net/10210/1837
id ndltd-netd.ac.za-oai-union.ndltd.org-uj-uj-14757
record_format oai_dc
spelling ndltd-netd.ac.za-oai-union.ndltd.org-uj-uj-147572017-09-17T03:59:29ZLegal implications of information security governanceEtsebeth, VerineComputer securityData protectionLiability (Law)Information technology managementComputer network securityBusiness enterprisesLL.M.Organisations are being placed under increased pressure by means of new laws, regulations and standards, to ensure that adequate information security exists within the organisation. The King II report introduced corporate South Africa to the concept of information security in 2002. In the same year the Electronic Communications and Transactions Act 25 of 2002 addressed certain technical information security issues such as digital signatures, authentication, and cryptography. Therefor, South Africa is increasingly focussing its attention on information security. This trend is in line with the approach taken by the rest of the international community, who are giving serious consideration to information security and the governance thereof. As organisations are waking up to the benefits offered by the digital world, information security governance is emerging as a business issue pivotal within the e-commerce environment. Most organisations make use of electronic communications systems such as e-mail, faxes, and the world-wide-web when performing their day-to-day business activities. However, all electronic transactions and communications inevitably involve information being used in one form or another. It may therefor be observed that information permeates every aspect of the business world. Consequently, the need exists to have information security governance in place to ensure that information security prevails. However, questions relating to: which organisation must deploy information security governance, why the organisation should concern itself with this discipline, how the organisation should go about implementing information security governance, and what consequences will ensue if the organisation fails to comply with this discipline, are in dispute. Uncertainty surrounding the answers to these questions contribute to the reluctance and skepticism with which this discipline is approached. This dissertation evolves around the legal implications of information security governance by establishing who is responsible for ensuring compliance with this discipline, illustrating the value to be derived from information security governance, the methodology of applying information security governance, and liability for non-compliance with this discipline, ultimately providing the reader with certainty and clarity regarding the above mentioned questions, while simultaneously enabling the reader to gain a better understanding and appreciation for the discipline information security governance. The discussion hereafter provides those who should be concerned with information security governance with practical, pragmatic advice and recommendations on: (i) The legal obligation to apply information security; (ii) Liability for failed information security; (iii) Guidelines on how to implement information security; and (iv) A due diligence assessment model against which those responsible for the governance and management of the organisation may benchmark their information security efforts.2009-01-08T13:04:36ZThesisuj:14757http://hdl.handle.net/10210/1837
collection NDLTD
sources NDLTD
topic Computer security
Data protection
Liability (Law)
Information technology management
Computer network security
Business enterprises
spellingShingle Computer security
Data protection
Liability (Law)
Information technology management
Computer network security
Business enterprises
Etsebeth, Verine
Legal implications of information security governance
description LL.M. === Organisations are being placed under increased pressure by means of new laws, regulations and standards, to ensure that adequate information security exists within the organisation. The King II report introduced corporate South Africa to the concept of information security in 2002. In the same year the Electronic Communications and Transactions Act 25 of 2002 addressed certain technical information security issues such as digital signatures, authentication, and cryptography. Therefor, South Africa is increasingly focussing its attention on information security. This trend is in line with the approach taken by the rest of the international community, who are giving serious consideration to information security and the governance thereof. As organisations are waking up to the benefits offered by the digital world, information security governance is emerging as a business issue pivotal within the e-commerce environment. Most organisations make use of electronic communications systems such as e-mail, faxes, and the world-wide-web when performing their day-to-day business activities. However, all electronic transactions and communications inevitably involve information being used in one form or another. It may therefor be observed that information permeates every aspect of the business world. Consequently, the need exists to have information security governance in place to ensure that information security prevails. However, questions relating to: which organisation must deploy information security governance, why the organisation should concern itself with this discipline, how the organisation should go about implementing information security governance, and what consequences will ensue if the organisation fails to comply with this discipline, are in dispute. Uncertainty surrounding the answers to these questions contribute to the reluctance and skepticism with which this discipline is approached. This dissertation evolves around the legal implications of information security governance by establishing who is responsible for ensuring compliance with this discipline, illustrating the value to be derived from information security governance, the methodology of applying information security governance, and liability for non-compliance with this discipline, ultimately providing the reader with certainty and clarity regarding the above mentioned questions, while simultaneously enabling the reader to gain a better understanding and appreciation for the discipline information security governance. The discussion hereafter provides those who should be concerned with information security governance with practical, pragmatic advice and recommendations on: (i) The legal obligation to apply information security; (ii) Liability for failed information security; (iii) Guidelines on how to implement information security; and (iv) A due diligence assessment model against which those responsible for the governance and management of the organisation may benchmark their information security efforts.
author Etsebeth, Verine
author_facet Etsebeth, Verine
author_sort Etsebeth, Verine
title Legal implications of information security governance
title_short Legal implications of information security governance
title_full Legal implications of information security governance
title_fullStr Legal implications of information security governance
title_full_unstemmed Legal implications of information security governance
title_sort legal implications of information security governance
publishDate 2009
url http://hdl.handle.net/10210/1837
work_keys_str_mv AT etsebethverine legalimplicationsofinformationsecuritygovernance
_version_ 1718536736675463168