Abstract
For large financial institutions, the available resources allocated to cyber security greatly exceed the capabilities of smaller financial institutions, such as credit unions and community banks. However, the sensitivity of personally identifiable information (PII) and associated risks to the institutions and respective consumers in the event of security breaches are the same no matter the size of the financial institution. These facts when assessed in tandem yield a false equivalency: how can a smaller institution with significantly fewer resources keep consumer and company data secure at standards equivalent to large financial institutions? In this research, Human Aspects of Information Security Questionnaires (HAIS-Q) are voluntarily completed by six employees of a small financial institution and 25 undergraduate and graduate students enrolled in computing courses at a small four year collegiate institution and are quantitatively analyzed/discussed to evaluate potential relationships between employee knowledge, attitude, and behavior (KAB model).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Benbasat, I., Goldstein, D.K., Mead, M.: The case research strategy in studies of information systems. MIS Q. 11(3), 369–386 (1987)
Bernard, R.: Information lifecycle security risk assessment: a tool for closing security gaps. Comput. Secur. 26(1), 26–30 (2007)
Cassini, J.A., Medlin, B.D., Adriana, R.: Laws and regulations dealing with information security and privacy: an investigative study. Int. J. Inf. Secur. Priv. (IJISP) 2(2), 70–82 (2008)
Clarke, N., Li, F., Furnell, S.: A novel privacy preserving user identification approach for network traffic. Comput. Secur. 70(Supplement C), 335–350 (2017)
FFIEC Cybersecurity Assessment Tool. https://www.ffiec.gov/pdf/cybersecurity/FFIEC_CAT_May_2017_All_Documents_Combined.pdf. Accessed 14 Oct 2020
Dauch, K., Hovak, A., Nestler, R.: Information assurance using a defense in-depth strategy, pp. 267–272 (2009)
Gerber, M., von Solms, R.: Information security requirements – interpreting the legal aspects. Comput. Secur. 27(5), 124–135 (2008)
Groat, S., Tront, J., Marchany, R.: Advancing the defense in depth model, pp. 285–290 (2012)
Hatfield, J.M.: Social engineering in cybersecurity: the evolution of a concept. Comput. Secur. 73, 102–113 (2018)
Kaplan, B., Duchon, D.: Combining qualitative and quantitative methods in information systems research: a case study. MIS Q. 12(4), 571–586 (1988)
Kruger, H.A., Kearney, W.D.: A prototype for assessing information security awareness. Comput. Secur. 25(4), 289–296 (2006)
Osborn, E., Simpson, A.: On small-scale IT users’ system architectures and cyber security: a UK case study. Comput. Secur. 70, 27–50 (2017)
Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A., Zwaans, T.: The human aspects of information security questionnaire (HAIS-Q): two further validation studies. Comput. Secur. 66, 40–51 (2017)
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., Jerram, C.: Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q). Comput. Secur. 42, 165–176 (2014)
Ross, R.S.: Security and Privacy Controls for Federal Information Systems and Organziations [including updates as of 1/22/2015] (NIST, 2015, Revision 4), NIST Special Publication 800-853 Revision 804
Sandhya, S., Sumithra Devi, K.A., Paramasivam, S.: Augmenting Bluetooth security by behavior based user categorization. Procedia Comput. Sci. 57(Supplement C), 1424–1431 (2015)
Sayogo, D.S., Pardo, T.A., Bloniarz, P.: Information sharing and financial market regulation: understanding the capability gap. In: Proceedings of the 6th International Conference on Theory and Practice of Electronic Governance, Albany, New York, USA, pp. 123–131. ACM (2012)
Shameli-Sendi, A., Aghababaei-Barzegar, R., Cheriet, M.: Taxonomy of information security risk assessment (ISRA). Comput. Secur. 57, 14–30 (2016)
Solic, K., Ocevcic, H., Golub, M.: The information systems’ security level assessment model based on an ontology and evidential reasoning approach. Comput. Secur. 55, 100–112 (2015)
Webb, J., Ahmad, A., Maynard, S.B., Shanks, G.: A situation awareness model for information security risk management. Comput. Secur. 44, 1–15 (2014)
Zhu, D., Premkumar, G., Zhang, X., Chao-Hsien, C.: Data mining for network intrusion detection: a comparison of alternative methods. Decis. Sci. 32(4), 635–660 (2001)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Papp, G., Lovaas, P. (2021). Assessing Small Institutions’ Cyber Security Awareness Using Human Aspects of Information Security Questionnaire (HAIS-Q). In: Arai, K. (eds) Intelligent Computing. Lecture Notes in Networks and Systems, vol 285. Springer, Cham. https://doi.org/10.1007/978-3-030-80129-8_62
Download citation
DOI: https://doi.org/10.1007/978-3-030-80129-8_62
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-80128-1
Online ISBN: 978-3-030-80129-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)