An empirical study of the information security awareness model in Oman

Al Shanfari, Issam Shaaban Moshaded (2023) An empirical study of the information security awareness model in Oman. Doctoral thesis, Universiti Teknikal Malaysia Melaka.

	Text (24 Pages) An empirical study of the information security awareness model in Oman.pdf - Submitted Version Download (692kB)
	Text (Full Text) An empirical study of the information security awareness model in Oman.pdf - Submitted Version Restricted to Registered users only Download (6MB)

Official URL: https://plh.utem.edu.my/cgi-bin/koha/opac-detail.p...

Abstract

Most organisations continue to face threats to their information security. In most organisations, these threats and risks are attributed to employees' lack of information security awareness and security behaviours. As the human and technological aspects of information security are inextricably linked, reducing risks in this area also necessitates investigation into the human aspects of information security. Although the relevance of information security awareness for the human component is high, the prevalence among employees has been relatively low. Consequently, they run an increased risk of security incidents owing to a lack of threat mitigation strategies and the perception that it would never occur to them. This quantitative correlational study investigates the success factors influencing the employees' information security awareness intentions and information security behaviour adoption through questionnaires, thus developing an integrated model of the extracted success factors. The success factors utilised are derived from the Theory of Planned Behaviour (TPB), Protection Motivation Theory (PMT), and General Deterrence Theory (GDT). The study population consisted of employees from various positions in Omani public institutions. Although 480 questionnaires were handed out to participants, it was decided that the minimum sample size should be 384. The respondents were chosen using a method of proportionate stratified sampling. The main research instrument was derived from past studies, adapted according to the purpose of the study, divided into two portions, and verified by a panel of experts in the study field. SPSS version 24 and AMOS version 24 software was used to analyse the data. The structural equation modelling technique was used to examine correlations between the success factors utilised as independent variables, with the employee's intention to engage in information security awareness activities as a mediator variable towards actual information security behaviour as the dependent variable. This study's correlation analysis revealed that information security attitude (β=0.138), subjective norms (β=0.146), perceived behavioural control (β=0.300), response efficacy (β=0.148), perceived threat vulnerability (β=0.311), perceived severity of sanctions (β=0.276), and security education, training, and awareness (β=0.139) are the significant factors affecting public institution employees' information security awareness intentions in Oman from one hand. Information security awareness's intentions (β=0.582), organisational support (β=0.262), and information security communication channels (β=0.187) are the significant factors affecting actual information security behaviour adoption from the other. The findings enabled the development of an integrated model that includes the control and prediction, motivation, deterrence, technical-related, organisational, and communication factors of InfoSec behaviour among employees. It was verified that the model accounts for 52% of the variance (adjusted R2) in information security behaviour. Expert validation was performed to comprehend the analysis results better and gain expert confirmation. Several implications and recommendations were also derived from the study's findings. Thus, the developed integrated model is definitive and offers a basis for future research in relevant areas of study.

Item Type:	Thesis (Doctoral)
Uncontrolled Keywords:	Information security, Employee awareness, Information security behaviour
Subjects:	Q Science > Q Science (General) Q Science > QA Mathematics
Divisions:	Library > Tesis > FTMK
Depositing User:	MUHAMAD HAFEEZ ZAINUDIN
Date Deposited:	16 Dec 2024 07:56
Last Modified:	16 Dec 2024 07:56
URI:	http://eprints.utem.edu.my/id/eprint/28275
Statistic Details:	View Download Statistic

Actions (login required)

View Item