Abstract:
The purpose of the study was to establish the level Information Security among End User in
order to address the Human issue and its impacts on Information Security (IS) in organizations.
Human errors likely to result into excessive security breaches than technical vulnerabilities
(Hinson, 2003). Notable human errors include, deleting wrong file by mistake, entering wrong
value, pull out the wrong plug by mistake and configuration mistakes can leave the network
ports open, firewall vulnerable and system completely unprotected (Hinson, 2003). Employee
errors impact negatively on security controls such as firewalls and data protection policies
adopted by the organization (Hadlington, 2018). Human issues are the major hindrance in
achieving security goals such as maintaining confidentiality, insuring integrity, and assuring
availability of information in an organization (Cherdentseva and Hilton 2013). It is also notable
that employees who either work inside or outside the organization can compromise the essential
characteristics of information such as Confidentiality, Integrity and Availability (CIA). Despite
intense technical and physical security controls adopted by the organization, the availability of
malicious and none malicious employee in an organization hinders the effectiveness of counter
measures adopted to protect information (Greitzer and Hohimer, 2011). A none malicious
employee is an employee who is not aware of security controls adopted by the organization
and lack efficiency to protect data from threats but instead create security loopholes which can
exploited by an attacker. A malicious employee has the motive to disrupt, steal information,
bypass processes and procedures. However, none technical security counter measures such as
security awareness, training and organizational policy implementation can be used to mitigate
internal threats (Cherdentseva and Hilton 2013). In order to understand the human issue
information security, the research study adopted theoretical research models such as Protection
Motivation Theory (PMT), Technology Acceptance Model (TAM) and Theory of Planned
Behavior (TPB) Shenbagaraman 2016). The research population included Lectures and
Administrative personnel in the organization. The independent variable included employee
behavior, attitude and knowledge which were measured against dependent variables such as
password usage, email usage, knowledge on malicious protection and security controls in the
organization. Quantitative research methodology was adopted because data collected was
translated into figures for further analysis. A questionnaire of 33 questions were distributed to
32 participants to collect data. The survey found out that some employee engages in risk
behavior such as sharing password, using the same password to log in different systems or
applications. Some employee in the organization also lack knowledge on threat to information
security and are not security conscious to online cyber scams.
Thimbonde, H (2024). Study on Employee Information Security: Human Issue: Gaborone University College of Law and Professional Studies (GUC). Afribary. Retrieved from https://afribary.com/works/study-on-employee-information-security-human-issue-gaborone-university-college-of-law-and-professional-studies-guc
Thimbonde, Haingura "Study on Employee Information Security: Human Issue: Gaborone University College of Law and Professional Studies (GUC)" Afribary. Afribary, 30 Mar. 2024, https://afribary.com/works/study-on-employee-information-security-human-issue-gaborone-university-college-of-law-and-professional-studies-guc. Accessed 18 Dec. 2024.
Thimbonde, Haingura . "Study on Employee Information Security: Human Issue: Gaborone University College of Law and Professional Studies (GUC)". Afribary, Afribary, 30 Mar. 2024. Web. 18 Dec. 2024. < https://afribary.com/works/study-on-employee-information-security-human-issue-gaborone-university-college-of-law-and-professional-studies-guc >.
Thimbonde, Haingura . "Study on Employee Information Security: Human Issue: Gaborone University College of Law and Professional Studies (GUC)" Afribary (2024). Accessed December 18, 2024. https://afribary.com/works/study-on-employee-information-security-human-issue-gaborone-university-college-of-law-and-professional-studies-guc