A study of employees' attitudes towards organisational information security policies in the UK and Oman

Al-Awadi, Maryam (2009) A study of employees' attitudes towards organisational information security policies in the UK and Oman. PhD thesis, University of Glasgow.

Full text available as:
Download (6MB) | Preview
Printed Thesis Information: https://eleanor.lib.gla.ac.uk/record=b2669442


There is a need to understand what makes information security successful in an organization. What are the threats that the organization must deal with and what are the criteria of a beneficial information security policy? Policies are in place, but why employees are not complying?
This study is the first step in trying to highlight effective approaches and strategies that might help organizations to achieve good information security through looking at success factors for the implementation. This dissertation will focus on human factors by looking at what concerns employees about information security. It will explore the importance of information security policy in organizations, and employee’s attitudes to compliance with organizations' policies.

This research has been divided into four stages. Each stage was developed in light of the results from the previous stage. The first two stages were conducted in the Sultanate of Oman in order to use a population just starting out in the information security area. Stage one started with a qualitative semi-structured interview to explore and identify factors contributing towards successful implementation of information security in an organization. The results suggested a number of factors organizations needed to consider to implement information security successfully. The second stage of the research was based on the first stage’s results. After analysing the outcomes from the semi-structured interviews a quantitative questionnaire was developed to explore for information security policy. The findings did suggest that the more issues the organization covers in their security policy the more effective their policy is likely to be. The more an organization reports adoption of such criteria in their security policy, the more they report a highly effective security policy. The more the organization implements the ‘success factors’ the more effective they feel their security policy will be.

The third stage was conducted in the UK at Glasgow University because employees are somewhat familiar with the idea of information security. It was based on the findings derived from the analysis of the quantitative questionnaire at stage two. The findings revealed different reasons for employee’s non-compliance to organization security policy as well as the impact of non-compliance.

The fourth stage consolidates the findings of the three studies and brings them together to give recommendations about how to formulate a security policy to encourage compliance and therefore reduce security threats.

Item Type: Thesis (PhD)
Qualification Level: Doctoral
Keywords: Information Security, Information Security Policy, Compliance, Trust
Subjects: H Social Sciences > HF Commerce
H Social Sciences > HD Industries. Land use. Labor > HD28 Management. Industrial Management
Colleges/Schools: College of Science and Engineering > School of Computing Science
Supervisor's Name: Renaud, Dr. Karen
Date of Award: 2009
Depositing User: Miss Maryam Al-Awadi
Unique ID: glathesis:2009-860
Copyright: Copyright of this thesis is held by the author.
Date Deposited: 16 Jun 2009
Last Modified: 10 Dec 2012 13:27
URI: http://theses.gla.ac.uk/id/eprint/860

Actions (login required)

View Item View Item


Downloads per month over past year