ASSESSMENT OF EMPLOYEE'S KNOWLEDGE AND COMPLIANCE ON INFORMATION SECURITY GOVERNANCE

By

Author

Presented To

Department of Business Administration and Management

107 Pages 10,221 Words 1,435 Views Microsoft Word Format No. of Chapters: 1 to 5 Chapters

ABSTRACT

This research study reviewed relative literature on Internet and information

security governance within organisations to determine what factors affecting

employeesâ€Ÿ compliance on information security governance. Five key factors were

determined to potentially affecting employeesâ€Ÿ compliance based on this literature

review. A survey instrument was designed to determine if each of the key factors

had a significant association with the compliance on information security

governance, assess the knowledge of employees on information security

governance and employeesâ€Ÿ perception towards information security governance

after survey done. Results show that the only key factors which affect the

compliances are education and training and privacy. Employee awareness has no

significant relationship toward employeesâ€Ÿ compliance on information security

governance.

TABLE OF CONTENTS

Page

Declaration â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ iii

Acknowledgement â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ - â€¦â€¦ iv

Dedication â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ v

Table of Contents â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ vi

List of Tables â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ xi

List of Figures â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ - â€¦â€¦â€¦ xii

Abstract â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ xiii

CHAPTER 1 INTRODUCTION â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 1

11 Overview â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ - â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 1

12 Background to Research â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ - â€¦â€¦â€¦â€¦ 2

13 Problem Statement â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 3

14 Significant of the Study â€¦â€¦ - â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ - â€¦â€¦â€¦ 4

141 Individual level â€¦â€¦â€¦â€¦â€¦â€¦â€¦ - â€¦â€¦â€¦ - â€¦â€¦â€¦ 4

142 Body of knowledge â€¦â€¦â€¦â€¦â€¦â€¦ - â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 5

143 Organisational level â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 5

15 Research Question â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 6

16 Objectives of the Study â€¦â€¦â€¦â€¦â€¦ â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 6

17 Scope of the Study â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 7

18 Organisation of the Report â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 7

19 Summary â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ - â€¦â€¦â€¦ 8

CHAPTER 2 LITERATURE REVIEW â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 10

21 Overview â€¦â€¦â€¦â€¦ - â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ - â€¦â€¦â€¦â€¦â€¦ 10

22 Internet â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 11

221 Internet usage in Malaysia â€¦â€¦â€¦â€¦ - â€¦â€¦â€¦â€¦â€¦ 12

23 Phishing â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ - 14

24 Information Security Governance â€¦ - â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 17

241 COBIT â€¦â€¦ - â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 18

242 ITIL â€¦â€¦â€¦ - â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 21

243 ISO 17799 â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ - â€¦â€¦â€¦ 23

244 Personal Data Protection Act 2010 â€¦â€¦â€¦â€¦â€¦â€¦ 25

25 Information Security Governance Compliance â€¦â€¦â€¦â€¦â€¦ - 28

26 Education and Training â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ - â€¦â€¦â€¦â€¦â€¦â€¦ 29

27 Trust â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 30

28 Employee Awareness â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 31

29 Ethical Conduct â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ - â€¦â€¦ 31

210 Privacy â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 32

211 Theoretical Framework â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 33

212 Conceptual Framework â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 35

213 Hypothesis â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 36

214 Summary â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 37

CHAPTER 3 METHODOLOGY â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 38

3 1 Overview â€¦â€¦ - â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ - â€¦â€¦â€¦â€¦â€¦ 38

32 Research Design â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 40

321 Development of questionnaire â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 41

322 Reliable and validity analysis of the instrument â€¦â€¦â€¦ 46

33 Data Collection â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 47

331 Variable measurement â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 47

34 Population, Sampling and Data Collection â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 48

341 Population â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 48

342 Sampling â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 48

343 Data collection â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 49

344 Data codingâ€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 49

345 Data analysis â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 50

35 Ethical Consideration â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ - â€¦â€¦â€¦â€¦ 50

36 Summary â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 51

CHAPTER 4 RESEARCH RESULTS â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 52

41 Overview â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 52

42 Preliminary Data Analysis â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 53

421 Missing data analysis â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 53

422 Reliability analysis â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 54

43 Descriptive Analysis â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 54

431 Demographic Statistics â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 55

432 Knowledge Statement Statistics â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 61

433 Conclusion Statement Statistics â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 63

44 Multivariate Normality â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 64

441 Multicolinearity â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ - â€¦â€¦â€¦â€¦ 65

45 Analysis of Independent Variables â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 65

451 Comparison between genders â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 66

46 Multiple Linear Regression â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ - â€¦â€¦â€¦ 68

461 Hypothesis test â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 69

462 Multiple regression model â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 69

47 Summary â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 70

CHAPTER 5 DISCUSSION AND CONCLUSION â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 71

51 Overview â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ - â€¦â€¦ 71

52 Discussion on Analysis Result â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 72

521 Employeeâ€Ÿs perception â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 72

522 Key factors that affect employeeâ€Ÿs compliance â€¦â€¦â€¦ 73

523 Opinion upon survey done â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 74

524 Perception among genders â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 75

53 Limitation of the Study â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 75

54 Future Research Recommendation â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 76

55 Conclusion â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ - â€¦â€¦ 76

Reference â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ - â€¦â€¦ 78

Appendices â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦â€¦ 84

CHAPTER 1

INTRODUCTION

11 Overview

Chapter 1 discusses the researchâ€Ÿs background whereby the researcher try to

answer the questions of "what is information security governance?" and "why is

information security governance necessary?" It formed the base of this study

which assessing the employeeâ€Ÿs knowledge and compliance on information

security governance Next, problem statement was clarified

Significant of this study accordance to individual level, body of knowledge and

organisation level was presented and four research questions had been clearly

listed before the research objectives being derived Consequently, the scope of this

study being discussed At the end of this chapter, researcher proposed remainder

chapters and a summary was written

12 Background to Research

"Information security provides the management processes, technology and

assurance to allow business management to ensure business transactions can be

trusted; ensure information technology services are usable and can appropriately

resist and recover from failures due to error, deliberate attacks or disaster; and

ensure critical confidential information is withheld from those who should not

have access to it" (COBIT Security, 2004)

As quoted in ISO 17799 (2005), information is an important asset to business It is

present in many forms (voice recording, paper, electronic documents and others)

and stored in various ways (electronic database, hard copy files, back ups and

archive) which enable organisation transmit electronically or by post and even as

films and short message services (SMS)

Since information treated and recognised as an asset to organisations, it should be

protected as with other business assets to ensure that information is available and

confidential and that its integrity is preserved where necessary (ISO 17799, 2005)

Consequently, information security governance is recognised as part of the

component of corporate governance for all organisations It is a must for

organisations to develop and implement the information security governance

within the organisation

A comprehensive information security governance must be able to suit and align

with organisationâ€Ÿs goals or missions and operations Various of information

security governance being introduced to managers and IT professionals For

example, internationally, those common and comprehensive information security

governance are refer to Control Objectives for Information and Related

Technology (COBIT), Information Technology Infrastructure Library (ITIL),

International Standard Organisations 17799 (ISO 17799) which will be further

discussed in later chapters As in Malaysia, Cyber Laws of Malaysia had been in

force in the year of 1998 which focuses more on the technology security systems

107 Pages 10,221 Words 1,435 Views Microsoft Word Format No. of Chapters: 1 to 5 Chapters

Copy/document the link below if you want to visit this page next time

FOR ENQUIRY
[email protected]
09019904113