Skip to main content

Research Repository

Advanced Search

Fostering information security policies compliance with ISA-95-based framework: an empirical study of oil and gas employees

Faizan Ali, Rao; Dominic, P. D. D.; Hina, Sadaf; Naseer, Sheraz

Authors

Rao Faizan Ali

P. D. D. Dominic

Profile image of Sadaf Hina

Dr Sadaf Hina S.Hina@salford.ac.uk
Lecturer in Computer Sci Cyber Security

Sheraz Naseer



Abstract

Oil and gas (O&G) organizations are progressively being digitalized in order to facilitate substantial information flow to remain competitive in the information age. This critical sector is spearheading the establishment of technical security measures to mitigate information security risks, yet employee behavioral influence remains an ongoing challenge in assuring information security. Existing studies of this domain primarily focus on employee behavior reshaping through multiple psychological theories. However, these studies ignore how these critical infrastructures implement information security. Most such infrastructures follow the International Society of Automation (ISA)-95 levels of automation and implement information security controls in line with these levels. This research paper proposed a theoretical framework to enhance information security policy compliance (ISPC) at level 4 to level 2 automation level in O&G organizations. To support the hypotheses, data were collected from 13 Malaysian O&G organizations. A total of 254 O&G employees participated in the survey and the structural equation modeling technique was used for data analysis. The study confirmed that ISA-95-based organizational governance factors and social bonding could enhance ISPC in O&G organizations. However, risk assessment and involvement factors have shown less support to the notion. For information systems practitioners, this study has shown how to enhance ISPC in O&G organizations through ISA-95-based organizational governance and social bonding.

Citation

Faizan Ali, R., Dominic, P. D. D., Hina, S., & Naseer, S. (in press). Fostering information security policies compliance with ISA-95-based framework: an empirical study of oil and gas employees. International Journal of Information Security, https://doi.org/10.1007/s10207-023-00786-9

Journal Article Type Article
Acceptance Date Nov 6, 2023
Online Publication Date Dec 8, 2023
Deposit Date Dec 13, 2023
Publicly Available Date Dec 9, 2024
Journal International Journal of Information Security
Print ISSN 2356-5845
Electronic ISSN 1615-5270
Publisher N&N Global Technology
Peer Reviewed Peer Reviewed
DOI https://doi.org/10.1007/s10207-023-00786-9
Keywords Computer Networks and Communications; Safety, Risk, Reliability and Quality; Information Systems; Software