logo

Information Security and Human Behaviours

   

Added on  2020-12-24

148 Pages38203 Words310 Views
Contents
1 Introduction...................................................................................................................................5
1.1Overview.................................................................................................................................5
1.1.1Overview of Arab Region.................................................................................................5
2 Information security and human behaviours ................................................................................7
3Non-academic contribution ...........................................................................................................9
Overview of Wasta and Islam..........................................................................................................9
3.1Trust......................................................................................................................................11
3.2 The importance of family.....................................................................................................12
4 Literature review ........................................................................................................................14
Overview and structure..............................................................................................................14
4.1 Objectivise and orientation ..................................................................................................15
4.1.1Culture............................................................................................................................15
4.1.2 Trust dynamics .............................................................................................................16
4.1.4 Mismatch with western IT Technology ...................................................................17
4.1.5 Personality types............................................................................................................18
5 Introduction ................................................................................................................................18
Overview.......................................................................................................................................18
5.1 Overview of Personality, Trust and Culture within Arab Region........................................20
5.2 Cultural similarity................................................................................................................22
5.3 Research in Culture by Hofstede..........................................................................................25
5.4 Trust.....................................................................................................................................27

5.4.1 Trust and Relationships.................................................................................................27
5.4.2 Arab cultural antecedents of trust..................................................................................29
5.4.3 The Universal Approach towards Trust.........................................................................31
5.4.4 Openness to Communication.........................................................................................32
5.4.5 Relationship on Sharing Information............................................................................32
5.4.6 Variables of Shared Culture, Environment and Values in Communication..................33
5.4.7 Style of Management in the Arab world.......................................................................35
5.4.8 Trust in Diversity...........................................................................................................35
5 .5 Western Information Technology.......................................................................................37
5.6 Attitudes affecting the information security behaviours ....................................................39
5.7 Personality Factors effects on attitude towards information security..................................50
5.7.1 Neuroticism ..................................................................................................................51
5.7.2 Extraversion –Introversion............................................................................................52
5.7.3 Openness .......................................................................................................................53
5.7.4 Agreeableness................................................................................................................53
5.7.5 Conscientiousness .......................................................................................................53
5.8 Personality traits, Information sharing, and Trust................................................................54
3 Methodology chapter..................................................................................................................56
..................................................................................................................................................57
3.1 Research Questions..............................................................................................................57
3.2 Methods and Approaches.....................................................................................................59
3.3 Proposed methods................................................................................................................61
3.3 Rational selection for methodology.....................................................................................80
3.4 Research Paradigm...............................................................................................................82
3.5 Rationale for the Selection of Interpretivism Research Paradigm.......................................85

3.6 Research Design...................................................................................................................85
3.7 Rationale for the Selection of Exploratory Research Design...............................................86
3.8 Use of Mixed Methods- Qualitative and Quantitative.........................................................87
3.9 Research Approach..................................................................................................................87
3.10 Rationale for the Selection of Inductive Research Approach............................................88
3.11 Data Collection Methods.......................................................................................................88
3.11.1 Primary Data Collection Method.................................................................................89
3.11.2 Rationale for Choosing the Primary Data Collection Methods...................................90
3.11.3 Primary Data: Questionnaire Survey Method.............................................................91
3.11.3.1 Rationale for Using Questionnaire Survey Method in this Research Study......91
3.11.5 Limitations of Survey Method as Primary Data Collection Method...........................92
3.12 Secondary Data Collection Methods..................................................................................93
3.12.1 Rationale for Selecting the Secondary Data Collection Methods .......................93
3.12.2 Secondary Data: Library Research Method.................................................................94
3.12.2.1 Rationale for Using Library Research Method in This Research......................94
3.12.4 Limitation of Literature Review as Secondary Data Collection Method....................95
3.13 Phases of Research under Data Collection of this Research Study....................................95
3.13.1 Description of Phase 1.................................................................................................95
3.13.2 Data Collection in Phase 1: Library Research Method...............................................96
3.13.3 Limitation of Phase 1...................................................................................................97
3.13.4 Description of Phase 2.................................................................................................99
3.13.5 Data Collection in Phase 2: Questionnaire Survey Method........................................99
3.13.5.1 Questionnaire Design for Survey.....................................................................100
3.14 Sample Size and Sample Technique................................................................................101
3.14.1 Rationale for Using Random Sampling Method.......................................................102

3.15 Pilot Study........................................................................................................................103
3.16 Data Analysis Approach......................................................................................................105
3.17 Rationale for Using Graphical Presentation Method.......................................................107
3.18 Authenticity, Bias, Validity and Reliability of the Research Study.................................110
3.19 Research Limitations........................................................................................................113
3.20 Summary..........................................................................................................................116
CHAPTER 4: DATA ANALYSIS .............................................................................................125
5 References ................................................................................................................................136

BACKGROUND INFORMATION
1 Introduction
Overview and structure
Introducing the thesis, this chapter will follow multiple phases. It starts by introducing an
overview of Arab region and information security importance, the nature of Arab trust and
culture, and the mismatch between western IT and local Arab IT which covers the whole
dissertation problem, and research objectives. Moreover, a short section that reflects on research
paradigms clarifying that this is an information system research paper. In addition, a personal,
non-academic section to explain the researcher’s background, motivation, and personal
determination. Finally, a short summary of what has been presented before proceeding to the
literature review chapter.
1.1Overview
1.1.1Overview of Arab Region
Arab is considered as a cultural term, and the term is used for the
people who speak Arabic and is their first language. It is found that Arab
people can be united on the basis of their cultural aspects and their history.
Within the Arab culture Muslims, Jewish and Christians can be found.
Therefore, it can be said that the people living in the Arab region are not
Muslims but also Jewish and Christians (ADC, 2009). The Arab region is also
considered as the Arab world, which consists of total 22 countries in the

Middle East region and North Africa. Some of the countries, which are
included in the Arab region, are Egypt, Iraq, Kuwait, Morocco, Qatar, Saudi
Arabia and the United Arab Emirates (ADC, 2009). It is found that Arab
countries have rich diversity in regard to the ethnic believes, linguistic
choices and also religious beliefs. Further, it has been observed that in the
Arab region, the link between Islam and Arab can be seen as the deep roots
of the history. The people living in the Arab region are found to speak Arabic,
and it is considered as the predominant religious language in the region. In
terms of life in the Arab region, it is found that in urban areas of Arab region
people have choices in occupations and freedom for women. Therefore, it
can be said that in the urban areas of an Arab region traditional pattern of
the people are changing. As compared to the urban life in the Arab region, it
is found that in rural areas, the cultural roots are found deep in the history
(ADC, 2009).
It is increasingly important to ensure high level of information security for
both individuals and organisations (Parson et al., 2014). IT security
guidelines are becoming highly advanced and user friendly. However,
employees are less likely to adhere to these guidelines which poses a serious
security risk and that make us wondering: are these guidelines adequate
enough for effective awareness? So a need for better understanding of what
could influence employees to comply and pay more attention to these
security guidelines. It is the main purpose of this research to identify the
factors that influence human behaviours in particularly the Arab region
towards information security such as the nature of Arab culture, trust, and
the mismatch with western IT Technology.
However, to extend more depth on this research, this thesis will cover the
nature of Arab trust and culture, and will conduct a statistical analysis after
collecting completed questionnaires from participants, to determine the

mismatch between western culture and Arab local culture and partially
personality factors and their impact on IS awareness training.
Despite the understanding of information security issues found in
organisations, researchers have explored the understanding of human
attitude and behaviour towards information security but there seems a lack
of research on how the understanding of the local culture may help us to
differentiate or isolate the issue that has been found within Arab culture such
as trust, information sharing culture, and resistance to western IT
Technology.
However, the focus of this research is narrow; it is only interested in the
nature of Arab trust towards information security, the local culture, the
mismatch between Arab local system and western based system, the
transfer of western technology to the Arab region challenges.
2 Information security and human behaviours
According to Siponen, Seppo, and Adam (Siponen, 2007), in the last few years, the importance
of information systems security has increased as witnessed by the number of incidents that
organisations have encountered. Employees rarely comply with the security policies, procedures,
and techniques which places the organisation assets in danger.
According to Inaugural International Conference on Human Aspects of Information Security and
Assurance, It is been acknowledged that the requirements of security can’t be addressed by
technical means only, and the important aspects of protection comes down to four dimensions,
attitude, awareness, behaviour, and capabilities of people involved, therefore employees or users
should be seen as a vital elements to build a successful security strategy (HAISA, 2007). Authors
such as Schneier, Pincus, and Heiser, stated that, in order to achieve an acceptable level of
information security within an organisation, human factor aspects should be considered as a
critical element rather than just focusing on software and hardware vulnerabilities (Schneier et
al., 2004).

Stanton, Stam, and Mastrangelo (Stanton et al., 2004) stated that information security research
focuses on algorithms, methods, and standards that support the three basic functions of
information security such as confidentiality, integrity, and availability (CIA). Concepts, theories,
and research that are relevant to human behaviour have been receiving increasing attention by
researchers on how human behaviour affects information security.
Binden, Jormae, Zain, and Ibrahim ( Binden et.al., 2014) suggest that protection of data and
critical information such as trade secrets and proprietary information is among the aspects that
have gained much emphasis recently due to the rising cases of infringement and theft of
confidential information from individuals and enterprises. Many of these infringements can be
attributed to human error.
According to NIST and Computer Security Act of 1987, the information integrity,
confidentiality, and availability of Federal agencies and organisations cannot be protected in
today’s highly networked systems environment without effective training and having users
involved understands the roles and responsibilities of their works and adequately train them to
perform them in more secure way (NIST, 1998).
In November 1989, the National Institute of Standards and Technology (NIST) working with
U.S. Office of Personnel Management (OPM) have developed and issued guidelines for Federal
computer security training. However, in January 1992, the Office of Personnel Management
(OPM) has issued a revision of federal personnel regulations related to the guidelines which were
voluntary and made them mandatory. As indicated by NIST, OPM regulations required training
for current employees, new hires within 60 days, a significant change in the IT security
environment or procedures of the agency, change positions of employees which deal with
sensitive information, and periodically as a refresher training for employees who handle sensitive
information.

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Information Security and Human Behaviours in Arab Region
|135
|44662
|78

Project Management of an Integrated Resort Research Paper 2022
|114
|24458
|20

Women Empowerment towards SME Development in India
|268
|90107
|149

Risk and Risk Management Concepts
|105
|27941
|54

Numeracy And Data Analysis
|10
|1378
|77

Investigating the Need and Ways of Cross-Cultural Training in Healthcare Services
|62
|18436
|1