Information and Knowledge Management

Following the seamless integration of the internet with computer information systems and the rapid increase in the number of people worldwide who possess the skills needed to launch cyber-attacks on public communication systems, businesses and organizations can hardly assume adequate security by depending on anonymity and geographical location. The basis of this study deepens knowledge on information security management in developing countries. This study uses both quantitative and qualitative approaches to examine the information security management practices of Social Security and National Trust in Ghana. Findings from results from the study suggest significant indications of human factor vulnerabilities and threats to information security. Findings also suggest that high levels of vulnerability to an external attack. Other findings however indicate management level recognition of education and training as very essential in improving information security practices. Although the results of this study may not be generalizable, we recommend that the issue of education and training on information security management should be made top priority on the IT agendas of all organizations in Ghana. A further study is proposed to assess the value placed on information security management within the context of developing countries and the factors that influence these values.

Keywords: Information Security Management, Cyber-attack, developing countries, computerization, security policy, security awareness, education and training