The status of information security governance within state universities in Zimbabwe

Abstract

This research focused on the identification and evaluation of information security governance practices that are being implemented in Zimbabwean universities. The rapid technological change and the systems interconnectivity has paused new threats to the information systems that can have a significant impact on the business operations of an organization making information security governance a hot topic motivating this study to be done in order to have clear picture of the current status of information security governance in the Zimbabwean universities. The research approach adopted in this dissertation was a case study with one of the Zimbabwean state universities. A combination of self- administered questionnaire and semi structured interviews with the university council members, executive management and IT personnel were conducted to collect data. The findings from this research provided evidence that though the management and the university council do understand the importance of information security, they do not give adequate support to the function. The results also showed that no acceptable code of best practices is being implemented. A number of ISG practices which includes risk management, strategic alignment and resource management are being implemented. The main conclusion drawn from this study was that appropriate measures should be taken to improve implementation and measure of ISG performance in Zimbabwean universities. This study recommended that the management and the university councils in Zimbabwe should give adequate support to information security governance function.