An investigation on the relationship between security knowledge constructs and employee behaviour in organisations
Many studies have revealed that organisation’s insiders pose risks to the security of information assets. Nonetheless, among the major threats to a secure information environment are the actions and behaviour of the employees when handling information. Insiders, intentionally or unintentionally, can...
Saved in:
| Main Author: | |
|---|---|
| Format: | text::Thesis |
| Language: | English |
| Published: |
2023
|
| Subjects: | |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.uniten.dspace-19487 |
|---|---|
| record_format |
dspace |
| spelling |
my.uniten.dspace-194872023-12-08T09:34:52Z An investigation on the relationship between security knowledge constructs and employee behaviour in organisations Amjad Abd Allah Mahfuth RELATIONSHIP BETWEEN SECURITY KNOWLEDGE CONSTRUCTS AND EMPLOYEE BEHAVIOUR Many studies have revealed that organisation’s insiders pose risks to the security of information assets. Nonetheless, among the major threats to a secure information environment are the actions and behaviour of the employees when handling information. Insiders, intentionally or unintentionally, can cause serious risks, despite investments usually made on security control measures and other security related products. The employee behaviour in information security cannot thoroughly be solved by technical and procedural controls alone. An organisation’s approach to information security should include employee behaviour, as the organisation’s success or failure effectively depends on the things that its employees do or fail to do. In order to develop appropriate security perceptions between employees within an organisation, we need to know the security knowledge required to influence employee behaviour. The literature review indicated that there is a positive relationship between knowledge and behaviour. The aim of this research is to investigate the security knowledge required to influence employee behaviour and to examine the impact of security knowledge on behaviour. This would help to guide organisations in instilling the security knowledge required in employees that would influence their behaviour when interacting with information assets in order to help minimize the internal security incidents posed by the insiders. To achieve this, the KAB (knowledge, attitude and behaviour) model has been adapted in order to investigate the relationship between knowledge and behaviour and to examine the impact of security knowledge to behaviour. This research uses a mixed method approach. The semi-structured interviews has been conducted by information security specialist to gain an in depth understanding of security knowledge constructs that are required to influence the employee behaviour in organisations. Then, a questionnaire was used to collect the data from the employees’ in Palestinian healthcare services. The result of semi-structured interview analysis revealed that the six items of security knowledge constructs namely knowledge of security threat, knowledge of organisation information security strategy, knowledge of security technology, knowledge of legislation, regulation and national culture, knowledge of security responsibility and knowledge of security risk are all relevant to help influence the employee behaviour in organisations. The result of the quantitative analysis revealed that the knowledge of security threat, knowledge of security risk, knowledge of security responsibility and knowledge of legislation, regulation and national culture have significant effect on employee behaviour. Furthermore, the result has also shown that these knowledge security construct have significant positive indirect effect on behaviour through attitudes. 2023-05-03T13:34:33Z 2023-05-03T13:34:33Z 2020-03 Resource Types::text::Thesis https://irepository.uniten.edu.my/handle/123456789/19487 en application/pdf |
| institution |
Universiti Tenaga Nasional |
| building |
UNITEN Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Tenaga Nasional |
| content_source |
UNITEN Institutional Repository |
| url_provider |
http://dspace.uniten.edu.my/ |
| language |
English |
| topic |
RELATIONSHIP BETWEEN SECURITY KNOWLEDGE CONSTRUCTS AND EMPLOYEE BEHAVIOUR |
| spellingShingle |
RELATIONSHIP BETWEEN SECURITY KNOWLEDGE CONSTRUCTS AND EMPLOYEE BEHAVIOUR Amjad Abd Allah Mahfuth An investigation on the relationship between security knowledge constructs and employee behaviour in organisations |
| description |
Many studies have revealed that organisation’s insiders pose risks to the security of information assets. Nonetheless, among the major threats to a secure information environment are the actions and behaviour of the employees when handling information. Insiders, intentionally or unintentionally, can cause serious risks, despite investments usually made on security control measures and other security related products. The employee behaviour in information security cannot thoroughly be solved by technical and procedural controls alone. An organisation’s approach to information security should include employee behaviour, as the organisation’s success or failure effectively depends on the things that its employees do or fail to do. In order to develop appropriate security perceptions between employees within an organisation, we need to know the security knowledge required to influence employee behaviour. The literature review indicated that there is a positive relationship between knowledge and behaviour. The aim of this research is to investigate the security knowledge required to influence employee behaviour and to examine the impact of security knowledge on behaviour. This would help to guide organisations in instilling the security knowledge required in employees that would influence their behaviour when interacting with information assets in order to help minimize the internal security incidents posed by the insiders. To achieve this, the KAB (knowledge, attitude and behaviour) model has been adapted in order to investigate the relationship between knowledge and behaviour and to examine the impact of security knowledge to behaviour. This research uses a mixed method approach. The semi-structured interviews has been conducted by information security specialist to gain an in depth understanding of security knowledge constructs that are required to influence the employee behaviour in organisations. Then, a questionnaire was used to collect the data from the employees’ in Palestinian healthcare services. The result of semi-structured interview analysis revealed that the six items of security knowledge constructs namely knowledge of security threat, knowledge of organisation information security strategy, knowledge of security technology, knowledge of legislation, regulation and national culture, knowledge of security responsibility and knowledge of security risk are all relevant to help influence the employee behaviour in organisations. The result of the quantitative analysis revealed that the knowledge of security threat, knowledge of security risk, knowledge of security responsibility and knowledge of legislation, regulation and national culture have significant effect on employee behaviour. Furthermore, the result has also shown that these knowledge security construct have significant positive indirect effect on behaviour through attitudes. |
| format |
Resource Types::text::Thesis |
| author |
Amjad Abd Allah Mahfuth |
| author_facet |
Amjad Abd Allah Mahfuth |
| author_sort |
Amjad Abd Allah Mahfuth |
| title |
An investigation on the relationship between security knowledge constructs and employee behaviour in organisations |
| title_short |
An investigation on the relationship between security knowledge constructs and employee behaviour in organisations |
| title_full |
An investigation on the relationship between security knowledge constructs and employee behaviour in organisations |
| title_fullStr |
An investigation on the relationship between security knowledge constructs and employee behaviour in organisations |
| title_full_unstemmed |
An investigation on the relationship between security knowledge constructs and employee behaviour in organisations |
| title_sort |
investigation on the relationship between security knowledge constructs and employee behaviour in organisations |
| publishDate |
2023 |
| _version_ |
1806426103752949760 |
| score |
13.211869 |