Abstract
The proliferation of e-business, e-services and e-governance in developing countries has resulted in businesses and governments becoming highly dependent on business information and related information technologies. Such information is, however, constantly exposed to real threats that could result in security breaches. If these are realised, the prevailing economic structure of a developing country, which is often frail and dependent on the success of its businesses, may be significantly affected as a result of monetary losses. It is thus vital for businesses in these countries to implement, manage and govern information security adequately so as to ensure that valuable information resources are effectively protected. Regrettably, many businesses in developing countries lack the expertise to perform these activities owing to a lack of resources or expertise. Accordingly, the aim of this paper is to establish a model for information security governance that can be implemented with little expertise, as well as minimal effort and capital outlay.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Von Solms, R.: Information security management (1): why information security is so important. Information Management & Computer Security 6(4), 174–177 (1998), doi:10.1108/EUM0000000004533
Von Solms, S.H., Von Solms, R.: Information Security Governance. Springer (2008) ISBN 0387799834
Information technology - code of practice for information security management. Number 27002. International Organization for Standardization (ISO) (2005) ISBN 978-0-626-21372-5
Posthumus, S., Von Solms, R., King, M.: The board and IT governance: The what, who and how. South African Journal of Business Management 41(3), 23–32 (2010) ISSN 20785976
Von Solms, S.: Information Security - The Fourth Wave. Computers & Security 25(3), 165–168 (2006), doi:10.1016/j.cose.2006.03.004
Institute of Directors in Southern Africa. King III Report on Corporate Governance. Institute Of Directors in Southern Africa, Parklands (2009) ISBN 2300000012576
IT Governance Institute. Cobit 4.1. ISACA (2007) ISBN 1933284722
Goodman, S., Harris, A.: Emerging markets: The coming african tsunami of information insecurity. Communications of the ACM 53(12), 24–27 (2010), doi:10.1145/1859204.1859215
Peffers, K., Tuunanen, T., Rothenberger, M., Chatterjee, S.: A Design Science Research Methodology for Information Systems Research. Journal of Management Information Systems 24(3), 45–77 (2007), doi:10.2753/MIS0742-1222240302, ISSN 0742-1222
European Multi stakeholder Forum on CSR. Final results & recommendations. Technical report, European Multi-stakeholder Forum on CSR (2004)
Raynard, P., Forstater, M.: Corporate social responsibility: Implications for small and medium enterprises in developing countries. Technical report, United Nations Industrial Development Organization (2002)
Wall, D.: The internet as a conduit for criminal activity. In: Patavina, A. (ed.) Information Technology and the Criminal Justice System. Sage Publications (2005)
Gupta, A., Hammond, R.: Information systems security issues and decisions for small businesses: An empirical examination. Information Management & Computer Security 13(4), 297–310 (2005), doi:10.1108/09685220510614425, ISSN 0968-5227
Von Solms, R., Von Solms, S.: Information Security Governance: A model based on the Direct/Control Cycle. Computers & Security 25(6), 408–412 (2006), doi:10.1016/j.cose.2006.07.005
IT Governance Institute. Information Security Governance: Guidance for Boards of Directors and Executive Management. IT Governance Institute, 2nd edn. (2006) ISBN 1933284293
Perera, O.: How material is iso 26000 to small and medium-sized enterprises (smes). Technical report, International Institute for Sustainable Development (2008)
Upfold, C.T., Sewry, D.A.: An investigation of Information Security in Small and Medium Enterprises (SMEs) in the Eastern Cape. In: Venter, H.S., Eloff, J.H.P., Labuschagne, L., Eloff, M.M. (eds.) Proceedings of the ISSA 2005 New Knowledge Today Conference, pp. 1–17 (2005)
Tawileh, A., Hilton, J., McIntosh, S.: Managing information security in small and medium sized enterprises: a holistic approach. Proceedings of the ISSE/SECURE, pp. 331–339 (2007)
Yildirim, E., Akalp, G., Aytac, S., Bayram, N.: Factors influencing information security management in small- and medium-sized enterprises: A case study from Turkey. International Journal of Information Management (November 2010), doi: 10.1016/j.ijinfomgt.2010.10.006, ISSN 02684012
Hoppe, O.A., Van Niekerk, J., Von Solms, R.: The Effective Implementation of Information Security in Organizations. In: Proceedings of the IFIP TC11 17th International Conference on Information Security: Visions and Perspectives, pp. 1–18. Kluwer, B.V., Deventer, The Netherlands (2002) ISBN 1-4020-7030-6
Vermeulen, C., Von Solms, R.: The information security management toolbox - taking the pain out of security management. Information Management & Computer Security 10(3), 119–125 (2002), doi:10.1108/09685220210431872
Information technology - Security techniques - Information security management systems - Requirements. Number 27001. International Organization for Standardization (ISO) (2005) ISBN 0-626-17724-3
Von Solms, R., Von Solms, S.: Information security governance: Due care. Computers & Security 25(7), 494–497 (2006), doi:10.1016/j.cose.2006.08.013, ISSN 01674048
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Coertze, J., von Solms, R. (2013). A Model for Information Security Governance in Developing Countries. In: Jonas, K., Rai, I.A., Tchuente, M. (eds) e-Infrastructure and e-Services for Developing Countries. AFRICOMM 2012. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 119. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-41178-6_29
Download citation
DOI: https://doi.org/10.1007/978-3-642-41178-6_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-41177-9
Online ISBN: 978-3-642-41178-6
eBook Packages: Computer ScienceComputer Science (R0)