Evaluating the Information Security Awareness (ISA) of Employees in the Banking Sector: A Case Study

Abstract

Information has become a vital and valuable asset to an organization. In the banking sector, employees should have a better knowledge about the security of the information system since they are always exposed to very confidential and sensitive information. Thus, the awareness on information security has become a major area that should be focused on by the employees as well as the management of the banking industry. The objective of this research is to evaluate the awareness of the employees on information security in the banking sector in Sri Lanka. This study is based on Human Aspects of Information Security Questionnaire (HAIS-Q). A questionnaire was developed based on relevant literature for collecting data in the study. Regression analysis was carried out using SPSS to analyze the collected data. It was concluded that all the factors in HAISQ are predictors of employee information security awareness (R2= 0.984). Although all the variables have affected positively on the awareness on information security in the banking sector, the variables of Password Management, Email Use, Internet Use and Incident Reporting have a positive and significant impact on the awareness of employees on Information Security. Especially the Password Management significantly impacted on the awareness of information security. The employers should identify the importance of password management, Email Use, Internet Use and Incident Reporting when they structure training activities for employees in the banking industry