Abstract
Information security management (ISM) ensures the protection of organisations' data assets. Studying actual security events becomes more critical for ISM preparation. The Capital Market constitutes a wealth of data sources which react to various security incidents. ISM is an essential part of this industry due to high technology dependency. The previous literature emphasises the need for a holistic approach for ISM; therefore, there is necessary to investigate the current state of the ISM to develop a cybersecurity and ISM culture. Research should further explore the impact of national and organisational culture and its effects on ISM and explore ISM practices and initiatives that organisations implement to develop a security culture. This paper explores the factors in order to improve how employees' culture and IS awareness affect ISM implementation. A qualitative approach using the case study method was applied to understand the problem. Twenty-two semi-structured interviews were conducted in the Middle Eastern Capital Market. The thematic data analysis revealed that Middle Eastern culture is a dominant factor influencing ISM and the security culture and awareness significantly impact ISM. This suggests that organisations should focus on security culture and, even more, on IS awareness to improve ISM. This research identifies several challenges in current security practices in the Middle Eastern Capital Market industry, including the lack of attention to cultural effects, generic SETA programs that do not consider specific industry needs, and a lack of connection between culture and awareness programs.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abebe, G., Lessa, L.: Human factors influence in information systems security: towards a conceptual framework. Paper presented at the African International Conference on Industrial Engineering and Operations Management, Harare, Zimbabwe
Aboul Enein, S.: Cybersecurity challenges in the Middle East (2017). https://www.gcsp.ch/publications/cybersecurity-challenges-middle-east
Ahmed, N.N., Nanath, K.: Exploring cybersecurity ecosystem in the Middle East: towards an SME recommender system. J. Cyber Secur. Mob. 10(3), 511–536 (2021)
Al-Harethi, A.A.M., Al-Amoodi, A.H.A.: Organisational factors affecting information security management practices in private sector organisations. Int. J. Psychol. Cogn. Sci. 5(1), 9–23 (2019)
Al Mughairi, B.M., Al Hajri, H.H., Karim, A.M., Hossain, M.I.: An innovative cyber security based approach for national infrastructure resiliency for Sultanate of Oman. Int. J. Acad. Res. Bus. Soc. Sci. 9(3), 1180–1195 (2019)
Alotaibi, F., Furnell, S., Stengel, I., Papadaki, M.: A survey of cyber-security awareness in Saudi Arabia. Paper presented at the in ICITST 2016: International Conference for Internet Technology and Secured Transactions (2016)
Alshaikh, M.: Developing cybersecurity culture to influence employee behavior: a practice perspective. Comput. Secur. 98, 1–10 (2020)
Braun, V., Clarke, V.: One size fits all? What counts as quality practice in (Reflexive) thematic analysis? Qual. Res. Psychol. 18(3), 328–352 (2021). https://doi.org/10.1080/14780887.2020.1769238
Da Veiga, A., Astakhova, L.V., Botha, A., Herselman, M.: Defining organisational information security culture - perspectives from academia and industry. Comput. Secur. 92, 1–50 (2020)
Dharmawansa, A.D., Madhuwanthi, R.: Evaluating the information security awareness (ISA) of employees in the banking sector: a case study. Paper presented at the in KDU IRC 2020: Kotelawala Defence University International Research Conference, Kuliyapitiya, Sri Lanka (2020)
El-Guindy, M.N.: Middle East cyber security threat report 2014. Cybersec. Energy Utilities 25, 1–7 (2013)
Hayes, A.: Capital markets, Investopedia, viewed 30 June 2021. https://www.investopedia.com/terms/c/capitalmarkets.asp
Hughes-Lartey, K., Li, M., Botchey, F.E., Qin, Z.: Human factor, a critical weak point in the information security of an organisation’s internet of things. Heliyon 7(3), 1–13 (2021)
Jamall, A., Ghazali, M.: Banking and capital markets, PwC (PricewaterhouseCoopers) Middle East, viewed 12 June 2021 (2020). https://www.pwc.com/m1/en/industries/banking-capital-markets.html
Khando, K., Gao, S., Islam, S.M., Salman, A.: Enhancing employees information security awareness in private and public organisations: a systematic literature review. Comput. Secur. 106, 1–22 (2021)
Ključnikov, A., Mura, L., Sklenár, D.: Information security management in SMEs: factors of success. Entrepreneurship Sustain. Issues 6(4), 2081–2094 (2019)
Kuchibhotla, H.N., Murray, P., McFarland, R.: Addressing the financial services cybersecurity threat (2017). https://thecybersecurityplace.com/addressing-financial-services-cybersecurity-threat/
Mahfuth, A., Yussof, S., Baker, A.A., Ali, N.A.: A systematic literature review: information security culture. Paper presented at the in ICRIIS 2017: International Conference on Research and Innovation in Information Systems (2017)
Alqurashi, R.K., AlZain, M.A., Soh, B., Masud, M., Al-Amri, J.: Cyber attacks and impacts: a case study in Saudi Arabia. Int. J. Adv. Trends Comput. Sci. Eng. 9(1), 217–224 (2020)
Renaud, K., Flowerday, S., Dupuis, M.: Moving from employee compliance to employee success in the cyber security domain. Comput. Fraud Secur. 2021(4), 16–19 (2021)
Soomro, Z.A., Shah, M.H., Ahmed, J.: Information security management needs more holistic approach: a literature review. Int. J. Inf. Manage. 36(2), 215–225 (2016)
Topa, I., Karyda, M.: From theory to practice: guidelines for enhancing information security management. Inf. Comput. Secur. 27(3), 326–342 (2019)
Uchendu, B., Nurse, J.R., Bada, M., Furnell, S.: Developing a cyber security culture: current practices and future needs. Comput. Secur. 109, 1–38 (2021)
Wiley, A., McCormac, A., Calic, D.: More than the individual: examining the relationship between culture and information security awareness. Comput. Secur. 88, 1–8 (2020). https://doi.org/10.1016/j.cose.2019.101640
Yin, R.K.: Case Study Research and Applications: Design and Methods, 6th edn. SAGE, Thousand Oaks, CA (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Heyasat, H., Mubarak, S., Evans, N. (2023). Security Culture and Security Education, Training and Awareness (SETA) Influencing Information Security Management. In: Daimi, K., Al Sadoon, A. (eds) Proceedings of the Second International Conference on Innovations in Computing Research (ICR’23). Lecture Notes in Networks and Systems, vol 721. Springer, Cham. https://doi.org/10.1007/978-3-031-35308-6_28
Download citation
DOI: https://doi.org/10.1007/978-3-031-35308-6_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35307-9
Online ISBN: 978-3-031-35308-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)