Cybersecurity Governance in Algerian Institutions as a mechanism for managing information security risks case of: General Inspectorate of finances
Loading...
Date
Journal Title
Journal ISSN
Volume Title
Publisher
Koléa : Ecole Nationale Supérieure de Management
Abstract
In the context of accelerating digital transformation within Algerian public institutions,
information systems governance has become a strategic necessity rather than a technical
option. The General Inspectorate of Finance (IGF), given the sensitive nature of the financial
data it handles, represents a critical case for examining how cybersecurity governance is
structured and implemented in the public sector.
Despite the adoption of certain security policies and procedures, field observations reveal
persistent gaps in their implementation, a lack of formally defined roles and responsibilities,
and the absence of a comprehensive and systematic approach to information security risk
management. This reflects a significant disconnect between the theoretical principles of
cybersecurity governance and their operational reality within the institution.
To address this problem, the study adopts an interpretivist epistemological stance and an
inductive qualitative approach based on Action Research methodology. Data were collected
through semi-structured interviews with four key stakeholders occupying strategic positions
within IGF, and analyzed using NVivo software to identify recurring themes, patterns, and
insights. The analysis reveals six interconnected findings: the absence of a formal
cybersecurity governance framework, ambiguity in roles and responsibilities, a predominantly
reactive rather than proactive security posture, weak institutional coordination, limited
security awareness among staff, and the human factor emerging as the primary and most
critical vulnerability within the institution.
The study concludes that effective cybersecurity governance is not solely a technical matter,
but a strategic and organizational imperative. It recommends the adoption of ISO/IEC 27001
as a reference framework for establishing a formal Information Security Management System
(ISMS), the deployment of a RACI matrix to formalize roles and accountability, and the
integration of FMECA and EBIOS risk methodologies to shift the institution from a reactive
to a proactive risk management posture. These measures are essential for ensuring the
confidentiality, integrity, and availability of IGF's critical information assets within a
sustainable digital transformation strategy.