Hacking a bridge: An exploratory study of compliance-based information security management in banking organization

Tesleem Fagade, Theo Tryfonas

Research output: Contribution to journalArticle (Academic Journal)peer-review

1 Citation (Scopus)
35 Downloads (Pure)

Abstract

This work is approached through the lens of compliant security by drawing on the concepts of neutralization theory, a prominent postulation in the criminology domain and the 'big five' personality construct. This is conducted based on a case study of ISO/IEC27001 Standard certified banks, to empirically evaluate the link between cyber security protocols violation and how employees rationalise security behaviour. We propose that compliance-based security has the propensity for a heightened sense of false security and vulnerability perception, by showing that systemic security violation in compliance-base security model can be explained by the level of linkages from the personality construct and the neutralization theory. Based on the survey responses from banking organization employees and the application of partial least square structural equation modelling (PLS-SME) analysis to test the hypothesis and validate survey samples, we can draw a strong inference to support the importance of individual security scenario effect as a vital complementary element of compliance-based security. We then suggest how information security can be addressed in that context.

Original languageEnglish
Pages (from-to)74-80
Number of pages7
JournalJournal of Systemics, Cybernetics and Informatics
Volume15
Issue number5
Publication statusPublished - 8 Jul 2017
Event21st World Multi-Conference on Systemics, Cybernetics and Informatics, WMSCI 2017 - Orlando, United States
Duration: 8 Jul 201711 Jul 2017

Keywords

  • Compliance
  • Compliant security behaviour
  • Information security
  • Personality traits
  • PLS-SEM
  • Rationalization theory
  • Standards

Fingerprint

Dive into the research topics of 'Hacking a bridge: An exploratory study of compliance-based information security management in banking organization'. Together they form a unique fingerprint.

Cite this