Abstract:

Information system security is very important to organisations. To protect information systems from threats, organisations must implement information system security policies. In many cases most employees are not aware of the security policies in their organisations. The few that are aware are let down by their companies’ failure to implement security training programmes. In the end, employees fail to follow the organisation’s security polices out of ignorance. The solution to this problem is two-fold. First, companies must create security policies and then develop sustainable awareness training campaign to inform and educate staff of the existence of these policies. The security policies will define the tolerable use of organisational data, and will help the organisation in minimizing the threats.

This research study took a quantitative research approach and questionnaires were distributed to different organisations in the Greater Mahikeng area, one of South Africa’s cities. Statistical software, (SPSS) was used to analyse the data. The results of the study showed that most employees in these organisations are not aware of the information security policies implemented in their organisations. The few who were aware of the policies contended that awareness programmes are not in place for educating employees of the right security procedures.