Journal of Digital Forensics, Security and Law (Dec 2008)

Data Security Measures in the IT Service Industry: A Balance between Knowledge & Action

  • N. Mlitwa,
  • Y. Kachala

Journal volume & issue
Vol. 3, no. 4
pp. 5 – 22

Abstract

Read online

That knowledge is power is fast becoming a cliche within the intelligentsia. Such power however, depends largely on how knowledge itself is exchanged and used, which says a lot about the tools of its transmission, exchange, and storage. Information and communication technology (ICT) plays a significant role in this respect. As a networked tool, it enables efficient exchanges of video, audio and text data beyond geographical and time constraints. Since this data is exchanged over the worldwide web (www), it can be accessible by anyone in the world using the internet. The risk of unauthorised access, interception, modification, or even theft of confidential information, leading to financial losses in information dependant competitive institutions is therefore high. Improving efficiencies through ICT therefore, comes with security responsibilities. The problem however is that most organizations tend to focus on task-enhancing efficiencies and neglect security. Possibly due to limited awareness about security, underestimating the problem, concerns about security costs, or through plain negligence. The activity theory of Engestrm and the activity analysis development framework of Mursu et al are used as analytical lenses to the cybercrime challenge in this paper. A practical case study of Company X, an IT service provider in Malawi is then used to understand the extent to which organisations that offer electronic data solutions prioritise security in their operations. It is found that even better informed organisations fall short in taking adequate data security measures. A recommendation for all organisations is that they should not only have a clear policy, but also ensure that it is routinely and consistently implemented throughout the operations if information capital is to be secured. A framework towards a holistic approach to thinking about, and in addressing cybercrime is suggested, and recommended in the paper.