2 research outputs found
An empirical investigation into the information management systems at a South African financial institution
The study has been triggered by the increase in information breaches in financial organizations worldwide. Such organizations may have policies and procedures, strategies and systems in place in order to mitigate the risk of information breaches, but data breaches are still on the rise. The objectives of this study are to explore the shortfalls of information security on a South African financial institution and further investigate whether business processes are responsive to organization’s needs. This study employed both quantitative and qualitative research methods. Questionnaires were sent to staff level employees, and semi-structured in-depth interviews were conducted with senior management at the organization. The study revealed that employees require training on information management and that there are major training deficiencies for training officers to conduct beneficial information management training at the organization. Information security program that include business risk analysis were not implemented, which results in inadequate information management planning and decisions. A standardized or uniform house rule policy was not consistently implemented across the organization, which resulted in certain areas not protecting information. The qualitative findings revealed that the external cleaning company could obtain access to customer information, if customer data are left lying around. Furthermore, there is major misalignment between policy setters and employees in this organization. The findings allow senior managers to construct projects and program with their teams to improve the state of information management in the organization which spans across the people aspect, technology systems and general information management processes. Furthermore, external companies should start signing Non-Disclosure Agreements - which is not being done currently as this opens the door for data fraud. The organization has information management and security policies in place, but the study concluded that employees do not understand these policies and should receive specialized training to ensure understanding and, ultimately, have employees following these information security policies.
Keywords: data breach, information management, business processes, information legislation. JEL Classification: G
An empirical investigation into the information management systems at a South African financial institution
Thesis (MTech (Business Administration))--Cape Peninsula University of Technology, 2016.The study has been triggered by the increase in information breaches in organisations. Organisations may have policies and procedures, strategies and systems in place in order to mitigate the risk of information breaches; however, data breaches are still on the rise. Governments across the world have or are putting in place laws around data protection which organisations have to align their process, strategies and systems to. The continuous and rapid emergence of new technology is making it even easier for information breaches to occur. In particular, the focus of this study is aimed at the information management systems in a selected financial institution in South Africa. Based on the objectives, this study: explored the shortfalls of information security on a South African financial institution; investigated whether data remains separate while privacy is ensured; investigated responsiveness of business processes on information management; investigated the capability of systems on information management; investigated the strategies formulated for information management and finally, investigated projects and programmes aimed at addressing information management. Quantitative, as well as qualitative analysis, was employed whereby questionnaires were sent to employees who were employed at junior management positions. Semi- structured in-depth interviews were self-administered whereby the researcher interviewed senior management at the organisation. These senior managers from different value chains are responsible for implementing information management policies and strategy