Comparative study of information security awareness and practice within home and work environments: Case study in Libya
Abstract
The abundance of information available through the internet, mobile applications, and cloud computing has made it convenient for users to access a wide range of data. However, this convenience comes at a cost, as this information is constantly at risk of being compromised by cybercriminals and hackers. While the recognition of potential information security dangers is increasing in developed countries, regions like Libya in North Africa still exhibit insufficient protection levels.
The purpose of this study is to compare various factors that may influence or affect users' practices and awareness in home and work environments. The factors investigated are policy, behavior, IT knowledge, and education. To achieve the study's goals, a quantitative methodology was employed. A survey was created to assess the correlation between these key factors and security awareness and practices in home and workplace settings. The survey attracted 220 respondents and was analyzed using statistical methods to determine the relationship between the independent variables and the dependent variables.
The study's results showed a moderate positive correlation between policy, IT knowledge, and education with security awareness and practice in both home and workplace environments. Only the behavior factor had a low correlation for home users. These findings indicate that the level of security awareness and practices at home and in the workplace is generally moderate.
This study aims to serve as an initial step in emphasizing the importance of security training sessions for employees, highlighting the need to increase knowledge of information security. The findings are intended to inspire further research and a focus on providing security information to the public, thereby disseminating new knowledge on the importance of security training and enhancing awareness of information security.
Downloads
Metrics
References
2. Alyami, A., Sammon, D., Neville, K. and Mahony, C., 2024. Critical success factors for Security Education, Training and Awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives. Information & Computer Security, 32(1), pp.53-73.
3. Asker, H., and Tamtam, A. 2020. "An investigate of the information security awareness and practice level among third level education staff, case study in Nalut Libya" European Scientific Journal. Vol. 16. No. 15. pp. 20- 33
4. Asker, H., and Tamtam, A. 2023. "Knowledge of Information Security Awareness and Practices for Home Users: Case Study in Libya" European Scientific Journal. Vol. 19. No. 15. P. 238
5. Bada, M., and Sasse, A. 2014. “Cyber security awareness campaigns: Why do they fail to change behaviour?” Global Cyber Security Capacity Centre, University of Oxford: Oxford, UK
6. Bulgurcu, B., Cavusoglu, H. and Benbasat, I., 2010. “Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness”. MIS quarterly, pp.523-548.
7. Burn, R.B., 2000. "Introduction to research method". Australia: Longman
8. Edwards, k. 2015. Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users. Thesis Degree of Doctor of Philosophy, College of Engineering and Computing Nova Southeastern University.
9. Gharaibeh, N. and Zanoon, N. 2013. The impact of customer knowledge on the security of e-banking. International Journal of Computer Science and Security (IJCSS), 7(2), p.81.
10. Grant, G. J. 2010. Ascertaining the relationship between security awareness and the security behavior of individuals. Nova Southeastern University. Retrieved from ProQuest Dissertations and Theses, UMI Number: 3423144
11. Guo, K.H. 2013. “Security-related behavior in using information systems in the workplace: A review and synthesis”, Computers & Security, Vol. 32, pp 242-251.
12. Hammarstrand, J. and Fu, T., 2015. “Information security awareness and behaviour: of trained and untrained home users in Sweden£.
13. Hentea, M., Dhillon, H.S. and Dhillon, M., 2006. Towards changes in information security education. Journal of Information Technology Education: Research, 5(1), pp.221-233.
14. Hight, S. D. 2005. "The importance of a security, education, training and awareness program", November 2005. Retrieved on 10 March 2022 from: http://www.infosecwriters.com/text resources/pdf/SETA SHight.pdf.
15. Jaeger, L. (2018, January). Information security awareness: literature review and integrative framework. In Proceedings of the 51st Hawaii International Conference on System Sciences
16. Quagliata, K. 2010. “Impact of Security Awareness Training Components on Security Effectiveness”. Research Findings Federal Information Systems Security Educators’ Association (FISSEA) Annual Conference National Institute of Standards and Technology.
17. Kemper, G. 2019 “Improving employees' cyber security awareness, Computer Fraud & Security”, Volume 2019, Issue 8, Pages 11-14.
18. Khando, K. Shang, G. Sirajul, M. I., and Ali, S., 2021 “Enhancing employees information security awareness in private and public organisations: A systematic literature review”, Computers & Security, Volume 106, 102267, ISSN 0167-404
19. Kruger, H.A., Kearney, W.D., 2007. “A prototype for assessing information security awareness”, Computers & Security, Volume 25, Issue 4, Pages 289-296.
20. Lim, J.S., Chang, S., Maynard, S. and Ahmad, A. 2009 “Exploring the relationships between organizational culture and information security culture”. In – 7th Australian Information Security Management Conference. Australia.
21. Mamonov, S. and Benbunan-Fich, R. 2018 The Impact of Information Security Threat Awareness on Privacy-Protective Behaviors. Computers in Human Behavior, 83, 32-44. https://doi.org/10.1016/j.chb.2018.01.02
22. Metalidou, Efthymia & Marinagi, Catherine & Trivellas, Panagiotis & Eberhagen, Niclas & Skourlas, Christos & Giannakopoulos, Georgios. 2014. “The Human Factor of Information Security: Unintentional Damage Perspective”. Procedia - Social and Behavioral Sciences. 147. 10.1016/j.sbspro.2014.07.133.
23. Mukaka M. M. 2012. “Statistics corner: A guide to appropriate use of correlation coefficient in medical research”. Malawi medical journal : the journal of Medical Association of Malawi, 24(3), 69–71
24. Specops company 2020. “Which Country Has the Highest Number of Significant Cyber-Attacks”. Retrieved on 10 March 2022 from: https://specopssoft.com/blog/countries-experiencing-significant-cyber-attacks/
25. Schultz, E. 2004."Security Training and Awareness Fitting a Square peg in a Round Hole". Computers & Security, 23 (1), pp. 1-2.
26. Talib, S., Clarke, N. L., & Furnell, S. M. 2012. "Establishing A Personalized Information Security Culture". International Journal of Mobile Computing and Multimedia Communications (IJMCMC), 3(1), pp. 63-79.
27. Talib, S., Clarke, N. L., and Furnell, S. M. 2010. "An analysis of information security awareness within home and work environments". In Availability, Reliability, and Security, 2010. ARES'10 International Conference on (pp. 196-203). IEEE
28. Tsohou, A., Karyda, M., Kokolakis, S., and Kiountouzis, E. 2010. "Analyzing information security awareness through networks of association". In Trust, Privacy and Security in Digital Business (pp. 227-237). Springer Berlin Heidelberg.
29. Von Solms, R, and Von Solms S.H. (Basie), 2006 “Information security governance: Due care”, Computers & Security, Volume 25, Issue 7, Pages 494-497.
Copyright (c) 2024 Abdalmonem Tamtam, Hamida Asker
This work is licensed under a Creative Commons Attribution 4.0 International License.