An empirical study of the information security awareness model in Oman
Most organisations continue to face threats to their information security. In most organisations, these threats and risks are attributed to employees' lack of information security awareness and security behaviours. As the human and technological aspects of information security are inextricably...
Saved in:
Main Author: | |
---|---|
Format: | Thesis |
Language: | English English |
Published: |
2023
|
Subjects: | |
Online Access: | http://eprints.utem.edu.my/id/eprint/28275/1/An%20empirical%20study%20of%20the%20information%20security%20awareness%20model%20in%20Oman.pdf http://eprints.utem.edu.my/id/eprint/28275/2/An%20empirical%20study%20of%20the%20information%20security%20awareness%20model%20in%20Oman.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
id |
my-utem-ep.28275 |
---|---|
record_format |
uketd_dc |
institution |
Universiti Teknikal Malaysia Melaka |
collection |
UTeM Repository |
language |
English English |
advisor |
Yassin, Warusia Mohamed |
topic |
Q Science (General) QA Mathematics |
spellingShingle |
Q Science (General) QA Mathematics Al Shanfari, Issam Shaaban Moshaded An empirical study of the information security awareness model in Oman |
description |
Most organisations continue to face threats to their information security. In most organisations, these threats and risks are attributed to employees' lack of information security awareness and security behaviours. As the human and technological aspects of information security are inextricably linked, reducing risks in this area also necessitates investigation into the human aspects of information security. Although the relevance of information security awareness for the human component is high, the prevalence among employees has been relatively low. Consequently, they run an increased risk of security incidents owing to a lack of threat mitigation strategies and the perception that it would never occur to them. This quantitative correlational study investigates the success factors influencing the employees' information security awareness intentions and information security behaviour adoption through questionnaires, thus developing an integrated model of the extracted success factors. The success factors utilised are derived from the Theory of Planned Behaviour (TPB), Protection Motivation Theory (PMT), and General Deterrence Theory (GDT). The study population consisted of employees from various positions in Omani public institutions. Although 480 questionnaires were handed out to participants, it was decided that the minimum sample size should be 384. The respondents were chosen using a method of proportionate stratified sampling. The main research instrument was derived from past studies, adapted according to the purpose of the study, divided into two portions, and verified by a panel of experts in the study field. SPSS version 24 and AMOS version 24 software was used to analyse the data. The structural equation modelling technique was used to examine correlations between the success factors utilised as independent variables, with the employee's intention to engage in information security awareness activities as a mediator variable towards actual information security behaviour as the dependent variable. This study's correlation analysis revealed that information security attitude (β=0.138), subjective norms (β=0.146), perceived behavioural control (β=0.300), response efficacy (β=0.148), perceived threat vulnerability (β=0.311), perceived severity of sanctions (β=0.276), and security education, training, and awareness (β=0.139) are the significant factors affecting public institution employees' information security awareness intentions in Oman from one hand. Information security awareness's intentions (β=0.582), organisational support (β=0.262), and information security communication channels (β=0.187) are the significant factors affecting actual information security behaviour adoption from the other. The findings enabled the development of an integrated model that includes the control and prediction, motivation, deterrence, technical-related, organisational, and communication factors of InfoSec behaviour among employees. It was verified that the model accounts for 52% of the variance (adjusted R2) in information security behaviour. Expert validation was performed to comprehend the analysis results better and gain expert confirmation. Several implications and recommendations were also derived from the study's findings. Thus, the developed integrated model is definitive and offers a basis for future research in relevant areas of study. |
format |
Thesis |
qualification_name |
Doctor of Philosophy (PhD.) |
qualification_level |
Doctorate |
author |
Al Shanfari, Issam Shaaban Moshaded |
author_facet |
Al Shanfari, Issam Shaaban Moshaded |
author_sort |
Al Shanfari, Issam Shaaban Moshaded |
title |
An empirical study of the information security awareness model in Oman |
title_short |
An empirical study of the information security awareness model in Oman |
title_full |
An empirical study of the information security awareness model in Oman |
title_fullStr |
An empirical study of the information security awareness model in Oman |
title_full_unstemmed |
An empirical study of the information security awareness model in Oman |
title_sort |
empirical study of the information security awareness model in oman |
granting_institution |
Universiti Teknikal Malaysia Melaka |
granting_department |
Faculty of Information and Communication Technology |
publishDate |
2023 |
url |
http://eprints.utem.edu.my/id/eprint/28275/1/An%20empirical%20study%20of%20the%20information%20security%20awareness%20model%20in%20Oman.pdf http://eprints.utem.edu.my/id/eprint/28275/2/An%20empirical%20study%20of%20the%20information%20security%20awareness%20model%20in%20Oman.pdf |
_version_ |
1818612062568316928 |
spelling |
my-utem-ep.282752024-12-16T07:56:25Z An empirical study of the information security awareness model in Oman 2023 Al Shanfari, Issam Shaaban Moshaded Q Science (General) QA Mathematics Most organisations continue to face threats to their information security. In most organisations, these threats and risks are attributed to employees' lack of information security awareness and security behaviours. As the human and technological aspects of information security are inextricably linked, reducing risks in this area also necessitates investigation into the human aspects of information security. Although the relevance of information security awareness for the human component is high, the prevalence among employees has been relatively low. Consequently, they run an increased risk of security incidents owing to a lack of threat mitigation strategies and the perception that it would never occur to them. This quantitative correlational study investigates the success factors influencing the employees' information security awareness intentions and information security behaviour adoption through questionnaires, thus developing an integrated model of the extracted success factors. The success factors utilised are derived from the Theory of Planned Behaviour (TPB), Protection Motivation Theory (PMT), and General Deterrence Theory (GDT). The study population consisted of employees from various positions in Omani public institutions. Although 480 questionnaires were handed out to participants, it was decided that the minimum sample size should be 384. The respondents were chosen using a method of proportionate stratified sampling. The main research instrument was derived from past studies, adapted according to the purpose of the study, divided into two portions, and verified by a panel of experts in the study field. SPSS version 24 and AMOS version 24 software was used to analyse the data. The structural equation modelling technique was used to examine correlations between the success factors utilised as independent variables, with the employee's intention to engage in information security awareness activities as a mediator variable towards actual information security behaviour as the dependent variable. This study's correlation analysis revealed that information security attitude (β=0.138), subjective norms (β=0.146), perceived behavioural control (β=0.300), response efficacy (β=0.148), perceived threat vulnerability (β=0.311), perceived severity of sanctions (β=0.276), and security education, training, and awareness (β=0.139) are the significant factors affecting public institution employees' information security awareness intentions in Oman from one hand. Information security awareness's intentions (β=0.582), organisational support (β=0.262), and information security communication channels (β=0.187) are the significant factors affecting actual information security behaviour adoption from the other. The findings enabled the development of an integrated model that includes the control and prediction, motivation, deterrence, technical-related, organisational, and communication factors of InfoSec behaviour among employees. It was verified that the model accounts for 52% of the variance (adjusted R2) in information security behaviour. Expert validation was performed to comprehend the analysis results better and gain expert confirmation. Several implications and recommendations were also derived from the study's findings. Thus, the developed integrated model is definitive and offers a basis for future research in relevant areas of study. 2023 Thesis http://eprints.utem.edu.my/id/eprint/28275/ http://eprints.utem.edu.my/id/eprint/28275/1/An%20empirical%20study%20of%20the%20information%20security%20awareness%20model%20in%20Oman.pdf text en public http://eprints.utem.edu.my/id/eprint/28275/2/An%20empirical%20study%20of%20the%20information%20security%20awareness%20model%20in%20Oman.pdf text en validuser https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=123880 phd doctoral Universiti Teknikal Malaysia Melaka Faculty of Information and Communication Technology Yassin, Warusia Mohamed |