ASSESSMENT OF EMPLOYEE'S KNOWLEDGE AND COMPLIANCE ON INFORMATION SECURITY GOVERNANCE

By

Author

Presented To

Department of Business Administration and Management

ABSTRACT
This research study reviewed relative literature on Internet and information
security governance within organisations to determine what factors affecting
employees‟ compliance on information security governance. Five key factors were
determined to potentially affecting employees‟ compliance based on this literature
review. A survey instrument was designed to determine if each of the key factors
had a significant association with the compliance on information security
governance, assess the knowledge of employees on information security
governance and employees‟ perception towards information security governance
after survey done. Results show that the only key factors which affect the
compliances are education and training and privacy. Employee awareness has no
significant relationship toward employees‟ compliance on information security
governance.
TABLE OF CONTENTS
Page
Copyright Page ………………………………………………………………… ii
Declaration ……………………………………………………………………… iii
Acknowledgement ……………………………………………………… - …… iv
Dedication ……………………………………………………………………… v
Table of Contents ……………………………………………………………… vi
List of Tables …………………………………………………………………… xi
List of Figures ……………………………………………………… - ……… xii
Abstract ……………………………………………………………………… xiii
CHAPTER 1 INTRODUCTION …………………………………………… 1
11 Overview ………………………… - ………………………… 1
12 Background to Research ……………………… - ………… 2
13 Problem Statement ………………………………………… 3
14 Significant of the Study …… - …………………… - ……… 4
141 Individual level ………………… - ……… - ……… 4
142 Body of knowledge ……………… - ………………… 5
143 Organisational level …………………………………… 5
15 Research Question …………………………………………… 6
16 Objectives of the Study …………… ………………………… 6
17 Scope of the Study …………………………………………… 7
18 Organisation of the Report …………………………………… 7
19 Summary …………………………………………… - ……… 8
CHAPTER 2 LITERATURE REVIEW ………………………………… 10
21 Overview ………… - ……………………… - …………… 10
22 Internet ……………………………………………………… 11
221 Internet usage in Malaysia ………… - …………… 12
23 Phishing …………………………………………………… - 14
24 Information Security Governance … - ……………………… 17
241 COBIT …… - …………………………………… 18
242 ITIL ……… - …………………………………… 21
243 ISO 17799 ……………………………… - ……… 23
244 Personal Data Protection Act 2010 ……………… 25
25 Information Security Governance Compliance …………… - 28
26 Education and Training …………………… - ……………… 29
27 Trust ………………………………………………………… 30
28 Employee Awareness ……………………………………… 31
29 Ethical Conduct ……………………………………… - …… 31
210 Privacy ……………………………………………………… 32
211 Theoretical Framework …………………………………… 33
212 Conceptual Framework …………………………………… 35
213 Hypothesis ………………………………………………… 36
214 Summary …………………………………………………… 37
CHAPTER 3 METHODOLOGY ………………………………………… 38
3 1 Overview …… - …………………………… - …………… 38
32 Research Design …………………………………………… 40
321 Development of questionnaire ………………………… 41
322 Reliable and validity analysis of the instrument ……… 46
33 Data Collection ……………………………………………… 47

331 Variable measurement ………………………………… 47
34 Population, Sampling and Data Collection ………………… 48
341 Population …………………………………………… 48
342 Sampling ……………………………………………… 48
343 Data collection ……………………………………… 49
344 Data coding…………………………………………… 49
345 Data analysis ………………………………………… 50
35 Ethical Consideration …………………………… - ………… 50
36 Summary …………………………………………………… 51

CHAPTER 4 RESEARCH RESULTS …………………………………… 52
41 Overview …………………………………………………… 52
42 Preliminary Data Analysis …………………………………… 53
421 Missing data analysis ………………………………… 53
422 Reliability analysis …………………………………… 54
43 Descriptive Analysis ………………………………………… 54
431 Demographic Statistics ………………………………… 55
432 Knowledge Statement Statistics ……………………… 61
433 Conclusion Statement Statistics ……………………… 63
44 Multivariate Normality ……………………………………… 64
441 Multicolinearity …………………………… - ………… 65
45 Analysis of Independent Variables ………………………… 65
451 Comparison between genders ………………………… 66
46 Multiple Linear Regression ………………………… - ……… 68
461 Hypothesis test ………………………………………… 69
462 Multiple regression model …………………………… 69
47 Summary …………………………………………………… 70

CHAPTER 5 DISCUSSION AND CONCLUSION ……………………… 71
51 Overview …………………………………………… - …… 71
52 Discussion on Analysis Result ……………………………… 72
521 Employee‟s perception ……………………………… 72
522 Key factors that affect employee‟s compliance ……… 73
523 Opinion upon survey done …………………………… 74
524 Perception among genders …………………………… 75
53 Limitation of the Study ……………………………………… 75
54 Future Research Recommendation ………………………… 76
55 Conclusion …………………………………………… - …… 76
Reference ……………………………………………………………… - …… 78
Appendices …………………………………………………………………… 84


CHAPTER 1
INTRODUCTION
11 Overview
Chapter 1 discusses the research‟s background whereby the researcher try to
answer the questions of "what is information security governance?" and "why is
information security governance necessary?" It formed the base of this study
which assessing the employee‟s knowledge and compliance on information
security governance Next, problem statement was clarified
Significant of this study accordance to individual level, body of knowledge and
organisation level was presented and four research questions had been clearly
listed before the research objectives being derived Consequently, the scope of this
study being discussed At the end of this chapter, researcher proposed remainder
chapters and a summary was written
12 Background to Research
"Information security provides the management processes, technology and
assurance to allow business management to ensure business transactions can be
trusted; ensure information technology services are usable and can appropriately
resist and recover from failures due to error, deliberate attacks or disaster; and
ensure critical confidential information is withheld from those who should not
have access to it" (COBIT Security, 2004)
As quoted in ISO 17799 (2005), information is an important asset to business It is
present in many forms (voice recording, paper, electronic documents and others)
and stored in various ways (electronic database, hard copy files, back ups and
archive) which enable organisation transmit electronically or by post and even as
films and short message services (SMS)
Since information treated and recognised as an asset to organisations, it should be
protected as with other business assets to ensure that information is available and
confidential and that its integrity is preserved where necessary (ISO 17799, 2005)
Consequently, information security governance is recognised as part of the
component of corporate governance for all organisations It is a must for
organisations to develop and implement the information security governance
within the organisation
A comprehensive information security governance must be able to suit and align
with organisation‟s goals or missions and operations Various of information
security governance being introduced to managers and IT professionals For
example, internationally, those common and comprehensive information security
governance are refer to Control Objectives for Information and Related
Technology (COBIT), Information Technology Infrastructure Library (ITIL),
International Standard Organisations 17799 (ISO 17799) which will be further
discussed in later chapters As in Malaysia, Cyber Laws of Malaysia had been in
force in the year of 1998 which focuses more on the technology security systems

Learn and Obtain Diploma in Web development, Software development, Business, Technology and Creative Skills taught by industry experts. Explore a wide range of skills with our professional tutorials.

About E-Project Material Centre


E-Project Material Centre is a web service aimed at successfully assisting final year students with quality, well researched, reliable and ready made project work. Our materials are recent, complete (chapter 1 to Minimum of Chapter 5, with references) and well written.INSTANT ACCESS! INSTANT DOWNLOAD. Simply select your department, choose from our list of topics available and explore your data

Why Students Love to Use E-Project Material ?


Guaranteed Delivery Getting your project delivered on time is essential. You cannot afford to turn in your project past the deadline. That is why you must get your project online from a company that guarantees to meet your deadline. e-Project Topics Material Centre is happy to offer instant delivery of projects listed on our website. We can handle just about any deadline you send our way. Satisfaction Guaranteed We always do whatever is necessary to ensure every customer's satisfaction

Disclaimer


E-Project Topics Material Centre will only provide projects as a reference for your research. The projects ordered and produced should be used as a guide or framework for your own project. The contents of the projects should be able to help you in generating new ideas and thoughts for your own project. It is the aim of e-Project Topics Centre to only provide guidance by which the projects should be pursued. We are neither encouraging any form of plagiarism nor are we advocating the use of the projects produced herein for cheating.

Terms and Condition


Using our service is LEGAL and IS NOT prohibited by any university/college policies You are allowed to use the original model papers you will receive in the following ways:
  • As a source for additional understanding of the subject
  • As a source for ideas for you own research (if properly referenced)
  • For PROPER paraphrasing ( see your university definition of plagiarism and acceptable paraphrase) Direct citing ( if referenced properly)
Thank you so much for your respect to the authors copyright