Knowledge of Information Security Awareness and Practices for Home Users: Case Study in Libya
Abstract
The abundance of information available through the Internet, mobile applications, and cloud computing has made it convenient for users to access a wide range of information. However, this convenience comes with a cost as this information is constantly at risk of being compromised by cybercriminals and hackers. While the recognition of the potential dangers of information security is increasing in developed countries, in regions like Libya in North Africa, the level of protection for this information is insufficient. The purpose of this study is to examine the various factors that may influence or affect the users’ practice and awareness at home. The investigated factors are policy, behavior, training, knowledge of IT and education. In order to accomplish the goals of this study, a quantitative methodology was implemented. Specifically, a survey was created to assess the correlation between key factors and security awareness and practices in the home environment. The survey attracted 220 respondents and analyzed using Bivariate/Pearson Correlation to determine the relationship between the independent variable and the dependent variable. The result of the study showed that there was a moderate positive correlation between policy, knowledge of IT and education with security awareness and practice, but behavior factor has a low correlation. These results indicated that security awareness and practice level of employees at home are mostly at the middle level. It is hoped that the present study provides an initial step to focus on security training sessions among higher education employees to reflect new knowledge on the importance of security training to increase the knowledge of information security. It is hoped that the findings of this study will serve as a starting point for further research and focus on providing security information for public, which will help to reflect new knowledge on the importance of security training and increase awareness of information security.
Downloads
Metrics
References
security awareness and practice level among third level education
staff, case study in Nalut Libya" European Scientific Journal. Vol.
16. No. 15. pp. 20- 33
2. Colwill, C. 2009. "Human factors in information security: The insider
threat–Who can you trust these days?" Information security technical
report. Vol. 14. pp. 186- 196
3. Doherty, N. F., Anastasakis, L., and Fulford, H. 2009. "The
information security policy unpacked: A critical study of the content
of university policies". International Journal of Information
Management, 29(6), pp. 449-457.
4. Edwards, k. 2015. Examining the Security Awareness, Information
Privacy, and the Security Behaviors of Home Computer Users. Thesis
Degree of Doctor of Philosophy, College of Engineering and
Computing Nova Southeastern University.
5. Fakeh, S. K. W., Zulhemay, M. N., Shahibi, M. S., Ali, J., and Zaini,
M. K. 2012. "Information Security Awareness Amongst Academic
Librarians". Journal of Applied Sciences Research, 8(3), pp. 1723-
1735.
6. Furnell, S., and Evangelatos, K. 2007. "Public Awareness and
Perceptions of Biometrics". Computer Fraud & Security, 2007. 1, pp.
8-13.
7. Halim, A. Abu Bakar, A. Hamid, H. and Alwi, N. 2008. "A Study of
Information Security Awareness Among USIM Staff". Technical
Report. USIM.
8. Huang, D. L., Patrick Rau, P. L., Salvendy, G., Gao, F., and Zhou, J.
2011. "Factors affecting perception of information security and their
impacts on IT adoption and security practices". International Journal
of Human-Computer Studies, 69(12), pp. 870-883.
9. Hight, S. D. 2005. "The importance of a security, education, training
and awareness program", November 2005. Retrieved on 10 March
2022 from: http://www.infosecwriters.com/text resources/pdf/SETA
SHight.pdf.
10. Ishak, I.S., Ishak, I.S., Abu Hassan, R., Suradi, Z., and Mansor, Z.
2014. "Information Security Awareness and Practices In Malaysian
IHLs: A Study at UNISEL". DOI: 10.15224/978-1-63248-034-7-29
Conference: Second Intl. Conf. on Advances in Computing,
Electronics and Electrical Technology - CEET 2014, At Kuala
Lumpur.
11. Jaeger, L. (2018, January). Information security awareness: literature
review and integrative framework. In Proceedings of the 51st Hawaii
International Conference on System Sciences
12. Kritzinger, E., and von Solms, S. H. 2010. "Cyber security for home
users: A new way of protection through awareness
enforcement". Computers & Security, 29(8), pp. 840-847
13. Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., and
Jerram, C. 2014. "Determining employee awareness using the Human
Aspects of Information Security Questionnaire (HAIS-Q)".
Computers & Security, 42, pp.165-176.
14. Parsons, K., McCormac, A., Butavicius, M., and Ferguson, L. 2010. "
Human factors and information security: individual, culture and
security environment". (No. DSTO-TR-2484). Defence Science and
Technology Organization Edinburgh (AUSTRALIA) Command
Control Communications and Intelligence Div. Technical Report
15. Roy Sarkar, K. 2010. "Assessing Insider Threats to Information
Security Using Technical, Behavioral and Organisational Measures".
Information Security Technical Report. Vol. 15. pp. 112-133.
16. Rhee, H. S., Kim, C., and Ryu, Y. U. 2009. "Self-efficacy in
information security: Its influence on end users' information security
practice behavior". Computers & Security, 28 (8), pp. 816-826.
17. Schneier, B. 2011. "Secrets and lies: digital security in a networked
world". John Wiley & Sons. ISBN. 0-471-25311-1.
18. Specops company 2020. “Which Country Has the Highest Number of
Significant Cyber-Attacks”. Retrieved on 10 March 2022 from:
https://specopssoft.com/blog/countries-experiencing-significantcyber-attacks/
19. Schultz, E. 2004."Security Training and Awareness Fitting a Square
peg in a Round Hole". Computers & Security, 23 (1), pp. 1-2.
20. Talib, S., Clarke, N. L., & Furnell, S. M. 2012. "Establishing A
Personalized Information Security Culture". International Journal of
Mobile Computing and Multimedia Communications
(IJMCMC), 3(1), pp. 63-79.
21. Talib, S., Clarke, N. L., and Furnell, S. M. 2010. "An analysis of
information security awareness within home and work
environments". In Availability, Reliability, and Security, 2010.
ARES'10 International Conference on (pp. 196-203). IEEE
22. Tsohou, A., Karyda, M., Kokolakis, S., and Kiountouzis, E. 2010.
"Analyzing information security awareness through networks of
association". In Trust, Privacy and Security in Digital Business (pp.
227-237). Springer Berlin Heidelberg.
23. Takemura, T. 2010."A quantitative study on Japanese workers'
awareness to information security using the data collected by webbased survey. American Journal of Economics and Business
Administration, 2(1), pp. 20- 26.
24. Wilson, M., and Hash, J. 2003."Building an information technology
security awareness and training program". NIST Special
publication, 800, 50.
Copyright (c) 2023 Hamida Asker, Abdalmonem Tamtam
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.