Determinants of Information Security Awareness among Employees of Capital Market Registrars in Lagos, Nigeria: An Empirical Study
DOI:
https://doi.org/10.51983/ajcst-2019.8.1.2119Keywords:
Information Security, Awareness, Employees, Capital Market Registrars, Lagos, NigeriaAbstract
The purpose of the study is to examine the determinants of information security awareness (ISA) among employees of Capital Market Registrars (CMRs) in Lagos, Nigeria based on established factors from the existing literatures on ISA. The main objectives of the study are; to determine the level of information security awareness among CMRs’ employees and to identify the components that influence information security awareness. This study utilised a survey design. Stratified random sampling technique was used to select the respondents for the study. A total of 326 copies of questionnaires were distributed among the employees in CMRs, of which 267 properly completed questionnaires were returned. Descriptive statistics and simple regression were used for data analysis. Finding revealed that information security policy, information security education, knowledge of technology, and employee’s behaviour significantly influenced information security awareness. The results of the study further revealed the strong correlation between employee’s behaviour and information security awareness. Overall, the study showed that the level of information security awareness is high, which implies that employees of CMRs in Lagos are aware of the potential threats and risk associated with information security. Based on these research findings, recommendations were therefore made.
References
E. Albrechtsen and J. Hovden, "Improving information security awareness and behaviour through dialogue, participation and collective reflection, An intervention study," Computers & Security, vol. 29, pp. 432-445, 2010.
L. Barnard and R. von Solms, "A formalized approach to the effective selection and evaluation of information security controls," Computers & Security, Elsevier Science Ltd, vol.19, no. 2, pp.185-194, 2000.
M. Boujettif and W. Yongge, "Constructivist Approach to Information Security Awareness in the Middle East," in Broadband, Wireless Computing, Communication and Applications (BWCCA), 2010 International Conference, pp. 192-199, 2010.
British Standards Institute, "Code of practice for information security management," DISC PD 0007, London, 1999.
J. D’Arcy, A. Hovav and D. Galletta, "User Awareness of Security Countermeasures and Its Impact on Information System Misuse: A Deterrence Approach," Information System Research, vol. 20, no. 1, pp. 79-98, 2009.
S. K. W. Fakeh, M. N. Zulhemay, M. S. Shahibi, J. Ali and M. K. Z. Zaini, "Information security awareness amongst academic librarians," Journal of applied sciences research, vol. 8, no. 3, pp. 1723-1735, 2012, ISSN 1819-544X.
S. Flinn and J. Lumsden, "User Perceptions of Privacy and Security on the Web," National Research Council, 2005.
G. J. Gordon, "Ascertaining the relationship between security awareness and the security behaviour of individuals," Nova Southeastern: Nova Southeastern University, 2010.
F. J. Haeussinger and J. J. Kranz, "Information security awareness: Its antecedents and mediating effects on security compliant behaviour," 34th International Conference on Information Systems 2013, pp. 1-16, 2013.
ISO/IEC TR 13335-1, "Information technology – guidelines for the management of IT security – part 1: Concepts and models for IT security (First Edition)," Switzerland, 1996.
F. Kaur and N. Mustafa, "Examining the effects of knowledge, attitude and behaviour on information security awareness: A case on SME," 3rd International Conference on Research and Innovation in Information System-2013 (ICRIIS’ 13), pp. 286-290, 2013.
B. Khan, K. S. Alghathbar, S. I. Nabi and M. K. Khan, "Effectiveness of information security awareness methods based on psychological theories," African Journal of Business Management Vol. 5, No. 26, pp. 10862-10868, 2011, Available online at http://www.academicjournals.org/AJBM, DOI: 10.5897/AJBM11.067, ISSN 1993-8233.
H. A. Kruger and W. D. Kearney, "A prototype for assessing information security awareness," Computer & Security, vol. 25, no. 4, pp. 289-296, 2006.
H. Kruger, L. Drevin and T. Styen, "A vocabulary test to assess information security awareness," Information Security & Computer Security, vol. 18, no. 5, pp. 316-327, 2010.
Y. Lee and K. R. Larsen, "Threat or coping appraisal: determinants of SMB executives’ decision to adopt anti-malware software". European Journal of Information Systems, 2009.
A. Martins and J. Eloff, "Information Security Culture," Proc. of IFIP TC11 17th International Conference on Information Security (SEC2002), IFIP Conference Proceedings, Cairo, Egypt, 2003.
J. A. O’Brien, "Managing information systems: Managing information technology in the internetworked enterprise (4th ed.)", United States of America, Irwin/McGraw-Hill, 1999.
A. Okunoye, L.A. Adebimpe, A. Omilabu, I.O. Olapeju and O.B. Longe, "Information security awareness among SMEs in the South Western Nigeria - Significance of factors," African Journal of Computing & ICT, Vol. 5, No. 5, pp. 184-93, 2012.
M. Olalere, V.O. Waziri, I. Ismaila, O.S. Adebayo and O. Ololade, "Assessment of information security awareness among online banking customers in Nigeria," Journal of Advanced Research in Computer Science and Software Engineering, Vol. 4, No. 6, pp. 13-24, 2014. ISSN: 2277 128X. Available online at: www.ijarcsse.com.
K. Papagiannakis, "An overview of the current level of security awareness in companies (Master Thesis)", Erasmus School of Economics, Erasmus University of Rotterdam, pp. 86, 2011.
M. Siponen, M. A. Mahmood and S. Pahnila, "Are employees putting your company at risk by not following information security policies", Communications of the ACM, Vol. 52, No. 12, pp. 145-147, 2009.
J. M. Stanton, K. R. Stam, P. Mastrangelo and J. Jolton, "Analysis of end user security behaviours," Computers & Security, Vol. 24, No. 2, pp. 124-133, 2005.
T. Takemura, "A quantitative study on Japanese workers’ awareness to information security using the data collected by web-based survey," American Journal of Economics and Administration, Vol. 2, No. 1, pp. 20-26, 2010.
M. Thomson, "The development of an effective information security awareness program for use in an organization". Unpublished master’s thesis, Port Elizabeth Technikon, Port Elizabeth, South Africa, 1998.
R. Von Solms, "Information security management (1): Why information security is so important", Information Management and Computer Security, Vol. 6, No. 4, pp. 174 – 177. MCB University Press, 1998.
C. C. Wood, "Information security policies made easy". Ohio: Bookmasters, 1994.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2019 The Research Publication
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.