Data Security Measures in the IT Service Industry: A Balance between Knowledge & Action
The Association of Digital Forensics, Security and Law (ADFSL)
That “knowledge is power” is fast becoming a cliché within the intelligentsia. Such power however, depends largely on how knowledge itself is exchanged and used, which says a lot about the tools of its transmission, exchange, and storage. Information and communication technology (ICT) plays a significant role in this respect. As a networked tool, it enables efficient exchanges of video, audio and text data beyond geographical and time constraints. Since this data is exchanged over the worldwide web (www), it can be accessible by anyone in the world using the internet. The risk of unauthorised access, interception, modification, or even theft of confidential information, leading to financial losses in information dependant “competitive” institutions is therefore high. Improving efficiencies through ICT therefore, comes with security responsibilities. The problem however is that most organizations tend to focus on task-enhancing efficiencies and neglect security. Possibly due to limited awareness about security, underestimating the problem, concerns about security costs, or through plain negligence. The activity theory of Engeström and the activity analysis development framework of Mursu et al are used as analytical lenses to the cybercrime challenge in this paper. A practical case study of Company X, an IT service provider in Malawi is then used to understand the extent to which organisations that offer electronic data solutions prioritise security in their operations. It is found that even better informed organisations fall short in taking adequate data security measures. A recommendation for all organisations is that they should not only have a clear policy, but also ensure that it is routinely and consistently implemented throughout the operations if information capital is to be secured. A framework towards a holistic approach to thinking about, and in addressing cybercrime is suggested, and recommended in the paper.
Abrams, M.D., Sushil, J. and Podell, H.J. (1995) Information Security. An Integrated Collection of Essays, 1995, IEEE Computer Press. Amazon.com http://www.amazon.com/gp/checkout/address/create.html/102- 1395993-6685731. Accessed on 04 May 4, 2007.
Amidon, Debra M. (1997) Innovation Strategy for the Knowledge Economy: The Ken Awakening; by Butterworth-Heinemann. Azwat, A. (2007) Malicious Software – Facts That Most People don’t know, Avail: www.goarticles.com/cgi-bin/showa.cgi?C=632829, Accessed October 17, 2007.
Badamas, M.A. (2001) Information Management & Computer Security avail: www.emeraldinsight.com/Insight/viewContentItem.do?contentId=862796&con tentType=Article. Accessed October 12, 2007.
Calder, A. and Watkins, S. (2002) IT Governance: A manager’s guide to information security and BS 7799/ IS0 17799, 2002, Kogan Page LTD.
Calder, A and Watkins, S. (2007) IT governance: A manager’s guide to information security and ISO 27001 / ISO 27002 Fourth Edition, 2007, Kogan Page LTD.
Castells, M. (2001) The Rise of the Network Society: The Information Age, Economy, Society and Culture, Oxford; MA: Blackwell Publishers.
Cool, A. (2003) Solving e-commerce issues: some Web strategies.
Engeström, Y. (1999) Activity Theory and Individual and Social Transformation, in
Engeström, Y., Miettinen, R., and Punamaki, R. (eds.). Perspectives on Activity Theory (pp. 19 -38). Cambridge University Press, Cambridge, UK. Engeström, Y., Brown, K., Engeström, R, and Koistinen, K. (1990) Organisational Forgetting: An Activity Theoretical Perspective, in Middleton, D., and Edwards, D, (eds.), Collective Remembering (pp 139 -168), Sage Publications, London.
Furnell, S. (2007) E-commerce security: Available online 08 August 2007.
Huff, D. (2003) Core Audit program Information Technology Security, Avail: www.ucop.edu, Accessed October 17, 2007.
Koller, D. and Leyov M. (2005) Protecting 3d graphics content http://portal.acm.org/citation.cfm?id=1064861. Accessed October 12, 2007.
Leont’ev A.N. (1978) Activity, Consciousness and Personality. Englewood Cliffs, NJ: Prentice Hall.
Merriam Webster’s Collegiate Dictionary 10th ed. Mlitwa, N. (2007) Lecture Notes, BTech Computer Security (CPZ440C) Class, 3 May 2007.
Mlitwa, N.B.W (2006) A Network of Community and Community Informatics: An ANT Perspective, 2006. Constructing and sharing memory: community informatics, identity and empowerment Conference, Prato 2006, available at www.ccnr.net/?q=node/151 (accessed on 04 May, 2007).
Oliver, M.S. (2002) Database privacy: balancing confidentiality, integrity and availability, http://portal.acm.org/citation.cfm?id=772862.772866, Accessed October 17, 2007.
Olsson, J. (2002) Electronic Data Via a Network Infrastructure South African Journal of Information Management.
Theilmann, W. Rothermel, K. (2000), INFOCOM 2000. Nineteenth Annual Joint conference of the IEEE Computer and Communications Societies. Proceedings. IEEE, http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=832197. Accessed October 12, 2007.
U.S. Census Bureau (2000) United Nations – Statistical Division, October 2000.
Wang, Y. (1998) A product perspective on total data quality management http://portal.acm.org/citation.cfm?id=269022. Accessed October 12, 2007.
Whitman M. (2003) Enemy at the gate: threats to information security, Avail: http://portal.acm.org/citation.cfm?doid=859670.859675. Accessed October 17, 2007.
Wu D., Hou T, and Zhang, Q. (2000) Transports real-time video over the Internet: challenges and approaches, http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=899055. Accessed October 12, 2007. www.wipo.int/pctdb/en/wo.jsp?wo=2002067499. www.sajim.co.za (accessed September 4, 2007).
Mlitwa, N. and Kachala, Y.
"Data Security Measures in the IT Service Industry: A Balance between Knowledge & Action,"
Journal of Digital Forensics, Security and Law: Vol. 3
, Article 1.
Available at: https://commons.erau.edu/jdfsl/vol3/iss4/1
Computer Engineering Commons, Computer Law Commons, Electrical and Computer Engineering Commons, Forensic Science and Technology Commons, Information Security Commons