Legal implications of information security governance

DSpace/Manakin Repository

Show simple item record

dc.contributor.advisor Prof. S.H. von Solms en
dc.contributor.author Etsebeth, Verine
dc.date.accessioned 2009-01-08T13:04:36Z
dc.date.available 2009-01-08T13:04:36Z
dc.date.issued 2009-01-08T13:04:36Z
dc.date.submitted 2003-12
dc.identifier.uri http://hdl.handle.net/10210/1837
dc.description LL.M. en
dc.description.abstract Organisations are being placed under increased pressure by means of new laws, regulations and standards, to ensure that adequate information security exists within the organisation. The King II report introduced corporate South Africa to the concept of information security in 2002. In the same year the Electronic Communications and Transactions Act 25 of 2002 addressed certain technical information security issues such as digital signatures, authentication, and cryptography. Therefor, South Africa is increasingly focussing its attention on information security. This trend is in line with the approach taken by the rest of the international community, who are giving serious consideration to information security and the governance thereof. As organisations are waking up to the benefits offered by the digital world, information security governance is emerging as a business issue pivotal within the e-commerce environment. Most organisations make use of electronic communications systems such as e-mail, faxes, and the world-wide-web when performing their day-to-day business activities. However, all electronic transactions and communications inevitably involve information being used in one form or another. It may therefor be observed that information permeates every aspect of the business world. Consequently, the need exists to have information security governance in place to ensure that information security prevails. However, questions relating to: which organisation must deploy information security governance, why the organisation should concern itself with this discipline, how the organisation should go about implementing information security governance, and what consequences will ensue if the organisation fails to comply with this discipline, are in dispute. Uncertainty surrounding the answers to these questions contribute to the reluctance and skepticism with which this discipline is approached. This dissertation evolves around the legal implications of information security governance by establishing who is responsible for ensuring compliance with this discipline, illustrating the value to be derived from information security governance, the methodology of applying information security governance, and liability for non-compliance with this discipline, ultimately providing the reader with certainty and clarity regarding the above mentioned questions, while simultaneously enabling the reader to gain a better understanding and appreciation for the discipline information security governance. The discussion hereafter provides those who should be concerned with information security governance with practical, pragmatic advice and recommendations on: (i) The legal obligation to apply information security; (ii) Liability for failed information security; (iii) Guidelines on how to implement information security; and (iv) A due diligence assessment model against which those responsible for the governance and management of the organisation may benchmark their information security efforts. en
dc.language.iso en en
dc.subject Computer security en
dc.subject Data protection en
dc.subject Liability (Law) en
dc.subject Information technology management en
dc.subject Computer network security en
dc.subject Business enterprises en
dc.title Legal implications of information security governance en
dc.type Thesis en

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search UJDigispace


Advanced Search

Browse

My Account