CFP last date
20 January 2025
Reseach Article

Awareness and Compliance of Information Security Policy in Organizations: Case from Libya

by Salima Benqdara
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 185 - Number 3
Year of Publication: 2023
Authors: Salima Benqdara
10.5120/ijca2023922682

Salima Benqdara . Awareness and Compliance of Information Security Policy in Organizations: Case from Libya. International Journal of Computer Applications. 185, 3 ( Apr 2023), 20-29. DOI=10.5120/ijca2023922682

@article{ 10.5120/ijca2023922682,
author = { Salima Benqdara },
title = { Awareness and Compliance of Information Security Policy in Organizations: Case from Libya },
journal = { International Journal of Computer Applications },
issue_date = { Apr 2023 },
volume = { 185 },
number = { 3 },
month = { Apr },
year = { 2023 },
issn = { 0975-8887 },
pages = { 20-29 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume185/number3/32685-2023922682/ },
doi = { 10.5120/ijca2023922682 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:25:10.587432+05:30
%A Salima Benqdara
%T Awareness and Compliance of Information Security Policy in Organizations: Case from Libya
%J International Journal of Computer Applications
%@ 0975-8887
%V 185
%N 3
%P 20-29
%D 2023
%I Foundation of Computer Science (FCS), NY, USA
Abstract

According to a review of the literature, Many employees are unaware of information security policies or choose to disregard them, which can lead to non-compliance. Lack of compliance with the intended policy results from a failure to understand the complicated relationships in the design and implementation of information security rules. This paper assesses the gaps in information security policy compliance. The paper aims to assess the existence of any gaps in the compliance and awareness of employees in the company. In this study, A questionnaire method was utilized to provide an understanding of the compliance within the organization. The questions were carefully selected to cover several factors of the subject areas. The outcome of the questionnaire is important to assess any hypothetical noncompliance among employees, and to specify who is more responsible, the management or the employee. The result finds that many employees are unaware of disregarding information security policies, which can lead to security breaches. The results show that employees are often unaware of information security policies and that they may not understand the importance of compliance. The paper concludes with recommendations for improving employee awareness and compliance with information security policies.

References
  1. Richardson, R..2009. 14th Annual CSI Computer Crime and Security Survey. Executive Summary. Available: http://www.personal.utulsa.edu/~jameschildress/cs5493/CSISurvey/CSISurvey2009.pdf
  2. Ibrahim, A.l. and Sa’ad, P. M. 2013. Information Security Culture Assessment: Case Study. Third International Conference on Information Science and Technology. Yangzhou, Jiangsu, China, 23-25.
  3. Klein, R. H.and Luciano, E. M. 2016. What Influences Information Security Behavior? A Study with Brazilian Users. JISTEM-Journal of Information Systems and Technology Management. vol 13(3), 479-496.
  4. Boss, S. R., Kirsch, L. J., Shingler, I. R.and Boss, R. W. 2009. If someone is watching, I'll do what I masked: mandatories, control, and information security. European Journal of Information Systems, vol. 18, 151- 164.
  5. Puhakainen, P. and Siponen, M. 2010. Improving Employees' Compliance through Information Systems Security Training: An Action Research Study. MIS Quarterly. vol. 34, 757-778.
  6. D'Arcy, J., Hovav, A. and Galletta, D.2009. User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Information Systems Research, vol. 20, 79-98.
  7. Kraemer, S., Carayon, P. and Clem, J.2009. Human and organizational factors in computer and information security: Pathways to vulnerabilities. Computers & Security, vol. 28, 509-520.
  8. K. Beznosov and O. Beznosova. 2007. On the imbalance of the security problem space and its expected consequences. Information Management & Computer Security, vol. 15, 420-431.
  9. Bulgurcu, B., Cavusoglu, H. and Benbasat, I. 2010. Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q. vol 34 (3), 523–548 .
  10. Yuanxiang John Li and Elizabeth Hoffman. Information Security Policy Compliance. Available online: https://www.researchgate.net/publication/337144310_Information_Security_Policy_Compliance
  11. T. Herath and H. R. Rao. 2009. Encouraging information security behaviors in organizations: Role of penalties, pressures, and perceived effectiveness. Decision Support Systems, vol. 47(2), 154-165.
  12. Salima. B, Almabruk, S, Awad., E. 2020. Assessment of Security Issues in Banking Sector of Libya, International Journal of Computer Applications, Vol 176 (13), 975 – 8887.
  13. Williams, P. 2008. In a trusting‟ environment, everyone is responsible for information security. Information Security Technical Report, vol.13(4), 207-215.
  14. Table 13 summarizes the results comparison of the Security Awareness Assessment
  15. No.
  16. factor
  17. No. of Questions
  18. Answers
  19. 
  20. 
  21. 
  22. 
  23. No
  24. Not sure
  25. Yes
  26. 
  27. 
  28. 
  29. 
  30. Percentage
  31. Percentage
  32. percentage
  33. 
  34. 1
  35. Security Policies
  36. 5
  37. 37.4%
  38. 30%
  39. 32.6%
  40. 
  41. 2
  42. Organizational Security
  43. 5
  44. 28%
  45. 39.3%
  46. 32.6%
  47. 
  48. 3
  49. Asset Classification and Control Maintenance
  50. 2
  51. 23.3%
  52. 50%
  53. 26.7%
  54. 
  55. 4
  56. Personnel Security
  57. 4
  58. 30.8%
  59. 32.5%
  60. 37.5%
  61. 
  62. 5
  63. Physical and Environmental Security
  64. 3
  65. 56.7%
  66. 13.3%
  67. 30%
  68. 
  69. 6
  70. Communications and Operations Management
  71. 4
  72. 18.3%
  73. 22.5%
  74. 59.1%
  75. 
  76. 7
  77. Access Control
  78. 6
  79. 25%
  80. 29.4%
  81. 45.6%
  82. 
  83. 8
  84. Development and Maintenance
  85. 2
  86. 1.7%
  87. 65%
  88. 33.3%
  89. 
  90. 9
  91. Information Security Incident Management
  92. 2
  93. 6.7%
  94. 41.7%
  95. 51.7%
  96. 
  97. 10
  98. Business Continuity Management
  99. 3
  100. 42.2%
  101. 21.1%
  102. 36.7%
  103. 
  104. 11
  105. Compliance
  106. 3
  107. 24.4%
  108. 28.9%
  109. 46.7%
  110. 
  111. 
Index Terms

Computer Science
Information Sciences

Keywords

Information security Information security policy assessment Awareness and Compliance.