The shift towards digitized identities and electronic ID cards presents significant information security management challenges for identity organisations like the NIA. The transition from securing paper records to electronic records and digital assets, such as citizen biometrics, is critical due to the potential implications of security issues on transactions requiring citizen identification and the protection of citizens’ privacy.
Our study, based on interviews with nine current and former senior managers of the NIA, reveals that the NIA faces unique challenges due to its nature as a public sector organisation and the political context within which it operates. These challenges include taking a holistic view of information security, instilling an information security culture, developing comprehensive information security policies, and ensuring policy compliance. Additionally, the NIA struggles with aligning its information security policies with relevant legislation, managing relationships with other government stakeholders and private sector organisations, and operating within government constraints. These challenges have significant implications for the NIA and other identity organisations facing similar issues.
Understanding and addressing these challenges can enhance information security management, safeguard digital assets, and ensure citizen privacy. However, these challenges occur in a context where management continuity is difficult due to political appointments and interference. These challenges are not unique to the NIA, as identity organisations in other developing countries face similar issues. Further research is needed to best address these challenges and ensure secure digitised identification.
