Legal implications of information security governance
- Authors: Etsebeth, Verine
- Date: 2009-01-08T13:04:36Z
- Subjects: Computer security , Data protection , Liability (Law) , Information technology management , Computer network security , Business enterprises
- Type: Thesis
- Identifier: uj:14757 , http://hdl.handle.net/10210/1837
- Description: LL.M. , Organisations are being placed under increased pressure by means of new laws, regulations and standards, to ensure that adequate information security exists within the organisation. The King II report introduced corporate South Africa to the concept of information security in 2002. In the same year the Electronic Communications and Transactions Act 25 of 2002 addressed certain technical information security issues such as digital signatures, authentication, and cryptography. Therefor, South Africa is increasingly focussing its attention on information security. This trend is in line with the approach taken by the rest of the international community, who are giving serious consideration to information security and the governance thereof. As organisations are waking up to the benefits offered by the digital world, information security governance is emerging as a business issue pivotal within the e-commerce environment. Most organisations make use of electronic communications systems such as e-mail, faxes, and the world-wide-web when performing their day-to-day business activities. However, all electronic transactions and communications inevitably involve information being used in one form or another. It may therefor be observed that information permeates every aspect of the business world. Consequently, the need exists to have information security governance in place to ensure that information security prevails. However, questions relating to: which organisation must deploy information security governance, why the organisation should concern itself with this discipline, how the organisation should go about implementing information security governance, and what consequences will ensue if the organisation fails to comply with this discipline, are in dispute. Uncertainty surrounding the answers to these questions contribute to the reluctance and skepticism with which this discipline is approached. This dissertation evolves around the legal implications of information security governance by establishing who is responsible for ensuring compliance with this discipline, illustrating the value to be derived from information security governance, the methodology of applying information security governance, and liability for non-compliance with this discipline, ultimately providing the reader with certainty and clarity regarding the above mentioned questions, while simultaneously enabling the reader to gain a better understanding and appreciation for the discipline information security governance. The discussion hereafter provides those who should be concerned with information security governance with practical, pragmatic advice and recommendations on: (i) The legal obligation to apply information security; (ii) Liability for failed information security; (iii) Guidelines on how to implement information security; and (iv) A due diligence assessment model against which those responsible for the governance and management of the organisation may benchmark their information security efforts.
- Full Text:
The influence of an ERP system on the value chain process of multinational enterprises (MNEs)
- Authors: Bosombo, Folo-Ralph
- Date: 2009-03-20T09:57:50Z
- Subjects: Business enterprises , Computer networks , Information technology management
- Type: Thesis
- Identifier: uj:8218 , http://hdl.handle.net/10210/2286
- Description: M.A. , The study set out to assess the influence of enterprise resource planning (ERP) system software on the value chain process of multinational enterprises (MNEs). This was achieved through the literature review that addressed the relation between the value chain approach as a strategic tool and ERP system theory. The ERP system is positioned as a total solution for the MNE, and it contains the best business practices that are derived from the various generic business functions of the value chain architecture and configuration. A set of research hypotheses was developed, which were tested in accordance with the research methodology and the design issues for the qualitative study. The different chapters evolved along with a case study of an ERP system, namely Axapta software. For the quantitative study, preliminary interviews were conducted to select the MNEs that use SAP software. Thereafter a self-administered survey was applied relating to the strategy and the value chain integration through the ERP system to the MNE's ERP system users. The research results in the qualitative study show that for ERP software to integrate the MNE's functional activities and processes in the value chain system globally and effectively, it has to position itself as a value chain system with e-business mechanisms. In addition it has to suit the global ERP characteristics as an information interchange, sharing and service. It has to be a flexible and comprehensive, modular, open, integrated and multifunctional system, with an option to customisation in selecting modules that best suit the MNE's management to craft its business's activities. The above was proved through the analyses of Axapta software attributes by means of a technical strategic planning tool, namely the value chain approaches, and the strategic supply chain factors for ERP software evaluation. Axapta software met the requirements of a general and global ERP system model and it is indeed a value chain system. The following statement can be cited as the most important findings of the qualitative study: For the MNE to derive value from ERP system integration and utilisation, the strategic information technology (IT) plan has to be formulated and followed in order to measure the beneficial cost and efficiency of implementing the ERP system, and to assess the suitability of ERP software during the selection process in accordance with the MNE's objectives that will facilitate the success of ERP implementation usage. ERP software adopted for the MNE has to include the international architecture and configuration types that align with the MNE’s strategy and Internet application. This must include all the necessary value chain functional modules relating to the ERP system as an integrating tool that will influence the MNE to align its strategy to gain ii competitive advantage. Consequently, such an ERP system will allow the MNE to strengthen and integrate all its applications and activities in the value chain system. As a result the different organisational suppliers and partners must be linked with the MNE's value chain system to enhance the operational sites' users to operate efficiently, more reliably and in co-ordination with the MNE. The necessary information and data must be available across the entire organisation's system from the trading partners to the customers so that they can be satisfied on with the necessary urgency. In the statistical analysis conducted from the self-administered survey, the major finding is the positive view of the employers and employees of the customisation of ERP, i.e. SAP software, which helps MNEs to craft the software according to their objectives and with the use of a strategic IT plan. In conclusion the study highlighted the inseparability of ERP system theory from the value chain approaches. Therefore, the study came to position ERP system theoretically as an evaluative tool and technically as a value chain system that becomes an evaluative tool for ERP software activities assessment. Moreover the study pointed out the importance of the use of a strategic IT plan within the MNE. However, the main contribution and value of this study is obviously to assist any MNE in the process of migrating business systems. The methodical approach facilitates the selection and the evaluation of ERP software requirements within an organisation, which can meet its growth targets and objectives. Thus, the strategic supply chain factors for ERP software evaluation and the application of the value chain approaches discussed in this study will contribute to the acquisition of fit and compatible ERP software. The choice of the right ERP software will definitely allow MNEs to derive the benefits of the ERP system across its entire value chain sites (nationally and internationally). It can be concluded from this study that any organisation wanting to invest in ERP system implementation must apply the methodical approach formulated in this study by the researcher. It is recommended that the assessment of an ERP system's modular and functional activities, together with the organisation's value chain activities, be given priority before the acquisition and adoption of the ERP system.
- Full Text: