{"title":"审查符合POPI的数据存储保护方法","authors":"Nicholas Scharnick, M. Gerber, L. Futcher","doi":"10.1109/ISSA.2016.7802928","DOIUrl":null,"url":null,"abstract":"In business, information security has always been a debated topic amongst management and executives. Investing in something that is intangible is often not seen as priority expenditure as it brings no Return on Investment nor contributes to expanding the business. However, the newly enacted Protection of Personal Information (POPI) Act forces businesses to re-evaluate their stance on information security and data storage protection as POPI requires that “appropriate and reasonable security measures” be put in place to effectively protect all personal information that large organisations as well as smaller businesses process and more importantly store. However, the lack of comprehensive controls found within any one information security approach (information security standard, best practice or framework) to fully address the requirements of the POPI act, leaves businesses exposed to legislative action under POPI. This paper, through the use of a detailed literature review and qualitative content analysis aims to analyze widely implemented information security approaches in the context of POPI compliance. Through identifying themes for data protection within various information security approaches, an evaluation of the comprehensiveness of these approaches and their proposed mechanisms for protecting data within businesses is conducted.","PeriodicalId":330340,"journal":{"name":"2016 Information Security for South Africa (ISSA)","volume":"72 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Review of data storage protection approaches for POPI compliance\",\"authors\":\"Nicholas Scharnick, M. Gerber, L. Futcher\",\"doi\":\"10.1109/ISSA.2016.7802928\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In business, information security has always been a debated topic amongst management and executives. Investing in something that is intangible is often not seen as priority expenditure as it brings no Return on Investment nor contributes to expanding the business. However, the newly enacted Protection of Personal Information (POPI) Act forces businesses to re-evaluate their stance on information security and data storage protection as POPI requires that “appropriate and reasonable security measures” be put in place to effectively protect all personal information that large organisations as well as smaller businesses process and more importantly store. However, the lack of comprehensive controls found within any one information security approach (information security standard, best practice or framework) to fully address the requirements of the POPI act, leaves businesses exposed to legislative action under POPI. This paper, through the use of a detailed literature review and qualitative content analysis aims to analyze widely implemented information security approaches in the context of POPI compliance. Through identifying themes for data protection within various information security approaches, an evaluation of the comprehensiveness of these approaches and their proposed mechanisms for protecting data within businesses is conducted.\",\"PeriodicalId\":330340,\"journal\":{\"name\":\"2016 Information Security for South Africa (ISSA)\",\"volume\":\"72 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 Information Security for South Africa (ISSA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISSA.2016.7802928\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 Information Security for South Africa (ISSA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISSA.2016.7802928","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Review of data storage protection approaches for POPI compliance
In business, information security has always been a debated topic amongst management and executives. Investing in something that is intangible is often not seen as priority expenditure as it brings no Return on Investment nor contributes to expanding the business. However, the newly enacted Protection of Personal Information (POPI) Act forces businesses to re-evaluate their stance on information security and data storage protection as POPI requires that “appropriate and reasonable security measures” be put in place to effectively protect all personal information that large organisations as well as smaller businesses process and more importantly store. However, the lack of comprehensive controls found within any one information security approach (information security standard, best practice or framework) to fully address the requirements of the POPI act, leaves businesses exposed to legislative action under POPI. This paper, through the use of a detailed literature review and qualitative content analysis aims to analyze widely implemented information security approaches in the context of POPI compliance. Through identifying themes for data protection within various information security approaches, an evaluation of the comprehensiveness of these approaches and their proposed mechanisms for protecting data within businesses is conducted.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
