Examining the Relationship between Information Security Effectiveness and Information Security Threats
Abstract
Information is the most critical asset of any organizations and business. It is considered as the lifeblood of the organization or business. Because of its importance, information needs to be protected and safeguarded from any forms of threats and this is termed as information security. Information security policy and procedure has been regarded as one of the most important controls and measures for information security. A well-developed information security policy and procedure will ensure that information is kept safe form any harms and threats. The aim of this study is to examine the relationship between information security policy effectiveness and information security threats. 292 federal government agencies were surveyed in terms of their and information security practices and the threats that they had experienced. Based on the collected, an analysis using partial least square structural equation modeling (PLS-SEM) was performed and the results showed that there is a significant relationship between information security policy effectiveness and information security threats. The finding provides empirical evidence on the importance of developing an effective information security policy and procedure.
References
Adedayo, W. S., & Ayobami, A. S. (2013). Relationship Between Information Security Awareness and Information Security Threat. International Journal of Research in Commerce, IT & Management, 3(8), 115-119.
Al-Awadi, M., & Renaud, K. (2007). Success Factors in Information Security Implementation in Organizations. In Kommers, P. (Eds.), e-Society 2007: Proceedings of the IADIS International Conference e-Society (pp. 169-176). Lisbon, Portugal.
Al-Mhiqani, M. N., Ahmad, R., Abidin, Z. Z., Yassin, W., Hassan, A., Abdulkareem, K. H., Ali, N. S., & Yunos, Z. (2020). A Review of Insider Threats Detection: Classification, Machine Learning Techniques, Datasets, Open Challenges, and Recommendations. Applied Sciences, 10, 1-41.
Alkabani, A., Deng., H., & Kam, B. (2014, December 8-10). A Conceptual Framework of Information Security in Public Organizations for E-Government Development. In Proceedings of the 25th Australiasian Conference on Information Systems (pp. 179-189). Auckland, New Zealand.
Arnau, R. C. (1998, April 11). Second-Order Factor Analysis: Methods and Interpretation. Paper presented at the Annual Meeting of the Southwestern Psychological Association, New Orleans, USA.
Bace, R.G. (2000). Intrusion Detection. USA: MacMillan Publishing.
Chen, F. F., Sousa, K. H., & West, S. G. (2005). Testing Measurement Invariance of Second-Order Factor Models. Structural Equation Modelling, 12(3), 471–492.
Chicherov K. A., & Norkina A. N. (2018). Confidential Data Protection as a Means of Ensuring Information Security. KnE Social Sciences, 3(2), 85–88.
Chinyemba, M. K., & Phiri, J. (2018). An Investigation into Information Security Threats from Insiders and how to Mitigate them: A Case Study of Zambian Public Sector. Journal of Computer Science, 14(10), 1389-1400.
Cohen, J. (1988). Statistical Power Analysis for The Behavioural Science. Mahwah, New Jersey: Lawrence Erlbaum.
Cybersecurity Malaysia (2019). About Critical National Information Infrastructure. Retrieved from https://cnii.cybersecurity.my/main/about.html
Cybersecurity Strategic Headquarters (2016). Common Standards for Information Security Measures for Government Agencies (FY2016). Retrieved from https://www.nisc.go.jp/eng/pdf/Common%20Standards(FY2016).pdf
Diamantopoulos, A., & Siguaw, J. A. (2006). Formative Versus Reflective Indicators in Organizational Measure Development: A Comparison and Empirical Illustration. British Journal of Management, 17(4), 263-282.
Diesch, R., Pfaff, M., & Krcmar, H. (2020). A Comprehensive Model Information Security Factors for Decision Makers. Computers & Security, 92, 1-21.
Ernst & Young (2018). 2018 Top Cybersecurity Risk and Areas of Focus. Retrieved from http://www.isaca.org/chapters1/puget-sound/education/Documents/2018%20Emerging%20Trends%20in%20Cybersecurity%20-%20EY%20ISACA%20Presentation%20-%2020MAR.pdf
Falk, R. F., & Miller, N. B. (1992), A Primer for Soft Modelling (1st ed). Ohio: University of Akron Press,
Fornell, C., & Larcker, D. F. (1981). Evaluating Structural Equation Models with Unobservable Variables and Measurement Error, Journal of Marketing Research, 19, 39- 50.
Geisser, S. (1974). A Predictive Approach to the Random Effects Model, Biometrika, 61(1), 101-107.
ISO/IEC (2005). ISO/IEC 27002 – Information Technology – Security Techniques – Information Security Management Systems – Requirements. Retrieved from https://www.iso27001security.com/html/27002.html
Jouini, M., Rabai L. B. A., & Aissa, A. B. (2014). Classification of Security Threats in Information Systems. Procedia Computer Science, 32, 489 – 496.
Jourdan, Z., Rainer, R. K., Marshall, T. T., & Ford, F. N. (2010). An Investigation of Organizational Information Security Risk Analysis. Journal of Service Science, 3(2), 33-42.
Kimwele, M., Mwangi, W., & Kimani, S. (2010). Adoption of Information Technology Security Policies: Case Study of Kenyan Small And Medium Enterprises (SMES). Journal of Theoretical and Applied Information Technology, 18(2), 1-11.
Lopes, I. M., & Sa-Soares, Filipe de. (2012). Information Security Policies: A Content Analysis.
(2012). In Proceedings of the Pacific Asia Conference on Information Systems (PACIS) 2012, Ho Chi Minh City, Vietnam.
MAMPU (2002). MyMIS - Malaysian Public Sector Management of Information & Communication Technology Security Handbook. Retrieved from https://jkrmlk.gov.my/1/dl.php?filename=Pengurusan%20Keselamatan%20ICT%20Sektor%20Awam%20Malaysia%20(MyMIS).PDF
Martins, N., & Da Veiga, A. (2015). An Information Security Culture Model Validated with Structural Equation Modelling. In Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015), Lesvos, Greece.
Masrek, M. N., Harun, Q. N., & Sahid, N. Z. (2018). Assessing the Information Security Culture in a Government Context: The Case of Developing Country. International Journal of Civil Engineering and Technology, 9(8), 96-112.
Nieles, M., Dempsey, K., & Pillitteri, V. Y. (2016). An Introduction to Information Security. National Institute of Standards and Technology. Retrieved from https://doi.org/10.6028/NIST.SP.800-12r1
Peltier, T. R., Peltier, J., & Blackley, J. (2005). Information Security Fundamentals. Boca Raton, Florida: Aeurbach Publication.
Podsakoff, P. M., & Organ, D. W. (1986). Self-reports in organizational Research: Problems and Prospects, Journal of Management, 12(4), 531-44.
Ramayah, T., Cheah, J., Chuah, F., Ting, H., & Memon, M. A. (2018). Partial Least Squares Structural Equation Modelling (PLS-SEM) Using SmartPLS3.0: An Updated and Practical Guide to Statistical Analysis (2nd ed). Kuala Lumpur, Pearson.
Sekaran, U., & Bougie, R. (2010). Research Methods for Business: A Skill Building Approach, (5th ed.) West Sussex, UK, John Wiley & Sons.
Stone, M. (1974). Cross-Validatory Choice and Assessment of Statistical Predictions, Journal of the Royal Statistical Society, 36(2), 111-147.
Wu, Y. C., Sun, R., & Wu, Y. J. (2020). Smart City Development in Taiwan: From the Perspective of the Information Security Policy. Sustainability, 12, 1-18.
Copyright Transfer Statement for Journal
1) In signing this statement, the author(s) grant UNIMAS Publisher an exclusive license to publish their original research papers. The author(s) also grant UNIMAS Publisher permission to reproduce, recreate, translate, extract or summarize, and to distribute and display in any forms, formats, and media. The author(s) can reuse their papers in their future printed work without first requiring permission from UNIMAS Publisher, provided that the author(s) acknowledge and reference publication in the Journal.
2) For open access articles, the author(s) agree that their articles published under UNIMAS Publisher are distributed under the terms of the CC-BY-NC-SA (Creative Commons Attribution-Non Commercial-Share Alike 4.0 International License) which permits unrestricted use, distribution, and reproduction in any medium, for non-commercial purposes, provided the original work of the author(s) is properly cited.
3) For subscription articles, the author(s) agree that UNIMAS Publisher holds copyright, or an exclusive license to publish. Readers or users may view, download, print, and copy the content, for academic purposes, subject to the following conditions of use: (a) any reuse of materials is subject to permission from UNIMAS Publisher; (b) archived materials may only be used for academic research; (c) archived materials may not be used for commercial purposes, which include but not limited to monetary compensation by means of sale, resale, license, transfer of copyright, loan, etc.; and (d) archived materials may not be re-published in any part, either in print or online.
4) The author(s) is/are responsible to ensure his or her or their submitted work is original and does not infringe any existing copyright, trademark, patent, statutory right, or propriety right of others. Corresponding author(s) has (have) obtained permission from all co-authors prior to submission to the journal. Upon submission of the manuscript, the author(s) agree that no similar work has been or will be submitted or published elsewhere in any language. If submitted manuscript includes materials from others, the authors have obtained the permission from the copyright owners.
5) In signing this statement, the author(s) declare(s) that the researches in which they have conducted are in compliance with the current laws of the respective country and UNIMAS Journal Publication Ethics Policy. Any experimentation or research involving human or the use of animal samples must obtain approval from Human or Animal Ethics Committee in their respective institutions. The author(s) agree and understand that UNIMAS Publisher is not responsible for any compensational claims or failure caused by the author(s) in fulfilling the above-mentioned requirements. The author(s) must accept the responsibility for releasing their materials upon request by Chief Editor or UNIMAS Publisher.
6) The author(s) should have participated sufficiently in the work and ensured the appropriateness of the content of the article. The author(s) should also agree that he or she has no commercial attachments (e.g. patent or license arrangement, equity interest, consultancies, etc.) that might pose any conflict of interest with the submitted manuscript. The author(s) also agree to make any relevant materials and data available upon request by the editor or UNIMAS Publisher.
