The Level of Information Security Awareness among Academic Staff in IHL

Authors

  • Mohd Fairuz Iskandar Othman Human Centered Computing - Information Systems Lab (HCC-ISL), Centre for Advanced Computing Technology (C-ACT) Faculty of Information and Communication Technology (FTMK), Universiti Teknikal Malaysia Melaka Hang Tuah Jaya, Durian Tunggal 76100, Melaka, Malaysia
  • Fayez Alqahtani Computer Science Department, King Saud University, Riyadh, Saudi Arabia
  • Md Ahsanul Bari Human Centered Computing - Information Systems Lab (HCC-ISL), Centre for Advanced Computing Technology (C-ACT) Faculty of Information and Communication Technology (FTMK), Universiti Teknikal Malaysia Melaka Hang Tuah Jaya, Durian Tunggal 76100, Melaka, Malaysia
  • Ahmad Naim Che Pee Human Centered Computing - Information Systems Lab (HCC-ISL), Centre for Advanced Computing Technology (C-ACT) Faculty of Information and Communication Technology (FTMK), Universiti Teknikal Malaysia Melaka Hang Tuah Jaya, Durian Tunggal 76100, Melaka, Malaysia
  • Yahaya Abdul Rahim Human Centered Computing - Information Systems Lab (HCC-ISL), Centre for Advanced Computing Technology (C-ACT) Faculty of Information and Communication Technology (FTMK), Universiti Teknikal Malaysia Melaka Hang Tuah Jaya, Durian Tunggal 76100, Melaka, Malaysia
  • Hamzah Asyrani Sulaiman Human Centered Computing - Information Systems Lab (HCC-ISL), Centre for Advanced Computing Technology (C-ACT) Faculty of Information and Communication Technology (FTMK), Universiti Teknikal Malaysia Melaka Hang Tuah Jaya, Durian Tunggal 76100, Melaka, Malaysia

Keywords:

Information Security Awareness (ISA), ISMS, Risk, Institutions of Higher Learning (IHL),

Abstract

IS security awareness plays a significant role in the process of the overall information security of any organisation. Based on an empirical study of 368 academic staff in three institutions of higher learning (IHL), we found that the level of information security awareness can be considered good, but it can certainly be improved further. Employees need further training in this area mainly at institutions which only recently received the ISO/IEC 27001:2013 certification. Our sample seems to suggest that demographics such as the age of the respondents contributed to their information security risk tolerance and adherence behaviour.

References

H. Cavusoglu, B. Mishra, and S. Raghunathan, "A model for evaluating IT security investments," Communications of the ACM, vol. 47, pp. 87- 92, 2004.

J. D'Arcy, A. Hovav, and D. Galletta, "User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach," Information Systems Research, vol. 20, pp. 79- 98, 2009.

J. L. Spears and H. Barki, "User participation in information systems security risk management," MIS quarterly, pp. 503-522, 2010.

M. E. Thomson and R. von Solms, "Information security awareness: educating your users effectively," Information management & computer security, vol. 6, pp. 167-173, 1998.

M. T. Siponen, "A conceptual foundation for organizational information security awareness," Information Management & Computer Security, vol. 8, pp. 31-41, 2000.

P. Puhakainen and R. Ahonen, "Design theory for information security awareness," 2006.

B. Bulgurcu, H. Cavusoglu, and I. Benbasat, "Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness," MIS quarterly, vol. 34, pp. 523-548, 2010.

K. J. Knapp and C. J. Ferrante, "Policy awareness, enforcement and maintenance: Critical to information security effectiveness in organizations," Journal of Management Policy and Practice, vol. 13, p. 66, 2012.

A. Marks, "Exploring universities’ information systems security awareness in a changing higher education environment: A Comparative Case Study Research," PhD, University of Salford, 2007.

T. Bond, C. Stephens, and D. Piscitello, "Security Awareness Survey," 2012.

T. Herath and H. R. Rao, "Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness," Decision Support Systems, vol. 47, pp. 154-165, 2009/05/01/ 2009.

Downloads

Published

2018-07-04

How to Cite

Othman, M. F. I., Alqahtani, F., Bari, M. A., Che Pee, A. N., Abdul Rahim, Y., & Sulaiman, H. A. (2018). The Level of Information Security Awareness among Academic Staff in IHL. Journal of Telecommunication, Electronic and Computer Engineering (JTEC), 10(2-5), 65–68. Retrieved from https://jtec.utem.edu.my/jtec/article/view/4353

Most read articles by the same author(s)