Title: Understanding human aspects for an effective information security management implementation
Authors: Burcu Kör; Bilgin Metin
Addresses: Amsterdam School of International Business, Amsterdam University of Applied Science, Amsterdam, Netherlands ' Management Information Systems Department, Bogazici University, Turkey
Abstract: In today's world, information security is a trending as well as a crucial topic for both individuals and organisations. Cyber attacks cause financial loss for businesses with data breaches and production loss. Data breaches can result in loss of reputation, reduced customer loyalty, and fines. Also due to cyber attacks, business continuity is affected so that organisations cannot provide continuous production. Therefore, organisations should reduce cyber risks by managing their information security. For this purpose, they may use ISO/IEC 27001 information security management standard. ISO/IEC 27001:2013 includes 114 controls that are in both technical and organisational level. However, in the practice of security management, individuals' information security behaviour could be underestimated. Herein, technology alone cannot guarantee the safety of information assets in organisations, thereby a range of human aspects should be taken into consideration. In this study, the importance of security behaviour with respect to ISO/IEC 27001 information security management implementation is presented. The present study extensively analyses the data collected from a survey of 630 people. The results of reliability measures and confirmatory factor analysis support the scale of the study.
Keywords: information security; information security behaviour; information security policy; information security knowledge sharing; self-efficacy; information security training.
DOI: 10.1504/IJADS.2021.113532
International Journal of Applied Decision Sciences, 2021 Vol.14 No.2, pp.105 - 122
Received: 15 Sep 2019
Accepted: 21 Oct 2019
Published online: 10 Mar 2021 *