Skip to main content
SpringerLink
Log in

The State of e-Government Security in South Africa: Analysing the National Information Security Policy

  • Conference paper
  • First Online:
e-Infrastructure and e-Services for Developing Countries (AFRICOMM 2017)

  • 864 Accesses

Abstract

As a result of the growing reliance by public sector organisations on technological resources for capturing and processing information, protection of information in the public sector has become an issue of national concern. While considering the South African national strategy for protecting this state asset (‘information’) this paper contrasts existing local, provincial or national e-Government information security policies against the adopted national guidelines. The paper postulates that with sound policies and guidelines in place ‘interpretation and application’ remain as two barriers that pose a threat to state information. The main question addressed in this paper is whether e-Government information security policies adequately address prescribed key security components. To achieve a comprehensive understanding of the pillars underpinning the protection of national information security in South Africa, the authors followed systematic procedures for reviewing and evaluating existing e-Government information security policies. The objective of this paper is to investigate whether existing government information security policies are aligned to national policy or guidelines. This paper will contribute empirical evidence which supports the notion observed by the South African Auditor General that (Auditor-General 2012) security weaknesses in government departments and state entities are attributed to the lack of formally designed and implemented information security policies and standards. The results of this preliminary investigation indicate that although information security policies exist in the majority of state entities, there is no consistency in the application of the ‘security controls’, as outlined in the national guidelines.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ajzen, I.: The theory of planned behavior. Organ. Behav. Hum. Decis. Process. 50, 179–211 (1991)

    Article  Google Scholar 

  2. Alotaibi, M., Furnell, S., Clarke, N.: Information security policies: a review of challenges and influencing factors. In: Proceedings of the 11th International Conference for Internet Technology and Secured Transactions (ICITS-2016), 5–7 December 2016, Barcelona, Spain (2016). ISBN 978-1-908320-73-5

    Google Scholar 

  3. Auditor-General South Africa: The Drivers of Internal Control: Information Technology Management as a Driver of Audit Outcomes. Consolidated General report on the 2011–12 national and provincial audit outcomes (2012). https://www.agsa.co.za/Portals/0/MFMA2011-12Extracts/MFMA_2011-12_consolidated_reports/AGSA_MFMA_CONSOLIDATED_REPORT_2011_12.pdf. Accessed 12 July 2016

  4. Cloete, F.: E-government lessons from South Africa 2001–2011: institutions, state of progress and measurement. Afr. J. Inf. Commun. 12, 128–142 (2012)

    Google Scholar 

  5. Crous, M.: Service delivery in the South African public service: implementation of the Batho Pele principles by statistics South Africa. J. Publ. Adm. 39(4.1) (2004)

    Google Scholar 

  6. Da Veiga, A.: Comparing the information security culture of employees who had read the information security policy and those who had not Illustrated through an empirical study. Inf. Comput. Secur. 24(2), 139–151 (2016)

    Article  Google Scholar 

  7. Etsebeth, V.: Information security policies - the legal risk of uninformed personnel. In: Proceedings of the ISSA 2006 from Insight to Foresight Conference, 5–7 July 2006, Sandton, South Africa (2006). ISBN 1-86854-636-5

    Google Scholar 

  8. Hsieh, H., Shannon, S.E.: Three approaches to qualitative content analysis. Qual. Health Res. 15(9), 1277–1288 (2005)

    Article  Google Scholar 

  9. Kortjan, N., Von Solms, R.: A conceptual framework for cyber-security awareness and education in SA. South Afr. Comput. J. (SACJ) 52, 29–41 (2014)

    Google Scholar 

  10. Maiwald, E.: Fundamentals of Network Security. McGraw-Hill Education, New York (2004)

    Google Scholar 

  11. Mbowe, J.E., Zlotnikova, I., Msanjila, S.S., Oreku, G.S.: A conceptual framework for threat assessment based on organization’s information security policy. J. Inf. Secur. 5, 166–177 (2014)

    Google Scholar 

  12. Mutula, S.M., Mostert, J.: Challenges and opportunities of E-Government in South Africa. Electron. Libr. 28(1), 38–53 (2010)

    Article  Google Scholar 

  13. Ngobeni, S.J., Grobler, M.M.: Information security policies for governmental organisations: the minimum criteria. In: Proceedings of ISSA, 6–8 July 2009, Johannesburg, South Africa, pp. 455–466 (2009)

    Google Scholar 

  14. Njotini, M.N.: Protecting critical databases: towards risk based assessment of Critical Information Infrastructures (CIIS) in South Africa. Potchefstroomse Elektroniese Regsblad (PER) 16(1), 451–481 (2013)

    Google Scholar 

  15. Rosengren, K.E.: Advances in Content Analysis. Sage Publications, Beverly Hills (1981)

    Google Scholar 

  16. Shava, F.B., Van Greunen, D.: Designing user security metrics for security awareness at higher and tertiary institutions. In: Proceedings of the 8th International Development Informatics Association Conference, 3–4 November 2014, Port Elizabeth, South Africa, pp. 280–296 (2014)

    Google Scholar 

  17. South Africa. Department of Communications: National Integrated ICT Policy. Government Gazette, No. 37261, 24 January 2014

    Google Scholar 

  18. South Africa. Department of Public Service and Administration: Draft position Paper on Information Security. Version 0.3 (2015)

    Google Scholar 

  19. Tuyikeze, T., Pottas, D.: An information security policy development life cycle. In: Proceedings of the South African Information Security Multi-Conference (SAISMC), Port Elizabeth, South Africa, pp. 165–176, 17–18 May 2010. ISBN 978-1-84102-256-7

    Google Scholar 

  20. Whitman, M.E., Mattord, H.J.: Principles of Information Security. Course Technology, Boston (2003)

    Google Scholar 

  21. World Bank: New-Economy Sector Study: Electronic Government and Governance: Lessons for Argentina (2002). http://documents.worldbank.org/curated/en/527061468769894044/pdf/266390WP0E1Gov1gentina1Final1Report.pdf. Accessed 17 Feb 2017

  22. Zhao, F., Scavarda, A.J., Waxin, M.: Key issues and challenges in e-Government development: an integrative case study of the number one eCity in the Arab world. Inf. Technol. People 25(4), 395–422 (2012)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Johannesburg, Johannesburg, South Africa

    Bukelwa Ngoqo & Kennedy Njenga

Authors
  1. Bukelwa Ngoqo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kennedy Njenga
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bukelwa Ngoqo .

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Lagos, Lagos, Nigeria

    Victor Odumuyiwa

  2. National University of Ireland, Galway, Galway, Ireland

    Ojo Adegboyega

  3. University of Lagos, Lagos, Nigeria

    Charles Uwadia

Rights and permissions

Reprints and permissions

Copyright information

© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ngoqo, B., Njenga, K. (2018). The State of e-Government Security in South Africa: Analysing the National Information Security Policy. In: Odumuyiwa, V., Adegboyega, O., Uwadia, C. (eds) e-Infrastructure and e-Services for Developing Countries. AFRICOMM 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 250. Springer, Cham. https://doi.org/10.1007/978-3-319-98827-6_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-98827-6_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-98826-9

  • Online ISBN: 978-3-319-98827-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation