Murdoch University Research Repository

Welcome to the Murdoch University Research Repository

The Murdoch University Research Repository is an open access digital collection of research
created by Murdoch University staff, researchers and postgraduate students.

Learn more

An investigation of the factors that influence information security culture in government organisations in Bhutan

Tenzin, Sonam (2021) An investigation of the factors that influence information security culture in government organisations in Bhutan. Professional Doctorate thesis, Murdoch University.

[img]
Preview
PDF - Whole Thesis
Download (4MB) | Preview

Abstract

Adoption of information technology in organisations has increased the amount of data and information being generated and stored. This information is essential for individuals and organisations. Therefore, safeguarding information assets from external and internal threats is of vital importance. Information security threats can be categorised as technical and human- based threats, and human-based threats are major sources of information security breaches in organisations (Glaspie & Karwowski, 2018). Large investments have been made by organisations to secure data and security networks, but despite this, information security breaches as a result of human-based action are on the rise (Ponemon, 2019).

Information security threats can be reduced by improving the information security behaviour of employees. In addition, having an effective information security culture is believed to contribute to improving information security behaviour. Information security culture includes information security attitudes, assumptions, beliefs, values, and knowledge that employees use when interacting with organisational information assets and systems. To establish an effective information security culture, it is important to identify and understand the key factors that influence information security culture. This study therefore investigated the key factors that contribute to the establishment of an effective information security culture and explored how information security culture influences the information security behaviour of employees. A research model was developed for the study based on an analysis of the information security literature.

The target population for this research study is employees of government organisations in Bhutan. Data was collected using an online questionnaire. Using responses collected from 181 participants, the research model was tested using Partial Least Squares Structural Equation Modelling (PLS- SEM). The research model explained a relatively high proportion of the variability in information security culture (53.1%) but only 14.9% of the variability in information security behaviour. Six out of the nine hypotheses were supported. Senior management support, information security policy, training and awareness campaigns, interpersonal trust, and job- versus employee-oriented organisational culture were shown to be factors influencing information security culture. This study also found that establishing an effective information security culture contributes to good information security behaviour. Identifying the role of interpersonal trust is particularly valuable as it extends the work of Dang-Pham, Pittayachawan, and Bruno (2017) and clarifies the importance of interpersonal trust in establishing an effective information security culture, and through that good information security behaviour.

These findings will help government policy makers and information security practitioners when designing and developing information security strategies and programs. This will establish effective information security culture in organisations to nurture good information security behaviour.

Item Type: Thesis (Professional Doctorate)
Murdoch Affiliation(s): IT, Media and Communications
Supervisor(s): McGill, Tanya and Dixon, Michael
URI: http://researchrepository.murdoch.edu.au/id/eprint/60386
Item Control Page Item Control Page

Downloads

Downloads per month over past year