MEASUREMENT OF EMPLOYEE INFORMATION SECURITY AWARENESS: CASE STUDY AT FINANCIAL INSTITUTION
Abstract
The lack of awareness regarding information security among employees in financial institutions can have detrimental impacts on both customers and the institution itself, both financially and in terms of trust. Therefore, this research aims to assess the information security awareness at PT XYZ, a financial institution, in order to identify the existing level of awareness, which will be used to provide recommendations. The method applied in this research is quantitative, using a questionnaire as a tool for data collection and distribution with a voluntary sampling technique among PT XYZ employees concerning their awareness of information security. The assessment of information security awareness covers 8 specific aspects, with 7 of them drawing sources from HAIS-Q and another 1 referring to the KAMI Index, using the Analytic Hierarchy Process (AHP) for weighting each area. The total number of respondents participating in this research is 52. The research results affirm that PT XYZ employees have a positive awareness of information security, indicating that there are no urgent actions needed at present. However, there are specific areas with potential for improvement, hence recommendations are provided to enhance and sustain information security awareness among employees.
Downloads
References
T. X. H. Tram, T. D. Lai, and T. T. H. Nguyen, “Constructing a composite financial inclusion index for developing economies,” The Quarterly Review of Economics and Finance, vol. 87, pp. 257–265, Feb. 2023, doi: 10.1016/J.QREF.2021.01.003.
Y. K. Dwivedi et al., “Impact of COVID-19 pandemic on information management research and practice: Transforming education, work and life,” Int J Inf Manage, vol. 55, p. 102211, Dec. 2020, doi: 10.1016/J.IJINFOMGT.2020.102211.
F. Schlackl, N. Link, and H. Hoehle, “Antecedents and consequences of data breaches: A systematic review,” Information & Management, vol. 59, no. 4, p. 103638, 2022, doi: https://doi.org/10.1016/j.im.2022.103638.
S. S. Ramalu, N. B. Z. Abidin, G. Nadarajah, and A. B. Anuar, “The Determinants of Risky Cybersecurity Behaviour: A Case Study Among Employees in Water Sector in Malaysia,” Journal of Law and Sustainable Development, vol. 11, no. 12, p. e2706, Dec. 2023, doi: 10.55908/sdgs.v11i12.2706.
H. Chen, Y. Zhang, S. Zhang, and T. Lyu, “Exploring the role of gamified information security education systems on information security awareness and protection behavioral intention,” Educ Inf Technol (Dordr), vol. 28, pp. 1–34, Jan. 2023, doi: 10.1007/s10639-023-11771-z.
J. Zhen, K. Dong, Z. Xie, and L. Chen, “Factors Influencing Employees’ Information Security Awareness in the Telework Environment,” Electronics (Basel), vol. 11, p. 3458, Jan. 2022, doi: 10.3390/electronics11213458.
A. Asmah and M. Kyobe, “A configurational analysis of IT governance: A study of the financial services sector in Ghana,” The Electronic Journal Of Information Systems In Developing Countries, vol. 89, Jan. 2022, doi: 10.1002/isd2.12237.
O. Gulyás and G. Kiss, “Impact of cyber-attacks on the financial institutions,” Procedia Comput Sci, vol. 219, pp. 84–90, 2023, doi: https://doi.org/10.1016/j.procs.2023.01.267.
OJK, “Peraturan Otoritas Jasa Keuangan Republik Indonesia Nomor 11/POJK.03/2022 Tentang Penyelenggaraan Teknologi Informasi oleh Bank Umum.” 2022.
OJK, “Peraturan Otoritas Jasa Keuangan Republik Indonesia Nomor 4/POJK.05/2021 Tentang Penerapan Manajemen Risiko Dalam Penggunaan Teknologi Informasi oleh Lembaga Jasa Keuangan Nonbank.” 2021.
M. Evans, Y. He, L. Maglaras, and H. Janicke, “HEART-IS: A novel technique for evaluating human error-related information security incidents,” Comput Secur, vol. 80, pp. 74–89, Jan. 2019, doi: 10.1016/J.COSE.2018.09.002.
M. Alshaikh, S. Chang, A. Ahmad, S. Maynard, and A. Alammary, “Embedding information security management in organisations: improving participation and engagement through intra-organisational Liaison,” Security Journal, vol. 36, Jan. 2022, doi: 10.1057/s41284-022-00352-3.
B. Aljedaani, A. Ahmad, M. Zahedi, and M. A. Babar, “End-users’ knowledge and perception about security of clinical mobile health apps: A case study with two Saudi Arabian mHealth providers,” Journal of Systems and Software, vol. 195, p. 111519, 2023, doi: https://doi.org/10.1016/j.jss.2022.111519.
X. Wang, Y. Li, H. J. Khasraghi, and C. Trumbach, “The mediating role of security anxiety in internet threat avoidance behavior,” Comput Secur, vol. 134, p. 103429, 2023, doi: https://doi.org/10.1016/j.cose.2023.103429.
J. W. A. Witsenboer, K. Sijtsma, and F. Scheele, “Measuring cyber secure behavior of elementary and high school students in the Netherlands,” Comput Educ, vol. 186, p. 104536, 2022, doi: https://doi.org/10.1016/j.compedu.2022.104536.
P. Nunes, M. Antunes, and C. Silva, “Evaluating cybersecurity attitudes and behaviors in Portuguese healthcare institutions,” Procedia Comput Sci, vol. 181, pp. 173–181, 2021, doi: https://doi.org/10.1016/j.procs.2021.01.118.
T. T. Wulansari and D. Novandi, “Evaluation of Information Security Management Using the KAMI Index Framework,” in 2022 International Conference of Science and Information Technology in Smart Administration (ICSINTESA), 2022, pp. 173–177. doi: 10.1109/ICSINTESA56431.2022.10041714.
A. Marcu, L. Moga, and E. Rusu, “Analysis of Some Essential Aspects Related to the Navigation Conditions on the Danube River,” Inventions, vol. 6, p. 97, Jan. 2021, doi: 10.3390/inventions6040097.
K. Khando, S. Gao, S. M. Islam, and A. Salman, “Enhancing employees information security awareness in private and public organisations: A systematic literature review,” Comput Secur, vol. 106, p. 102267, Jul. 2021, doi: 10.1016/J.COSE.2021.102267.
Copyright (c) 2024 Friendly Nur Shakti, Achmad Nizar Hidayanto
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
-a.jpg)
-b.jpg)
