Abstract
Organisations are under constant pressure to comply with information security
requirements. However, this seldom happens. Information security is like a
patchwork quilt - the protection it provides is only as good as its weakest stitch.
The electronic business revolution has compounded this situation, as millions of
dollars are being tossed about, and rules and regulations have yet to be written.
Another problem is that information has to be protected over a geographically
dispersed network. It stands to reason then that instances of unethical, even
criminal, behaviour are growing exponentially.
The principal aim of this research was to consider information security from an
ethical perspective. Information security has been a well researched topic for
several years. Therefore an investigation was carried out as to whether
information security conforms to what individuals and organisations deem as
being morally and behaviourally correct.
An investigation was carried out into the age-old philosophy of ethically correct
behaviour. This was then applied to information security and three ethical
information security controls were identified that could provide protection in this
e-business environment. A framework was developed to illustrate how a “pillar of
strength” can be established in organisations to create an awareness of ethically
correct behaviour in securing information. This framework was applied to
recently accepted information security standards to test their applicability to the
creation of ethical awareness.
The research concludes by determining the ability of organisations to adhere to
ethically correct behavioural patterns in information security.
Prof. J.H.P. Eloff