An investigation on the relationship between security knowledge constructs and employee behaviour in organisations

Many studies have revealed that organisation’s insiders pose risks to the security of information assets. Nonetheless, among the major threats to a secure information environment are the actions and behaviour of the employees when handling information. Insiders, intentionally or unintentionally, can...

Full description

Saved in:
Bibliographic Details
Main Author: Amjad Abd Allah Mahfuth
Format: text::Thesis
Language:English
Published: 2023
Subjects:
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Many studies have revealed that organisation’s insiders pose risks to the security of information assets. Nonetheless, among the major threats to a secure information environment are the actions and behaviour of the employees when handling information. Insiders, intentionally or unintentionally, can cause serious risks, despite investments usually made on security control measures and other security related products. The employee behaviour in information security cannot thoroughly be solved by technical and procedural controls alone. An organisation’s approach to information security should include employee behaviour, as the organisation’s success or failure effectively depends on the things that its employees do or fail to do. In order to develop appropriate security perceptions between employees within an organisation, we need to know the security knowledge required to influence employee behaviour. The literature review indicated that there is a positive relationship between knowledge and behaviour. The aim of this research is to investigate the security knowledge required to influence employee behaviour and to examine the impact of security knowledge on behaviour. This would help to guide organisations in instilling the security knowledge required in employees that would influence their behaviour when interacting with information assets in order to help minimize the internal security incidents posed by the insiders. To achieve this, the KAB (knowledge, attitude and behaviour) model has been adapted in order to investigate the relationship between knowledge and behaviour and to examine the impact of security knowledge to behaviour. This research uses a mixed method approach. The semi-structured interviews has been conducted by information security specialist to gain an in depth understanding of security knowledge constructs that are required to influence the employee behaviour in organisations. Then, a questionnaire was used to collect the data from the employees’ in Palestinian healthcare services. The result of semi-structured interview analysis revealed that the six items of security knowledge constructs namely knowledge of security threat, knowledge of organisation information security strategy, knowledge of security technology, knowledge of legislation, regulation and national culture, knowledge of security responsibility and knowledge of security risk are all relevant to help influence the employee behaviour in organisations. The result of the quantitative analysis revealed that the knowledge of security threat, knowledge of security risk, knowledge of security responsibility and knowledge of legislation, regulation and national culture have significant effect on employee behaviour. Furthermore, the result has also shown that these knowledge security construct have significant positive indirect effect on behaviour through attitudes.