Cybersecurity Governance in Algerian Institutions as a mechanism for managing information security risks case of: General Inspectorate of finances

dc.contributor.authorRezgui, Abdeldjebar
dc.contributor.authorTaibouni, Ilyas
dc.contributor.authorDerrar, Hacene
dc.date.accessioned2026-07-12T09:11:26Z
dc.date.issued2026-06-08
dc.description.abstractIn the context of accelerating digital transformation within Algerian public institutions, information systems governance has become a strategic necessity rather than a technical option. The General Inspectorate of Finance (IGF), given the sensitive nature of the financial data it handles, represents a critical case for examining how cybersecurity governance is structured and implemented in the public sector. Despite the adoption of certain security policies and procedures, field observations reveal persistent gaps in their implementation, a lack of formally defined roles and responsibilities, and the absence of a comprehensive and systematic approach to information security risk management. This reflects a significant disconnect between the theoretical principles of cybersecurity governance and their operational reality within the institution. To address this problem, the study adopts an interpretivist epistemological stance and an inductive qualitative approach based on Action Research methodology. Data were collected through semi-structured interviews with four key stakeholders occupying strategic positions within IGF, and analyzed using NVivo software to identify recurring themes, patterns, and insights. The analysis reveals six interconnected findings: the absence of a formal cybersecurity governance framework, ambiguity in roles and responsibilities, a predominantly reactive rather than proactive security posture, weak institutional coordination, limited security awareness among staff, and the human factor emerging as the primary and most critical vulnerability within the institution. The study concludes that effective cybersecurity governance is not solely a technical matter, but a strategic and organizational imperative. It recommends the adoption of ISO/IEC 27001 as a reference framework for establishing a formal Information Security Management System (ISMS), the deployment of a RACI matrix to formalize roles and accountability, and the integration of FMECA and EBIOS risk methodologies to shift the institution from a reactive to a proactive risk management posture. These measures are essential for ensuring the confidentiality, integrity, and availability of IGF's critical information assets within a sustainable digital transformation strategy.
dc.identifier.urihttps://dspace.ensmanagement.edu.dz/handle/123456789/2368
dc.language.isoen
dc.publisherKoléa : Ecole Nationale Supérieure de Management
dc.subjectCybersecurity Governance
dc.subjectInformation Security Risk Management
dc.subjectISO/IEC 27001
dc.subjectFMECA
dc.subjectEBIOS
dc.subjectDigital Transformation
dc.subjectGeneral Inspectorate of Finance
dc.subjectAction Research
dc.subjectNVivo
dc.titleCybersecurity Governance in Algerian Institutions as a mechanism for managing information security risks case of: General Inspectorate of finances
dc.typeThesis

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
inbound4687792561554157858 - abd el djebar rezgui.pdf
Size:
1.9 MB
Format:
Adobe Portable Document Format

License bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
license.txt
Size:
1.71 KB
Format:
Item-specific license agreed to upon submission
Description: