A Holistic Approach for Managing ICT Security in Non-Commercial Organisations : A Case Study in a Developing Country

Abstract: The research reported here is about improvement of the ICT security management process in non-commercial organisations in order to reduce possible financial damage, taking into consideration the realities found in developing countries. The research took place in a developing country—Tanzania, where five organisations were involved. The study is organised into seven papers covering: the state of ICT security management in the organisations; prerequisites when utilising the existing ICT security management approaches in attaining a solution for managing ICT security in the organisations; issues and challenges of managing ICT security; important aspects to be taken into consideration in order to successfully manage ICT security; and how the management of ICT security in non-commercial organisations could be improved. Among others, the research was motivated by the observed need for bridging the perception gap between the management and technicians when dealing with the ICT security problem, and consequently extending to a common understanding by the staff in the various departments and specialities within and between the departments. The thesis contributes to increased empirical knowledge on the importance of the holistic ICT security management process. Particularly, our main contribution is the proposed holistic approach for managing ICT security in non-commercial organisations, organised in the form of guidelines with two main phases: the initialisation phase which involved the introduction of the ICT security management process in the organisation; and the internalised and continuous phase.