TY - JOUR
T1 - Information security awareness in a developing country context
T2 - Insights from the government sector in Saudi Arabia
AU - AlMindeel, Raneem
AU - Martins, Jorge Tiago
N1 - Funding Information:
We would like to thank the editor, Luke Hougthon, and the anonymous referees whose comments and reviews helped us to greatly improve the paper.
Publisher Copyright:
© 2020, Emerald Publishing Limited.
Copyright:
Copyright 2021 Elsevier B.V., All rights reserved.
PY - 2021/3/12
Y1 - 2021/3/12
N2 - Purpose: The purpose of this paper is to increase understanding of employee information security awareness in a government sector setting and illuminate the problems that public sector organisations in a developing context face when seeking to establish an information security awareness programme. Design/methodology/approach: An interpretive research design was followed to develop an empirically enriched understanding of information security awareness perceptions, aspirations, challenges and enablers in the context of Saudi Arabia as a developing country. The study adopts a single-case study approach, including face-to-face interviews with senior employees, as well as document analysis. Findings: The paper theorises the importance of individual information security awareness, knowledge and behaviour and identifies a number of facilitating conditions: customisation to employee and organisational needs, interactivity, innovation, frequency, integration of both electronic and physical learning resources and rewarding the acquisition of in-depth security-related actionable knowledge. Originality/value: This study is one of the first to examine information security awareness as a socio-technical process within a government sector organisation in a developing country context.
AB - Purpose: The purpose of this paper is to increase understanding of employee information security awareness in a government sector setting and illuminate the problems that public sector organisations in a developing context face when seeking to establish an information security awareness programme. Design/methodology/approach: An interpretive research design was followed to develop an empirically enriched understanding of information security awareness perceptions, aspirations, challenges and enablers in the context of Saudi Arabia as a developing country. The study adopts a single-case study approach, including face-to-face interviews with senior employees, as well as document analysis. Findings: The paper theorises the importance of individual information security awareness, knowledge and behaviour and identifies a number of facilitating conditions: customisation to employee and organisational needs, interactivity, innovation, frequency, integration of both electronic and physical learning resources and rewarding the acquisition of in-depth security-related actionable knowledge. Originality/value: This study is one of the first to examine information security awareness as a socio-technical process within a government sector organisation in a developing country context.
KW - Government sector
KW - Information security awareness
KW - Information security behaviour
KW - Public servants
KW - Saudi Arabia
UR - http://www.scopus.com/inward/record.url?scp=85085102150&partnerID=8YFLogxK
U2 - 10.1108/ITP-06-2019-0269
DO - 10.1108/ITP-06-2019-0269
M3 - Article
AN - SCOPUS:85085102150
SN - 0959-3845
VL - 34
SP - 770
EP - 788
JO - Information Technology and People
JF - Information Technology and People
IS - 2
ER -