Rao Faizan Ali
Fostering information security policies compliance with ISA-95-based framework: an empirical study of oil and gas employees
Faizan Ali, Rao; Dominic, P. D. D.; Hina, Sadaf; Naseer, Sheraz
Authors
Abstract
Oil and gas (O&G) organizations are progressively being digitalized in order to facilitate substantial information flow to remain competitive in the information age. This critical sector is spearheading the establishment of technical security measures to mitigate information security risks, yet employee behavioral influence remains an ongoing challenge in assuring information security. Existing studies of this domain primarily focus on employee behavior reshaping through multiple psychological theories. However, these studies ignore how these critical infrastructures implement information security. Most such infrastructures follow the International Society of Automation (ISA)-95 levels of automation and implement information security controls in line with these levels. This research paper proposed a theoretical framework to enhance information security policy compliance (ISPC) at level 4 to level 2 automation level in O&G organizations. To support the hypotheses, data were collected from 13 Malaysian O&G organizations. A total of 254 O&G employees participated in the survey and the structural equation modeling technique was used for data analysis. The study confirmed that ISA-95-based organizational governance factors and social bonding could enhance ISPC in O&G organizations. However, risk assessment and involvement factors have shown less support to the notion. For information systems practitioners, this study has shown how to enhance ISPC in O&G organizations through ISA-95-based organizational governance and social bonding.
Citation
Faizan Ali, R., Dominic, P. D. D., Hina, S., & Naseer, S. (in press). Fostering information security policies compliance with ISA-95-based framework: an empirical study of oil and gas employees. International Journal of Information Security, https://doi.org/10.1007/s10207-023-00786-9
Journal Article Type | Article |
---|---|
Acceptance Date | Nov 6, 2023 |
Online Publication Date | Dec 8, 2023 |
Deposit Date | Dec 13, 2023 |
Publicly Available Date | Dec 9, 2024 |
Journal | International Journal of Information Security |
Print ISSN | 2356-5845 |
Electronic ISSN | 1615-5270 |
Publisher | N&N Global Technology |
Peer Reviewed | Peer Reviewed |
DOI | https://doi.org/10.1007/s10207-023-00786-9 |
Keywords | Computer Networks and Communications; Safety, Risk, Reliability and Quality; Information Systems; Software |
Files
Accepted Version
(1.2 Mb)
PDF
You might also like
CyberEntRel: Research Paper, Dataset and Code
(2024)
Data