Please use this identifier to cite or link to this item:
https://hdl.handle.net/2440/119218
Citations | ||
Scopus | Web of Science® | Altmetric |
---|---|---|
?
|
?
|
Type: | Journal article |
Title: | Managing information security awareness at an Australian bank: a comparative study |
Author: | Pattinson, M. Butavicius, M. Parsons, K. McCormac, A. Calic, D. |
Citation: | Information and Computer Security, 2017; 25(2):181-189 |
Publisher: | Emerald Publishing |
Issue Date: | 2017 |
ISSN: | 2056-4961 2056-497X |
Statement of Responsibility: | Malcolm Pattinson, Marcus Butavicius, Kathryn Parsons, Agata McCormac and Dragana Calic |
Abstract: | Purpose – The aim of this study was first to confirm that a specific bank’s employees were generally more information security-aware than employees in other Australian industries and second to identify the major factors that contributed to this bank’s high levels of information security awareness (ISA). Design/methodology/approach – A Web-based questionnaire (the Human Aspects of Information Security Questionnaire – HAIS-Q) was used in two separate studies to assess the ISA of individuals who used computers at their workplace. The first study assessed 198 employees at an Australian bank and the second study assessed 500 working Australians from various industries. Both studies used a Qualtrics-based questionnaire that was distributed via an email link. Findings – The results showed that the average level of ISA among bank employees was consistently 20 per cent higher than that among general workforce participants in all focus areas and overall. There were no significant differences between the ISA scores for those who received more frequent training compared to those who received less frequent training. This result suggests that the frequency of training is not a contributing factor to an employee’s level of ISA. Research limitations/implications – This current research did not investigate the information security (InfoSec) culture that prevailed within the bank in question because the objective of the research was to compare a bank’s employees with general workforce employees rather than compare organisations. The Research did not include questions relating to the type of training participants had received at work. Originality/value – This study provided the bank’s InfoSec management with evidence that their multi-channelled InfoSec training regime was responsible for a substantially higher-than-average ISA for their employees. Future research of this nature should examine the effectiveness of various ISA programmes in light of individual differences and learning styles. This would form the basis of an adaptive control framework that would complement many of the current international standards, such as ISO’s 27000 series, NIST’s SP800 series and ISACA’s COBIT5. |
Keywords: | Information security (InfoSec); fear of reprisal; information security awareness (ISA); multi-channelled InfoSec training regime; social desirability bias |
Rights: | © Emerald Publishing Limited 2017 Published by Emerald Publishing Limited Licensed re-use rights only |
DOI: | 10.1108/ICS-03-2017-0017 |
Published version: | http://dx.doi.org/10.1108/ics-03-2017-0017 |
Appears in Collections: | Aurora harvest 4 Psychology publications |
Files in This Item:
There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.