Information security behaviour assessment in software-as-a-service cloud environment

This research aims at assessing the information security behaviour in Software as a Service (SaaS) cloud computing environment. Organisations are still struggling with information security breaches despite various technical protections to secure SaaS applications. This is due to the fact that liuman...

Full description

Saved in:
Bibliographic Details
Main Author: Abdul Hamid, Hanifah
Format: Thesis
Language:English
English
Published: 2018
Subjects:
Online Access:http://eprints.utem.edu.my/id/eprint/23787/1/Information%20Security%20Behaviour%20Assessment%20In%20Software-As-A-Service%20Cloud%20Environment%20-%20Hanifah%20Abdul%20Hamid%20-%2024%20Pages.pdf
http://eprints.utem.edu.my/id/eprint/23787/2/Information%20security%20behaviour%20assessment%20in%20software-as-a-service%20cloud%20environment.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:This research aims at assessing the information security behaviour in Software as a Service (SaaS) cloud computing environment. Organisations are still struggling with information security breaches despite various technical protections to secure SaaS applications. This is due to the fact that liuman behaviour is the weakest link of the security chain. Security compromise causes substantial financial and nonfinancial losses to the organisations which jeopardise organisations' reputation. Technical protection alone is seemed insufficient to ensure information safety. Therefore, this research takes it from the socio-organisational perspective to strengthen information security. Many socio-organisational factors influence employees' security behaviour in the organisation which gives impact to SaaS cloud adoption. Addressing these factors are significant to help successfully create a healthy security culture in the organisation. Nevertheless, human behaviour is subjective in nature. Their behaviour depends upon the way they think feel and act towards security issues which needs an in depth understanding towards their security behaviour. Hence, adapting the sequential exploratory mixed-method approach, through the theoretical lens of social cognitive theory, organisational culture theory as well as security control from extended deterrence theory, this study develops an information security behaviour model and validates the socio-organisational aspects of security behaviour. There were 396 useful data gathered from the survey. SPSS 20 and PLS-SEM software were utilised for descriptive and exploratory factor analysis respectively. The survey results indicate that the security control management, personal values and behaviour were salient factors towards formation of good security behaviour. This research subsequently conducted a case study using the proposed model at one information technology department in a public university. The survey obtained 90 useful data. The case study revealed that organisational security culture, personal values as well as behaviour have significant influence towards information security behaviour. There were slight differences in the quantitative results to which the follow-up interview with three informants supported the findings from the case study. It can be concluded that personal values and behaviour elements are the most significant factors which influence information security behaviour of employees working in SaaS cloud environment. However, the organisation culture and security control management factors are observed to be contextually dependent as these factors depend on how the organisation is run by the respective top management. This study contributes both theoretically and practically. The information security behaviour's body of knowledge is built up through conceptual model testing and accentuating new propositions. The information security behaviour model was developed upon the integration of social cognitive theory, Wallach Organisational Culture Model as well as security control management from extended deterrence theory, and validated through a survey and a case study. The result helps the researcher to have better insight of employees' security behaviour in SaaS cloud environment in Malaysia generally and at the studied IT department specifically. The developed model, new accentuated propositions and other recommendations in this research may help other researchers to embark on related studies in the future.