Muharman Lubis
ABSTRACT
Evidence from the literature and observation conducted from various practice in managing project or developing product within the organization suggested that human factors in term of control and direction can be the greatest threats to the organization to ensure the high quality of information security. Therefore, fewer research was conducted towards assessing the level of end-user awareness in a practical way to extract the relationship of demographic factor with user compliance in order to understand the working mechanism. Thus, this study prepares a literature review with the PRISMA model to implement a systematic process in an integrated manner in order to reveal representative information on the subject. Subsequently, a correspondence analysis (CA) was conducted to discover the hidden meaning of the relevant demographic factors that might affect the intention to comply with the organization's policy to protect confidential, sensitive and confidential information. One interesting result stated that ethnicity provides a stronger association by providing a total variation of 0.121, singular value of 0.248, chi-square of 26.208 and standard deviation of 0.063.
- J. K. Jesson, L. Matheson and F. M. Lacey, Doing Your Literature Traditional and Systematic Technique. SAGE, London, 2011.Google Scholar
- Z. Jiang, C. S. Heng & B. C. Choi. Privacy Concerns and Privacy-Protective Behavior in Synchronous Online Social Interaction. Information System Research, 24 (3), 579--595, 2013.Google ScholarCross Ref
- M. Lubis, R. Fauzi and M. A. Hasibuan, Categorization for the Security Awareness Domain and Resource (SADAR) Model in the Organization: A Clustering Statistical Analysis. Journal of Physics: Conference Series 1235:012040, 2019.Google ScholarCross Ref
- D. Zelhofer, Information Security Policies in Organization. Organizing for the Digital World, 49--62, 2018.Google Scholar
- J. D'Arcy & P. B. Lowry, Cognitive - affective drivers of employees' daily compliance with information security policies: A multilevel, longitudinal study. Journal of Information System, 29, 43--69, 2017.Google ScholarCross Ref
- I. Lopes & P Oliveira, Implementation of Information System Security Policies A Survey in Small and Medium Enterprises. Journal of Information System and Technologies, 459--468, 2015.Google Scholar
- R. Zhu & L. Janczewski, a Proposed Framework for Examining Information Systems Security Research: A Multilevel Perspective, Transforming Healthcare through Information Systems, 49--61, 2016.Google ScholarCross Ref
- X. Cheng, L. Cheng & D. Wu, Factors That Influence Employees' Security Policy Compliance: An Awareness-Motivation-Capability Perspective. Journal of Computer and Information Systems, 58, 312--324, 2016.Google ScholarCross Ref
- A. Niescieruk, B. Ksiezopolski, R. Nielek & A. Wierzbicki, How to Train People to Increase Their Security Awareness in IT. Advanced Multimedia and Ubiquitous Engineering, 12--17, 2017.Google Scholar
- S. M. Wu, D. Guo & Y. C. Wu, the Effects of Bank Employees' Information Security Awareness on Performance of Information Security Governance. Advances in Intelligent Systems and Interactive Applications, pp. 657--663, 2017.Google Scholar
- E. Yildirim, the Importance of Information Security Awareness for the Success of Business Enterprises. Advances in Human Factors in Cybersecurity, pp. 211--222, 2016.Google ScholarCross Ref
- S. Wang, Y. Qu, L. Zheng, Y. Xiao & H. Shi, Exploration of Information Security Education of University Students. Advances in Intelligent Systems and Interactive Applications, 476--480, 2017.Google Scholar
- H. W. Glaspie & W. Karwowski, Human Factors in Information Security Culture: A Literature Review, Advances in Human Factors in Cybersecurity, 269--280, 2017.Google Scholar
- S. Bauer & Edward W.N Bernroider, "The Effects of Awareness Programs on Information Security in Banks: The Roles of Protection Motivation and Monitoring. Human Aspects of Information Security, Privacy and Trust, 154--164, 2015.Google Scholar
- L. Drevin, H. Kruger, A. M. Bell & T. Steyn, a Linguistic Approach to Information Security Awareness Education in a Healthcare Environment. Information Security Education for a Global Digital Society, 87--97, 2017.Google Scholar
- I. Topa & M. Karyda, Identifying Factors that Influence Employees' Security Behavior for Enhancing ISP Compliance. Trust, Privacy and Security in Digital Business, 169--179, 2015.Google Scholar
- N. Guhr, B. Lebek & M. H. Breitner, the impact of leadership on employees' intended information security behaviour: An examination of the full - range leadership theory. Journal of Information System, 29 (2), 2018.Google ScholarCross Ref
- N. Sebescen & J. Vitak, Securing the human: Employee security vulnerability risk in organizational settings. Journal of the Association for Information Science and Technology, 68, pp. 2237--2247, 2017.Google ScholarDigital Library
- H. J. Kam & P. Katerattanakul, Information Security in Higher Education: A Neo-Institutional Perspective. Journal of Information Privacy and Security, 10 (1), 2014.Google ScholarCross Ref
- E. Sherif, S. Furnell & N. Clarke, an Identification of Variables Influencing the Establishment of Information Security Culture. Human Aspects of Information Security, Privacy and Trust, 436--448, July 2015.Google Scholar
- B. B. Page, Exploring Organizational Culture for Information Security in Healthcare Organizations: A Literature Review. PICMET, 2017.Google Scholar
- P. Jeremia, G. N. Samy, B. Shanmugam, K. Ponkoodalingam & S. Perumal. Potential Measures to Enhance Information Security Compliance in the Healthcare Internet of Things. IRICT, 726--735, 2018.Google Scholar
- M. Anandarajan & S. Malik, Protecting the Internet of medical things: A situational crime-prevention approach. Journal of Congent Medicine 5, 1--23, 2018.Google Scholar
- E. Metalidou, C. Marinagi, P. Trivellas, N. Eberhagen, C. Skourlas and G. Giannakopoulos, the Human Factor of Information Security: Unintentional Damage Perspective. Procedia -- Social and Behavioral Sciences 147, 424--428, 2014.Google Scholar
- H. Aldawood and G. Skinner, Reviewing Cyber Security Social Engineering Training and Awareness Programs-Putfalls and Ongoing Issues. Future Internet 11 (73), 2019.Google Scholar
- A. R. Ahlan, M. Lubis and A. R. Lubis, Information Security Awareness at the Knowledge-based Institution: Its Antecedents and Measures. Procedia Computer Science, 72, 361--373, 2015.Google ScholarCross Ref
- A. R. Ahlan and M. Lubis, Information Security Awareness in University: Maintaining Learnability, Performance and Adaptability through Roles of Responsibility. IAS 246-250, 2011.Google Scholar
- W. Reinhardt, C. Mletzko, P. B. Sloep and H. Drachsler, Understanding the Meaning of Awareness in Research Networks. ARTEL/EC-TEL, 13--30, 2012.Google Scholar
- N. Sourial, C. Wolfson, B. Zhu, J. Quali, J. Fletcher, S. Karunananthan, K. Bandeen-Roche, F. Beland and H. Bergman, Correspondence Analysis is Useful Tool to Uncover the Relationship Among Categorical Variables. J. Clin. Epidemiol, 63 (6), 638--646, 2010.Google ScholarCross Ref
- P. M. Yelland, an Introduction to Correspondence Analysis. The Mathematica Journal, 12, 2010.Google Scholar
- M. J. Greenacre, Theory and Applications of Correspondence Analysis. London: Academic Press, 1984.Google Scholar
- J. P. Benzecri, Correspondence Analysis Handbook. New York: Marcel Dekker, 1992.Google ScholarCross Ref
- J. Kudlats, A. Money and J. F. Hair Jr., Correspondence analysis: a promising technique to interpret qualitative data in family business research. J. of Family Business Strategy, 5 (1), 30--40, 2014.Google ScholarCross Ref
- F. Habib, I. Etessam, S. H. Ghoddusifar and N. Mohajeri, Correspondence analysis: a new method for analyzing qualitative in architecture. Nexus Network Journal 14 (3), 517--538, 2012.Google ScholarCross Ref
- P. Robinson and J. Lowe, Literature reviews vs systematic reviews. Australian and New Zealand Journal of Public Health, 39 (2), 2015.Google ScholarCross Ref
- K. Micki and F. T. Harold, Handbook of Information Security Management. CRC Press LLC, 2007.Google Scholar
- C. O. Corona, Information security awareness: an innovation approach. Research Thesis. Royal Holloway, University of London, 2009.Google Scholar
- M. Chan, I. Woon and A. Kankanhalli, Perception of information security at the workplace: linking information security climate to compliant behavior. Journal of Information Privacy and Security, 1 (3), 18--41, 2005.Google ScholarCross Ref
- M. Siponen and A. Vance, Neutralization: new insight into the problem of employee information systems security policy violations. MIS Quaterly, 34 (3), 487--502, 2010.Google ScholarDigital Library
- B. Y. Ng and M. A. Rahim, a socio-behavioral study of home computer users' intention to practice security. 9th Pacific Asia Conference on Information Systems 2005.Google Scholar
- L. Doey and J. Kurta, Correspondence analysis applied to psychological research. Tutorials in Quantitative Methods for Psychology, 7 (1), 5--14, 2011.Google ScholarCross Ref
Index Terms
- Information Security Awareness (ISA) towards the Intention to Comply and Demographic Factors: Statistical Correspondence Analysis
Recommendations
Exploring Factors Influencing Self-Efficacy in Information Security: An Empirical Analysis by Integrating Multiple Theoretical Perspectives in the Context of Using Protective Information Technologies
SIGMIS-CPR '17: Proceedings of the 2017 ACM SIGMIS Conference on Computers and People ResearchSelf-efficacy in information security (SEIS) is one of the most researched predictors of end user security behavior that hinges on end user acceptance and use of the protective technologies such as anti-virus and anti-spyware. SEIS is also modeled as a ...
Improving Organisational Information Security Management: The Impact of Training and Awareness
HPCC '12: Proceedings of the 2012 IEEE 14th International Conference on High Performance Computing and Communication & 2012 IEEE 9th International Conference on Embedded Software and SystemsSecurity breaches that affect personal data and organisational systems have become increasingly significant in the global technology (IT) industry. There is scope for research on the factors that influence user behaviour and attitudes toward this aspect ...
Employees' adherence to information security policies: An exploratory field study
The key threat to information security comes from employees who do not comply with information security policies. We developed a new multi-theory based model that explained employees' adherence to security policies. The paradigm combines elements from ...
Comments