Rao Faizan Ali
Fostering information security policies compliance with ISA-95-based framework: an empirical study of oil and gas employees
Faizan Ali, Rao; Dominic, P. D. D.; Hina, Sadaf; Naseer, Sheraz
Authors
P. D. D. Dominic
Dr Sadaf Hina S.Hina@salford.ac.uk
Lecturer in Computer Sci Cyber Security
Sheraz Naseer
Abstract
Oil and gas (O&G) organizations are progressively being digitalized in order to facilitate substantial information flow to remain competitive in the information age. This critical sector is spearheading the establishment of technical security measures to mitigate information security risks, yet employee behavioral influence remains an ongoing challenge in assuring information security. Existing studies of this domain primarily focus on employee behavior reshaping through multiple psychological theories. However, these studies ignore how these critical infrastructures implement information security. Most such infrastructures follow the International Society of Automation (ISA)-95 levels of automation and implement information security controls in line with these levels. This research paper proposed a theoretical framework to enhance information security policy compliance (ISPC) at level 4 to level 2 automation level in O&G organizations. To support the hypotheses, data were collected from 13 Malaysian O&G organizations. A total of 254 O&G employees participated in the survey and the structural equation modeling technique was used for data analysis. The study confirmed that ISA-95-based organizational governance factors and social bonding could enhance ISPC in O&G organizations. However, risk assessment and involvement factors have shown less support to the notion. For information systems practitioners, this study has shown how to enhance ISPC in O&G organizations through ISA-95-based organizational governance and social bonding.
Citation
Faizan Ali, R., Dominic, P. D. D., Hina, S., & Naseer, S. (in press). Fostering information security policies compliance with ISA-95-based framework: an empirical study of oil and gas employees. International Journal of Information Security, https://doi.org/10.1007/s10207-023-00786-9
Journal Article Type | Article |
---|---|
Acceptance Date | Nov 6, 2023 |
Online Publication Date | Dec 8, 2023 |
Deposit Date | Dec 13, 2023 |
Publicly Available Date | Dec 9, 2024 |
Journal | International Journal of Information Security |
Print ISSN | 2356-5845 |
Electronic ISSN | 1615-5270 |
Publisher | N&N Global Technology |
Peer Reviewed | Peer Reviewed |
DOI | https://doi.org/10.1007/s10207-023-00786-9 |
Keywords | Computer Networks and Communications; Safety, Risk, Reliability and Quality; Information Systems; Software |
Files
This file is under embargo until Dec 9, 2024 due to copyright reasons.
Contact S.Hina@salford.ac.uk to request a copy for personal use.
You might also like
CyberEntRel: Joint Extraction of Cyber Entities and Relations using Deep Learning
(2023)
Journal Article
Agentless approach for security information and event management in industrial IoT
(2023)
Journal Article
Downloadable Citations
About USIR
Administrator e-mail: library-research@salford.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2024
Advanced Search