In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Eleventh International Symposium on Human Aspects of Information Security & Assurance (HAISA 2017)
Title: The influence of data protection regulation on the information security culture of an organisation - A case study comparing legislation and offices across jurisdictions
Author(s): Adele Da Veiga
Keywords: information security culture, data protection, legal, regulatory, centralized management, POPIA
Abstract: The information security culture of an organisation is influenced by various factors, of which one could be related to legal and regulatory requirements. While employees must comply with organisational policies, external factors like data protection legislation might influence the manner in which employees protect information assets. This research sets out to investigate whether the information security culture level is consistent across offices of an organisation located in jurisdictions with and without data protection legislation and if the timeframe of the implemented data protection regulation might have had an impact. An information security culture survey was conducted in an organisation that follows a centralised approach to information security. Statistical analysis was conducted to compare the information security culture data of offices across six data protection jurisdictions where the organisation operates, namely Mauritius, Switzerland, Guernsey, South Africa, United Kingdom and Australia. It was found that the three offices (Mauritius, Switzerland and Guernsey), that had significantly more positive results, were all based in jurisdictions with implemented data protection legislation. However, the timeframe of the implemented data protection legislation did not seem to influence the information security culture mean scores, although the legislation incorporates the data protection principle of security. While data protection legislation might play a role to cultivate a more positive information security culture, other factors such as a large staff component could also play a role which can be further investigated.
Download count: 364
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.