ISSN (Online): 2321-3418
server-injected
Economics and Management
Open Access

Factors Influencing Information Security Culture in Organizations Dealing With Economic Crime in Kenya

, ,
DOI: 10.18535/ijsrm/v12i12.em12· Pages: 8141-8149· Vol. 12, No. 12, (2024)· Published: December 23, 2024
PDF
Views: 604 PDF downloads: 213

Abstract

Information security culture is very important for any organization, especially in the public sector, where sensitive information is regularly processed and stored. This importance has become more pronounced in recent years because the frequency and sophistication of cyber-attacks have increased, highlighting the need for effective information security measures such as control policies including access controls, password regulations. However, the success of these measures depends on the development of a strong information security culture within the organization. This study thus aimed to establish the organizational factors influencing information security culture in the organization dealing with economic crime in Kenya. The study focused on information security control, organization structure and organizational culture and how they influence information security culture. The study was underpinned on Security Culture Framework, CIA triad model, structural contingency theory and organizational culture theory. Descriptive research design was adopted. The study targeted 5729 employees in the Economic crimes investigative organizations in Kenya. Stratified random sampling approach was used to classify the sample frame. Simple random sampling technique was utilized to select respondents from each stratum to come up with a sample size of 361 respondents. Data was gathered from the five organizations located in Nairobi County, using self-administered questionnaires. The questionnaires were distributed through a drop and pick-up method, wherein the researcher personally delivered them to the respondents at their workplace. The study produced quantitative data that was coded and entered into Statistical Packages for Social Scientists (SPSS Version 26) for analysis, using both descriptive and inferential statistics. The quantitative data was presented using tables and graphs, with accompanying explanations in prose. The study concludes that information security control has a positive and significant effect on information security culture in five selected state-owned organizations dealing with economic crime in Kenya. In addition, the study concludes that organization structure has a positive and significant effect on information security culture in five-selected state-owned organization dealing with economic crime in Kenya. Further, the study concludes that organizational culture has a positive and significant effect on information security culture in five-selected state-owned organization dealing with economic crime in Kenya. Based on the study findings, the study recommends that the management of state-owned organization dealing with economic crime in Kenya should establish a dedicated and well-defined information security governance structure. This involves creating a specialized information security department or team that reports directly to top management, ensuring that information security is prioritized at the highest organizational level.

Keywords

Information security cultureinformation security controlorganization structure and organizational culture. 1. Introduction

References

  1. Abebe, G., & Lessa, L. (2020). Human Factors Influence On Information Systems Security At Commercial Banks In Ethiopia. Addis Ababa : Masters thesis, Addis Ababa University.Google Scholar ↗
  2. AlGhamdi, S., Win, K., & Vlahu-Gjorgievska, E. (2021). Employees' intentions toward complying with information security controls in Saudi Arabia's public organisations. Government Information Quarterly, 39(4), 1-14.Google Scholar ↗
  3. Alzahrani, L., & Kavita, P. S. (2021). The Impact of Organizational Practices on the Information Security Management Performance. Information, 12(10), 398.Google Scholar ↗
  4. Apolinário, S., Yoshikuni, A. C., & Larieira, C. (2023). Resistance to information security due to users’ information safety behaviors: Empirical research on the emerging markets. Computers in Human Behavior, 145, 107772.Google Scholar ↗
  5. Assefa, T., & Tensaye, A. (2021). Factors influencing information security compliance: an institutional perspective. Ethiop. J. Sci, 44(1):108–118.Google Scholar ↗
  6. Bednar, P. M., & Welch, C. (2020). Socio-Technical Perspectives on Smart Working: Creating Meaningful and Sustainable Systems. Information Systems Frontiers, 22, pages281–298.Google Scholar ↗
  7. Bell, E., Bryman, A., & Harley, B. (2018). Business research methods. Oxford university press.Google Scholar ↗
  8. Carver, R. (2020). A framework for fostering a dynamic information security culture. Cyber Security: A Peer-Reviewed Journal, Henry Stewart Publications, 4(2), 145-159.Google Scholar ↗
  9. Chopra, A., & Chaudhary, M. (2020). Implementing an Information Security Management System Management System. Implementing an Information Security, https://doi.org/10.1007/978-1-4842-5413-4.DOI ↗Google Scholar ↗
  10. Creswell, J. W., & Poth, C. N. (2018). Qualitative inquiry and research design (international student edition): Choosing among five approaches. Language, 25(1), 459Google Scholar ↗
  11. Crossler, R., Andoh-Baidoo, F., & Menard, P. (2019). Espoused cultural values as antecedents of individuals' threat and coping appraisal toward protective information technologies: study of US and Ghana. Inf. Manag., 56 (5), 754-766.Google Scholar ↗
  12. da Veiga, A., Astakhova, L., Botha, A., & Herselman, M. (2020). Defining Organizational Information Security Culture-Perspectives from Academia and Industry . Computers and Security , https://doi.org/10.1016/j.cose.2020.101713.DOI ↗Google Scholar ↗
  13. Dasgupta, S., & Gupta, B. (2019). Espoused organizational culture values as antecedents of internet technology adoption in an emerging economy. Inf. Manag., 56 (6), 103142.Google Scholar ↗
  14. Diesch, R., Pfaff, M., & Krcmar, H. (2020). A comprehensive model of information security factors for decision-makers. Comput. Secur., 92, 101747. .Google Scholar ↗
  15. Geffner, R., Shaw, M., & Crowell, B. (2018). Ethical considerations in forensic evaluations in family court. In M. M. Leach, & E. R. Welfel, Cambridge handbooks in psychology. The Cambridge handbook of applied psychological ethics (pp. 452–473). London: Cambridge University Press.Google Scholar ↗
  16. Gyllensten, K., & Torner, M. (2021). The role of organizational and social factors for information security in a nuclear power industry. Organizational Cybersecurity Journal: Practice, Process and People, 2(1), 3-20.Google Scholar ↗
  17. Hair, J. F., Celsi, M. W., Money, A. H., Samouel, P., & Page, M. J. (2015). Essentials of Business Research Methods. Oxfordshire, England: Routledge.Google Scholar ↗
  18. Kamariza, Y. (2017). Implementation of information security policies in public organizations : success factor. Jonkoping University.Google Scholar ↗
  19. Kim, D., & Solomon, M. G. (2018). Fundamentals of Information Systems Security. (3rd ed.). Jones & Bartlett Learning, LLC, an Ascend Learning Company.Google Scholar ↗
  20. Koohang, A., Nowak, A., Paliszkiewicz, J., & Nord, J. H. (2020). Information security policy compliance : Leadership, trust, role values, and awareness. Journal of Computer Information Systems, 60(1), 1-8.Google Scholar ↗
  21. Liu, C., Wang, N., & Liang, H. (2020). Motivating information security policy compliance: The critical role of supervisor-subordinate guanxi and organizational commitment. International Journal of Information management, 54, 1-12.Google Scholar ↗
  22. Mehrad, A., & Tahriri, M. (2019). Comparison between qualitative and quantitative research approaches: Social sciences. International Journal For Research In Educational Studies, 5(7), 1-7.Google Scholar ↗
  23. Meyers, L. S., Gamst, G., & Guarino, A. J. (2016). Applied Multivariate Research: Design and Interpretation. Washington, DC: Sage Publishing.Google Scholar ↗
  24. Nasir, A., Arshah, R. A., & Ab Hamid, M. R. (2020). Information security culture for guiding employee’s security behaviour: A pilot study. Sixth International Conference on Information Management (pp. 205-209). London: United Kingdom.Google Scholar ↗
  25. Nasir, A., Arshah, R., Ab Hamid, M., & Fahmy, S. (2019). An analysis on the dimensions of information security culture concept: A review . Journal of information security and applications, 44, 12-22.Google Scholar ↗
  26. Njoroge, G. M. (2020). Human Factors Affecting Favourable Cybersecurity Culture- a Case of Small and Medium-sized Enterprises Smes Providing Enterprise Wide Information Systems Solutions in Nairobi City County in Kenya. Nairobi: Faculty of Science & Technology (FST), University of Nairobi.Google Scholar ↗
  27. Paliszkiewicz, J. (2019). Information security policy compliance: Leadership and trust. Journal of Computer Information Systems, 59(3), 211-217.Google Scholar ↗
  28. Saunders, M., Lewis, P., & Thornhill, A. (2016). Research Methods for Business Students. London, United Kingdom: Pearson Education Limited.Google Scholar ↗
  29. Sharma, S., & Aparicio, E. (2022). Organizational and team culture as antecedents of protection motivation among IT employees. Computers & Security, 120, 102774.Google Scholar ↗
  30. Suharyanto, A., & Lestari, R. (2020). The Fall and Rise of The Contingency Theory of Leadership. Iapa Proceedings Conference, 423, DOI:10.30589/proceedings.DOI ↗Google Scholar ↗
  31. Suriani, M. (2017). A model of factors influencing information security culture in oil and gas company. Universiti Teknologi Malaysia: Masters thesis, Razak Faculty of Technology and Informatics.Google Scholar ↗
  32. Taherdoost, H. (2016). Sampling Methods in Research Methodology; How to Choose a Sampling Technique for Research. International Journal of Academic Research in Management, 18-27.Google Scholar ↗
  33. Tenzin, S. (2021). An Investigation of the Factors that Influence Information Security Culture in Government Organisations in Bhutan. Perth, Western Australia: Doctor of Information Technology thesis, Murdoch University.Google Scholar ↗
  34. Tolah, A. (2021). A Framework for Understanding and Establishing an Effective Information Security Culture. Plymouth, England: Doctor Of Philosophy thesis, University of Plymouth.Google Scholar ↗
  35. Zaini, M., Harun, Q., & Masrek, M. (2018). The Development Of An Information Security Culture Scale For The Malaysian Public Organization. International Journal of Mechanical Engineering and Technology (IJMET), 9(7), 1255–1267.Google Scholar ↗
Author details
John Onyango Abingo
Student Master of Science in Forensic and Security Management, Cyber Crime Forensics Option, Institute of Criminology, Forensic and Security Studies, Dedan Kimathi University of Technology, Nairobi Campus, Loita Street, Pension Towers, 2nd Floor
✉ Corresponding Author
👤 View Profile →
George Musumba
Lecturer Institute of Computer Studies and Information Technology, Dedan Kimathi University of Technology, Nairobi Campus, Loita Street, Pension Towers, 2nd Floor
👤 View Profile →🔗 Is this you? Claim this publication
Anthony Maina Mbuki
Lecturer Institute of Computer Studies and Information Technology, Dedan Kimathi University of Technology, Nairobi Campus, Loita Street, Pension Towers, 2nd Floor
👤 View Profile →🔗 Is this you? Claim this publication