A functional-interpretive approach to information systems security e competencies development in the higher education institution: a comparativ e case of four South African higher education institutions

Abstract

The research reported in this thesis examines the approaches of four (4) HEIs in the Western Cape Province in South Africa to institutional development of IS security ecompetencies across their full staff compliments. It used a mixed research methodology and multiple case study research design in which four Higher Education Institutions (HEIs) participated. A total of 26 in-depth interviews were conducted and 385 questionnaires were completed. The research found that these HEIs do not formally develop the IS security e-competencies of their IS resources end users. Because end users handle critical information and research projects of importance not only to the HEIs, but also to the country, this situation creates a potential risk to their IS resources. In other words, the HEIs that participated in this research rely more on the ICT security technology itself to protect their IS resources than on the human side of ICT security. This is in direct contrast to the established literature which clearly points out that it is the internal end users that pose the most threats to IS security resources and these threats are more dangerous than the external threats.