Issues and Trends in Information Security Policy Compliance

Bhaharin, Surayahani Hasnul; Mokhtar, Umi Asma’; Sulaiman, Riza; Yusof, Maryati Mohd.

doi:10.1109/icriis48246.2019.9073645

Cited by 13 publications

(5 citation statements)

References 48 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…By means of the present figure we can indicate that the most outstanding words risk assessment, human, and computer security are the common terms, however, it should be specified that the human factor was the key piece for the management of the principles of cybersecurity within the business sector. Hence, states that there is a high degree of importance to the responsibility of information risks to the users of the system against social engineering so a culture of information security is of utmost importance for the protection of computer assets [9]. As mentioned by the author it is agreed that it is necessary to make companies aware of the need to avoid possible social engineering attacks; especially because by this means companies or even users are more vulnerable to information theft.…”

Section: Resultsmentioning

confidence: 99%

Enterprise information security risks: a systematic review of the literature

Sandoval¹,

Celis

Cabanillas-Carbonell

2023

IJEECS

View full text Add to dashboard Cite

Currently, computer security or cybersecurity is a relevant aspect in the area of networks and communications of a company, therefore, it is important to know the risks and computer security policies that allow a unified management of cyber threats that only seek to affect the reputation or profit from the confidential information of organizations in the business sector. The objective of the research is to conduct a systematic review of the literature through articles published in databases such as Scopus and Dimension. Thus, in order to perform a complete documentary analysis, inclusion and exclusion criteria were applied to evaluate the quality of each article. Then, using a quantitative scale, articles were filtered according to author, period and country of publication, leaving a total of 86 articles from both databases. The methodology used was the one proposed by Kitchenham, and the conclusion reached was that the vast majority of companies do not make a major investment in the purchase of equipment and improvement of information technology (IT) infrastructure, exposing themselves to cyber-attacks that continue to grow every day. This research provides an opportunity for researchers, companies and entrepreneurs to consult so that they can protect their organization's most important assets.

show abstract

Section: Resultsmentioning

confidence: 99%

Enterprise information security risks: a systematic review of the literature

Sandoval¹,

Celis

Cabanillas-Carbonell

2023

IJEECS

View full text Add to dashboard Cite

show abstract

“…The security of organisational information is increasingly being challenged as threats are getting more sophisticated and varied in the era of Industry 4.0 (Bhaharin et al, 2019). Information security, therefore, plays an important role in ensuring that organisational operations and services are not disrupted or compromised.…”

Section: Literature Reviewmentioning

confidence: 99%

Biometric system for protecting information and improving service delivery: The case of a developing country's social security and pension organisation

Owusu-Oware

Effah

2022

Information Development

View full text Add to dashboard Cite

The conception of biometric systems as a means of securing sensitive information and enhancing service delivery remains under-researched. To address this knowledge gap, we explore the case of a public-sector social security and pension organisation in Ghana using a qualitative interpretative study approach and the information security model of confidentiality-integrity-availability as an analytical lens. The study's findings indicate that integrating and using biometric identification and authentication as part of delivering social security and pension services can protect availability, confidentiality, and integrity of information. The findings further show that the use of a biometric system for social security and pension information security can contribute to reducing service turnaround time and vulnerability to fraudulent manipulation of benefits payments. The study provides implications for research, practice, and policy. For research, the paper opens up biometric systems’ study from the perspective of information security and service improvement. For practice and policy, the study demonstrates the importance of aligning biometric systems’ deployment and use with domain application requirements.

show abstract

“…It is argued that employee compliance with ISPs minimises security incidents (Humaidi and Balakrishnan, 2017;Nasir et al, 2017). Therefore, there is a need to understand what motivates compliance with ISPs (Huang et al, 2016;Curry et al, 2018;Bhaharin et al, 2019), as the human element is also responsible for security breaches (Ofori et al, 2020).…”

Section: Information Security Behaviourmentioning

confidence: 99%

“…Security breaches can result in loss of productivity, theft of information assets, system downtime, destruction of information technology (IT) infrastructure and damage to the organisation's reputation; the organisation may face lawsuits, penalties and regulatory action (Ponemon Institute, 2020). Security incidents can also result in the theft of sensitive information (Bhaharin et al, 2019), such as customer and employee records. In some studies, as much as 35% of customer records and 30% of employee records were compromised (PricewaterhouseCoopers, 2018).…”

Section: Introductionmentioning

confidence: 99%

Assessing information security behaviour: a self-determination theory perspective

Gangire

Veiga

Herselman

2021

ICS

View full text Add to dashboard Cite

Purpose This paper outlines the development of a validated questionnaire for assessing information security behaviour. The purpose of this paper is to present data from the questionnaire validation process and the quantitative study results. Design/methodology/approach Data obtained through a quantitative survey (N = 263) at a South African university were used to validate the questionnaire. Findings Exploratory factor analysis produced 11 factors. Cronbach’s alpha for the 11 factors were all above 0.7, suggesting that the questionnaire is valid and reliable. The responses show that autonomy questions received positive perception, followed by competence questions and lastly relatedness questions. The correlation analysis results show that there was a statistically significant relationship between competence factors and autonomy factors. There was a partial significant relationship between autonomy and relatedness factors, and between competence and relatedness factors. The study results suggest that competence and autonomy could be more important than relatedness in fostering information security behaviour among employees. Research limitations/implications This study used a convenience sampling, a cross-sectional design, and was carried out in a single organisation. This could pose limitations when generalising the study results. Future studies could use random sampling and consider other universities for further validation. Practical implications Universities can use the questionnaire to identify developmental areas to improve information security from a behaviour perspective. Originality/value This paper provides a research instrument for assessing information security behaviour from the perspective of the self-determination theory.

show abstract

Issues and Trends in Information Security Policy Compliance

Cited by 13 publications

References 48 publications

Enterprise information security risks: a systematic review of the literature

Enterprise information security risks: a systematic review of the literature

Biometric system for protecting information and improving service delivery: The case of a developing country's social security and pension organisation

Assessing information security behaviour: a self-determination theory perspective

Contact Info

Product

Resources

About