research-article

Information Security Awareness (ISA) towards the Intention to Comply and Demographic Factors: Statistical Correspondence Analysis

Authors:

Muharman Lubis,

Pipit Liandani,

Arif Ridho LubisAuthors Info & Claims

ICCCM '20: Proceedings of the 8th International Conference on Computer and Communications Management

Pages 79 - 84

https://doi.org/10.1145/3411174.3411196

Published: 26 August 2020 Publication History

Abstract

Evidence from the literature and observation conducted from various practice in managing project or developing product within the organization suggested that human factors in term of control and direction can be the greatest threats to the organization to ensure the high quality of information security. Therefore, fewer research was conducted towards assessing the level of end-user awareness in a practical way to extract the relationship of demographic factor with user compliance in order to understand the working mechanism. Thus, this study prepares a literature review with the PRISMA model to implement a systematic process in an integrated manner in order to reveal representative information on the subject. Subsequently, a correspondence analysis (CA) was conducted to discover the hidden meaning of the relevant demographic factors that might affect the intention to comply with the organization's policy to protect confidential, sensitive and confidential information. One interesting result stated that ethnicity provides a stronger association by providing a total variation of 0.121, singular value of 0.248, chi-square of 26.208 and standard deviation of 0.063.

References

[1]

J. K. Jesson, L. Matheson and F. M. Lacey, Doing Your Literature Traditional and Systematic Technique. SAGE, London, 2011.

[2]

Z. Jiang, C. S. Heng & B. C. Choi. Privacy Concerns and Privacy-Protective Behavior in Synchronous Online Social Interaction. Information System Research, 24 (3), 579--595, 2013.

[3]

M. Lubis, R. Fauzi and M. A. Hasibuan, Categorization for the Security Awareness Domain and Resource (SADAR) Model in the Organization: A Clustering Statistical Analysis. Journal of Physics: Conference Series 1235:012040, 2019.

[4]

D. Zelhofer, Information Security Policies in Organization. Organizing for the Digital World, 49--62, 2018.

[5]

J. D'Arcy & P. B. Lowry, Cognitive - affective drivers of employees' daily compliance with information security policies: A multilevel, longitudinal study. Journal of Information System, 29, 43--69, 2017.

[6]

I. Lopes & P Oliveira, Implementation of Information System Security Policies A Survey in Small and Medium Enterprises. Journal of Information System and Technologies, 459--468, 2015.

[7]

R. Zhu & L. Janczewski, a Proposed Framework for Examining Information Systems Security Research: A Multilevel Perspective, Transforming Healthcare through Information Systems, 49--61, 2016.

[8]

X. Cheng, L. Cheng & D. Wu, Factors That Influence Employees' Security Policy Compliance: An Awareness-Motivation-Capability Perspective. Journal of Computer and Information Systems, 58, 312--324, 2016.

[9]

A. Niescieruk, B. Ksiezopolski, R. Nielek & A. Wierzbicki, How to Train People to Increase Their Security Awareness in IT. Advanced Multimedia and Ubiquitous Engineering, 12--17, 2017.

[10]

S. M. Wu, D. Guo & Y. C. Wu, the Effects of Bank Employees' Information Security Awareness on Performance of Information Security Governance. Advances in Intelligent Systems and Interactive Applications, pp. 657--663, 2017.

[11]

E. Yildirim, the Importance of Information Security Awareness for the Success of Business Enterprises. Advances in Human Factors in Cybersecurity, pp. 211--222, 2016.

[12]

S. Wang, Y. Qu, L. Zheng, Y. Xiao & H. Shi, Exploration of Information Security Education of University Students. Advances in Intelligent Systems and Interactive Applications, 476--480, 2017.

[13]

H. W. Glaspie & W. Karwowski, Human Factors in Information Security Culture: A Literature Review, Advances in Human Factors in Cybersecurity, 269--280, 2017.

[14]

S. Bauer & Edward W.N Bernroider, "The Effects of Awareness Programs on Information Security in Banks: The Roles of Protection Motivation and Monitoring. Human Aspects of Information Security, Privacy and Trust, 154--164, 2015.

[15]

L. Drevin, H. Kruger, A. M. Bell & T. Steyn, a Linguistic Approach to Information Security Awareness Education in a Healthcare Environment. Information Security Education for a Global Digital Society, 87--97, 2017.

[16]

I. Topa & M. Karyda, Identifying Factors that Influence Employees' Security Behavior for Enhancing ISP Compliance. Trust, Privacy and Security in Digital Business, 169--179, 2015.

[17]

N. Guhr, B. Lebek & M. H. Breitner, the impact of leadership on employees' intended information security behaviour: An examination of the full - range leadership theory. Journal of Information System, 29 (2), 2018.

[18]

N. Sebescen & J. Vitak, Securing the human: Employee security vulnerability risk in organizational settings. Journal of the Association for Information Science and Technology, 68, pp. 2237--2247, 2017.

Digital Library

[19]

H. J. Kam & P. Katerattanakul, Information Security in Higher Education: A Neo-Institutional Perspective. Journal of Information Privacy and Security, 10 (1), 2014.

[20]

E. Sherif, S. Furnell & N. Clarke, an Identification of Variables Influencing the Establishment of Information Security Culture. Human Aspects of Information Security, Privacy and Trust, 436--448, July 2015.

[21]

B. B. Page, Exploring Organizational Culture for Information Security in Healthcare Organizations: A Literature Review. PICMET, 2017.

[22]

P. Jeremia, G. N. Samy, B. Shanmugam, K. Ponkoodalingam & S. Perumal. Potential Measures to Enhance Information Security Compliance in the Healthcare Internet of Things. IRICT, 726--735, 2018.

[23]

M. Anandarajan & S. Malik, Protecting the Internet of medical things: A situational crime-prevention approach. Journal of Congent Medicine 5, 1--23, 2018.

[24]

E. Metalidou, C. Marinagi, P. Trivellas, N. Eberhagen, C. Skourlas and G. Giannakopoulos, the Human Factor of Information Security: Unintentional Damage Perspective. Procedia -- Social and Behavioral Sciences 147, 424--428, 2014.

[25]

H. Aldawood and G. Skinner, Reviewing Cyber Security Social Engineering Training and Awareness Programs-Putfalls and Ongoing Issues. Future Internet 11 (73), 2019.

[26]

A. R. Ahlan, M. Lubis and A. R. Lubis, Information Security Awareness at the Knowledge-based Institution: Its Antecedents and Measures. Procedia Computer Science, 72, 361--373, 2015.

[27]

A. R. Ahlan and M. Lubis, Information Security Awareness in University: Maintaining Learnability, Performance and Adaptability through Roles of Responsibility. IAS 246-250, 2011.

[28]

W. Reinhardt, C. Mletzko, P. B. Sloep and H. Drachsler, Understanding the Meaning of Awareness in Research Networks. ARTEL/EC-TEL, 13--30, 2012.

[29]

N. Sourial, C. Wolfson, B. Zhu, J. Quali, J. Fletcher, S. Karunananthan, K. Bandeen-Roche, F. Beland and H. Bergman, Correspondence Analysis is Useful Tool to Uncover the Relationship Among Categorical Variables. J. Clin. Epidemiol, 63 (6), 638--646, 2010.

[30]

P. M. Yelland, an Introduction to Correspondence Analysis. The Mathematica Journal, 12, 2010.

[31]

M. J. Greenacre, Theory and Applications of Correspondence Analysis. London: Academic Press, 1984.

[32]

J. P. Benzecri, Correspondence Analysis Handbook. New York: Marcel Dekker, 1992.

[33]

J. Kudlats, A. Money and J. F. Hair Jr., Correspondence analysis: a promising technique to interpret qualitative data in family business research. J. of Family Business Strategy, 5 (1), 30--40, 2014.

[34]

F. Habib, I. Etessam, S. H. Ghoddusifar and N. Mohajeri, Correspondence analysis: a new method for analyzing qualitative in architecture. Nexus Network Journal 14 (3), 517--538, 2012.

[35]

P. Robinson and J. Lowe, Literature reviews vs systematic reviews. Australian and New Zealand Journal of Public Health, 39 (2), 2015.

[36]

K. Micki and F. T. Harold, Handbook of Information Security Management. CRC Press LLC, 2007.

[37]

C. O. Corona, Information security awareness: an innovation approach. Research Thesis. Royal Holloway, University of London, 2009.

[38]

M. Chan, I. Woon and A. Kankanhalli, Perception of information security at the workplace: linking information security climate to compliant behavior. Journal of Information Privacy and Security, 1 (3), 18--41, 2005.

[39]

M. Siponen and A. Vance, Neutralization: new insight into the problem of employee information systems security policy violations. MIS Quaterly, 34 (3), 487--502, 2010.

Digital Library

[40]

B. Y. Ng and M. A. Rahim, a socio-behavioral study of home computer users' intention to practice security. 9th Pacific Asia Conference on Information Systems 2005.

[41]

L. Doey and J. Kurta, Correspondence analysis applied to psychological research. Tutorials in Quantitative Methods for Psychology, 7 (1), 5--14, 2011.

Cited By

Rizka Nasution MLubis MRohmat Saedudin RWidjajarto A(2024)Defense in Depth Strategy from Phising Attacks in Using Instagram2024 International Conference on Data Science and Its Applications (ICoDSA)10.1109/ICoDSA62899.2024.10651679(122-127)Online publication date: 10-Jul-2024
https://doi.org/10.1109/ICoDSA62899.2024.10651679
Khan NYaqoob AKhan MIkram N(2022)The cybersecurity behavioral researchComputers and Security10.1016/j.cose.2022.102826120:COnline publication date: 25-Aug-2022
https://dl.acm.org/doi/10.1016/j.cose.2022.102826

Index Terms

Information Security Awareness (ISA) towards the Intention to Comply and Demographic Factors: Statistical Correspondence Analysis
1. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Social aspects of security and privacy

Recommendations

Exploring Factors Influencing Self-Efficacy in Information Security: An Empirical Analysis by Integrating Multiple Theoretical Perspectives in the Context of Using Protective Information Technologies
SIGMIS-CPR '17: Proceedings of the 2017 ACM SIGMIS Conference on Computers and People Research

Self-efficacy in information security (SEIS) is one of the most researched predictors of end user security behavior that hinges on end user acceptance and use of the protective technologies such as anti-virus and anti-spyware. SEIS is also modeled as a ...
Improving Organisational Information Security Management: The Impact of Training and Awareness
HPCC '12: Proceedings of the 2012 IEEE 14th International Conference on High Performance Computing and Communication & 2012 IEEE 9th International Conference on Embedded Software and Systems

Security breaches that affect personal data and organisational systems have become increasingly significant in the global technology (IT) industry. There is scope for research on the factors that influence user behaviour and attitudes toward this aspect ...
Employees' adherence to information security policies: An exploratory field study

The key threat to information security comes from employees who do not comply with information security policies. We developed a new multi-theory based model that explained employees' adherence to security policies. The paradigm combines elements from ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICCCM '20: Proceedings of the 8th International Conference on Computer and Communications Management

July 2020

152 pages

ISBN:9781450387668

DOI:10.1145/3411174

Copyright © 2020 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Natl University of Singapore: National University of Singapore
SFU: Simon Fraser University
Western Michigan University: Western Michigan University
University of Sydney Australia

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 August 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICCCM'20

ICCCM'20: 2020 The 8th International Conference on Computer and Communications Management

July 17 - 19, 2020

Singapore, Singapore

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
128
Total Downloads

Downloads (Last 12 months)20
Downloads (Last 6 weeks)2

Reflects downloads up to 02 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Rizka Nasution MLubis MRohmat Saedudin RWidjajarto A(2024)Defense in Depth Strategy from Phising Attacks in Using Instagram2024 International Conference on Data Science and Its Applications (ICoDSA)10.1109/ICoDSA62899.2024.10651679(122-127)Online publication date: 10-Jul-2024
https://doi.org/10.1109/ICoDSA62899.2024.10651679
Khan NYaqoob AKhan MIkram N(2022)The cybersecurity behavioral researchComputers and Security10.1016/j.cose.2022.102826120:COnline publication date: 25-Aug-2022
https://dl.acm.org/doi/10.1016/j.cose.2022.102826

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten