Effectiveness of Information Security Policies in some Public Sectors in some Public Sector Institutions

Abstract

This study focuses on the issue of the effectiveness of information security policy and procedure in the public sector in Sudan. The objectives of it are to develop the effectiveness of information security policies and applications at the public sector entities. Correspondingly, the analysis that uses of mix methods was held with those in charge for their organization’s information security and design specials code work to develop a system to help monitor networks and regularly evaluate the security policy of the institutions. These interviews and survey discussed how the organizations selected the counter-measures. The two most significant issues found in this research to avoid lack of information security policies framework have been identified as one of the main factors that contribute to the slow progress in the implementation of information security measures in institutions and management commitment and lack of employees’ understanding of information security. The scope and content of an effective security policy vary greatly depending on the nature of the organization activities, for which it was prepared. Principles, which remain useful regardless of the volume of the organization to which they apply, receive attention. Whatever the volume of an organization, and whatever its present situation of information security overall policy, there is always objective behind for a salutary check of existing policy and proceedings. The research finds that the main problem of the information security policies in the public sector in Sudan is the review, development and enforcement of a documented policy of each institution. Accordingly, the code was developed to help the monitor and regularly evaluate and develop the security policy of the institution.