The role of data and information security governance in protecting public sector data and information assets in national government in South Africa

Africa's Public Service Delivery and Performance Review

Field Value
Title The role of data and information security governance in protecting public sector data and information assets in national government in South Africa
Creator Masilela, Lucia Nel, Danielle
Subject — information technology; digital government; data governance; information security; information and security governance.
Description Background: The deployment of information and communications technology (ICT) in the public sector, has been exposed to increasing security breaches and cyber-related crimes that have resulted in unauthorised access, theft, fraud and misuse of highly confidential, classified and sensitive public sector data and information (PSDI) assets. The government, as one of the biggest collectors and distributors of PSDI assets, needs to be constantly aware of the risks associated with the collection, classification, storage and dissemination of critical PSDI assets. The lack of sufficient data and information security measures could pose significant security risks that could impact on state security, thus causing national working relationships to be strained, which presents gaps and opportunities for external intruders to capitalise on the mistrust of the government to infiltrate further attacks on critical Information Technology (IT) infrastructure and systems. In order to mitigate and counteract critical and sensitive data and information-related crimes, the government must understand and analyse the importance of data and information security governance (DISG) and how it should be institutionalised through an integrated approach to improve and protect PSDI assets.Aim: The aim of this article is to analyse the institutionalisation of DISG measures government has implemented towards the protection of PSDI assets.Setting: The research setting is in three national government departments, namely the Department of Energy (DoE), the Department of Environmental Affairs (DEA) and the Department of Science and Technology (DST). This study investigates how the strategic combination of data governance (DG) and information security governance (ISG) practices and principles could be implemented and incorporated as one of the various approaches in public sector institutions to improve the DISG management functions of an organisation’s overall data and information systems and processes.Methods: The research approach is qualitative, and the research methodology includes a multiple case study design. Data were collected through semi-structured interviews and was triangulated with literature review. Primary data was analysed using thematic analysis.Results: The research findings are presented according to the McKinsey 7S model, which served as the analytical framework in the study. The research findings indicate that the institutionalisation of DISG management practices and functions in the South African public sector context are very limited, and there is a dominant focus on IT and IT security. It was also identified that DISG policies, practices, and systems have been found to be lacking in public sector management and governance functions.Conclusion: The study concludes that there is currently a lack of sufficient DISG policies, management practices and systems, particularly in the national sphere of government.
Publisher AOSIS
Date 2021-01-21
Type info:eu-repo/semantics/article info:eu-repo/semantics/publishedVersion — Qualitative reseacrh
Format text/html application/epub+zip text/xml application/pdf
Identifier 10.4102/apsdpr.v9i1.385
Source Africa’s Public Service Delivery & Performance Review; Vol 9, No 1 (2021); 10 pages 2310-2152 2310-2195
Language eng
The following web links (URLs) may trigger a file download or direct you to an alternative webpage to gain access to a publication file format of the published article:
Coverage South Africa, Gauteng — —
Rights Copyright (c) 2021 Lucia Masilela, Danielle Nel