Enhancing the governance of information security in developing countries: the case of Zanzibar

A thesis submitted to the University of Bedfordshire, in partial fulfilment of the requirements of the degree of Doctor of PhilosophyOrganisations in the developing countries need to protect their information assets (IA) in an optimal way. This thesis is based upon the argument that in order to achieve fully effective information security management (ISM) strategy, it is essential to look at information security in a socio-technical context, i.e. the cultural, ethical, moral, legal dimensions, tools, devices and techniques. The motivation for this study originated from the concern of social chaos, which results from ineffective information security practices in organisations in the developing nations. The present strategies were developed for organisations in countries where culture is different to culture of the developing world. Culture has been pointed out as an important factor of human behaviour. This research is trying to enhance information security culture in the context of Zanzibar by integrating both social and technical issues. The theoretical foundation for this research is based on cultural theories and the theory of semiotics. In particular, the study utilised the GLOBE Project (House et al, 2004), Competing Values Framework (Quinn and Cameron; 1983) and Semiotic Framework (Liu, 2000). These studies guide the cultural study and the semiotics study. The research seeks to better understand how culture impact the governance of information security and develop a framework that enhances the governance of information security in non-profit organisations. ISO/IEC 27002 best practices in information security management provided technical guidance in this work. The major findings include lack of benchmarking in the governance of information security. Cultural issues impact the governance of information security. Drawing the evidence from the case study a framework for information security culture was proposed. In addition, a novel process model for information security analysis based on semiotics was developed. The process model and the framework integrated both social and technical issues and could be implemented in any non-profit organisation operating within a societal context with similar cultural feature as Zanzibar. The framework was evaluated using this process model developed in this research. The evaluated framework provides opportunities for future research in this area

Democracy, culture and information security: a case study in Zanzibar

Purpose – The purpose of this paper is to investigate the impact of culture on information security in a developing country's view. Design/methodology/approach – Two questionnaires adopted from the GLOBE project and OCAI were used to collect quantitative data on national and organisational culture. Also, a face to face semi‐structured interview was used to get insight into deep‐rooted issues concerning information security in the study environment. In addition, a previous study was used to find correlation of the data in this study. Findings – The findings show that national culture has more influence than organisation culture on information security. We find that the dimensions that influence information security are Power Distance, Uncertainty Avoidance, In‐Group Collectivism, and Future Orientation. Research limitations/implications – This research was conducted in a public sector environment with employees thereby limiting external validity. Also, the population of the survey was small to make a generalisation of the findings. Also, the length of the questionnaire and complexity of questions put off many potential respondents. Practical implications – Culture has impact on information security implementation and therefore the results imply that some consideration should be given when implementing information security models. Originality/value – This study is important because it empirically correlates information security with cultural dimensions in a developing country's environment

Localized trust - the semiotics in culture and e-culture

Intangible trust perceptions have been shown to form an important part of the User Experience (UX) in relation to various B2C (Business- to -Customer) contexts of use. The extant literature appears somewhat immature in relation to intangible trust and UX models from a "non-Western" perspective. Indeed it appears from our recent e-Banking audit using a novel cross-cultural expert evaluation instrument that too often "Western" Banks (such as Deutsche Bank) rely on perceptions of "Eastern" cultures viewed through a lens that relies on stereotypical images, signs and Western style templates. After identifying how trust and semiotics work considering the case of Zanzibar we compare two contrasting e-Bank site localization design paradigms: namely that of Deutsche Bank and HSBC with respect to two target audiences: namely China and Taiwan. The findings of the e-Culture audit are aligned to the ubiquitous set of cultural dimensions first defined by Geert Hofstede. This alignment appears to show that the "Western" stereotypical paradigm is not in alignment with either Hofstede's Individualism/Collectivism metric nor with normative semiotic signs that reflect vibrant local urban street cultures. We go on to suggest that the use of card-sorting may speculatively be used to better engender localized sites that are aligned to local target