Information security behavior in organizations : influencing factors and management strategies /

Employees security behavior is a challenge to the confidentiality, integrity, and availability (CIA) of organizational information. This is because there have been cases of employees compromising organizational information systems (IS) through their behavior whether it is performed with or without i...

Full description

Saved in:
Bibliographic Details
Main Author: Barzak, Omar (Author)
Format: Thesis
Language:English
Published: Kuala Lumpur : Kulliyyah of Information and Communication Technology, International Islamic University Malaysia, 2020
Subjects:
Online Access:http://studentrepo.iium.edu.my/handle/123456789/10435
Tags: Add Tag
No Tags, Be the first to tag this record!
LEADER 052910000a22004090004500
008 210118s2020 my a f m 000 0 eng d
040 |a UIAM  |b eng  |e rda 
041 |a eng 
043 |a a-my-- 
050 4 |a TK5105.59 
100 1 |a Barzak, Omar,  |e author 
245 1 0 |a Information security behavior in organizations :  |b influencing factors and management strategies /  |c by Omar Barzak 
264 1 |a Kuala Lumpur :   |b Kulliyyah of Information and Communication Technology, International Islamic University Malaysia,   |c 2020 
300 |a xiv, 293 leaves :  |b illustrations ;  |c 30cm. 
336 |2 rdacontent  |a text 
337 |2 rdamedia  |a unmediated 
337 |2 rdamedia  |a computer 
338 |2 rdacarrier  |a volume 
338 |2 rdacarrier  |a online resource 
347 |2 rdaft  |a text file  |b PDF 
500 |a Abstracts in English and Arabic. 
500 |a "A thesis submitted in fulfilment of the requirement for the degree of Doctor of Philosophy in Information Technology." --On title page. 
502 |a Thesis (Ph.D)--International Islamic University Malaysia, 2020. 
504 |a Includes bibliographical references (leaves 230-241). 
520 |a Employees security behavior is a challenge to the confidentiality, integrity, and availability (CIA) of organizational information. This is because there have been cases of employees compromising organizational information systems (IS) through their behavior whether it is performed with or without intention. Although information security studies are now focusing on insiders' security behaviors and their impacts on IS, they do not effectively differentiate between security behavior that is intentional or unintentional, and compliant or non-compliant to information security policies. While many studies focus on controlling and preventing unacceptable security behavior, studies that focus on factors encouraging good and desired security behavior are limited. Hence, this research aims are twofold: firstly, to identify different types of intentional and unintentional information security behavior, for both compliant and non-compliant, and; secondly, to examine their influencing factors in order to suggest a taxonomy of information security behavior. By understanding the different categories and influencing factors of employee's security behavior, organizations may be able to address such behavior in order to protect organizational IS. Security literature has shown that organizations can reduce information security incidents and the cost of technical countermeasures by managing their employees' security behavior. A recent report from security industry reveals that organizations in the Middle East are being targeted by cyber attackers due to the wealth of the countries and information security practices that are below par in the region. Additionally, security studies suggest examining employees' security behavior in different cultures and regions, as the majority of the previous studies were conducted in Western culture. Conceptual security behavioral model is proposed based on contemporary information security studies inspired by Islamic principles. Following this, qualitative research approach and multiple-case study on four organizations in Gulf Countries was conducted by interviewing both employees and managers. Moreover, document reviews and participant observation were applied to validate feedback from the participants. The findings indicated that employees' security culture played an essential role in information security behavioral compliance. Although employees showed their interest to comply with information security policies, non-compliant security behavior was still prevalent since they were lacking in security literacy and awareness. Furthermore, the case organizations' security countermeasures need to be improved by developing, implementing and enforcing information security policies which are clearly communicated to and understood by all employees. Similarly, the organizations too, need to understand their employees' behavior. The research findings are corroborated into a proposed model called Integrated Security Behavioral Model (ISBM). ISBM may benefit organizations since the model can be used in assessing, planning and managing their employees' security behavior and improve their security strategies. The thesis contributes to both research and practice; by fulfilling the research gaps stated above and improve organizations' best practices through the understanding of employees' different types of security behavior. 
596 |a 1 
650 0 |a Computer networks  |x Security measures 
655 7 |a Theses, IIUM local 
690 |a Dissertations, Academic  |x Kulliyyah of Information and Communication Technology  |z IIUM 
700 0 |a Nurul Nuha Abdul Molok,  |e degree supervisor  
700 0 |a Murni Mahmud,  |e degree supervisor 
700 0 |a Shuhaili Talib,  |e degree supervisor 
710 2 |a International Islamic University Malaysia.  |b Kulliyyah of Information and Communication Technology 
856 4 |u http://studentrepo.iium.edu.my/handle/123456789/10435 
900 |a sz-nbm-sar 
999 |c 441781  |d 472162 
952 |0 0  |6 T TK 005105.59 B296I 2020  |7 0  |8 THESES  |9 763242  |a IIUM  |b IIUM  |c MULTIMEDIA  |g 0.00  |o t TK 5105.59 B296I 2020  |p 11100424831  |r 1900-01-02  |t 1  |v 0.00  |y THESIS