Examining the Knowledge, Attitude, and Behavior of IT Division Staff on Information Security Issues: A Case Study in a Telecommunication Company

Maudhita Ramadhani, Puspita Kencana Sari

Examining the Knowledge, Attitude, and Behavior of IT Division Staff on Information Security Issues: A Case Study in a Telecommunication Company

International Research Journal of Economics and Management Studies
© 2024 by IRJEMS
Volume 3 Issue 6
Year of Publication : 2024
Authors : Maudhita Ramadhani, Puspita Kencana Sari

: 10.56472/25835238/IRJEMS-V3I6P139

Citation:

Maudhita Ramadhani, Puspita Kencana Sari. "Examining the Knowledge, Attitude, and Behavior of IT Division Staff on Information Security Issues: A Case Study in a Telecommunication Company" International Research Journal of Economics and Management Studies, Vol. 3, No. 6, pp. 354-361, 2024.

Abstract:

In the digital age, information security has become important to the success of many enterprises and individuals. However, the increasing growth of the telecommunications industry creates possible threats for these businesses. It is indisputable that human resources, particularly those in the Information Technology (IT) Division, play an important role in information security. The purpose of this study is to examine information security awareness levels using the Human Aspects of Information Security Questionnaire (HAIS-Q), which includes three dimensions: knowledge, attitude, and behavior. The study looked at seven main areas that represent contemporary information security risks in the firm. This study examines a telecommunications business in Indonesia and collects data from a survey of IT Division employees as a sample. The results show a high degree of information security knowledge across all dimensions and areas. However, the behavior has the lowest level, especially in terms of email usage and mobile device concerns.

References:

[1] M. E. Whitman and H. J. Mattord, Management of information security. Cengage Learning, 2018.
[2] P. K. Sari and N. Trianasari, “Information security awareness measurement with confirmatory factor analysis,” in International Symposium on Technology Management and Emerging Technologies, 2014, pp. 218–223. doi: https://doi.org/10.1109/ISTMET.2014.6936509.
[3] S. P. Sari, A. R. Yunita, F. E. Putri, D. S. Felissia, Y. R. Fadhillana, and N. Z. Arizzal, “Hukum Perdata Nasional di Era Digital: Tantangan dan Peluang Dalam Perlindungan Data Pribadi,” in Proceeding of Conference on Law and Social Studies, 2023, vol. 4, no. 1.
[4] S. Seddon, “AT&T data breach: Millions of customers caught up in major dark web leak,” BBC News, 2024. https://www.bbc.com/news/world-uscanada-68701958 (accessed Jun. 15, 2024).
[5] BSSN, “Berita Edukasi Siber,” Badan Siber dan Sandi Negara, 2023. https://www.bssn.go.id/ (accessed Jun. 15, 2024).
[6] N. D. Ersoz, S. Demir, M. Dilman Gokkaya, and O. Aksoy, “Prioritizing user preferences for quasi – Public space by using analytic hierarchy process (AHP): bursa Podyum park, Turkey case,” Open House Int., Jan. 2024, doi: 10.1108/OHI-04-2023-0076.
[7] D. S. Ilcev, “Design and Types of Wire Mobile Satellite Antennas (MSA),” J. Marit. Res., vol. 20, no. 2, pp. 1–5, 2023, [Online]. Available:https://www.jmr.unican.es/index.php/jmr/issue/view/69
[8] R. Fadlika, Y. Ruldeviyani, Z. T. Butarbutar, R. A. Istiqomah, and A. A. Fariz, “Employee Information Security Awareness in the Power Generation Sector of PT ABC,” Int. J. Adv. Comput. Sci. Appl., vol. 14, no. 4, 2023, [Online]. Available: www.ijacsa.thesai.org
[9] K. Parsons, D. Calic, M. Pattinson, M. Butavicius, A. McCormac, and T. Zwaans, “The human aspects of information security questionnaire (HAIS-Q): two further validation studies,” Comput. Secur., vol. 66, pp. 40–51, 2017, doi: https://doi.org/10.1016/J.COSE.2017.01.004.
[10] K. F. Arisya, Y. Ruldeviyani, R. Prakoso, and A. L. Fadhilah, “Measurement of information security awareness level: A case study of mobile banking (m-banking) users,” in 2020 Fifth International Conference On Informatics And Computing (Icic), 2020, pp. 1–5. doi: https://doi.org/10.1109/ICIC50835.2020.9288516.
[11] Z. Zhang, H. Al Hamadi, E. Damiani, C. Y. Yeun, and F. Taher, “Explainable artificial intelligence applications in cyber security: State-of-the-art in research,” IEEE Access, vol. 10, pp. 93104–93139, 2022.
[12] A. Alyami, D. Sammon, K. Neville, and C. Mahon, “Keberhasilan kritisfaktor untukKeamanan Pendidikan, Pelatihan Dan Kesadaran (SETA) program keefektifan: Alingkaran kehidupan model,” Inf. Teknol. Rakyat, vol. 36, no. 8, pp. 94–125, 2023, doi: doi: https://doi.org/10.1108/ITP-07-2022-051.
[13] M. A. Fauzi, P. Yeng, B. Yang, and D. Rachmayani, “Examining the link between stress level and cybersecurity practices of hospital staff in Indonesia,” in Proceedings of the 16th International Conference on Availability, Reliability and Security, 2021, pp. 1–8.
[14] Nugeraha, “Analytical Hierarchy Process (AHP),” 2017. [Online]. Available: https://repository.nusamandiri.ac.id/index.php/unduh/item/6014/File_15BabII-Landasan-Teori.pdf
[15] Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A., & Zwaans, T. (2017b). The Human Aspects of Information Security Questionnaire (HAIS-Q): Two further validation studies. Computers & Security, 66, 40–51. https://doi.org/10.1016/J.COSE.2017.01.004
[16] H. A. Kruger and W. D. Kearney, “A prototype for assessing information security awareness,” Comput. Secur., vol. 25, no. 4, pp. 289–296, 2006.
[17] Y. A. Styoutomo and Y. Ruldeviyani, “Information Security Awareness Raising Strategy Using Fuzzy AHP Method with HAIS-Q and ISO/IEC 27001: 2013: A Case Study of XYZ Financial Institution,” CommIT (Communication Inf. Technol. J., vol. 17, no. 2, pp. 133–149, 2023, doi: https://doi.org/10.21512/commit.v17i2.8272.
[18] P. K. Sari and C. Candiwan, “Measuring information security awareness of Indonesian smartphone users,” TELKOMNIKA (Telecommunication Comput. Electron. Control., vol. 12, no. 2, pp. 493–500, 2014.
[19] J. Zhao, Y. Zhou, and L. Shuo, “A situation awareness model of system survivability based on variable fuzzy set,” Indones. J. Electr. Eng. Comput. Sci., vol. 10, no. 8, pp. 2239–2246, 2012.
[20] C.-C. Wu, C.-C. Ho, and K.-C. Yang, “Selecting indicators of acupuncture service quality using analytic hierarchy process,” Eur. J. Integr. Med., vol. 66, p. 102324, 2024.
[21] M. Amin, “Pengukuran Tingkat Kesadaran Keamanan Informasi Menggunakan Multiple Criteria Decision Analysis (Mcda) Information Security Awareness Level Measurement Using Multiple Criteria Decision Analysis (Mcda),” J. Penelit. Dan Pengemb. Komun. Dan Inform. Vol, vol. 5, no. 1, 2014.
[22] M. Mahardika, A. Hidayanto, P. Agya, L. Ompusunggu, R. Mahdalina, and F. Affan, “Measurement of Employee Awareness Levels for Information Security at the Center of Analysis and Information Services Judicial Commission Republic of Indonesia,” Adv. Sci. Technol. Eng. Syst. J., vol. 5, no. 3, pp. 501–509, Jan. 2020, doi: 10.25046/aj050362.
[23] Arikunto, S. (2018). Prosedur Penelitian: Suatu Pendekatan Praktik. Rineka Cipta.
[24] A. Zulfia, R. Adawiyah, A. N. Hidayanto, and N. F. A. Budi, “Measurement of employee information security awareness using the human aspects of information security questionnaire (HAIS-Q): Case study at PT. PQS,” in International Conference on Computing Engineering and Design (ICCED), 2019, pp. 1–5.
[25] R. Akraman, C. Candiwan, and Y. Priyadi, “Pengukuran Kesadaran Keamanan Informasi Dan Privasi Pada Pengguna Smartphone Android Di Indonesia,” J. Sist. Inf. Bisnis, vol. 8, no. 2, p. 115, 2018.

Keywords:

Information security, security awareness, Security Education Training Awareness (SETA), HAIS-Q.