International Journal of Computer Networks and Applications (IJCNA)

Published By EverScience Publications

ISSN : 2395-0455

International Journal of Computer Networks and Applications (IJCNA)

International Journal of Computer Networks and Applications (IJCNA)

Published By EverScience Publications

ISSN : 2395-0455

The Provision of Information Technology Security Considerations by Legal Prescripts: South African Case

Author NameAuthor Details

Ntjatji Gosebo, Sipho Seepe

Ntjatji Gosebo[1]

Sipho Seepe[2]

[1]Department of Public Service and Administration, South Africa, South Africa.

[2]Ministry of Human Settlements, South Africa, South Africa.

Abstract

The purpose of this paper is to establish whether IT security considerations are provided for, in the case of South Africa, by legal prescripts on each computer-based Information Systems’ component. A descriptive research approach was employed to accomplish the aim of this paper. Findings are that avoidance IT security consideration is the least covered by legal prescripts, while the deterrence IT security consideration is comprehensively covered by legal prescripts. While legal prescripts related to deterrence IT security consideration are almost similar, they prescribe different punishments for the same violation. A further study is needed to establish whether IT security considerations not covered by legal prescripts are mitigated by other means, and a different further study to determine the efficacy of deterrence without detection is also needed. A consolidated IT security legal prescript might deliver a better remedy to prevailing disjointedness and duplications. This paper develops a rubric or model that guides a comprehensive and systemic assessment of IT security considerations, and provides an evaluation of IT related legal prescripts of South Africa.

Index Terms

IT Security

Legal Prescripts

Security Considerations

Computer-Based Information Systems

Reference

  1. 1.
    Susanto, H., Almunawar, M. N., & Tuan, Y. C. “Information security management system standards: A comparative study of the big five”. 2011
  2. 2.
    Dubois, É., Heymans, P., Mayer, N., & Matulevičius, R. “A systematic approach to define the domain of information system security risk management”. In Intentional Perspectives on Information Systems Engineering, 2010, pp. 289-306. Springer Berlin Heidelberg.
  3. 3.
    Liang, H., & Xue, Y. “Understanding security behaviors in personal computer usage: A threat avoidance perspective”. Journal of the Association for Information Systems, 2010, 11(7), 394-413.
  4. 4.
    Hu, Q., Xu, Z., Dinev, T., & Ling, H. “Does deterrence work in reducing information security policy abuse by employees?” Communications of the ACM, 2011, 54(6), 54-60.
  5. 5.
    Lioy, Antonio, Antonio Pastor, Fulvio Risso, Roberto Sassu, and Adrian L. Shaw. "Offloading security applications into the network." In eChallenges e-2014, 2014 Conference, pp. 1-9. IEEE.
  6. 6.
    Thomson, G. “BYOD: enabling the chaos”. Network Security, 2012, (2), 5-8.
  7. 7.
    Huang, C. C., Lin, F. Y., Lin, F. Y. S., & Sun, Y. S. “A novel approach to evaluate software vulnerability prioritization”. Journal of Systems and Software, 2013, 86(11), 2822-2840.
  8. 8.
    Park, Y., Lee, C., Kim, J., Cho, S. J., & Choi, J. “An Android security extension to protect personal information against illegal accesses and privilege escalation attacks”. Journal of Internet Services and Information Security (JISIS), 2012, 2(3/4), 29-42.
  9. 9.
    Bulgurcu, B., Cavusoglu, H., & Benbasat, I. “Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness”. MIS quarterly, 2010, 34(3), 523-548.
  10. 10.
    Fenz, S. “Ontology-based generation of IT-security metrics”. In Proceedings of the 2010 ACM Symposium on Applied Computing, 2010, (pp. 1833-1839).
  11. 11.
    Al Kailani, M., & Kumar, R. “Investigating uncertainty avoidance and perceived risk for impacting internet buying: a study in three national cultures”. International Journal of Business and Management, 2011, 6(5), p76.
  12. 12.
    Weber, R. H. (2011) “Internet of Things–New security and privacy challenges”. Computer Law & Security Review, 26(1), 23-30.
  13. 13.
    Herath, T., & Rao, H. R. “Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness”. Decision Support Systems, 2009, 47(2), 154-165.
  14. 14.
    Warkentin, M., & Willison, R. “Behavioral and policy issues in information systems security: the insider threat”. European Journal of Information Systems, 2009, 18(2), 101.
  15. 15.
    D'Arcy, J., Hovav, A., & Galletta, D. “User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach”. Information Systems Research, 2009, 20(1), 79-98.
  16. 16.
    Dlamini, M. T., Eloff, J. H., & Eloff, M. M. “Information security: The moving target”. Computers & Security, 2009, 28(3), 189-198.
  17. 17.
    Kandukuri, B. R., Paturi, V. R., & Rakshit, A. “Cloud security issues”. In Services Computing, SCC'09. IEEE International Conference on, 2009, (pp. 517-520). IEEE.
  18. 18.
    Tapia, A. H., Bajpai, K., Jansen, B. J., Yen, J., & Giles, L. “Seeking the trustworthy tweet: Can microblogged data fit the information needs of disaster response and humanitarian relief organizations”. In Proceedings of the 8th International ISCRAM Conference, 2011, (pp. 1-10).
  19. 19.
    Otero, A. R., Otero, C. E., & Qureshi, A. “A multi-criteria evaluation of information security controls using Boolean features”. International Journal of Network Security & its application (IJNSA), 2010, 2(4).
  20. 20.
    Ahmad, A., Maynard, S. B., & Park, S. “Information security strategies: towards an organizational multi-strategy perspective”. Journal of Intelligent Manufacturing, 2014, 25(2), 357-370.
  21. 21.
    Lo, C. C., & Chen, W. J. “A hybrid information security risk assessment procedure considering interdependences between controls”. Expert Systems with Applications, 2012, 39(1), 247-257.
  22. 22.
    Ross, S. M., & Morrison, G. R. “Experimental research methods”. In D. H. Jonassen (Ed.), Handbook of research on educational communications and technology (2nd ed). 2004, Mahwah, New Jersey: Lawrence Erlbaum Associates, Inc.
  23. 23.
    Williams, C. “Research methods”. Journal of Business & Economics Research (JBER), 2011, 5(3).
IJCNA NPC