On the State of Information Security in Public Sector Organizations in Ethiopia
Osman, Makeda (2020-06-05)
On the State of Information Security in Public Sector Organizations in Ethiopia
(05.06.2020)
Julkaisu on tekijänoikeussäännösten alainen. Teosta voi lukea ja tulostaa henkilökohtaista käyttöä varten. Käyttö kaupallisiin tarkoituksiin on kielletty.
suljettu
Julkaisun pysyvä osoite on:
https://urn.fi/URN:NBN:fi-fe2020062645990
https://urn.fi/URN:NBN:fi-fe2020062645990
Tiivistelmä
Information and communication technology (ICT) has become a vital part of the developing countries economy. As the use of ICT is increasing in day to day work of the organizations, there is a need to implement measures for ensuring information security of the organizations.
The objective of this thesis is to examine the information security environment of public sector organizations in Ethiopia through assessment of organizations’ security policy and their IT staff information security awareness. Qualitative data were collected using face-to-face interviews from 23 employees of six (6) public sector organisations responsible for managing IT infrastructure. The responses were then examined and analysed using the content analysis. The findings reveal that educational institutes and most of the financial organizations do not have a predefined information security policy and guidelines. Some ICT based organizations had information security policy, although this is not being followed strictly. A lack of information security awareness was also visible as the IT personnel have been found to be involved in several malpractices, such as using pirated software, sharing of removable storage devices, downloading files and software from random links, using social media at workplace, non-usage of secure e-mail, and poor password management. Lack of top-management interest in information security was also found to be one of the primary reasons for the substandard state of information security in the organizations.
The objective of this thesis is to examine the information security environment of public sector organizations in Ethiopia through assessment of organizations’ security policy and their IT staff information security awareness. Qualitative data were collected using face-to-face interviews from 23 employees of six (6) public sector organisations responsible for managing IT infrastructure. The responses were then examined and analysed using the content analysis. The findings reveal that educational institutes and most of the financial organizations do not have a predefined information security policy and guidelines. Some ICT based organizations had information security policy, although this is not being followed strictly. A lack of information security awareness was also visible as the IT personnel have been found to be involved in several malpractices, such as using pirated software, sharing of removable storage devices, downloading files and software from random links, using social media at workplace, non-usage of secure e-mail, and poor password management. Lack of top-management interest in information security was also found to be one of the primary reasons for the substandard state of information security in the organizations.