Security by Compliance? A Study of Insider Threat Implications for Nigerian Banks

Tesleem H Fagade; Theo Tryfonas

doi:10.1007/978-3-319-39381-0_12

Security by Compliance? A Study of Insider Threat Implications for Nigerian Banks

Tesleem H Fagade, Theo Tryfonas

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

12 Citations (Scopus)

584 Downloads (Pure)

Abstract

This work explores the behavioural dimension of compliance to information security standards. We review past literature, building on different models of human behaviour, based on relevant theories like deterrence theory and the theory of planned behaviour. We conduct a survey of IT professionals, managers and employees of selected banks from Nigeria as part of a sector case study focussed in this region. Our findings suggest that security by compliance as a campaign to secure information assets in the Nigerian financial institution is a farfetched approach. In addition to standards, banking regulators should promote holistic change of security culture across the sector. Based on an established model of Information Security Governance Framework, we propose how information security may be embedded into organisation security culture in that context.

Original language	English
Title of host publication	Human Aspects of Information Security, Privacy, and Trust
Subtitle of host publication	4th International Conference, HAS 2016, Held as Part of HCI International 2016, Toronto, ON, Canada, July 17-22, 2016, Proceedings
Editors	Theo Tryfonas
Pages	128-139
Number of pages	12
ISBN (Electronic)	978-3-319-39381-0
DOIs	https://doi.org/10.1007/978-3-319-39381-0_12
Publication status	Published - 21 Jun 2016
Event	HCI International 2016 - Duration: 17 Jul 2016 → 22 Jul 2016

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer International Publishing
Volume	9750
ISSN (Print)	0302-9743

Conference

Conference	HCI International 2016
Period	17/07/16 → 22/07/16

Keywords

Information security
Compliance
Insider threats
Standards
Information security culture

Access to Document

10.1007/978-3-319-39381-0_12

Full-text PDF (accepted author manuscript)
This is the accepted author manuscript (AAM). The final published version (version of record) is available online via Springer Verlag at http://dx.doi.org/10.1007/978-3-319-39381-0_12. Please refer to any applicable terms of use of the publisher.
Accepted author manuscript, 445 KB

Handle.net

Persistent link

Cite this

Fagade, T. H., & Tryfonas, T. (2016). Security by Compliance? A Study of Insider Threat Implications for Nigerian Banks. In T. Tryfonas (Ed.), Human Aspects of Information Security, Privacy, and Trust: 4th International Conference, HAS 2016, Held as Part of HCI International 2016, Toronto, ON, Canada, July 17-22, 2016, Proceedings (pp. 128-139). (Lecture Notes in Computer Science; Vol. 9750). https://doi.org/10.1007/978-3-319-39381-0_12

Fagade, Tesleem H ; Tryfonas, Theo. / Security by Compliance? A Study of Insider Threat Implications for Nigerian Banks. Human Aspects of Information Security, Privacy, and Trust: 4th International Conference, HAS 2016, Held as Part of HCI International 2016, Toronto, ON, Canada, July 17-22, 2016, Proceedings. editor / Theo Tryfonas. 2016. pp. 128-139 (Lecture Notes in Computer Science).

@inproceedings{98ed53de65f547a29228567a2892eb69,

title = "Security by Compliance? A Study of Insider Threat Implications for Nigerian Banks",

abstract = "This work explores the behavioural dimension of compliance to information security standards. We review past literature, building on different models of human behaviour, based on relevant theories like deterrence theory and the theory of planned behaviour. We conduct a survey of IT professionals, managers and employees of selected banks from Nigeria as part of a sector case study focussed in this region. Our findings suggest that security by compliance as a campaign to secure information assets in the Nigerian financial institution is a farfetched approach. In addition to standards, banking regulators should promote holistic change of security culture across the sector. Based on an established model of Information Security Governance Framework, we propose how information security may be embedded into organisation security culture in that context.",

keywords = "Information security, Compliance, Insider threats, Standards, Information security culture",

author = "Fagade, {Tesleem H} and Theo Tryfonas",

year = "2016",

month = jun,

day = "21",

doi = "10.1007/978-3-319-39381-0_12",

language = "English",

isbn = "978-3-319-39380-3",

series = "Lecture Notes in Computer Science",

publisher = "Springer International Publishing",

pages = "128--139",

editor = "Theo Tryfonas",

booktitle = "Human Aspects of Information Security, Privacy, and Trust",

note = "HCI International 2016 ; Conference date: 17-07-2016 Through 22-07-2016",

}

Fagade, TH & Tryfonas, T 2016, Security by Compliance? A Study of Insider Threat Implications for Nigerian Banks. in T Tryfonas (ed.), Human Aspects of Information Security, Privacy, and Trust: 4th International Conference, HAS 2016, Held as Part of HCI International 2016, Toronto, ON, Canada, July 17-22, 2016, Proceedings. Lecture Notes in Computer Science, vol. 9750, pp. 128-139, HCI International 2016, 17/07/16. https://doi.org/10.1007/978-3-319-39381-0_12

Security by Compliance? A Study of Insider Threat Implications for Nigerian Banks. / Fagade, Tesleem H; Tryfonas, Theo.
Human Aspects of Information Security, Privacy, and Trust: 4th International Conference, HAS 2016, Held as Part of HCI International 2016, Toronto, ON, Canada, July 17-22, 2016, Proceedings. ed. / Theo Tryfonas. 2016. p. 128-139 (Lecture Notes in Computer Science; Vol. 9750).

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

TY - GEN

T1 - Security by Compliance? A Study of Insider Threat Implications for Nigerian Banks

AU - Fagade, Tesleem H

AU - Tryfonas, Theo

PY - 2016/6/21

Y1 - 2016/6/21

N2 - This work explores the behavioural dimension of compliance to information security standards. We review past literature, building on different models of human behaviour, based on relevant theories like deterrence theory and the theory of planned behaviour. We conduct a survey of IT professionals, managers and employees of selected banks from Nigeria as part of a sector case study focussed in this region. Our findings suggest that security by compliance as a campaign to secure information assets in the Nigerian financial institution is a farfetched approach. In addition to standards, banking regulators should promote holistic change of security culture across the sector. Based on an established model of Information Security Governance Framework, we propose how information security may be embedded into organisation security culture in that context.

AB - This work explores the behavioural dimension of compliance to information security standards. We review past literature, building on different models of human behaviour, based on relevant theories like deterrence theory and the theory of planned behaviour. We conduct a survey of IT professionals, managers and employees of selected banks from Nigeria as part of a sector case study focussed in this region. Our findings suggest that security by compliance as a campaign to secure information assets in the Nigerian financial institution is a farfetched approach. In addition to standards, banking regulators should promote holistic change of security culture across the sector. Based on an established model of Information Security Governance Framework, we propose how information security may be embedded into organisation security culture in that context.

KW - Information security

KW - Compliance

KW - Insider threats

KW - Standards

KW - Information security culture

U2 - 10.1007/978-3-319-39381-0_12

DO - 10.1007/978-3-319-39381-0_12

M3 - Conference Contribution (Conference Proceeding)

SN - 978-3-319-39380-3

T3 - Lecture Notes in Computer Science

SP - 128

EP - 139

BT - Human Aspects of Information Security, Privacy, and Trust

A2 - Tryfonas, Theo

T2 - HCI International 2016

Y2 - 17 July 2016 through 22 July 2016

ER -

Fagade TH, Tryfonas T. Security by Compliance? A Study of Insider Threat Implications for Nigerian Banks. In Tryfonas T, editor, Human Aspects of Information Security, Privacy, and Trust: 4th International Conference, HAS 2016, Held as Part of HCI International 2016, Toronto, ON, Canada, July 17-22, 2016, Proceedings. 2016. p. 128-139. (Lecture Notes in Computer Science). doi: 10.1007/978-3-319-39381-0_12

Security by Compliance? A Study of Insider Threat Implications for Nigerian Banks

Abstract

Publication series

Conference

Keywords

Access to Document

Handle.net

Fingerprint

Cite this