Analysis of Information Security Breaches in Kumasi Metropolitan Assembly Ghana.
Frimpong, George Atta (2019)
Frimpong, George Atta
2019
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2019060816143
https://urn.fi/URN:NBN:fi:amk-2019060816143
Tiivistelmä
The significance of Information Technology in the business world of today cannot be underesti- mated. It has great influence on daily business transactions; however, information security re- mains a huge concern for both users and businesses. The threat landscape of information security keeps growing, making it more complex than ever. Over-reliance on technological solutions alone cannot guarantee a secured information environment; the human aspects of information security should be given a thought. Many of the operations required to secure information assets are to some extent dependant on the human factor. This study analysed the cause of information secu- rity breaches within Kumasi Metropolitan Assembly, Ghana.
The case company has had a series of security breaches, which have affected its business opera- tions. Hence the need to look in to the cause and address the challenge.
Professional literature and articles were reviewed to build the theoretical bases for the study. The theoretical bases cantered on securing information assets with policies and frameworks. Moreover, securing information systems requires user awareness of security measures, as well as the understanding of security breaches. The main themes used in the knowledge base included Securing Information Assets in an Organisation, Information Security Policy Basics, Guidelines and Procedures, Standards, Baselines, Frameworks, Information Security Awareness and Training
The research deployed mixed data collections methods, including both qualitative and quantita- tive data collection methods; the study analysed various security breaches as well as interviews carried out with the IT manager at the organisation. The results of the data analysis revealed that the organisation does not have a clear security monitoring and acceptable use policy on the use of external devices by employees. Again, staff lack the requisite skills and training to under- stand how information security works.
The results are of use to the organisation and other similar institutions who intend to understand the cause of information security breaches at the work place. The study will also help the practi- tioner in drafting security policies and designing training for employees.
The case company has had a series of security breaches, which have affected its business opera- tions. Hence the need to look in to the cause and address the challenge.
Professional literature and articles were reviewed to build the theoretical bases for the study. The theoretical bases cantered on securing information assets with policies and frameworks. Moreover, securing information systems requires user awareness of security measures, as well as the understanding of security breaches. The main themes used in the knowledge base included Securing Information Assets in an Organisation, Information Security Policy Basics, Guidelines and Procedures, Standards, Baselines, Frameworks, Information Security Awareness and Training
The research deployed mixed data collections methods, including both qualitative and quantita- tive data collection methods; the study analysed various security breaches as well as interviews carried out with the IT manager at the organisation. The results of the data analysis revealed that the organisation does not have a clear security monitoring and acceptable use policy on the use of external devices by employees. Again, staff lack the requisite skills and training to under- stand how information security works.
The results are of use to the organisation and other similar institutions who intend to understand the cause of information security breaches at the work place. The study will also help the practi- tioner in drafting security policies and designing training for employees.