Identifying gaps in IT retail Information Security policy implementation processes

With a considerable amount of support in literature, there is no doubt that the human factor is a major weakness in preventing Information Security (IS) breaches. The retail industry is vulnerable to human inflicted breaches due to the fact that hackers rely on their victims´ lack of security awareness, knowledge and understanding, security behavior and the organization´s inadequate security measures for protecting itself and its clients. The true level of security in technology and processes relies on the people involved in the use and implementation thereof [1]. Therefore, the implementation of IS requires three elements namely: human factors, organizational aspects and technological controls [2]. All three of these elements have the common feature of human intervention and therefore security gaps are inevitable. Each element also functions as both security control and security vulnerability. The paper addresses these elements and identifies the human aspect of each through current and extant literature which spawns new human-security elements. The purpose of this research is to provide evidence that the IT sector of the South African retail industry is vulnerable to the human factor as a result of the disregard for human-security elements. The research points out that the IT sector of the South African retail industry is lacking trust and does not pay adequate attention to security awareness and awareness regarding security accountability. Furthermore, the IT sector of the South African retail industry is lacking: 1) IS policies, 2) process and procedure documentation for creating visibility, and 3) transparency necessary to promote trust. These findings provide support that the identified gaps, either directly or indirectly, relate to trust, and therefore, might be major contributing factors to the vast number of breaches experienced in the South African retail industry. These findings may also provide valuable insight into combatting the human factor of IS within the IT sector, irrespective of industry, which choose to follow an IS model built on the foundation of trust.