Abstract
Since the deployment of information and communications technology (ICT) in the public sector, the public sector has been exposed to increasing security breaches and cyber-related crimes that have resulted in unauthorised access, theft, fraud, and misuse of highly confidential, classified, and sensitive public sector data and information (PSDI) assets. The government, as one of the biggest collectors and distributors of PSDI assets, needs to be constantly aware of the risks associated with the collection, classification, storage, and dissemination of critical PSDI assets. In order to mitigate and counteract critical and sensitive data and information-related crimes in the government, it must understand and analyse the importance of data and information security governance (DISG) and how it should be institutionalised through an integrated approach to improve and protect PSDI assets. The focus of this study is the protection of PSDI assets in three national government departments, namely the Department of Energy (DoE), the Department of Environmental Affairs (DEA), and the Department of Science and Technology (DST). This study investigates how the strategic combination of data governance and information security governance (ISG) practices and principles could be implemented and incorporated as one of the various approaches in public sector institutions in order to improve the DISG management functions of an organisation’s overall data and information systems and processes. A qualitative approach is followed using a case study strategy. Primary data were collected through semi-structured interviews and were analysed through thematic analysis. The final research findings were presented according to the McKinsey 7S model, which served as the analytical framework in this study. The study concludes that there is currently a lack of sufficient DISG policies, management practices and systems, particularly in the public sector, and recommendations for the institutionalisation of improved and integrated DISG practices are presented according to the McKinsey 7S model.
M.Com. (Public Management and Governance)