Article: The role of user awareness in the information technology and security governance nexus - evidence from Ghana's banking industry Journal: International Journal of Information and Computer Security (IJICS) 2024 Vol.25 No.3/4 pp.367 - 403 Abstract: This study proposes a model to explain the interplay among information security governance, information technology governance, and information security awareness, with guidance from the information security governance theoretical lens. Employing a questionnaire survey with a sample size of 300 and structural equation modelling, the study revealed several key relationships: business/IT strategic alignment positively correlates with information technology governance, underscoring the importance of aligning IT strategies with broader organisational goals. Weak but consistent positive relationship is identified between value delivery and information technology governance, emphasising the link between extracting value from IT investments and effective governance. Contrary to expectations, risk management and information security governance exhibit an inverse relationship. Information security awareness shows a significant but inverse relationship with information security governance. Both resource management and information technology governance, as well as performance measurement and information technology governance, demonstrate no significant relationships, suggesting that adept resource management and performance monitoring alone may not ensure enhanced governance. Moreover, no significant relationship is found between information security governance and information technology governance, indicating a limited influence of managing information security on overall information technology governance practices. The study concludes by offering recommendations to stakeholders within the domain based on the outlined findings. Inderscience Publishers - linking academia, business and industry through research

Title: The role of user awareness in the information technology and security governance nexus - evidence from Ghana's banking industry

Authors: Emmanuel Adu-Mensah; Solomon Odei-Appiah; Joseph Kwame Adjei; Enoch Ayivor

Addresses: Ghana Institute of Management and Public Administration (GIMPA), P.O. Box AH 50, Achimota, Accra, Ghana ' Ghana Institute of Management and Public Administration (GIMPA), P.O. Box AH 50, Achimota, Accra, Ghana ' Computer Science and Information Systems Department, Ashesi University, 1 University Avenue, Berekuso, Eastern Region, Ghana ' Ghana Institute of Management and Public Administration (GIMPA), P.O. Box AH 50, Achimota, Accra, Ghana

Abstract: This study proposes a model to explain the interplay among information security governance, information technology governance, and information security awareness, with guidance from the information security governance theoretical lens. Employing a questionnaire survey with a sample size of 300 and structural equation modelling, the study revealed several key relationships: business/IT strategic alignment positively correlates with information technology governance, underscoring the importance of aligning IT strategies with broader organisational goals. Weak but consistent positive relationship is identified between value delivery and information technology governance, emphasising the link between extracting value from IT investments and effective governance. Contrary to expectations, risk management and information security governance exhibit an inverse relationship. Information security awareness shows a significant but inverse relationship with information security governance. Both resource management and information technology governance, as well as performance measurement and information technology governance, demonstrate no significant relationships, suggesting that adept resource management and performance monitoring alone may not ensure enhanced governance. Moreover, no significant relationship is found between information security governance and information technology governance, indicating a limited influence of managing information security on overall information technology governance practices. The study concludes by offering recommendations to stakeholders within the domain based on the outlined findings.

Keywords: information technology governance; ITG; information security governance; ISG; information security awareness; ISA; Ghana.

DOI: 10.1504/IJICS.2024.143938

International Journal of Information and Computer Security, 2024 Vol.25 No.3/4, pp.367 - 403

Accepted: 02 Mar 2024
Published online: 14 Jan 2025 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: The role of user awareness in the information technology and security governance nexus - evidence from Ghana's banking industry

Keep up-to-date