Abstract
The small, medium and micro enterprise (SMME) environment of South Africa
contributes 42% to the national gross domestic product. This is a high number
for a largely under-regulated environment.
The corporate governance and IT governance standards that apply to South
African companies are not feasible for SMMEs, and neither are they enforced,
although 80% of failures of SMMEs are attributable to lack of enterprise
management skill.
The first objective of this dissertation is to examine the South African SMME,
and in so doing determine whether local regulatory standards can be used for
this unique enterprise formation.
The second objective of this dissertation is to determine whether international
methodologies for information security risk management, as an inclusive of IT
governance, may be used in the unique local SMME formation.
The result of these two objectives creates a gap in a typical information
security risk management methodology that is suitable for the South African
regulatory and economic environment for SMMEs. A model has been created
as a possible answer for filling the gap.
The dissertation includes the Peculium Model, which answers the regulatory
and economic requirements that resulted from the second objective. The
Model allows the small enterprise a simple but effective method for managing
risks to its information assets, with the control of corporate governance and IT
governance included in its framework. The Model answers the methods for
identifying and assessing risk in a tradition-based but feasible new qualitative
technique.
Labuschagne, L., Prof.