The determinant of information security practices towards organizational performance in the banking sector evidence from Nigeria

This study examines the determinant factors of information security practices towards organizational performance among Nigerian banks. To achieve this, a framework that consists of technological, organizational, and environmental (TOE) factors is proposed using information security culture as a mediator of TOE factors. The framework identifies the factors influencing information security practices among Nigerian bankers. Findings using TOE will eventually lead to the improvement of organizational performance through the establishment of information security culture among Nigerian banks. Thus, the use of information security practices will assist in reducing human factors such as errors, failures, internal incidents and social engineering attacks. A questionnaire survey was designed to obtain data on information security culture, organizational performance, organizational, environmental and technological factors. Multiple regression was used to test for the relationship between organizational performance, information security culture, TOE factors and the reliability and validity of the data. The findings indicated that perceived technology advancement, information security policy and procedure, international security standard, information security awareness, perceived training programs, motivation of employee and perceived job roles and responsibilities significantly influence the organizational performance. The remaining variables have no statistically significant influence on organizational performance. Also, this study found that information security culture significantly mediates the relationship between organizational performance and TOE factors. Thus, the result of this study shows that the objectives of this study were achieved

Information Security Assessment of the Norwegian SMB-Sector: A Study of Culture, Leadership and Cost

The aim of this study was to contribute to the understanding of information security practices and challenges in small and medium-sized businesses in Norway. The research focuses on organizational culture and leadership practices related to information security. Additionally, the study has been interested in mapping the number of security incidents, as well as their associated costs. The study collected a fresh set of data by conducting a survey of 236 small and medium-sized businesses across various industries and between the 11 Norwegian counties. The findings reveal that a significant number of Norwegian SMBs have experienced information security incidents over the past four years. While some incidents were severe and resulted in substantial costs, the median cost of incidents was found to be moderate and manageable for most businesses. However, it is emphasized that businesses should constantly raise their security levels to prepare for worst- case scenarios. Furthermore, the study highlights the role of cyber insurance in protecting businesses against data breaches. Approximately one out of every six participants reported that their organization had purchased cyber insurance and the findings show an increased likelihood to invest in such coverage for organizations that had experienced data breaches. This may indicate that the organizations recognize the importance of increasing security measures following a security incident. Interestingly, the research does not find a statistically significant relationship between the “Culture Security Level” and the probability or cost of incidents. The study acknowledges limitations in the methodology used to assess the “Culture Security Level” and highlights the need for further research. Based on the findings, it is concluded that the Norwegian SMB sector on average does not possess sufficient security measures to mitigate information security risk adequately. Overall, this thesis provides valuable insight into the information security landscape of Norwegian SMBs, highlights the challenges and offers recommendations for improving security practices