Next Article in Journal
Promoting Critical Thinking in Biological Sciences in the Era of Artificial Intelligence: The Role of Higher Education
Previous Article in Journal
A Critical Systematic Review of the Impact of the Flipped Classroom Methodology on University Students’ Autonomy
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Trends in Higher Education
Volume 4
Issue 2
10.3390/higheredu4020023
higheredu-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
first_page
settings
Order Article Reprints
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
Article

Information Security Functions Readiness Amidst COVID-19 in Higher Education in South Africa

by
Lerato Teane
1 and
Ntswaki Matlala
2,*
1
Johannesburg Business School (JBS), Faculty of Business and Economics, University of Johannesburg, Auckland Park, Johannesburg 2092, South Africa
2
Department of Information and Communication Systems, University of Johannesburg, Auckland Park, Johannesburg 2092, South Africa
*
Author to whom correspondence should be addressed.
Trends High. Educ. 2025, 4(2), 23; https://doi.org/10.3390/higheredu4020023
Submission received: 2 December 2024 / Revised: 30 April 2025 / Accepted: 7 May 2025 / Published: 16 May 2025
Browse Figures
Versions Notes

Abstract

:
The COVID-19 pandemic has accelerated digital transformation in various sectors, including higher education in South Africa. This study examines the readiness of information security functions in response to this rapid digital shift. Higher education institutions (HEIs) are transitioning to online platforms and digital tools, so the need to adapt security practices has become critical. The research investigates HEIs’ challenges in aligning their information security strategies with evolving digital initiatives. It explores how HEIs address technological change, staff awareness, and evolving security risks. By examining the relationship between digital transformation and information security, this study offers insights into strengthening the resilience and effectiveness of security functions within South African higher education. The findings highlight significant challenges, including the pace of technological change, inadequate staff training, and a lack of a security-conscious culture. Despite these hurdles, successful strategies such as promoting security awareness, policy adaptation, and improved governance frameworks are key to enhancing institutional preparedness. These insights can guide future efforts in improving information security practices in higher education, ensuring a more secure and resilient digital environment.

1. Introduction

The COVID-19 pandemic has catalysed a rapid shift towards digital transformation (DT) in HEIs across South Africa. As universities and colleges pivot to online learning and digital services, the need for robust information security functions has become increasingly critical [1]. This transformation presents unique challenges, particularly in aligning information security practices with new digital initiatives [2]. The rapid adoption of new technologies often leads to security vulnerabilities, as the pace of technological change can outstrip the development of corresponding security protocols. DT is a multifaceted process that fundamentally alters organisational operations by integrating contemporary information and communication technologies (ICT) to enhance performance and competitiveness. Information security functions encompass the strategies, policies, and practices designed to protect an organisation’s critical assets and data. These functions involve aligning security measures and controls with the organisation’s broader business objectives and IT infrastructure [3]. By ensuring this alignment, information security functions support the protection of sensitive information while enabling the achievement of business goals [4]. This balance between security and operational efficiency is essential for maintaining a robust security posture within the organisation. In the context of this study, information security functions refer to the organisation’s Information Security Office’s efforts to safeguard the organisation’s assets. This transformation presents unique challenges, particularly in aligning information security practices with new digital initiatives [1]. Institutions that proactively developed strategies for embedding security into their digital initiatives reported enhanced governance and improved user engagement, highlighting the importance of aligning information security with DT efforts [5].
This study utilises the Technology–Organisation–Environment (TOE) framework, the Technology Acceptance Model (TAM), and the Resource-based View (RBV) to explore the alignment of information security practices with digital transformation (DT) initiatives in HEIs. The TOE framework proposed by [6] examines how technological, organisational, and environmental factors influence the adoption of innovations. The TAM, introduced by [7], highlights the importance of perceived usefulness (PU) and perceived ease of use (PEOU) in accepting new technologies. Additionally, the RBV, described by [8], emphasises that an organisation’s strategic resources and capabilities are crucial for achieving sustainable competitive advantage.
DT initiatives in HEIs have profoundly impacted cybersecurity, presenting new challenges and risks. The swift integration of technology and the transition to digital learning platforms have increased HEIs’ vulnerability to cyber threats [2]. These risks include exposure to cyberattacks due to limited cybersecurity infrastructure and resources, a lack of awareness among staff and students about cybersecurity threats, and outdated or insufficient security features in the existing infrastructure [9].
Information security alignment involves harmonising information security strategies, policies, and practices with an organisation’s broader business objectives and IT strategies [3]. This process ensures that security measures and controls are aligned with the organisation’s overall goals and IT infrastructure, supporting the protection of critical assets and data while enabling the achievement of business objectives [4]. Maintaining this alignment is essential for balancing security and operational efficiency within an organisation. Information security is a vital component of DT in higher education, encompassing the confidentiality, integrity, and availability of information and assets within institutions [1]. As digital technologies are increasingly applied in teaching, learning, and administrative processes, protecting students’ data, confidential information, and online resources is essential. Aligning DT initiatives with information security is crucial for the strategic operations and long-term success of HEIs [10].
Several strategies have been proposed to enhance information security in HEIs during DT initiatives. Strengthening infrastructure is a key approach, which includes investing in secure networks, updating hardware and software, and ensuring data encryption to safeguard sensitive information [9]. Additionally, increasing cybersecurity awareness by educating staff and students on best practices can significantly mitigate the risk of security breaches [11].
Integrating digital technologies in higher education has transformed the information security landscape, necessitating reevaluating existing practices [12]. As institutions embrace DT, aligning information security measures with these advancements becomes crucial [13]. This research will indirectly explore the challenges and strategies associated with this alignment, emphasising its significance in safeguarding sensitive data and maintaining institutional integrity.
The recent literature underscores the urgency of addressing information security in DT. For instance, the rapid adoption of new technologies often leads to security vulnerabilities, as highlighted by [14], who notes that the pace of technological change can outstrip the development of corresponding security protocols. This research seeks to fill the gap in understanding how higher educational institutions (HEIs) navigate these challenges, particularly in fostering a culture of security awareness among stakeholders, as [15] emphasised.
The rapid adoption of digital technologies in higher education has exposed institutions to various security vulnerabilities. Ref. [16] highlights that the lack of a comprehensive vision for information security can hinder effective alignment with DT efforts. This study seeks to explore how these initiatives influence the readiness of information security functions, particularly in the context of the challenges posed by the COVID-19 pandemic. This study adopted the integration of “Technology Acceptance Model (TAM), Technology-Organization-Environment (TOE), and Resource-Based View (RBV)” theories to answer the following research question: How do digital transformation initiatives influence the alignment of the information security function in higher education? Therefore, this research aims to provide valuable insights into the complex interplay between information security practices and DT initiatives.
The intersection of DT and information security in higher education has been extensively studied, revealing several key themes. DT is a complex process involving technological upgrades and necessitates cultural and strategic shifts within organisations to improve performance and competitiveness [17,18]. Research indicates that aligning information security practices with DT initiatives is essential for effective governance and safeguarding institutional assets. Institutions that have successfully integrated security measures into their digital strategies have reported better outcomes regarding security and user engagement [12,13]. Moreover, the literature emphasises the need for “Measurable Performance Indicators (MPIs)” to assess the effectiveness of information security measures. These indicators, such as incident response times and compliance rates, are crucial for driving continuous improvement and ensuring security practices evolve alongside DT efforts [5,19].
The challenges HEIs encounter in aligning their information security functions with DT initiatives are considerable. One major challenge is the rapid pace of technological advancement, which can outstrip the ability of institutions to adapt their security measures accordingly [14]. Additionally, the complexity involved in integrating security protocols into new digital processes poses significant hurdles, as it requires a thorough understanding of both the technology and the associated risks [15]. Furthermore, there is a pressing need for a cultural shift towards enhanced security awareness among staff and stakeholders, as insufficient awareness can lead to vulnerabilities in the institution’s security posture [20,21].
Moreover, the lack of strategic alignment between information security and broader institutional goals can hinder effective implementation, resulting in fragmented efforts that do not adequately address security needs [22]. Institutions also face challenges related to outdated technologies and insufficient resources, which can impede the adoption of modern security solutions necessary for safeguarding digital assets [23]. Additionally, compliance with evolving data protection regulations, such as the “Protection of Personal Information Act (POPIA)”, adds another layer of complexity, as institutions must ensure that their security measures meet legal requirements while pursuing DT [24]. These challenges underscore the critical need for a cohesive strategy that addresses technological integration and fosters a culture of security within organisations, ensuring that all stakeholders are engaged and informed throughout the transformation process.
The literature emphasises the importance of HEIs adopting a proactive approach to information security governance, especially considering the DT accelerated by the COVID-19 pandemic. Regulatory standards such as the “General Data Protection Regulation (GDPR)” and the POPIA provide frameworks that guide institutions in safeguarding personal data and ensuring compliance with privacy laws [25]. Additionally, frameworks like the “National Institute of Standards and Technology (NIST)” Cybersecurity Framework offer comprehensive guidelines for managing cybersecurity risks, enabling institutions to enhance their security posture while aligning with best practices [26]. Furthermore, adherence to the “International Organization for Standardization (ISO)” standards, particularly “ISO/IEC 27001” [27], can assist institutions in establishing effective information security management systems that not only protect sensitive information but also foster a culture of security awareness among staff and stakeholders [13]. This alignment with regulatory standards is vital for enhancing resilience against cyber threats and ensuring compliance, ultimately supporting the broader goals of educational institutions in an increasingly digital landscape.
The alignment of information security functions with DT initiatives can be effectively understood through several theoretical frameworks. One such framework is the TAM, which posits that user acceptance of technology is influenced by perceived ease of use and usefulness [7,28]. This model suggests that for information security measures to be successfully integrated into digital initiatives, stakeholders in higher education must recognise their value and usability, particularly in the context of the rapid changes brought about by the COVID-19 pandemic.
The TOE framework also provides a comprehensive lens for examining how contextual factors influence the adoption of information security practices. This framework emphasises the interplay between technological capabilities, organisational characteristics, and external environmental factors, which are crucial for understanding the readiness of HEIs to implement effective security measures amidst DT [6].
Furthermore, the RBV highlights the importance of leveraging organisational resources and capabilities to achieve competitive advantage. In information security, this perspective underscores institutions’ need to develop and utilise their unique resources, such as skilled personnel and advanced technologies, to enhance their security posture and effectively respond to emerging threats during the digital transition [8].
By applying these theoretical frameworks, HEIs can better navigate the complexities of integrating information security into their digital strategies, ensuring they are adequately prepared to address the challenges posed by the ongoing DT accelerated by the pandemic [29]. The prepositions for the research’s underpinning theories are listed below as follows:
Perceived Usefulness (PU): The study will investigate how stakeholders at the University of Johannesburg perceive the benefits of DT initiatives in enhancing information security.
Perceived Ease of Use (PEOU): The research will assess stakeholders’ perceptions regarding integrating DT with existing information security practices, focusing on user-friendliness to encourage quick adoption of new solutions.
Behavioural Intention to Use: The study will evaluate the willingness of stakeholders to engage with DT tools based on their perceived ease of use.
Technological Context: The research will analyse the current technological capabilities at the University of Johannesburg that support the alignment of DT and information security.
Organisational Culture and Management Support: The study will examine how the university’s organisational culture, management support, and human resources influence the implementation of DT initiatives.
Inimitable Resources: The research will identify unique organisational capabilities, such as a strong security culture or advanced cybersecurity training programmes, contributing to the university’s resilience against cyber threats.
Valuable Resources: The study will assess the university’s technological assets and cybersecurity expertise, which are critical for supporting DT and maintaining information security.

2. Materials and Methods

The research methodology provided a structured framework for this study, determining the tools, strategies, and processes to answer the research questions. This approach ensures that the findings are credible, valid, and aligned with the research objectives [30]. This research utilised a qualitative research design to explore aligning information security functions with DT initiatives in higher education. Qualitative research is particularly effective for gaining in-depth insights into participants’ experiences and perceptions, making it suitable for understanding complex social phenomena [31]. The exploratory nature of this design allowed for the identification of emerging themes related to information security readiness during the COVID-19 pandemic.
A holistic approach was adopted, integrating various research philosophies to understand the research problem comprehensively. The methodology was grounded in interpretivism, emphasising understanding social phenomena from the participants’ perspectives [31,32]. This approach facilitated a deeper exploration of the participants’ subjective experiences in this research.
Participants were selected through purposive sampling, ensuring that individuals had relevant experience in information security and DT within the university context. A total of 10 participants were interviewed, comprising 2 technical staff, 3 middle management, and 5 senior management members. This diverse representation was crucial for gathering various perspectives on the research topic. Informed consent was obtained from all participants before their involvement in the research.
The consideration of sample size in qualitative research is crucial to a researcher’s work. The limitation of saturation, which becomes the stage when more data cannot provide new information, is critical in establishing sample size [33]. Data collection continues until no new information and themes are observed [34]. Conducting a thorough review of the literature and pilot studies is crucial to determining the sample size and addressing research questions accurately [35]. The sample represented all perspectives from the ICS staff, enough to achieve an in-depth view of how DT aligns with information security practices. Considering the study’s scope, specific population, and the depth of exploration required, the sample size of 10 respondents was sufficient to reach conceptual saturation or to capture a broad spectrum of experiences and perspectives. According to [33], for in-depth interviews, saturation is typically reached within a range of 9–17 interviews. The choice of 10 participants as a sample size is supported by the literature.
Data were collected through semi-structured interviews with key stakeholders from the Information and Communication Systems (ICS) department. This method allowed for flexibility in questioning, enabling participants to express their views and experiences regarding information security practices and challenges [36]. Additionally, document analysis of relevant policy documents and strategic plans was conducted to supplement the interview data, providing a broader context for understanding the institution’s information security landscape [37]. Each interview lasted 35 to 50 min and included open-ended questions to explore information security and DT themes. With participants’ consent, the interviews were recorded and subsequently transcribed for analysis. Additionally, relevant publicly accessible documents, such as university annual reports and strategic plans, were analysed to complement the interview data and provide a broader context for the study.
The qualitative data collected from interviews and documents were coded systematically to extract meaningful insights. An open coding technique was applied initially to the data, followed by axial coding to establish connections between the initial codes, organising them into broader categories that reflected common themes [38]. Thematic analysis was employed to identify recurring patterns or themes within the data.
Figure 1 shows the visual representation of the data collection and analysis process.
The process flow chart in Figure 1 visually represents the data analysis process, illustrating the steps taken from data collection to identifying key themes. This chart helps to clarify the systematic approach used in the analysis and highlights the connections between different stages of the research. The process flow for data analysis followed a structured yet flexible approach, beginning with data collection through semi-structured interviews with key stakeholders from the ICS department, complemented by document analysis of relevant policy documents and strategic plans. The recorded interviews were transcribed, and pertinent information was extracted from the documents to ensure comprehensive data coverage. The analysis proceeded with open coding to identify key phrases, patterns, and ideas, followed by axial coding to establish connections among the initial codes and organise them into broader categories. A thematic analysis was then conducted to uncover recurring patterns across the data.
The key themes identified included resistance to change, insufficient training, lack of executive support, and the complexity of integrating new technologies with existing systems [39]. To visually represent the key challenges identified during the thematic analysis, Figure 2 was created. This figure illustrates the key challenges the selected HEI faces in aligning information security practices with DT initiatives. The challenges include resistance to change, insufficient training, lack of executive support, and the complexity of integrating new technologies with existing systems.
Figure 2 shows various participant feedback regarding the challenges faced with this integration.
Figure 2 presents these challenges as interconnected themes derived from participant input and was automatically generated using Atlas.ti, which mapped both the primary codes and their associations. The central category, challenges faced, includes multiple contributing factors. One of the most prominent is resistance to change, which is closely associated with sub-codes such as user adoption and less inclination to adopt new systems. This reflects the inertia among users who are hesitant to adapt to new processes and technologies introduced through digital transformation.
Management support is another major category, with participants highlighting insufficient support from executives and the lack of support regarding funding requests. These are directly linked to the rejected sub-theme proposed budgets, indicating that security-related initiatives often lack adequate financial backing, further impeding progress.
Similarly, buy-in from businesses emerged as a challenge influenced by the lack of executive support, especially when securing the necessary budget or resources. Other notable themes include the lack of visibility and accessibility to institutional policies, which affects compliance and awareness; user entitlement, where specific individuals demand exemptions from standard security protocols; and the risk introduced by third parties who fail to prioritise security in their engagements with the institution.
Participants also emphasised the strain caused by legacy systems incompatible with modern security tools, and how digital transformation has exposed long-standing weaknesses in the institution’s security posture. These include gaps in internal skills, a lack of a security-centric culture, and an overall need for continuous training and awareness efforts.
The visual relationships in Figure 2 help illustrate how these challenges are not isolated, but rather interlinked, with some (like resistance to change and lack of management support) reinforcing others. For example, a lack of executive support can perpetuate funding issues, exacerbating training deficiencies and hindering user adoption efforts. This complexity underscores the multifaceted nature of aligning information security with DT in higher education.
The target population for this research consisted of stakeholders from the ICS department at the University of Johannesburg (UJ). A purposive sampling technique was employed to select participants with relevant knowledge and experience regarding information security and DT initiatives. This non-probability sampling method is effective for qualitative research, as it allows researchers to focus on individuals who can provide rich, detailed information about the research topic [31,32].
As with any research, this study had limitations that must be acknowledged. First, the primary limitation of this research was its focus on a single institution, namely UJ, a public university. While the study provides valuable insights into aligning the information security practices amidst DT post-COVID-19, the findings are context-specific. They may not necessarily be generalisable to other HEIs or organisations. Institutions may differ in terms of their technological infrastructure, organisational culture, and approach to DT, making the results of this study applicable primarily within the specific context of UJ. However, the findings can be relatable within the educational sector.
Table 1 shows all the participants’ biographies, including their roles, qualifications, genders, and ages. The biography information depicts a variety of skill sets within the department and the diversity in age groups, including genders.
Thematic analysis was employed to analyse the qualitative data gathered from interviews and document analysis. This method involves identifying, analysing, and reporting patterns or themes within the data, allowing for a rich interpretation of participants’ insights [40]. The analysis was conducted systematically, ensuring that key themes related to information security alignment were highlighted and contextualised within the existing literature. The analysis was conducted using ATLAS.ti v24 software, which facilitated the coding process and allowed for the identification of recurring themes across both interview transcripts and document data. Codes were generated inductively, enabling themes to emerge organically from the data, and were subsequently organised into broader thematic categories. The themes underwent iterative refinement to ensure they accurately represented the data.

3. Results

Analysing the participants’ feedback reveals several key findings regarding the readiness of information security functions amidst DT. The thematic analysis identified several key themes, such as the roles and responsibilities in information security, engagement with DT initiatives, and the impact of DT on information security alignment.

3.1. Influence of Digital Transformation

Participants recognised that DT initiatives, such as implementing smart campus technologies and cloud services, have necessitated reevaluating existing information security practices. For instance, one participant stated that “When the business pushed for initiatives like the smart campus, it forced us to review our security strategy”. This finding resonates with the literature, which states that “the integration of information security into DT is essential for safeguarding organisational assets” [16]. The shift to digital platforms has increased the need for robust security measures to protect sensitive information and ensure business continuity [10]. This indicates a direct link between business needs and security alignment.

3.2. Key Challenges Identified

Integration Issues: Participants noted difficulties in integrating legacy systems with new technologies. One participant remarked that “Many existing applications were designed without security in mind, making it an afterthought”. This challenge is compounded by the rapid evolution of cyber threats, including data breaches, threat actors’ interest in personal data, a lack of skills, and human error [9]. The complexity involved in integrating security protocols into new digital processes poses significant hurdles, as it requires a thorough understanding of both the technology and the associated risks [2].
User Adoption: Resistance from staff and students to adopt new systems was a recurring theme. A participant mentioned that “Staff and students are often reluctant to adopt new systems until the old ones are phased out”. This resonates with the literature, which states that “Resistance to change within higher education institutions (HEIs) presents a significant challenge, as faculty and administrative staff often exhibit inertia, slowing the adoption of necessary cybersecurity practices and innovative governance systems” [41].
Increased Security Requirements: The need to enhance security measures for both new and existing systems was emphasised, with one participant stating that “This has increased the required level of security, not only for new systems but also for legacy systems”. This observation aligns with the literature, highlighting the necessity for HEIs to prioritise investments in digital infrastructure, cybersecurity measures, and the continuous professional development of faculty and staff regarding digital technologies and security protocols [2].
Technological Adaptation: Institutions face challenges adapting their information security measures to keep pace with rapid technological changes. As [16] noted, the lack of a comprehensive vision can impede effective alignment. The study found that many institutions struggle to integrate new technologies while ensuring that security protocols are updated accordingly. The feedback from several participants was linked to the theme of technological adaptation and the challenges institutions face in adapting their information security measures to keep pace with rapid technological changes. Participant 3 highlighted the necessity of reviewing security strategies considering DT initiatives, stating that “When the business pushed for initiatives like the smart campus, it forced us to review our security strategy”. This indicates that the push for new technologies requires reevaluating existing security measures, reflecting the struggle to integrate new technologies while ensuring that security protocols are updated. Participant 7 also pointed out that DT broadens the scope of what needs to be protected, stating that “Digital transformation adds pressure because it broadens the scope of what we need to protect and manage”. This reflects the challenge of keeping security measures aligned with rapid technological changes and the need for continuous updates to security protocols. Participant 1 noted that the university is “always ahead of the curve with implementations but acknowledged that such offerings do come with certain vulnerabilities”. This highlights the ongoing challenge of adapting security measures in response to new technological offerings and the vulnerabilities they may introduce [41].
Resource Allocation: Many institutions struggle with inadequate resources dedicated to information security initiatives, which can hinder their ability to implement effective security measures [42,43]. Participant 8 explicitly mentioned the lack of resources, stating that “Because we don’t have enough resources, we are not as closely aligned as we should be”. This highlights how insufficient resources can hinder the alignment of information security with DT efforts. Participant 2 also discussed the need for better resource allocation, saying that “We often lack the necessary technologies to support them effectively”. This indicates that budget constraints limit the ability to invest in essential technologies that could enhance security measures. Participant 7 echoed similar sentiments, noting that “We’re not there yet. We need more in-depth skills and better process mapping to improve our implementation of security measures”. This response reflects the struggle to allocate adequate resources for developing the necessary skills and processes to maintain effective security. Participant 5 also noted the need for a comprehensive information security strategy that includes “the required resources, both skills and budget”. This emphasises the importance of resource allocation in successfully implementing security measures.

3.3. Benefits Observed

Participants acknowledged benefits such as improved security protocols and the introduction of multi-factor authentication. Participant 7 noted, “Multi-factor authentication and the ‘KnowBe4’ awareness training programs have been effective”, highlighting the positive impact of specific initiatives on security awareness. Ref’s [11] statement supports this observation by stating that another strategy is increasing cybersecurity awareness, where educating staff and students on best practices can significantly reduce the risk of breaches.

3.4. Strategies for Improvement to Overcome the Identified Challenges

Training Initiatives: Emphasising the importance of training, one participant stated that “We need to focus on student training, as IT support for students is limited”.
Continuous Engagement: Regular collaboration with the information security team was deemed essential, with a participant suggesting that “There needs to be close collaboration between ICS and the business side”.

3.5. Interpretation of the Feedback

The feedback indicates a clear recognition among participants of the transformative impact of digital initiatives on information security practices. While significant challenges are related to integration and user adoption, the overall sentiment suggests a proactive approach to enhancing security measures. The emphasis on training and continuous engagement reflects an understanding that successfully aligning information security with DT requires technological upgrades and cultural and organisational changes.

3.6. Recommendations Based on the Feedback

Need for Strategic Alignment: DT initiatives are reshaping the information security landscape in higher education, necessitating a strategic alignment between security practices and institutional goals. One participant noted that “We need to adopt these tools to stay competitive”. The research indicates that successfully aligning information security practices with DT initiatives can improve information governance and enhance learning experiences [44]. Institutions that have developed clear strategies for integrating security into their digital initiatives reported better outcomes in terms of both security and user engagement [10,29,45].
Importance of Training and Change Management: Effective training and change management strategies are critical to overcoming resistance and ensuring all stakeholders adapt to new systems and protocols. Participant 1 noted that “knowledge is always power” and suggested that people do not take their actions seriously when they act without consequences. They advocated for better protocol adherence and emphasised the need for awareness initiatives to mitigate risks. This aligns with findings from [15], who emphasise fostering a culture of security awareness. Participant 5 also emphasised users’ lack of understanding and security awareness, stating that “The main challenge is the lack of understanding and security awareness among people. Many are still easily tricked by phishing attacks or open unsafe attachments”. This indicates that a significant portion of the staff is not adequately informed about the risks associated with digital tools, leading to security vulnerabilities.
Ongoing Adaptation Required: The dynamic nature of DT means that institutions must remain agile, continuously updating their security strategies to address emerging threats and integrate new technologies. One participant pointed out that “We need more in-depth skills and better process mapping to improve our implementation of security measures”.
Collaborative Approach Essential: A collaborative approach involving regular communication between IT, security teams, and end-users is essential for successfully navigating the challenges posed by DT and enhancing the overall security posture of the institution. As one participant stated, “If all the powers that be were to support this, we would have a higher turnout of people willing to comply”.

4. Discussion

The feedback from participants provides valuable insights into how DT initiatives influence the alignment of the information security function within HEIs in South Africa. The thematic analysis identified several key themes, such as the roles and responsibilities in information security, engagement with DT initiatives, and the impact of DT on information security alignment [16]. The feedback from participants provides valuable insights into how DT initiatives influence the alignment of the information security function within HEIs in South Africa. This discussion will link the participants’ perspectives to the research question (RQ1) and the research objectives (RO) while considering relevant underpinning theories.

4.1. Influence of Digital Transformation on Information Security Alignment Discussion

Participants consistently highlighted that DT initiatives, such as implementing smart campus technologies and cloud services, necessitate reevaluating existing information security practices. This aligns with RQ1, which seeks to understand the relationship between DT and the alignment of information security functions. One participant noted that “When the business pushed for initiatives like the smart campus, it forced us to review our security strategy”. This statement underscores the direct influence of DT on security alignment, indicating that as institutions adopt new technologies, they must concurrently adapt their security frameworks to protect these systems effectively [16].
The research objective aimed to explore this influence in the context of the higher education sector in South Africa. The feedback reveals that DT is not merely a technological shift but a catalyst for comprehensive organisational change. Participants emphasised the need for strategic alignment between business goals and security practices, suggesting that successful DT requires a holistic approach integrating security considerations into all institutional operations.

4.2. Challenges and Opportunities Discussion

Various interconnected challenges have emerged in the evolving information security landscape within HEIs, as initially outlined in Section 2 and visually depicted in Figure 2. This section expands discussions on the challenges identified by participants by integrating the relevant supporting literature. The central theme, challenges faced, encompasses several contributing factors associated with the DT efforts of HEIs.
Among the most prominent challenges is resistance to change, where individuals display reluctance to adopt new systems and processes. This inertia complicates the transition to innovative cybersecurity practices required in a rapidly changing digital environment. Such resistance is echoed in the literature, where studies highlight that faculty and administrative staff often struggle to adapt to new governance models and security protocols [1,15].
Additionally, management support significantly influences the implementation of security-related initiatives. Participants noted the impact of insufficient executive backing, especially regarding funding for critical security measures. As [22] asserted, essential security enhancements often face budgetary constraints without adequate support from leadership, limiting the scope of DT efforts. Buy-in from the business further complicates the alignment of information security with organisational goals. The absence of executive support can lead to challenges in acquiring necessary resources, as indicated by research that underscores the importance of cross-departmental collaboration in successful cybersecurity implementations [5].
Other notable challenges include the lack of visibility into institutional policies, which can hinder compliance efforts, and the presence of user entitlement, where exceptions to security protocols are frequently demanded. This phenomenon has been documented in various organisations where inconsistency in security policy enforcement undermines overall effectiveness [46].
The burden of legacy systems is also significant. These outdated technologies, often not designed with modern security in mind, pose integration challenges and expose the institution to vulnerabilities. One participant observed that “Many existing applications were designed without security in mind, making it an afterthought”. This is consistent with [20], who argues that digital transformation often reveals pre-existing technical debt and operational weaknesses. Participants emphasised the need for ongoing upgrades, stakeholder engagement, and targeted training to address these systemic issues.
Figure 2, automatically generated in ATLAS.ti, illustrates these complex and interrelated challenges. For example, resistance to change is associated with user-related themes such as lack of adoption and hesitancy. In contrast, management support links to sub-themes like lack of executive support, rejected budgets, and insufficient funding. Similarly, buy-in from the business is intertwined with leadership’s failure to secure and communicate the value of security investments.
The need for continuous updates and training was also emphasised, with participants advocating for a comprehensive information security strategy that includes stakeholder engagement and awareness initiatives [2].
These challenges present opportunities for HEIs to enhance their information security alignment. By addressing the identified gaps through targeted training and collaboration, institutions can foster a culture of security awareness that supports adopting new technologies. One participant stated that “We need to focus on student training, as IT support for students is limited”. This reflects the importance of empowering all stakeholders with the knowledge and skills necessary to navigate the evolving digital landscape. Promoting cultural support for cybersecurity within the institution can lead to significant improvements, as fostering a security-first mindset across all HEI levels strengthens overall defences [11].
Furthermore, the necessity of fostering a culture of security awareness is emphasised by [15]. This is echoed in participants’ experiences, who identified training and awareness as critical components of effective information security alignment.
While the challenges depicted in Figure 2 may appear distinct, they are tightly connected and often reinforce one another. Addressing these issues through leadership engagement, clearer policy dissemination, legacy system upgrades, and capacity building can significantly enhance information security readiness within HEIs undergoing DT.

4.3. Underpinning Theories Discussion

The findings resonate with several underpinning theories relevant to digital transformation and information security alignment. The TOE framework suggests that organisational readiness, technological capabilities, and external environmental factors influence the successful adoption of new technologies [6]. Participants’ feedback indicates that institutional culture and management support play crucial roles in facilitating the alignment of information security with digital transformation initiatives. For example, the call for “close collaboration between ICS and the business side” reflects the organisational aspect of the TOE and RBV framework, emphasising the need for cohesive efforts across departments.
The TAM posits that perceived usefulness and ease of use influence technology adoption [7,28]. Participants’ feedback regarding the complexity of security measures underscores the need for user-friendly solutions that enhance engagement and compliance. For example, the mention that “slow user adoption of new systems could leave security gaps” highlights the necessity for security practices that are effective, easily understood, and implemented by users.

4.4. Conclusion of the Feedback Discussion

This research highlights the critical challenges and strategies associated with aligning information security functions with digital transformation initiatives in higher education amidst the COVID-19 pandemic. The participant feedback underscores the profound impact of digital transformation initiatives on aligning the information security function within HEIs in South Africa. The challenges identified, such as integration issues, user adoption resistance, and the need for continuous updates, coupled with the opportunities for improvement, emphasise the necessity for a strategic and collaborative approach to security alignment. This approach must consider technological advancements and the human factors influencing their implementation.
By leveraging established theoretical frameworks, such as the TOE and TAM framework theories, institutions can effectively navigate the complexities associated with digital transformation. These frameworks provide valuable insights into aligning information security practices with institutional goals, ensuring that security measures are reactive and proactive in addressing emerging threats.
Ultimately, this research contributes to a deeper understanding of the critical relationship between digital transformation and information security in the higher education sector. By adopting a holistic perspective that integrates security considerations into all aspects of institutional operations, HEIs can enhance their resilience against cyber threats and foster a culture of security awareness among all stakeholders. This alignment is essential for safeguarding sensitive data and maintaining institutional integrity in an increasingly digital landscape.
The themes directly address RQ1 by illustrating how DT initiatives necessitate reevaluating and adapting existing information security practices. They also support RO1 by providing a comprehensive understanding of the factors influencing information security alignment in the context of DT. The study concludes that DT initiatives significantly impact information security alignment, necessitating continuous adaptation of security practices to address new challenges and leverage opportunities for improvement. By fostering a culture of security awareness and investing in advanced technologies, HEIs can enhance their resilience against cyber threats and ensure the effective protection of digital assets.

4.5. Limitations of the Study

While this study provides valuable insights into the readiness of information security functions amidst COVID-19 in a selected higher education institution, several limitations should be acknowledged. Firstly, this study was conducted within a single higher education institution in South Africa, focusing specifically on one department, the university’s central ICT department. Secondly, a purposive sample of ten participants was selected, comprising senior managers, middle managers, and technical specialists directly involved in information security functions. This sample size is consistent with qualitative research guidance, which suggests that data saturation in in-depth interviews is commonly achieved within 9 to 17 participants [33]. This targeted sampling ensured that the perspectives gathered were highly relevant to the research objectives, as these individuals are actively engaged in shaping and implementing the university’s information security posture. However, the narrow institutional focus and relatively small sample size limit the generalisability of the findings. As the study focused on a single institution and department, its findings may not be broadly generalisable across all HEIs in South Africa or internationally.
Moreover, given the interpretive nature of qualitative analysis, this study is susceptible to researcher bias, despite efforts to ensure objectivity. Additionally, participant responses may reflect personal or institutional perspectives influenced by internal dynamics. Qualitative research is often shaped by participants’ unique perspectives and the researchers’ interpretations [30]. While triangulation, coding validation, and peer feedback were implemented to enhance the study’s trustworthiness [38], it is essential to acknowledge that the influence of researcher bias and participant subjectivity cannot be entirely eliminated. Ultimately, the subjective nature of qualitative research can provide rich, nuanced insights, but also necessitates careful consideration of these biases [36].
Lastly, this study was conducted during a fixed period with academic restrictions and submission deadlines. Due to the context-specific nature of the institution and the semi-structured interview format, replicating the study in a different setting may yield varying results, limiting replicability. Context may limit the findings’ applicability, suggesting that replicating the study in a different time frame or setting could lead to diverse results [47]. Although qualitative research does not aim for statistical generalisation or strict replicability, it can provide substantial insights into the situational readiness and challenges information security functions face during a significant global crisis [48]. Such insights are particularly relevant, as they may guide future research directions or inform institutional responses in similar crisis contexts, allowing organisations to adapt more effectively to evolving situations [49].

5. Conclusions

This research illuminates the critical challenges and strategies in aligning information security functions with DT initiatives in HEIs, particularly during the COVID-19 pandemic. The findings highlight the necessity of adopting a multifaceted approach that integrates technological solutions with essential cultural shifts to navigate the evolving landscape of information security effectively.
This study identified several key themes through thematic analysis, including the roles and responsibilities in information security, engagement with DT initiatives, and the impact of DT on information security alignment. Participants consistently highlighted that DT initiatives, such as implementing smart campus technologies and cloud services, necessitate reevaluating existing information security practices. This underscores the direct influence of DT on security alignment, indicating that as institutions adopt new technologies, they must concurrently adapt their security frameworks to protect these systems effectively.
By fostering a security-conscious culture and implementing user-friendly security measures, HEIs in South Africa can significantly enhance their resilience against potential security threats in the digital age. This proactive stance safeguards sensitive data and promotes a more secure and trustworthy environment for all stakeholders.
Moreover, this study underscores the importance of ongoing inquiry into the long-term effects of DT on information security practices. Future studies should consider comparative analyses across various institutions to identify best practices and develop adaptable frameworks that can be universally applied within the higher education sector. Such efforts will ensure HEIs remain agile and responsive to the ever-changing technological landscape, ultimately contributing to a more secure and effective educational environment.

Author Contributions

Conceptualization, L.T. and N.M.; methodology, L.T.; software, L.T.; validation, L.T., N.M. and L.T.; formal analysis, L.T.; investigation, L.T.; data curation, L.T.; writing—original draft preparation, L.T.; writing—review and editing, L.T.; visualization, L.T.; supervision, N.M.; project administration, L.T.; funding acquisition, N.M. All authors have read and agreed to the published version of the manuscript.

Funding

This research received no external funding.

Institutional Review Board Statement

The study was conducted in accordance with the Declaration of Helsinki and approved by the Institutional Review Board (or Ethics Committee) of the Johannesburg Business School (JBSREC2024170, 10 August 2024) (see Figure A1).

Informed Consent Statement

Informed consent was obtained from all subjects involved in the study.

Data Availability Statement

The data presented in this study are available upon request from the corresponding author due to privacy considerations.

Conflicts of Interest

The authors declare no conflicts of interest.

Appendix A

Higheredu 04 00023 g0a1aHigheredu 04 00023 g0a1b
Figure A1. Anti-Plagiarism and AI Declaration.
Figure A1. Anti-Plagiarism and AI Declaration.
Higheredu 04 00023 g0a1aHigheredu 04 00023 g0a1b

References

  1. Al-Nuaimi, M.N. Human and contextual factors influencing cyber-security in organizations, and implications for higher education institutions: A systematic review. Glob. Knowl. Mem. Commun. 2024, 73, 1–23. [Google Scholar] [CrossRef]
  2. Ajani, O.A.; Dlomo, S. Comparative analysis of digital transformation’s impact on higher education institutions: A systematic literature analysis of public versus private sector. J. Res. High Educ. 2024, 8, 72–96. [Google Scholar] [CrossRef]
  3. Őri, D.; Szabó, Z. A systematic literature review on business-IT misalignment research. Inf. Syst. E-Bus. Manag. 2024, 22, 139–169. [Google Scholar] [CrossRef]
  4. Metin, B.; Duran, S.; Telli, E.; Mutlutürk, M.; Wynn, M. IT risk management: Towards a system for enhancing objectivity in asset valuation that engenders a security culture. Information 2024, 15, 55. [Google Scholar] [CrossRef]
  5. Al Hadad, R.S.; Maulana, H. A comprehensive review of COBIT and ISO 27001: Approaches to auditing credit bureau automation system (CBAS) at PT XYZ. ICSPIS 2023. In Proceedings of the ICSPIS 2023—9th International Conference on Signal Processing and Intelligent Systems, Bandung, Indonesia, 14–15 December 2023; pp. 1–8. [Google Scholar] [CrossRef]
  6. Tornatzky, G.L.; Fleischer, M. The Processes of Technological Innovation; Lexington Books: Lexington, KY, USA, 1990; pp. 1–298. [Google Scholar]
  7. Davis, F.D. Perceived usefulness, perceived ease of use, and user acceptance of information technology. Manag. Inf. Syst. Res. Cent. 1989, 13, 319–339. [Google Scholar] [CrossRef]
  8. Barney, J. Firm resources and sustained competitive advantage. J. Manag. 1991, 17, 99–120. [Google Scholar] [CrossRef]
  9. Alenezi, A. Cybersecurity risks and strategies in learning services of higher education institutions (HEIs) in developing and emerging countries—A critical scoping review. Egypt J. Bus. Stud. 2024, 48, 480–506. [Google Scholar] [CrossRef]
  10. Mizrak, F. Integrating cybersecurity risk management into strategic management: A comprehensive literature review. Res. J. Bus. Manag. 2023, 10, 98–108. [Google Scholar] [CrossRef]
  11. Siphambili, N. Exploring cybersecurity implications in higher education. In Proceedings of the 23rd European Conference on Cyber Warfare and Security (ECCWS 2024), Jyvaskyla, Finland, 27–28 June 2024; pp. 526–531. [Google Scholar] [CrossRef]
  12. Jonathan, G.M.; Gebremeskel, B.K. Information security and organisational agility in the digital era: Exploring the role of IT alignment. In Proceedings of the 11th Annual IEEE Information Technology, Electronics and Mobile Communication Conference, IEMCON 2020, Vancouver, BC, Canada, 4–7 November 2020; IEEE: Piscataway, NJ, USA; pp. 831–836. [Google Scholar] [CrossRef]
  13. Mohamed Hashim, M.A.; Tlemsani, I.; Matthews, R. Higher education strategy in digital transformation. Educ. Inf. Technol. 2022, 27, 3171–3195. [Google Scholar] [CrossRef]
  14. Fernández, A.; Gómez, B.; Binjaku, K.; Meçe, E.K. Digital transformation initiatives in higher education institutions: A multivocal literature review. In Education and Information Technologies; Springer: New York, NY, USA, 2023; Volume 28, pp. 12351–12382. [Google Scholar] [CrossRef]
  15. Gkrimpizi, T.; Peristeras, V.; Magnisalis, I. Classification of barriers to digital transformation in higher education institutions: Systematic literature review. Educ. Sci. 2023, 13, 746. [Google Scholar] [CrossRef]
  16. Alaali, M. COVID-19 Challenges to University Information Technology Governance, 1st ed.; Alaali, M., Ed.; Springer Nature: Cham, Switzerland, 2022; pp. 1–375. [Google Scholar] [CrossRef]
  17. Nadkarni, S.; Prügl, R. Digital transformation: A review, synthesis and opportunities for future research. In Management Review; Springer International Publishing: New York, NY, USA, 2021; Volume 71, pp. 233–341. [Google Scholar] [CrossRef]
  18. Pihir, I.; Tomičić-Pupek, K.; Furjan, M.T. Digital transformation insights and trends. In Central European Conference on Information and Intelligent Systems; Faculty of Organization and Informatics: Varazdin, Croatia, 2018; pp. 141–149. Available online: https://www.proquest.com/docview/2125639934 (accessed on 8 March 2024).
  19. Juma, A.H.; Arman, A.A.; Hidayat, F. Cybersecurity assessment framework: A systematic review. In Proceedings of the 10th International Conference on ICT for Smart Society, ICISS 2023—Proceeding, Bandung, Indonesia, 6–7 September 2023; pp. 1–6. [Google Scholar] [CrossRef]
  20. Herath, T.C.; Herath, H.S.B.; Cullum, D. An Information Security Performance Measurement Tool for Senior Managers: Balanced Scorecard Integration for Security Governance and Control Frameworks. In Information Systems Frontiers; Springer: New York, NY, USA, 2022; Volume 25, pp. 681–721. [Google Scholar] [CrossRef]
  21. Hielscher, J.; Menges, U.; Parkin, S.; Kluge, A.; Sasse, M.A. “Employees who don’t accept the time security takes are not aware enough”: The CISO view of human-centred security. In Proceedings of the 32nd USENIX Security Symposium, USENIX Security 2023, Anaheim, CA, USA, 9–11 August 2023; pp. 2311–2328. Available online: https://www.usenix.org/conference/usenixsecurity23/presentation/hielscher (accessed on 11 April 2024).
  22. Hassandoust, F.; Johnston, A.C. Peering through the lens of high-reliability theory: A competencies driven security culture model of high-reliability organisations. Inf. Syst. J. 2023, 33, 1212–1238. [Google Scholar] [CrossRef]
  23. Bisri, A.; Putri, A.; Rosmansyah, Y. A systematic literature review on digital transformation in higher education: Revealing key success factors. Int. J. Emerg. Technol. Learn. 2023, 18, 164–187. [Google Scholar] [CrossRef]
  24. Akello, O.B. Organizational information security threats: Status and challenges. World J. Adv. Eng. Technol. Sci. 2024, 11, 148–162. [Google Scholar] [CrossRef]
  25. Ngalim, B. Integrating NIST and ISO cybersecurity audit and risk assessment frameworks into Cameroonian law. J. Cybersecur. Educ. Res. Pract. 2023, 2024, 4. [Google Scholar] [CrossRef]
  26. Mukherjee, M.; Le, N.T.; Chow, Y.W.; Susilo, W. Strategic approaches to cybersecurity learning: A study of educational models and outcomes. Information 2024, 15, 117. [Google Scholar] [CrossRef]
  27. Venkatesh, V.; Davis, F.D. Theoretical extension of the Technology Acceptance Model: Four longitudinal field studies. Manag. Sci. 2000, 46, 186–204. [Google Scholar] [CrossRef]
  28. Mlangeni, T.C. Analysis of Data Governance in Higher Education Institutions: Case of a University of Technology in South Africa Cape Peninsula University of Technology. Ph.D. Thesis, Cape Peninsula University of Technology, Cape Town, South Africa, 2015. Available online: https://etd.cput.ac.za/handle/20.500.11838/2418 (accessed on 4 April 2024).
  29. Maxwell, J.A. Designing a qualitative study. In Qualitative Research Design: An Interactive Approach; SAGE Publications: Thousand Oaks, CA, USA, 2012. [Google Scholar]
  30. Saunders, M.; Lewis, P.; Thornhill, A. Research Methods for Business Students, 8th ed.; Pearson: London, UK, 2019. [Google Scholar]
  31. Saunders, M.; Lewis, P.; Thornhill, A. Research Methods for Business Students, 4th ed.; Pearson: London, UK, 2007. [Google Scholar]
  32. Hennink, M.; Kaiser, B.N. Sample sizes for saturation in qualitative research: A systematic review of empirical tests. Soc. Sci. Med. 2022, 292, 114523. [Google Scholar] [CrossRef]
  33. Hoover, L.; Grand Canyon University. Qualitative Research Designs and Research Methods. 2021, pp. 1–5. Available online: https://www.gcu.edu/blog/doctoral-journey/5-qualitative-research-designs-and-research-methods (accessed on 2 April 2024).
  34. Takahashi, A.R.W.; Araujo, L. Case study research: Opening up research opportunities. RAUSP Manag. J. 2020, 55, 100–111. [Google Scholar] [CrossRef]
  35. Wojnowska-Heciak, M.; Suchocka, M.; Błaszczyk, M.; Muszyńska, M. Urban parks as perceived by city residents with mobility difficulties: A qualitative study with in-depth interviews. Int. J. Environ. Res. Public Health 2022, 19, 2018. [Google Scholar] [CrossRef]
  36. Morgan, H. Conducting a qualitative document analysis. Qual. Rep. 2022, 27, 64–77. [Google Scholar] [CrossRef]
  37. Williams, M.; Moser, T. The art of coding and thematic exploration in qualitative research. Int. Manag. Rev. 2019, 15, 45. [Google Scholar]
  38. Braun, V.; Clarke, V. Using thematic analysis in psychology. Qual. Res. Psychol. 2006, 3, 77–101. [Google Scholar] [CrossRef]
  39. Aldaihani, F.M. Justification for Adopting Qualitative Research Method, Research Approaches, Sampling Strategy, Sample Size, Interview Method, Saturation, and Data Analysis. J. Int. Bus. Manag. 2021, 5, 1–11. [Google Scholar]
  40. Vidhya, D.P.; Mohan, D.T. Building a cognitive enterprise through AI-powered transformation: A digital paradigm for societal and tribunal success in rural areas. In BCom-Corporate Secretaryship Seminar (NIRF 2023); Department of B. Com Corporate Secretaryship Sri Ramakrishna College of Arts & Science: Coimbatore, India, 2024; p. 1. [Google Scholar] [CrossRef]
  41. University of Johannesburg. QA Report on the Transition to Remote Teaching and Learning Johannesburg. 2020. Available online: https://www.uj.ac.za/wp-content/uploads/2021/12/uj-qa-report-on-teaching-and-learning-final-16-sept-2020.pdf (accessed on 19 April 2024).
  42. University of Johannesburg. Registrar’s Portfolio ANNUAL REPORT 2023 Johannesburg. 2023. Available online: https://www.uj.ac.za/wp-content/uploads/2024/05/uj_registrars-annual-report-2023.pdf (accessed on 24 January 2024).
  43. Zeleza, P.T.; Okanda, P.M. Enhancing the digital transformation of African universities: COVID-19 as accelerator. J. High. Educ. Afr. 2022, 19, 1–28. [Google Scholar] [CrossRef]
  44. Feliciano-Cestero, M.M.; Ameen, N.; Kotabe, M.; Paul, J.; Signoret, M. Is digital transformation threatened? A systematic literature review of the factors influencing firms’ digital transformation and internationalization. J. Bus. Res. 2023, 157, 113546. [Google Scholar] [CrossRef]
  45. Susanto, P.C.; Yuntina, L.; Saribanon, E.; Soehaditama, J.P.; Liana, E. Qualitative method concepts: Literature review, focus group discussion, ethnography, and grounded theory. Siber J. Adv. Multidiscip. 2024, 2, 262–275. [Google Scholar] [CrossRef]
  46. Sebastian, S.; Chudra, G.; Yohannis, A. IT strategy themes of higher education institutions: A literature study. In Proceedings of the 2023 International Conference on Networking, Electrical Engineering, Computer Science, and Technology (IConNECT 2023), Bandar Lampung, Indonesia, 25–26 August 2023; pp. 230–235. [Google Scholar] [CrossRef]
  47. Bryman, A. Social Research Methodology, 5th ed.; Oxford University Press: Oxford, UK, 2016. [Google Scholar]
  48. Creswell, J.W. Qualitative Inquiry and Research Design: Choosing Among Five Approaches, 2nd ed.; SAGE Publications: Thousand Oaks, CA, USA, 2017. [Google Scholar] [CrossRef]
  49. Patton, M.Q. Qualitative Research & Evaluation Methods, 4th ed.; SAGE Publications: Thousand Oaks, CA, USA, 2015. [Google Scholar]
Higheredu 04 00023 g001
Figure 1. Data collection and analysis process flow chart (author’s compilation).
Figure 1. Data collection and analysis process flow chart (author’s compilation).
Higheredu 04 00023 g001
Higheredu 04 00023 g002
Figure 2. Challenges encountered and observed developed by the author using ATLAS.ti.
Figure 2. Challenges encountered and observed developed by the author using ATLAS.ti.
Higheredu 04 00023 g002
Table 1. “Participants’ Biography Characteristics”.
Table 1. “Participants’ Biography Characteristics”.
Participant Job RoleYears of ExperienceGenderAgeQualifications
1Technical 10 yearsMale31Diploma, B-Tech, PGDip, CCNA, CCNP, Huawei
Datacom, CCNA, AWS
2Technical 5 yearsMale27Diploma: IT, ITIL v4 Foundation, CompTIA Security+
3Middle Management14 yearsMale33Diploma: IT, Degree: ISM, System Support Management Certificate, Microsoft System Administrator Certifications, pursuing CISSP and an Advanced Diploma:
Business Management
4Middle Management 30 yearsMale52B-tech: IT, Financial Management Certification, CCNA, ITIL v3 Foundation.
5Senior Management+25 yearsMale49Bachelor of Technology in IT, and pursuing
Postgraduate studies
6Senior Management21 yearsFemale44Masters: Informatics, Pursuing a Master’s in
Digital Business and CISM Certificate.
7Senior Management32 yearsFemale55PhD: IT Management
8Senior Management±30 yearsMale53BSc Honours
9Senior Management+20 yearsMale50Degree: Information Technology
10Senior Management15 Years 39BCom Honours Degree, NSE4, ITIL,
and N+ Certification
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.

Share and Cite

MDPI and ACS Style

Teane, L.; Matlala, N. Information Security Functions Readiness Amidst COVID-19 in Higher Education in South Africa. Trends High. Educ. 2025, 4, 23. https://doi.org/10.3390/higheredu4020023

AMA Style

Teane L, Matlala N. Information Security Functions Readiness Amidst COVID-19 in Higher Education in South Africa. Trends in Higher Education. 2025; 4(2):23. https://doi.org/10.3390/higheredu4020023

Chicago/Turabian Style

Teane, Lerato, and Ntswaki Matlala. 2025. "Information Security Functions Readiness Amidst COVID-19 in Higher Education in South Africa" Trends in Higher Education 4, no. 2: 23. https://doi.org/10.3390/higheredu4020023

APA Style

Teane, L., & Matlala, N. (2025). Information Security Functions Readiness Amidst COVID-19 in Higher Education in South Africa. Trends in Higher Education, 4(2), 23. https://doi.org/10.3390/higheredu4020023

Article Metrics

Back to TopTop