Factors Influencing Information Security Culture in Organizations Dealing With Economic Crime in Kenya
Downloads
Information security culture is very important for any organization, especially in the public sector, where sensitive information is regularly processed and stored. This importance has become more pronounced in recent years because the frequency and sophistication of cyber-attacks have increased, highlighting the need for effective information security measures such as control policies including access controls, password regulations. However, the success of these measures depends on the development of a strong information security culture within the organization. This study thus aimed to establish the organizational factors influencing information security culture in the organization dealing with economic crime in Kenya. The study focused on information security control, organization structure and organizational culture and how they influence information security culture. The study was underpinned on Security Culture Framework, CIA triad model, structural contingency theory and organizational culture theory. Descriptive research design was adopted. The study targeted 5729 employees in the Economic crimes investigative organizations in Kenya. Stratified random sampling approach was used to classify the sample frame. Simple random sampling technique was utilized to select respondents from each stratum to come up with a sample size of 361 respondents. Data was gathered from the five organizations located in Nairobi County, using self-administered questionnaires. The questionnaires were distributed through a drop and pick-up method, wherein the researcher personally delivered them to the respondents at their workplace. The study produced quantitative data that was coded and entered into Statistical Packages for Social Scientists (SPSS Version 26) for analysis, using both descriptive and inferential statistics. The quantitative data was presented using tables and graphs, with accompanying explanations in prose. The study concludes that information security control has a positive and significant effect on information security culture in five selected state-owned organizations dealing with economic crime in Kenya. In addition, the study concludes that organization structure has a positive and significant effect on information security culture in five-selected state-owned organization dealing with economic crime in Kenya. Further, the study concludes that organizational culture has a positive and significant effect on information security culture in five-selected state-owned organization dealing with economic crime in Kenya. Based on the study findings, the study recommends that the management of state-owned organization dealing with economic crime in Kenya should establish a dedicated and well-defined information security governance structure. This involves creating a specialized information security department or team that reports directly to top management, ensuring that information security is prioritized at the highest organizational level.
Downloads
1. Abebe, G., & Lessa, L. (2020). Human Factors Influence On Information Systems Security At Commercial Banks In Ethiopia. Addis Ababa : Masters thesis, Addis Ababa University.
2. AlGhamdi, S., Win, K., & Vlahu-Gjorgievska, E. (2021). Employees' intentions toward complying with information security controls in Saudi Arabia's public organisations. Government Information Quarterly, 39(4), 1-14.
3. Alzahrani, L., & Kavita, P. S. (2021). The Impact of Organizational Practices on the Information Security Management Performance. Information, 12(10), 398.
4. Apolinário, S., Yoshikuni, A. C., & Larieira, C. (2023). Resistance to information security due to users’ information safety behaviors: Empirical research on the emerging markets. Computers in Human Behavior, 145, 107772.
5. Assefa, T., & Tensaye, A. (2021). Factors influencing information security compliance: an institutional perspective. Ethiop. J. Sci, 44(1):108–118.
6. Bednar, P. M., & Welch, C. (2020). Socio-Technical Perspectives on Smart Working: Creating Meaningful and Sustainable Systems. Information Systems Frontiers, 22, pages281–298.
7. Bell, E., Bryman, A., & Harley, B. (2018). Business research methods. Oxford university press.
8. Carver, R. (2020). A framework for fostering a dynamic information security culture. Cyber Security: A Peer-Reviewed Journal, Henry Stewart Publications, 4(2), 145-159.
9. Chopra, A., & Chaudhary, M. (2020). Implementing an Information Security Management System Management System. Implementing an Information Security, https://doi.org/10.1007/978-1-4842-5413-4.
10. Creswell, J. W., & Poth, C. N. (2018). Qualitative inquiry and research design (international student edition): Choosing among five approaches. Language, 25(1), 459
11. Crossler, R., Andoh-Baidoo, F., & Menard, P. (2019). Espoused cultural values as antecedents of individuals' threat and coping appraisal toward protective information technologies: study of US and Ghana. Inf. Manag., 56 (5), 754-766.
12. da Veiga, A., Astakhova, L., Botha, A., & Herselman, M. (2020). Defining Organizational Information Security Culture-Perspectives from Academia and Industry . Computers and Security , https://doi.org/10.1016/j.cose.2020.101713.
13. Dasgupta, S., & Gupta, B. (2019). Espoused organizational culture values as antecedents of internet technology adoption in an emerging economy. Inf. Manag., 56 (6), 103142.
14. Diesch, R., Pfaff, M., & Krcmar, H. (2020). A comprehensive model of information security factors for decision-makers. Comput. Secur., 92, 101747. .
15. Geffner, R., Shaw, M., & Crowell, B. (2018). Ethical considerations in forensic evaluations in family court. In M. M. Leach, & E. R. Welfel, Cambridge handbooks in psychology. The Cambridge handbook of applied psychological ethics (pp. 452–473). London: Cambridge University Press.
16. Gyllensten, K., & Torner, M. (2021). The role of organizational and social factors for information security in a nuclear power industry. Organizational Cybersecurity Journal: Practice, Process and People, 2(1), 3-20.
17. Hair, J. F., Celsi, M. W., Money, A. H., Samouel, P., & Page, M. J. (2015). Essentials of Business Research Methods. Oxfordshire, England: Routledge.
18. Kamariza, Y. (2017). Implementation of information security policies in public organizations : success factor. Jonkoping University.
19. Kim, D., & Solomon, M. G. (2018). Fundamentals of Information Systems Security. (3rd ed.). Jones & Bartlett Learning, LLC, an Ascend Learning Company.
20. Koohang, A., Nowak, A., Paliszkiewicz, J., & Nord, J. H. (2020). Information security policy compliance : Leadership, trust, role values, and awareness. Journal of Computer Information Systems, 60(1), 1-8.
21. Liu, C., Wang, N., & Liang, H. (2020). Motivating information security policy compliance: The critical role of supervisor-subordinate guanxi and organizational commitment. International Journal of Information management, 54, 1-12.
22. Mehrad, A., & Tahriri, M. (2019). Comparison between qualitative and quantitative research approaches: Social sciences. International Journal For Research In Educational Studies, 5(7), 1-7.
23. Meyers, L. S., Gamst, G., & Guarino, A. J. (2016). Applied Multivariate Research: Design and Interpretation. Washington, DC: Sage Publishing.
24. Nasir, A., Arshah, R. A., & Ab Hamid, M. R. (2020). Information security culture for guiding employee’s security behaviour: A pilot study. Sixth International Conference on Information Management (pp. 205-209). London: United Kingdom.
25. Nasir, A., Arshah, R., Ab Hamid, M., & Fahmy, S. (2019). An analysis on the dimensions of information security culture concept: A review . Journal of information security and applications, 44, 12-22.
26. Njoroge, G. M. (2020). Human Factors Affecting Favourable Cybersecurity Culture- a Case of Small and Medium-sized Enterprises Smes Providing Enterprise Wide Information Systems Solutions in Nairobi City County in Kenya. Nairobi: Faculty of Science & Technology (FST), University of Nairobi.
27. Paliszkiewicz, J. (2019). Information security policy compliance: Leadership and trust. Journal of Computer Information Systems, 59(3), 211-217.
28. Saunders, M., Lewis, P., & Thornhill, A. (2016). Research Methods for Business Students. London, United Kingdom: Pearson Education Limited.
29. Sharma, S., & Aparicio, E. (2022). Organizational and team culture as antecedents of protection motivation among IT employees. Computers & Security, 120, 102774.
30. Suharyanto, A., & Lestari, R. (2020). The Fall and Rise of The Contingency Theory of Leadership. Iapa Proceedings Conference, 423, DOI:10.30589/proceedings.
31. Suriani, M. (2017). A model of factors influencing information security culture in oil and gas company. Universiti Teknologi Malaysia: Masters thesis, Razak Faculty of Technology and Informatics.
32. Taherdoost, H. (2016). Sampling Methods in Research Methodology; How to Choose a Sampling Technique for Research. International Journal of Academic Research in Management, 18-27.
33. Tenzin, S. (2021). An Investigation of the Factors that Influence Information Security Culture in Government Organisations in Bhutan. Perth, Western Australia: Doctor of Information Technology thesis, Murdoch University.
34. Tolah, A. (2021). A Framework for Understanding and Establishing an Effective Information Security Culture. Plymouth, England: Doctor Of Philosophy thesis, University of Plymouth.
35. Zaini, M., Harun, Q., & Masrek, M. (2018). The Development Of An Information Security Culture Scale For The Malaysian Public Organization. International Journal of Mechanical Engineering and Technology (IJMET), 9(7), 1255–1267.
Copyright (c) 2024 John Onyango Abingo, Dr. George Musumba, Dr.Anthony Maina Mbuki
This work is licensed under a Creative Commons Attribution 4.0 International License.
