Knowledge of Information Security Awareness and Practices for Home Users: Case Study in Libya
Abstract
The abundance of information available through the internet, mobile applications, and cloud computing has made it convenient for users to access a wide range of information. However, this convenience comes at a cost, as this information is constantly at risk of being compromised by cybercriminals and hackers. While the recognition of the potential dangers of information security is increasing in developed countries, in regions like Libya in North Africa, the level of protection for this information is insufficient. The purpose of this study is to examine the various factors that may influence or affect users' practices and awareness at home. The investigated factors are policy, behavior, training, knowledge of IT, and education. To accomplish the goals of this study, a quantitative methodology was implemented. Specifically, a survey was created to assess the correlation between key factors and security awareness and practices in the home environment. The survey attracted 220 respondents and was analyzed using Bivariate/Pearson Correlation to determine the relationship between the independent variable and the dependent variable. The results of the study showed a moderate positive correlation between policy, knowledge of IT, and education with security awareness and practice, but the behavior factor had a low correlation. These results indicate that the security awareness and practice level of employees at home is mostly at a moderate level. It is hoped that the present study provides an initial step in focusing on security training sessions among higher education employees to emphasize the importance of security training and increase knowledge of information security. It is hoped that the findings of this study will serve as a starting point for further research and a focus on providing security information for the public, which will help disseminate new knowledge on the importance of security training and increase awareness of information security.
Downloads
Metrics
PlumX Statistics
References
2. Colwill, C. 2009. "Human factors in information security: The insider threat–Who can you trust these days?" Information security technical report. Vol. 14. pp. 186- 196
3. Doherty, N. F., Anastasakis, L., and Fulford, H. 2009. "The information security policy unpacked: A critical study of the content of university policies". International Journal of Information Management, 29(6), pp. 449-457.
4. Edwards, k. 2015. Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users. Thesis Degree of Doctor of Philosophy, College of Engineering and Computing Nova Southeastern University.
5. Fakeh, S. K. W., Zulhemay, M. N., Shahibi, M. S., Ali, J., and Zaini, M. K. 2012. "Information Security Awareness Amongst Academic Librarians". Journal of Applied Sciences Research, 8(3), pp. 1723-1735.
6. Furnell, S., and Evangelatos, K. 2007. "Public Awareness and Perceptions of Biometrics". Computer Fraud & Security, 2007. 1, pp. 8-13.
7. Halim, A. Abu Bakar, A. Hamid, H. and Alwi, N. 2008. "A Study of Information Security Awareness Among USIM Staff". Technical Report. USIM.
8. Huang, D. L., Patrick Rau, P. L., Salvendy, G., Gao, F., and Zhou, J. 2011. "Factors affecting perception of information security and their impacts on IT adoption and security practices". International Journal of Human-Computer Studies, 69(12), pp. 870-883.
9. Hight, S. D. 2005. "The importance of a security, education, training and awareness program", November 2005. Retrieved on 10 March 2022 from: http://www.infosecwriters.com/text resources/pdf/SETA SHight.pdf.
10. Ishak, I.S., Ishak, I.S., Abu Hassan, R., Suradi, Z., and Mansor, Z. 2014. "Information Security Awareness and Practices In Malaysian IHLs: A Study at UNISEL". DOI: 10.15224/978-1-63248-034-7-29 Conference: Second Intl. Conf. on Advances in Computing, Electronics and Electrical Technology - CEET 2014, At Kuala Lumpur.
11. Jaeger, L. (2018, January). Information security awareness: literature review and integrative framework. In Proceedings of the 51st Hawaii International Conference on System Sciences
12. Kritzinger, E., and von Solms, S. H. 2010. "Cyber security for home users: A new way of protection through awareness enforcement". Computers & Security, 29(8), pp. 840-847
13. Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., and Jerram, C. 2014. "Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q)". Computers & Security, 42, pp.165-176.
14. Parsons, K., McCormac, A., Butavicius, M., and Ferguson, L. 2010." Human factors and information security: individual, culture and security environment". (No. DSTO-TR-2484). Defence Science and Technology Organization Edinburgh (AUSTRALIA) Command Control Communications and Intelligence Div. Technical Report
15. Roy Sarkar, K. 2010. "Assessing Insider Threats to Information Security Using Technical, Behavioral and Organisational Measures". Information Security Technical Report. Vol. 15. pp. 112-133.
16. Rhee, H. S., Kim, C., and Ryu, Y. U. 2009. "Self-efficacy in information security: Its influence on end users' information security practice behavior". Computers & Security, 28 (8), pp. 816-826.
17. Schneier, B. 2011. "Secrets and lies: digital security in a networked world". John Wiley & Sons. ISBN. 0-471-25311-1.
18. Specops company 2020. “Which Country Has the Highest Number of Significant Cyber-Attacks”. Retrieved on 10 March 2022 from: https://specopssoft.com/blog/countries-experiencing-significant-cyber-attacks/
19. Schultz, E. 2004."Security Training and Awareness Fitting a Square peg in a Round Hole". Computers & Security, 23 (1), pp. 1-2.
20. Talib, S., Clarke, N. L., & Furnell, S. M. 2012. "Establishing A Personalized Information Security Culture". International Journal of Mobile Computing and Multimedia Communications (IJMCMC), 3(1), pp. 63-79.
21. Talib, S., Clarke, N. L., and Furnell, S. M. 2010. "An analysis of information security awareness within home and work environments". In Availability, Reliability, and Security, 2010. ARES'10 International Conference on (pp. 196-203). IEEE
22. Tsohou, A., Karyda, M., Kokolakis, S., and Kiountouzis, E. 2010. "Analyzing information security awareness through networks of association". In Trust, Privacy and Security in Digital Business (pp. 227-237). Springer Berlin Heidelberg.
23. Takemura, T. 2010."A quantitative study on Japanese workers' awareness to information security using the data collected by web-based survey. American Journal of Economics and Business Administration, 2(1), pp. 20- 26.
24. Wilson, M., and Hash, J. 2003."Building an information technology security awareness and training program". NIST Special publication, 800, 50.
Copyright (c) 2023 Hamida Asker, Abdalmonem Tamtam
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
.jpg)
