Legal and policy aspects to consider when providing information security in the corporate environment

E-commerce is growing rapidly due to the massive usage of the Internet to conduct commercial transactions. This growth has presented both customers and merchants with many advantages. However, one of the challenges in E-commerce is information security. In order to mitigate e-crime, the South African government promulgated laws that contain information security legal aspects that should be integrated into the establishment of information security. Although several authors have written about legal and policy aspects regarding information security in the South African context, it has not yet been explained how these aspects are used in the provision of information security in the South African corporate environment. This is the premise upon which the study was undertaken. Forty-five South African organisations participated in this research. Data gathering methods included individual interviews, website analysis, and document analysis. The findings of this study indicate that most organisations in South Africa are not integrating legal aspects into their information security policies. One of the most important outcomes of this study is the proposed Concept Model of Legal Compliance in the Corporate Environment. This Concept Model embodies the contribution of this study and demonstrates how legal requirements can be incorporated into information security endeavours. The fact that the proposed Concept Model is technology-independent and that it can be implemented in a real corporate environment, regardless of the organisation’s governance and management structure, holds great promise for the future of information security in South Africa and abroad. Furthermore, this thesis has generated a topology for linking legislation to the provision of information security which can be used by any academic or practitioner who intends to implement information security measures in line with the provisions of the law. It is on the basis of this premise that practitioners can, to some extent, construe that the integration of legislation into information security policies can be done in other South African organisations that did not participate in this study. Although this study has yielded theoretical, methodological and practical contributions, there is, in reality, more research work to be done in this area.School of ComputingD. Phil. (Information Systems

The Role of Boards in Reviewing Information Technology Governance (ITG) as Part of Organizational Control Environment Assessments

IT Governance (ITG) is an important topic as US companies must now monitor ITG under the provisions of the Sarbanes-Oxley Act (2002) (Hoffmann, 2003). Trites (2003) indicates that directors are responsible for strategic planning, internal control structures and business risk. The control environment is defined in Australian Auditing Standard AUS 402 to mean "the overall attitude, awareness and actions of management regarding internal control and its importance to the entity". This paper contributes to the knowledge of ITG by forming an integrated ITG Literature (IIL) which links prior research to four key dimensions of ITG. The paper presents a review of literature on ITG performance measurement systems which assess the ability of organizations to achieve these four ITG dimensions. A revised ITG Dimensions Model offered for consideration. The final contribution of the paper is to propose critical issues Boards should consider as part of their assessment of organizational control environments

Governance and information governance: some ethical considerations within an expanding information society

Governance and information governance ought to be an integral part of any government or organisations information and business strategy. More than ever before information and knowledge can be produced, exchanged, shared and communicated through many different mediums. Whilst sharing information and knowledge provides many benefits it also provides many challenges and risks to governments, global organisations and the individual citizen. Information governance is one element of a governance and compliance programme, but an increasingly important one, because many regulations apply to how information is managed and protected from theft and abuse, much of which resides with external agencies usually outside the control of the individual citizen. This paper explores some of the compliance and quality issues within governance and information governance including those ethical concerns as related to individual citizens and multiple stakeholders engaged directly or indirectly in the governance process

From SRI to ESG: The Changing World of Responsible Investing

The terms socially-responsible investing (SRI), mission-related investing, impact investing and environmental, social and governance (ESG) investing -- all frequently grouped under the heading of responsible investing -- have become a familiar part of the vocabulary of institutional and retail investors. Just what these terms mean in practice, however, and how their practitioners' claims can be impartially assessed, has been less clear. Responsible investing can be broken into three main categories: Socially-responsible investing (SRI) A portfolio construction process that attempts to avoid investments in certain stocks or industries through negative screening according to defined ethical guidelines. Impact investing Investing in projects, companies, fund or organizations with the express goal of generating and measuring effecting mission-related social, environmental or economic change alongside financial returns. Environmental, social and governance (ESG) investing Integrating the three ESG factors into fundamental investment analysis to the extent that they are material to investment performance. While these terms may all be gathered under the term responsible investing, these approaches serve very different purposes. SRI and impact investing use funding and investment activities to express institutional values or advance the institution's mission. In contrast, ESG investing aims to improve investment performance, thereby making additional resources available for mission support. For a long time, SRI was by far the most widely-used of the three approaches. In recent years, however, it has been argued that, although negative screening can be a useful tool for institutions desiring to express ethical, religious or moral values through their investment portfolio, for many it may prove too restrictive. ESG analysis, on the other hand, takes a broader view, examining whether environmental, social and governance issues may be material to a company's performance, and therefore to the investment performance of a long-term portfolio. Thus, while not every institution will choose to engage in SRI or impact investing, fiduciaries of long-term institutional investors should seek to develop a well-reasoned view on their institution's approach to ES

Corporate governance, stakeholding and the nature of employment relations within the firm

This paper investigates the effect of different forms of corporate governance on the structure and nature of stakeholder relationships within organizations and the consequent impact on employment relations within the firm. In this, HRM assumes a dual role in delivering improvements in production efficiency and in fostering employee commitment to the organization and its objectives. However, different forms of corporate governance prioritise stakeholder interests in ways that may bring these two objectives into conflict. To address these questions, we examine the interrelationship between corporate governance, HRM practices and HRM outcomes in a comparative analysis of companies operating under alternative forms of governance, including private sector, public sector and family-owned firms. The empirical analysis is based on the UK Work and Employment Relations Survey (WERS98)

A Roadmap for Integrating Human Rights Into the World Bank Group

Offers a framework for linking effective international development and poverty reduction with human rights, including empowering communities to use the World Bank Group's grievance mechanisms. Outlines accomplishments, shortfalls, and recommendations

Sustainability in the boardroom: An empirical examination of Dow Jones sustainability world index leaders

In recent years, there has been a virtual explosion of interest in corporate governance. Corporate scandals and the need to protect minority shareholders' interests, for example, are some of the reasons behind the development of corporate governance codes in numerous countries and corporations. At the same time, the concepts of "sustainable development", "corporate responsibility", and "corporate citizenship" have taken root in the business world. Although an extensive body of research treats the fields of corporate governance and sustainable development separately, less attention has been paid to the interaction between both fields. This paper attempts to bridge this gap by examining how corporate governance systems are evolving in order to integrate sustainable development thinking into them. We do so by analyzing the governance systems of the 18 corporations that are leading the market sectors considered by the Dow Jones Sustainability World Index (DJSWI). We present the results of our in depth analysis of the 18 cases and propose the Sustainable Corporate Governance Model that emerges from that analysis.Corporate governance; sustainable corporate governance; sustainable enterprise; sustainable development; business in society;

Rating the Raters: Evaluating how ESG Rating Agencies Integrate Sustainability Principles

Environmental, social, and governance (ESG) rating agencies, acting as relevant financial market actors, should take a stand on working towards achieving a more sustainable development. In this context, the objective of this paper is, on the one hand, to understand how criteria used by ESG rating agencies in their assessment processes have evolved over the last ten years and, on the other hand, to analyze whether ESG rating agencies are contributing to fostering sustainable development by the inclusion of sustainability principles into their assessment processes and practices according to the ESG criteria. This research is based on a comparative descriptive analysis of the public information provided by the most representative ESG rating and information provider agencies in the financial market in two periods: 2008 and 2018. The findings show that ESG rating agencies have integrated new criteria into their assessment models to measure corporate performance more accurately and robustly in order to respond to new global challenges. However, a deep analysis of the criteria also shows that ESG rating agencies do not fully integrate sustainability principles into the corporate sustainability assessment process

Correlating Architecture Maturity and Enterprise Systems Usage Maturity to Improve Business/IT Alignment

This paper compares concepts of maturity models in the areas of Enterprise Architecture and Enterprise Systems Usage. We investigate whether these concepts correlate, overlap and explain each other. The two maturity models are applied in a case study. We conclude that although it is possible to fully relate constructs from both kinds of models, having a mature architecture function in a company does not imply a high Enterprise Systems Usage maturity