A model for describing and encouraging cyber security knowledge sharing to enhance awareness

Alahmari, Saad (2021) A model for describing and encouraging cyber security knowledge sharing to enhance awareness. PhD thesis, University of Glasgow.

Full text available as:
[thumbnail of 2021alahmariphd.pdf] PDF
Download (2MB)

Abstract

Employees play a crucial role in enhancing information security in the workplace, and this requires everyone to have the requisite security knowledge and know-how. To maximise knowledge levels, organisations should encourage and facilitate security knowledge sharing (SKS) among employees. This thesis was based on a multi-phase study. The first and second stages were theoretical studies to investigate and mitigate the issues. The third and fourth stages involved implementing the instrument and conducting an empirical study to evaluate the effect of the SKS model. To improve sharing, the first stage is to understand the mechanisms whereby such sharing takes place and then to encourage and engender such sharing. To better understand the challenges, we conducted semi-structured interviews with two organisations. Based on the outcomes of this stage, we identified a list of barriers such as approaches to improving security awareness; these have generally been based on individualistic models (i.e., considering an individual in isolation).

To mitigate these challenges, this thesis proposes the SKS model, which includes transactive memory system (TMS) and self-determination theory (SDT). To maximise sharing security knowledge, we carried out second stage A to examine scale reliability, correlations, and relationships between the TMS scale and other constructs in the security context in order to understand SKS in organisations. Our study confirmed its applicability in this domain. Second stage B confirmed the relationships between TMS and SDT. To encourage security knowledge sharing, we propose harnessing SDT: satisfying employee needs for relatedness and a sense of competence to maximise sharing.

The third stage, based on the SKS model, describes designing and implementing a mobile game to enhance the delivery of information security training to help employees protect themselves from security attacks. The fourth stage, an empirical study (mixed method using qualitative and quantitative data), was conducted within a Saudi Arabian Fortune 100 organisation to evaluate the effect of using the app. The goals of this stage were to assess the improvement in Security Awareness for the intervention and control groups and to evaluate the model of knowledge sharing pre-test and post-test.

Overall, the results confirmed that the SKS model positively raises information security awareness for employees. Moreover, the findings confirmed the success of cooperative training by adopting intrinsic motivation via an Educational Security Game. The results demonstrated great promise for adopting and generalising this model in future studies to improve the delivery of security training.

Item Type: Thesis (PhD)
Qualification Level: Doctoral
Colleges/Schools: College of Science and Engineering > School of Computing Science
Supervisor's Name: Omoronyia, Dr. Inah and Renaud, Prof. Karen
Date of Award: 2021
Depositing User: Theses Team
Unique ID: glathesis:2021-82647
Copyright: Copyright of this thesis is held by the author.
Date Deposited: 25 Jan 2022 14:44
Last Modified: 14 Oct 2022 08:24
Thesis DOI: 10.5525/gla.thesis.82647
URI: https://theses.gla.ac.uk/id/eprint/82647

Actions (login required)

View Item View Item

Downloads

Downloads per month over past year