Enhancing the governance of information security in developing countries: the case of Zanzibar

2.50
Hdl Handle:
http://hdl.handle.net/10547/315359
Title:
Enhancing the governance of information security in developing countries: the case of Zanzibar
Authors:
Shaaban, Hussein Khamis
Abstract:
Organisations in the developing countries need to protect their information assets (IA) in an optimal way. This thesis is based upon the argument that in order to achieve fully effective information security management (ISM) strategy, it is essential to look at information security in a socio-technical context, i.e. the cultural, ethical, moral, legal dimensions, tools, devices and techniques. The motivation for this study originated from the concern of social chaos, which results from ineffective information security practices in organisations in the developing nations. The present strategies were developed for organisations in countries where culture is different to culture of the developing world. Culture has been pointed out as an important factor of human behaviour. This research is trying to enhance information security culture in the context of Zanzibar by integrating both social and technical issues. The theoretical foundation for this research is based on cultural theories and the theory of semiotics. In particular, the study utilised the GLOBE Project (House et al, 2004), Competing Values Framework (Quinn and Cameron; 1983) and Semiotic Framework (Liu, 2000). These studies guide the cultural study and the semiotics study. The research seeks to better understand how culture impact the governance of information security and develop a framework that enhances the governance of information security in non-profit organisations. ISO/IEC 27002 best practices in information security management provided technical guidance in this work. The major findings include lack of benchmarking in the governance of information security. Cultural issues impact the governance of information security. Drawing the evidence from the case study a framework for information security culture was proposed. In addition, a novel process model for information security analysis based on semiotics was developed. The process model and the framework integrated both social and technical issues and could be implemented in any non-profit organisation operating within a societal context with similar cultural feature as Zanzibar. The framework was evaluated using this process model developed in this research. The evaluated framework provides opportunities for future research in this area.
Citation:
Shaaban, Hussein Khamis (2014) 'Enhancing the governance of information security in developing countries: the case of Zanzibar'. PhD thesis. University of Bedfordshire.
Publisher:
University of Bedfordshire
Issue Date:
Jan-2014
URI:
http://hdl.handle.net/10547/315359
Type:
Thesis or dissertation
Language:
en
Description:
A thesis submitted to the University of Bedfordshire, in partial fulfilment of the requirements of the degree of Doctor of Philosophy
Appears in Collections:
PhD e-theses

Full metadata record

DC FieldValue Language
dc.contributor.authorShaaban, Hussein Khamisen
dc.date.accessioned2014-04-04T13:04:05Z-
dc.date.available2014-04-04T13:04:05Z-
dc.date.issued2014-01-
dc.identifier.citationShaaban, Hussein Khamis (2014) 'Enhancing the governance of information security in developing countries: the case of Zanzibar'. PhD thesis. University of Bedfordshire.en
dc.identifier.urihttp://hdl.handle.net/10547/315359-
dc.descriptionA thesis submitted to the University of Bedfordshire, in partial fulfilment of the requirements of the degree of Doctor of Philosophyen
dc.description.abstractOrganisations in the developing countries need to protect their information assets (IA) in an optimal way. This thesis is based upon the argument that in order to achieve fully effective information security management (ISM) strategy, it is essential to look at information security in a socio-technical context, i.e. the cultural, ethical, moral, legal dimensions, tools, devices and techniques. The motivation for this study originated from the concern of social chaos, which results from ineffective information security practices in organisations in the developing nations. The present strategies were developed for organisations in countries where culture is different to culture of the developing world. Culture has been pointed out as an important factor of human behaviour. This research is trying to enhance information security culture in the context of Zanzibar by integrating both social and technical issues. The theoretical foundation for this research is based on cultural theories and the theory of semiotics. In particular, the study utilised the GLOBE Project (House et al, 2004), Competing Values Framework (Quinn and Cameron; 1983) and Semiotic Framework (Liu, 2000). These studies guide the cultural study and the semiotics study. The research seeks to better understand how culture impact the governance of information security and develop a framework that enhances the governance of information security in non-profit organisations. ISO/IEC 27002 best practices in information security management provided technical guidance in this work. The major findings include lack of benchmarking in the governance of information security. Cultural issues impact the governance of information security. Drawing the evidence from the case study a framework for information security culture was proposed. In addition, a novel process model for information security analysis based on semiotics was developed. The process model and the framework integrated both social and technical issues and could be implemented in any non-profit organisation operating within a societal context with similar cultural feature as Zanzibar. The framework was evaluated using this process model developed in this research. The evaluated framework provides opportunities for future research in this area.en
dc.language.isoenen
dc.publisherUniversity of Bedfordshireen
dc.subjectG420 Networks and Communicationsen
dc.subjectinformation securityen
dc.subjectinformation security governanceen
dc.subjectZanzibaren
dc.subjectdeveloping countriesen
dc.titleEnhancing the governance of information security in developing countries: the case of Zanzibaren
dc.typeThesis or dissertationen
dc.type.qualificationnamePhDen_GB
dc.type.qualificationlevelPhDen
dc.publisher.institutionUniversity of Bedfordshireen
This item is licensed under a Creative Commons License
Creative Commons
All Items in UOBREP are protected by copyright, with all rights reserved, unless otherwise indicated.