Exploring the Relationship of Individual Indicator as the Critical Factor in Information Security Awareness

Purpose – The purpose of this paper was to analyse existing theories from the social sciences to gain a better understanding of factors which contribute to student mobile phone users’ poor information security behaviour. Two key aspects associated with information security behaviour were considered, namely, awareness and behavioural intent. This paper proposes that the knowing-and-doing gap can possibly be reduced by addressing both awareness and behavioural intent. This research paper explores the relationship between student mobile phone user information security awareness and behavioural intent in a developmental university in South Africa. Design/methodology/approach – Information security awareness interventions were implemented in this action research study, and student information security behavioural intent was observed after each cycle. Findings – The poor security behaviour exhibited by student mobile phone users, which was confirmed by the findings of this study, is of particular interest in the university context, as most undergraduate students are offered a computer-related course which covers certain information security-related principles. Existing researchers in the field of information security still grapple with the “knowing-and-doing” gap, where user information security knowledge/awareness sometimes does not result in safer behavioural practises. Originality/value – Zhang et al. (2009) suggest that understanding human behaviour is important when dealing with the problems caused by human errors. Harnesk and Lindstrom (2011) expressed a concern that existing research does not address the interlinked relationship between anticipated security behaviour and the enactment of security procedures. This study acknowledges Choi et al. (2008) contribution in their discussions on the “knowing-and-doing gap” suggests a link between awareness and actual behaviour that is confirmed by the findings of this study.

Download Full-text

Predicting information security culture among employees of telecommunication companies in an emerging market

Information and Computer Security ◽

10.1108/ics-02-2021-0020 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Nurul Asmui Azmi Md Azmi ◽

Ai Ping Teoh ◽

Ali Vafaei-Zadeh ◽

Haniruzila Hanifah

Keyword(s):

Information Security ◽

Emerging Market ◽

Mediating Effect ◽

Security Awareness ◽

Content Type ◽

Security Culture ◽

Information Security Awareness ◽

The Relationship ◽

Information Security Culture ◽

Telecommunications Companies

Purpose The purpose of this study is to examine factors, which influence information security culture among employees of telecommunications companies. The motivation for this study was the rise in the number of data breach incidents caused by the organizations’ own employees. Design/methodology/approach A total of 139 usable responses were collected via a Web-based questionnaire survey from employees of Malaysian telecommunications companies. Data were analysed by using SmartPLS 3. Findings Security education, training and awareness (SETA) programmes and information security awareness were found to have a positive and significant impact on Information Security Culture. Additionally, self-reported employees’ security behaviour was found to act as a partial mediator on the relationship between information security awareness and information security culture. Research limitations/implications The study was cross-sectional in nature. Therefore, it could not measure changes in population over time. Practical implications The empirical data provides a new perspective on significant elements that influence information security culture in an emerging market. Organizations in the telecommunications industry can now recognize that SETA programmes and information security awareness have a significant impact on information security culture. Employees’ security behaviour also mediates the relationship between information security awareness and information security culture. Originality/value This is the first study to analyse the mediating effect of employees’ security behaviour on the relationship between information security awareness and information security culture in the Malaysian telecommunications context.

Download Full-text

THE DOMINANT FACTOR FOR IMPROVING INFORMATION SECURITY AWARENESS

Jurnal Cakrawala Pendidikan ◽

10.21831/cp.v38i3.25626 ◽

2019 ◽

Vol 38 (3) ◽

pp. 490-498

Author(s):

Iffah Budiningsih ◽

Tjiptogoro Dinarjo Soehari ◽

Irwansyah Irwansyah

Keyword(s):

Information Security ◽

Communication Technology ◽

Organizational Support ◽

Information Access ◽

Dominant Factor ◽

Security Awareness ◽

Information Communication ◽

Information Security Awareness ◽

The Relationship ◽

Research Show

The advancement of science and technology especially in the field of Information Communication Technology (ICT) is characterized by the availability of information access faster, easier, convenient, but also vulnerable to try to steal (tap) and modify information. This study aims to determine the relationship between organizational support perception, competence, and motivation with information security awareness. The survey involved a population of 324 people affordable employees in local government that handling information systems in 33 provinces. The sample was taken 140 people by stratified proportional random sampling. The data were collected using a questionnaire and analyzed using multiple regression. The results of the research show: (1) Information security awareness is influenced positively and significantly by the organizational support perception, competence and motivation, (2) The competence is the dominant factor that influences the information security awareness compared to the organizational support perception and motivation, (3) Information security awareness can improve by competencies of knowledge, skill, attitude continuously and tiered, and the model instructional awareness training developed by ‘Schultz’ can be used to improve the attitude or character of information security awareness.

Download Full-text

Exploring the Relationship between Internal Information Security, Response Cost and Security Intention in Container Shipping

Applied Sciences ◽

10.3390/app11062609 ◽

2021 ◽

Vol 11 (6) ◽

pp. 2609

Author(s):

Hsin-Wei Wang ◽

Szu-Yu Kuo ◽

Liang-Bi Chen

Keyword(s):

Factor Analysis ◽

Information Security ◽

Discriminant Validity ◽

Equation Modeling ◽

Security Awareness ◽

Container Shipping ◽

Response Cost ◽

Information Security Awareness ◽

Organizational Information ◽

The Relationship

This study empirically investigates the influence of information security marketing and response cost on employees’ information security intention in the container shipping industry. Survey data were collected from 285 respondents in Taiwan. Exploratory factor analysis was employed to identify all the measures to be summarized in a relative set. Confirmatory factor analysis was utilized to ensure every measure’s construct’s convergent and discriminant validity. Structural equation modeling was carried out to the proposed model in this article. The results indicate that organizational information security marketing has a positive impact on information security intention. Furthermore, this study conducted hierarchical regression to examine the moderating effects of information security awareness and information security climate. In particular, information security awareness significantly influenced the relationships between organizational information security marketing, response cost, and information security intention. Moreover, information security climate moderated the relationship between response cost and information security intention. This article concludes by discussing these theoretical and practical findings and implications.

Download Full-text

The effect of resilience and job stress on information security awareness

Information and Computer Security ◽

10.1108/ics-03-2018-0032 ◽

2018 ◽

Vol 26 (3) ◽

pp. 277-289 ◽

Cited By ~ 5

Author(s):

Agata McCormac ◽

Dragana Calic ◽

Kathryn Parsons ◽

Marcus Butavicius ◽

Malcolm Pattinson ◽

...

Keyword(s):

Information Security ◽

Job Stress ◽

The Body ◽

Future Research ◽

Security Awareness ◽

Content Type ◽

Information Security Awareness ◽

Positive Effects ◽

Human Aspects ◽

The Relationship

Purpose The purpose of this study was to investigate the relationship between resilience, job stress and information security awareness (ISA). The study examined the effect of resilience and job stress on the three components that comprise ISA, namely, knowledge, attitude and behaviour. Design/methodology/approach A total of 1,048 working Australians completed an online questionnaire. ISA was measured with the Human Aspects of Information Security Questionnaire. Participants also completed the Brief Resilience Scale and the Job Stress Scale. Findings It was found that participants with greater resilience also had higher ISA and experienced lower levels of job stress. More specifically, individuals who reported higher levels of resilience had significantly better knowledge, attitude and behaviour. Similarly, participants who reported lower levels of job stress also reported significantly better knowledge, attitude and behaviour. Resilience plays an important mediating role in the relationship between job stress and ISA. This means that even if people have high levels of job stress, if they are better able to cope with or adapt to stress (i.e. have higher resilience), they are less likely to have lower ISA. Results of this study add to the body of literature emphasising the positive effects of resilience and suggest that resilience is associated with improved ISA and therefore more secure behaviour. Research limitations/implications Future research should focus on assessing the influence of resilience training in the workplace. Originality/value Given the constructive findings, it may be valuable to focus on the effect of organisational culture, and organisational security culture, on resilience, job stress and ISA.

Download Full-text