Thesis

Information security policies for digitised identity systems : an investigation into the views of stakeholders of the Ghanaian national identity system

Downloadable Content

Download PDF
Creator
Rights statement
Awarding institution
  • University of Strathclyde
Date of award
  • 2025
Thesis identifier
  • T17412
Person Identifier (Local)
  • 201879592
Qualification Level
Qualification Name
Department, School or Faculty
Abstract
  • The increasing adoption of Electronic Identity Systems (EIS) globally has transformed identity management and verification processes enhancing efficiency in public service delivery. Information Security Policies (ISPs) play an important role in ensuring data security and privacy in all information systems. However, the specific ISP needs of EIS particularly in developing countries, have received little attention to date. The aim of this thesis is to understand the ISP needs of EIS with a focus on development countries, using the Ghanaian National Identification Authority (NIA) EIS as a case study. The thesis investigates the formulation, development, implementation, and evolution of the NIA’s ISP from the perspective of its stakeholders, NIA staff, user agencies and the public. The findings reveal that while NIA staff acknowledge the importance of the ISP, there is limited stakeholder involvement and communication during its development. External stakeholders express varying levels of trust and engagement and call for clearer responsibilities and greater transparency in security practices. The study highlights the need to formalise policy development processes, align them with government regulations, and involve both public and private sector experts. It also identifies a gap between public expectations and the NIA’s engagement efforts, underscoring the importance of transparency and proactive communication in building trust. This research contributes to the field by offering practical recommendations for improving ISP communication, stakeholder engagement, and overall information security management. It emphasises the need for EIS organisations to regularly review and update their ISPs with stakeholder input to enhance compliance, effectiveness, and public trust in digital identity systems
Advisor / supervisor
  • Terzis, Sotirios, 1973-
Resource Type
DOI

Relations

Items

Thumbnail Title Date Uploaded Visibility Actions
file details PDF of thesis T17412 2025-07-10 Public Download