Information security governance implementation within Ghanaian industry sectors: An empirical study

The purpose of this study is to assess the levels of information security governance (ISG) implementation among major Ghanaian industry sectors. The intent is to benchmark inter-industry sector ISG implementation and to identify areas that may require improvement.

Random sampling strategy was used, and data were collected via Web survey. The data analysis utilized a one-way analysis of variance to determine the differences in means of the levels of implementation of ISG focus areas among five main industry sectors.

The results showed that, as a whole, all the industry sectors have only partially implemented ISG. In particular, there existed statistical significant differences in ISG implementation among the industry sectors. Ranking ISG implementation, Financial Institutions were close to completion, Utility Companies, Others (Information Technology, Oil and Gas, Manufacturing) and Public Services had PI ISG and health care and educational institutions were at the planning stages. The result also revealed that all the industry sectors made marginal effort trying to align information security to business strategy, and performance measurement remained the least implemented focus area.

Organizational leaders could use these findings to benchmark industry sectors’ ISG implementation, which could lead to competitiveness. Again, international enterprises that do businesses with these industry sectors would better understand the level of involvement of the top executives in governing information security toward the protection of valuable information assets.