Compliance with ICT Governance in Corporate South Africa

Abstract

An extensive search through various scholarly databases has revealed that prior to this study, there was no
conceptual model to guide corporate South Africa in the implementation of cybersecurity within the broader framework of
the law. The proposed conceptual model combines legal requirements and cybersecurity operational needs in a single model.
The study adopted a hypothetical company to demonstrate how the proposed model can be implemented in a corporate
environment. Qualitative research was conducted, using in-depth interviews and document analysis as data collection
techniques. Forty-five local organisations were purposively included in the study. Analysis of the data showed that
organisations are not abreast of cybersecurity policies. Most cybersecurity practitioners are not familiar with the legal and
policy aspects that they must adhere to when implementing cybersecurity, therefore most organisations do comply with the
law in South Africa. The study proposed a conceptual model that can be implemented in real companies, irrespective of their
governance and management structures, to improve the provision of the cybersecurity.