Towards a Conceptual Framework for Information Security Digital Divide

Continuously improving security on an information system requires unique combination of human aspect, policies, and technology. This acts as leverage for designing an access control management approach which avails only relevant parts of a system according to an end-users' scope of work. This paper introduces a framework for information security fundamentals at organizational and theoretical levels, to identify critical success factors that are vital in assessing an organization's security maturity through a model referred to as "information security digital divide maturity framework". The foregoing is based on a developed conceptual framework for information security digital divide. The framework strives to divide system endusers into "specific information haves and have-nots". It intends to assist organizations to continually evaluate and improve on their security governance, standards, and policies which permit access on the basis of each end-user's work scope. The framework was tested through two surveys targeting 90 end-users and 35 security experts.