logo

Information Security and Human Behaviours in Arab Region

   

Added on  2023-02-03

135 Pages44662 Words78 Views
Contents
1 Introduction...................................................................................................................................4
1.1Overview.................................................................................................................................4
1.1.1Overview of Arab Region................................................................................................4
2 Information security and human behaviours................................................................................6
3 Non-academic contribution......................................................................................................7
Overview of Wasta and Islam..........................................................................................................7
3.1Trust......................................................................................................................................10
3.2 The importance of family.....................................................................................................11
4 Literature review.........................................................................................................................13
Overview and structure..............................................................................................................13
4.1 Objectivise and orientation..................................................................................................13
4.1.1Culture............................................................................................................................14
4.1.2 Trust dynamics..............................................................................................................15
4.1.4 Mismatch with western IT Technology.........................................................................15
4.1.5 Personality types............................................................................................................16
5 Introduction.................................................................................................................................16
Overview........................................................................................................................................16
5.1 Overview of Personality, Trust and Culture within Arab Region........................................17
5.2 Cultural similarity................................................................................................................19
5.3 Research in Culture by Hofstede.........................................................................................22
5.4 Trust.....................................................................................................................................24

5.4.1 Trust and Relationships.................................................................................................24
5.4.2 Arab cultural antecedents of trust..................................................................................26
5.4.3 The Universal Approach towards Trust........................................................................28
5.4.4 Openness to Communication.........................................................................................29
5.4.5 Relationship on Sharing Information............................................................................29
5.4.6 Variables of Shared Culture, Environment and Values in Communication..................30
5.4.7 Style of Management in the Arab world.......................................................................32
5.4.8 Trust in Diversity...........................................................................................................32
5 .5 Western Information Technology.......................................................................................34
5.6 Attitudes affecting the information security behaviours......................................................36
5.7 Personality Factors effects on attitude towards information security..................................46
5.7.1 Neuroticism...................................................................................................................48
5.7.2 Extraversion –Introversion............................................................................................49
5.7.3 Openness.......................................................................................................................49
5.7.4 Agreeableness................................................................................................................50
5.7.5 Conscientiousness.........................................................................................................50
5.8 Personality traits, Information sharing, and Trust................................................................50
3 Methodology chapter..................................................................................................................53
3.1 Research Questions..............................................................................................................53
3.2 Methods and Approaches.....................................................................................................56
3.3 Proposed methods................................................................................................................57
3.3 Rational selection for methodology.....................................................................................75
3.4 Research Paradigm...............................................................................................................77
3.5 Rationale for the Selection of Interpretivism Research Paradigm.......................................79
3.6 Research Design...................................................................................................................80

3.7 Rationale for the Selection of Exploratory Research Design..............................................80
3.8 Use of Mixed Methods- Qualitative and Quantitative.........................................................81
3.9 Research Approach..................................................................................................................81
3.10 Rationale for the Selection of Inductive Research Approach............................................82
3.11 Data Collection Methods.......................................................................................................82
3.11.1 Primary Data Collection Method................................................................................83
3.11.2 Rationale for Choosing the Primary Data Collection Methods...................................83
3.11.3 Primary Data: Questionnaire Survey Method.............................................................84
3.11.5 Limitations of Survey Method as Primary Data Collection Method...........................85
3.12 Secondary Data Collection Methods..................................................................................85
3.12.1 Rationale for Selecting the Secondary Data Collection Methods...............................86
3.12.2 Secondary Data: Library Research Method................................................................86
3.12.4 Limitation of Literature Review as Secondary Data Collection Method....................87
3.13 Phases of Research under Data Collection of this Research Study...................................87
3.13.1 Description of Phase 1.................................................................................................87
3.13.2 Data Collection in Phase 1: Library Research Method...............................................88
3.13.3 Limitation of Phase 1..................................................................................................89
3.13.4 Description of Phase 2.................................................................................................90
3.13.5 Data Collection in Phase 2: Questionnaire Survey Method........................................90
3.14 Sample Size and Sample Technique..................................................................................92
3.14.1 Rationale for Using Random Sampling Method.........................................................92
3.15 Pilot Study..........................................................................................................................93
3.16 Data Analysis Approach........................................................................................................95
3.17 Rationale for Using Graphical Presentation Method.........................................................96
3.18 Authenticity, Bias, Validity and Reliability of the Research Study...................................99

3.19 Research Limitations........................................................................................................101
3.20 Summary..........................................................................................................................104
5 References.................................................................................................................................111
BACKGROUND INFORMATION

1 Introduction
Overview and structure
Introducing the thesis, this chapter will follow multiple phases. It starts by introducing an
overview of Arab region and information security importance, the nature of Arab trust and
culture, and the mismatch between western IT and local Arab IT which covers the whole
dissertation problem, and research objectives. Moreover, a short section that reflects on research
paradigms clarifying that this is an information system research paper. In addition, a personal,
non-academic section to explain the researcher’s background, motivation, and personal
determination. Finally, a short summary of what has been presented before proceeding to the
literature review chapter.
1.1Overview
1.1.1Overview of Arab Region
Arab is considered as a cultural term, and the term is used for the people who speak
Arabic and is their first language. It is found that Arab people can be united on the basis of their
cultural aspects and their history. Within the Arab culture Muslims, Jewish and Christians can be
found. Therefore, it can be said that the people living in the Arab region are not Muslims but also
Jewish and Christians (ADC, 2009). The Arab region is also considered as the Arab world,
which consists of total 22 countries in the Middle East region and North Africa. Some of the
countries, which are included in the Arab region, are Egypt, Iraq, Kuwait, Morocco, Qatar, Saudi
Arabia and the United Arab Emirates (ADC, 2009). It is found that Arab countries have rich
diversity in regard to the ethnic believes, linguistic choices and also religious beliefs. Further, it
has been observed that in the Arab region, the link between Islam and Arab can be seen as the
deep roots of the history. The people living in the Arab region are found to speak Arabic, and it

is considered as the predominant religious language in the region. In terms of life in the Arab
region, it is found that in urban areas of Arab region people have choices in occupations and
freedom for women. Therefore, it can be said that in the urban areas of an Arab region traditional
pattern of the people are changing. As compared to the urban life in the Arab region, it is found
that in rural areas, the cultural roots are found deep in the history (ADC, 2009).
It is increasingly important to ensure high level of information security for both individuals and
organisations (Parson et al., 2014). IT security guidelines are becoming highly advanced and user
friendly. However, employees are less likely to adhere to these guidelines which poses a serious
security risk and that make us wondering: are these guidelines adequate enough for effective
awareness? So a need for better understanding of what could influence employees to comply
and pay more attention to these security guidelines. It is the main purpose of this research to
identify the factors that influence human behaviours in particularly the Arab region towards
information security such as the nature of Arab culture, trust, and the mismatch with western IT
Technology.
However, to extend more depth on this research, this thesis will cover the nature of Arab trust
and culture, and will conduct a statistical analysis after collecting completed questionnaires from
participants, to determine the mismatch between western culture and Arab local culture and
partially personality factors and their impact on IS awareness training.
Despite the understanding of information security issues found in organisations, researchers have
explored the understanding of human attitude and behaviour towards information security but
there seems a lack of research on how the understanding of the local culture may help us to
differentiate or isolate the issue that has been found within Arab culture such as trust,
information sharing culture, and resistance to western IT Technology.
However, the focus of this research is narrow; it is only interested in the nature of Arab trust
towards information security, the local culture, the mismatch between Arab local system and
western based system, the transfer of western technology to the Arab region challenges.

2 Information security and human behaviours
According to Siponen, Seppo, and Adam (Siponen, 2007), in the last few years, the importance
of information systems security has increased as witnessed by the number of incidents that
organisations have encountered. Employees rarely comply with the security policies, procedures,
and techniques which places the organisation assets in danger.
According to Inaugural International Conference on Human Aspects of Information Security and
Assurance, It is been acknowledged that the requirements of security can’t be addressed by
technical means only, and the important aspects of protection comes down to four dimensions,
attitude, awareness, behaviour, and capabilities of people involved, therefore employees or users
should be seen as a vital elements to build a successful security strategy (HAISA, 2007). Authors
such as Schneier, Pincus, and Heiser, stated that, in order to achieve an acceptable level of
information security within an organisation, human factor aspects should be considered as a
critical element rather than just focusing on software and hardware vulnerabilities (Schneier et
al., 2004).
Stanton, Stam, and Mastrangelo (Stanton et al., 2004) stated that information security research
focuses on algorithms, methods, and standards that support the three basic functions of
information security such as confidentiality, integrity, and availability (CIA). Concepts, theories,
and research that are relevant to human behaviour have been receiving increasing attention by
researchers on how human behaviour affects information security.
Binden, Jormae, Zain, and Ibrahim ( Binden et.al., 2014) suggest that protection of data and
critical information such as trade secrets and proprietary information is among the aspects that
have gained much emphasis recently due to the rising cases of infringement and theft of
confidential information from individuals and enterprises. Many of these infringements can be
attributed to human error.
According to NIST and Computer Security Act of 1987, the information integrity,
confidentiality, and availability of Federal agencies and organisations cannot be protected in
today’s highly networked systems environment without effective training and having users

involved understands the roles and responsibilities of their works and adequately train them to
perform them in more secure way (NIST, 1998).
In November 1989, the National Institute of Standards and Technology (NIST) working with
U.S. Office of Personnel Management (OPM) have developed and issued guidelines for Federal
computer security training. However, in January 1992, the Office of Personnel Management
(OPM) has issued a revision of federal personnel regulations related to the guidelines which were
voluntary and made them mandatory. As indicated by NIST, OPM regulations required training
for current employees, new hires within 60 days, a significant change in the IT security
environment or procedures of the agency, change positions of employees which deal with
sensitive information, and periodically as a refresher training for employees who handle sensitive
information.
3 Non-academic contribution
Overview of Wasta and Islam
This is a separate section I thought to include as I believe it is related to Arab culture in the real
life nowadays. As an observation, I have found that the Wasta is exists within Arab countries for
many years and as a results of that, the Wasta within Arabs becomes a key to build a
relationship at different level within their culture therefore the trust that this research is
addressing becomes vital to maintain their relationships. Much like China, the basic rule of
business in the Arab World is to establish a relationship first, build connections, and only
actually come to the heart of the intended business at a later meeting. There is a master
assumption that a network or web of connections already exists and the issues concern if, and
how, it may be accessed. In traditional Western models the emphasis is on the immediate
transaction itself. Thus in the Arab milieu much that subsequently transpires appears to be in
direct contrast to Western practice in which focus is placed on ‘getting the deal done’ and a
friendship- may only develop later as a separate function to the business transaction. Just as in

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Information Security and Human Behaviours
|148
|38203
|310

Women Empowerment towards SME Development in India
|268
|90107
|149

Project management of an integrated resort (IR).
|104
|22572
|2

Economic and Commercial Traits of Singapore
|117
|23328
|25

Improvement in Methods to Meet International Standards - Nestle
|12
|503
|422

Analyze the leadership qualities required in the construction
|101
|20074
|5