CCE Theses and Dissertations

Campus Access Only

All rights reserved. This publication is intended for use solely by faculty, students, and staff of Nova Southeastern University. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, now known or later developed, including but not limited to photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the author or the publisher.

Date of Award

2021

Document Type

Dissertation - NSU Access Only

Degree Name

Doctor of Philosophy (PhD)

Department

College of Computing and Engineering

Advisor

Ling Wang

Committee Member

Paul Dooley

Committee Member

Faith Heikkila

Keywords

data governance, IT Security, security awareness

Abstract

Security breaches and incidents occur almost weekly in the public and private sector. The loss of data can be devastating to individuals, companies, and government entities. In the case of the public sector, the impact to governments and their residents can be even more critical. Depending on the type of data stolen, there can be national security implications in addition to the financial and privacy damage.

The problem this study investigated is the lack of compliance with data governance polices in the public sector, particularly the U.S. Federal government. The goal of this dissertation was to gain a deeper understanding of non-compliance with security polices such as the Federal Information Security Modernization Act (FISMA) security framework. In addition, this study investigated if a formal data governance policy exists within the current security framework. The objective of the study was to examine how changes in procedures and related activities can encourage better policies and achieve greater compliance.

This study was a case study within the U.S. Federal government. The study reviewed various types of government documents such as security policies, inspector general reports, and congressional testimony. In addition to the document review, interviews with key government security experts were conducted. The study investigated the data-aspects of their data protection policies and procedures. The information has been compiled and an analysis of the data was performed.

The study found there were a few issues contributing the non-compliance of FISMA policiessuch as inconsistent understanding of the security policies and procedures by the federal community in general. There appears to be a gap regarding how security polices impact the risk and potential impacts while accomplishing the government mission. The critical finding of this study is that in addition to policy and technology enhancements, more attention is needed for the employees who implement the security policies and the federal community in general. A recent study in 2020 by (Malatji, Marnewick, & von Solms) came to a similar conclusion. The contribution this study offers to the body of knowledge is additional evidence that additional focus and resources are needed for the employees. Improved security procedures, policies, and technologies are extremely important in computer security plan. However, without a properly trained and supported work force, it may not succeed.

To access this thesis/dissertation you must have a valid nova.edu OR mynsu.nova.edu email address and create an account for NSUWorks.

Free My Thesis

If you are the author of this work and would like to grant permission to make it openly accessible to all, please click the Free My Thesis button.

  Contact Author

Share

COinS