Go home now Header Background Image
Search
Submission Procedure
share: |
Special Issues
Submission Procedure
Aims and Scope
Board of Editors
What's New
 
Follow us
 
Articles by Topics
Articles by Author
Geographical Mashup
List of Topics
 
Printed Publications
 
Volume 26 (2020)
Volume 25 (2019)
Volume 24 (2018)
Volume 23 (2017)
Volume 22 (2016)
Volume 21 (2015)
Volume 20 (2014)
Volume 19 (2013)
Volume 18 (2012)
Issue 1
Issue 2
Issue 3
Issue 4
Issue 5
Issue 6
Issue 7
Issue 8
Issue 9
Issue 10
Issue 11
Issue 12
Issue 13
Issue 14
Issue 15
Issue 16
Issue 17
Issue 18
Issue 19
Issue 20
Volume 17 (2011)
Volume 16 (2010)
Volume 15 (2009)
Volume 14 (2008)
Volume 13 (2007)
Volume 12 (2006)
Volume 11 (2005)
Volume 10 (2004)
Volume 9 (2003)
Volume 8 (2002)
Volume 7 (2001)
Volume 6 (2000)
Volume 5 (1999)
Volume 4 (1998)
Volume 3 (1997)
Volume 2 (1996)
Volume 1 (1995)
Volume 0 (1994)
 
Collection of other papers
Volume 18 / Issue 6

available in:   PDF (79 kB) PS (290 kB)
 
get:  
Similar Docs BibTeX   Write a comment
  
get:  
Links into Future
 
DOI:   10.3217/jucs-018-06-0845

 

A Framework for the Comparison of Best Practice Recommendations and Legal Requirements for South African Banks

Carla-Lee Botha (University of South Africa, South Africa)

Elmarie Kritzinger (University of South Africa, South Africa)

Marianne Loock (University of South Africa, South Africa)

Abstract: South African home users of the Internet use it to perform various everyday functions. These functions include, but are not limited to, online shopping, online gaming, social networking and online banking. Home users of online banking face multiple threats, such as phishing and social engineering. These threats come from hackers attempting to obtain confidential information, such as online banking authentication credentials, from home users. It is, thus, essential that home users of online banking be made aware of these threats, how to identify them and what countermeasures to implement to protect themselves from hackers. In this respect, information security awareness (ISA) programmes are an effective way of making the home users of online banking aware of both the threats they face and the countermeasures available to protect themselves from these threats. South African banks have to comply with certain legal requirements when implementing information security awareness initiatives. Non-compliance or failure to demonstrate due care and due diligence, should a security incident occur, will result in financial penalties for the bank as well as possible brand damage and loss of customers. Banks implement international best practice recommendations in an effort to comply with legislation. These include recommendations for information security awareness. This research proposes a framework which, predominantly, can be applied when determining and comparing information security best practice recommendations and information security legal requirements for online banking. The primarily aim of this paper is to investigate whether the implementation of best practices are sufficient to comply with legal requirements. A selected list of information security best practices was investigated for best practice recommendations while a selected list of information security legislation was also investigated for legal requirements imposed on South African banks. A gap analysis was performed on both these recommendations and requirements to determine whether the implementation of best practice recommendations results in compliance with legal requirements. The gap analysis found that the implementation of best practice recommendations does not result in compliance with legal requirements. Accordingly, the outcome of this research highlights the importance of applying such a framework in a comprehensive fashion to understand the legal requirements imposed and ensure that adequate controls are in place for achieving compliance.

Keywords: South Africa, best practice, home users, information security awareness, legislation, online banking

Categories: H.3.5, K.3.2, K.6.5