The Information Security Awareness of Bank Employees
نویسندگان
چکیده
This paper presents research that assessed the Information Security Awareness (ISA) of employees of an Australian bank and compared these results with an identical survey of the Australian general workforce. The objective of this study was to establish a form of construct validity, specifically known-groups validity, of the Human Aspects of Information Security Questionnaire (HAIS-Q). For the purposes of this study, ISA is a measure of an employee’s knowledge of, and attitude towards, their organisation’s Information Security (InfoSec) policies and procedures. This study used a web-based survey research method by utilising modules of the HAIS-Q. Individual knowledge and attitude were assessed for 198 bank employees and 500 general workforce participants. Seven InfoSec focus areas were evaluated: password management, email management, internet use, social media use, mobile computing, information handling and incident reporting. It was found that the levels of ISA for bank employees were approximately 20% better than those for the general workforce, in all InfoSec focus areas. Factors that may have contributed to this conclusive result are discussed and include social desirability bias; fear of reprisal; InfoSec education and in-house training.
منابع مشابه
A Study on Factors Affecting Operational Electronic Banking Risks in Iran Banking Industry (Case Study: Kermanshah Melli Bank)
Nowadays, advances in information and communication technologies, has provided an opportunity for banks to provide their electronic services to their customers in remote areas. This technological innovation by E–banking systems has brought about many benefits to customers while it has been accompanied by a number of risks including the operational ones. This risks need to be identified and mana...
متن کاملThe Contributions of Information Security Culture and Human Relations to the Improvement of Situational Awareness
The chapter gives an overview of business practices and how people and human relations influence situational awareness and information security in an organization. There is still a long way to go in training employees in information security and improving employees’ information security awareness. Motivated and trained employees have the ability to detect and report security weaknesses and brea...
متن کاملExploring the Link Between Behavioural Information Security Governance and Employee Information Security Awareness
This paper explores the relation between a set of behavioural information security governance factors and employees’ information security awareness. To enable statistical analysis between proposed relations, data was collected from two different samples in 24 organisations: 24 information security executives and 240 employees. The results reveal that having a formal unit with explicit responsib...
متن کاملDeveloping a Viral Artifact to Improve Employees’ Security Behavior
According to the scientific information management literature, the improper use of information technology (e.g. personal computers) by employees are one main cause for operational and information security loss events. Therefore, organizations implement information security awareness programs to increase employees’ awareness to further prevention of loss events. However, in many cases these info...
متن کاملTransformational Leadership and Employees' Information Security Performance: The Mediating Role of Motivation and Climate
The importance of organizational information security is constantly increasing. Next to technical information security measures, research has incorporated multidisciplinary behavioral theories in order to explain employees’ information security awareness and behavior. While focusing on employees as the weakest link in the information security chain, the role of leadership has been considered le...
متن کامل