Campus Access Only
All rights reserved. This publication is intended for use solely by faculty, students, and staff of Nova Southeastern University. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, now known or later developed, including but not limited to photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the author or the publisher.
Date of Award
Dissertation - NSU Access Only
Doctor of Philosophy (PhD)
College of Computing and Engineering
data governance, IT Security, security awareness
Security breaches and incidents occur almost weekly in the public and private sector. The loss of data can be devastating to individuals, companies, and government entities. In the case of the public sector, the impact to governments and their residents can be even more critical. Depending on the type of data stolen, there can be national security implications in addition to the financial and privacy damage.
The problem this study investigated is the lack of compliance with data governance polices in the public sector, particularly the U.S. Federal government. The goal of this dissertation was to gain a deeper understanding of non-compliance with security polices such as the Federal Information Security Modernization Act (FISMA) security framework. In addition, this study investigated if a formal data governance policy exists within the current security framework. The objective of the study was to examine how changes in procedures and related activities can encourage better policies and achieve greater compliance.
This study was a case study within the U.S. Federal government. The study reviewed various types of government documents such as security policies, inspector general reports, and congressional testimony. In addition to the document review, interviews with key government security experts were conducted. The study investigated the data-aspects of their data protection policies and procedures. The information has been compiled and an analysis of the data was performed.
The study found there were a few issues contributing the non-compliance of FISMA policiessuch as inconsistent understanding of the security policies and procedures by the federal community in general. There appears to be a gap regarding how security polices impact the risk and potential impacts while accomplishing the government mission. The critical finding of this study is that in addition to policy and technology enhancements, more attention is needed for the employees who implement the security policies and the federal community in general. A recent study in 2020 by (Malatji, Marnewick, & von Solms) came to a similar conclusion. The contribution this study offers to the body of knowledge is additional evidence that additional focus and resources are needed for the employees. Improved security procedures, policies, and technologies are extremely important in computer security plan. However, without a properly trained and supported work force, it may not succeed.
Ramon Hurlockdick. 2021. How Non-Compliance Impacts Security Incidents: A Public Sector Case Study of Application Security and Proper Data Governance. Doctoral dissertation. Nova Southeastern University. Retrieved from NSUWorks, College of Computing and Engineering. (1141)