Data Security Measures in the IT Service Industry: A Balance between Knowledge & Action

Journal of Digital Forensics, Security and Law. 2008;3(4):5-22

 

Journal Homepage

Journal Title: Journal of Digital Forensics, Security and Law

ISSN: 1558-7215 (Print); 1558-7223 (Online)

Publisher: Association of Digital Forensics, Security and Law

Society/Institution: Association of Digital Forensics, Security and Law

LCC Subject Category: Law: Law in general. Comparative and uniform law. Jurisprudence: Comparative law. International uniform law: Criminal law and procedure

Country of publisher: United States

Language of fulltext: English

Full-text formats available: PDF

 

AUTHORS

N. Mlitwa (IT Department, Faculty of Informatics & Design Cape Peninsula University of Technology)
Y. Kachala (IT Department, Faculty of Informatics & Design Cape Peninsula University of Technology)

EDITORIAL INFORMATION

Double blind peer review

Editorial Board

Instructions for authors

Time From Submission to Publication: 10 weeks

 

Abstract | Full Text

That knowledge is power is fast becoming a cliche within the intelligentsia. Such power however, depends largely on how knowledge itself is exchanged and used, which says a lot about the tools of its transmission, exchange, and storage. Information and communication technology (ICT) plays a significant role in this respect. As a networked tool, it enables efficient exchanges of video, audio and text data beyond geographical and time constraints. Since this data is exchanged over the worldwide web (www), it can be accessible by anyone in the world using the internet. The risk of unauthorised access, interception, modification, or even theft of confidential information, leading to financial losses in information dependant competitive¬Ě institutions is therefore high. Improving efficiencies through ICT therefore, comes with security responsibilities. The problem however is that most organizations tend to focus on task-enhancing efficiencies and neglect security. Possibly due to limited awareness about security, underestimating the problem, concerns about security costs, or through plain negligence. The activity theory of Engestrm and the activity analysis development framework of Mursu et al are used as analytical lenses to the cybercrime challenge in this paper. A practical case study of Company X, an IT service provider in Malawi is then used to understand the extent to which organisations that offer electronic data solutions prioritise security in their operations. It is found that even better informed organisations fall short in taking adequate data security measures. A recommendation for all organisations is that they should not only have a clear policy, but also ensure that it is routinely and consistently implemented throughout the operations if information capital is to be secured. A framework towards a holistic approach to thinking about, and in addressing cybercrime is suggested, and recommended in the paper.