Information Security governance and the adoption of Best Practice Frameworks in the Social Housing Sector
McMorran, H. (2015). Information Security governance and the adoption of Best Practice Frameworks in the Social Housing Sector (MSc Strategic ICT Leadership). Edinburgh Napier University (Cruickshank, P.,
The aim of this dissertation was to evaluate the approach taken to information security governance within the Housing sector and whether adopting best practice frameworks would assist implementation. The von Solms model for information security governance was selected from literature for evaluation purposes. In addition to the five components of the chosen model, external compliance and cultural factors were also considered.
Research was carried out among thirteen housing associations, motivated by two research questions: 1. What are the business drivers for the implementation of information security governance? 2. What factors help or hinder the adoption of information security?, to test if an adapted best practice framework for information security governance is of benefit to housing associations and will help to promote implementation of good information security governance.
Data was gathered from six interviews, an online questionnaire and a document review using triangulation of research methods to help provide a fuller picture and more complete findings.
The results show housing associations have been reactive in implementing information security governance through the necessity to comply with various regulating bodies. There has been a shift in information security awareness due to high profile cases of data protection incidents and this is helping improve information security overall. Best practice implementation is not consistent but the housing associations that have knowledge in this area all have staff that have taken part in recent vocational training and have used this new found knowledge to adapt relevant best practice frameworks around business need.
This work offers insight into the implementation of information security best practice principles within the housing sector by identifying the business drivers and factors which help or hinder the adoption of information security governance.