Content Validity of Assessment Instrument for Information Security Culture in Relation to Digital Literacy
DOI:
https://doi.org/10.24191/jikm.v14i1.4688Keywords:
content validity, information security culture, digital literacy, information managementAbstract
This study intends to assess the content validity of an instrument intended to measure the relationship between digital literacy and information security culture among Malaysian administrative and diplomatic officers (ADO). Throughout the process of determining the content validity of the instrument, six specialists were contacted. The item content validity index (I-CVI) and scale content validity index (S-CVI) were established for assessing content validity. The two characteristics that were discovered were security risk and security awareness, and each of them had seven and six items, respectively. On the security risk and security awareness aspects of the information security culture, the scale content validity index (S-CVI/Ave) was 0.95 and 1.00 respectively, and the item content validity index (I-CVI) ranged from 0.95 to 1.00. Both indices were consistent with a high level of reliability. It has been determined that the instrument possesses a high level of content validity. In the future, research may be conducted to ensure that the instrument's reliability and other types of validity, such as face validity, concept validity, and criteria validity, are investigated to improve the instrument's applicability.
References
Al Hogail, A. and Mirza, M. (2015), “Organizational information security culture assessment”, paper presented at The 2015 International Conference on Security and Management (SAM’15), 27-30 July, Las Vegas, available at: http://worldcomp-proceedings.com/proc/p2015/SAM_contents. HTML
Aldawood, H., & Skinner, G. (2019). Reviewing cyber security social engineering training and awareness programs—pitfalls and ongoing issues. Future Internet, 11(3), 73. https://doi.org/10.3390/fi11030073
Alotaibi, A., Edum-Fotwe, F., & Price, A. D. F. (2019). Critical barriers to social responsibility implementation within mega-construction projects: The case of the kingdom of saudi arabia. Sustainability, 11(6), 1755. https://doi.org/10.3390/su11061755
Alsaleh, M., Alomar, N., & Alarifi, A. (2017). Smartphone users: Understanding how security mechanisms are perceived and new persuasive methods. PLOS ONE, 12(3). https://doi.org/10.1371/journal.pone.0173284
Alzahrani, A., & Alomar, K. (2016). Information security issues and threats in Saudi Arabia: A research survey. International Journal of Computer Science Issues, 13(6), 129–135. https://doi.org/10.20943/01201606.129135
Aziz, K. A., Norhashim, M. B., & Halim, E. M. (2011). Information security and information technology governance: A Malaysian case study. International Journal of Management Practice, 4(4), 331–344. https://doi.org/10.1504/IJMP.2011.039204
Burkell, J. A., Fortier, A., Di Valentino, L., & Roberts, S. (2015). Enhancing Key Digital Literacy Skills: Information Privacy, Information Security, and Copyright / Intellectual Property. FIMS Publications, 35, 67.
Croitoru, I., & Neacsu, V. (2019). RISK MANAGEMENT – BETWEEN NECESSITY AND OBLIGATION. Internal Auditing & Risk Management, (1), 23–32.
Da Veiga, A., & Eloff, J. H. P. (2010). A framework and assessment instrument for information security culture. Computers and Security, 29(2), 196–207. https://doi.org/10.1016/j.cose.2009.09.002
da Veiga, A., Astakhova, L. V., Botha, A., & Herselman, M. (2020a). Defining organisational information security culture—perspectives from academia and industry. Computers & Security, 92, 101713. https://doi.org/10.1016/j.cose.2020.101713
G. Dhillon and J. Backhouse, “Technical opinion: Information system security management in the new millennium,” Commun. ACM, vol. 43, no. 7, pp. 125–128, Jul. 2000.
Hadlington, L., & Parsons, K. (2017). Can cyberloafing and internet addiction affect organizational information security? Cyberpsychology, Behavior, and Social Networking, 20(9), 567–571. https://doi.org/10.1089/cyber.2017.0239
Hyman, Michael & Sierra, Jeremy. (2016). Open- versus close-ended survey questions. NMSU Business Outlook. 14. [47]
Jaeger, J. (2013, February 5). Human error, not hackers cause most data breaches. Compliance Week. https://www.complianceweek.com/human-error-not-hackers-cause-most-data-breaches/4048.article
Jones, B. H., & Heinrichs, L. R. (2012). Do business students practice smartphone security? Journal of Computer Information Systems, 53(2), 22–30.
Jones, B. H., Chin, A. G., & Aiken, P. (2014). Risky business: Students and smartphones. TechTrends, 58(6), 73–83. https://doi.org/10.1007/s11528-014-0806-x
Karlsson, M., Karlsson, F., Åström, J., & Denk, T. (2021). The effect of perceived organizational culture on employees’ information security compliance. Information & Computer Security, 30(3), 382–401. https://doi.org/10.1108/ics-06-2021-0073
Majlis Keselamatan Negara (MKN). (n.d.). https://asset.mkn.gov.my/wp-content/uploads/2020/10/ MalaysiaCyberSecurityStrategy2020-2024.pdf
Martins, A., & Elofe, J. (2002). Information security culture. IFIP Advances in Information and Communication Technology, 203–214. https://doi.org/10.1007/978-0-387-35586-3_16
Masrek, M. N. (2018). Assessing information security culture: The case of Malaysia public organization. 1–1. https://doi.org/10.1109/icitacee.2017.8257663
McCormac, A., Calic, D., Butavicius, M., Parsons, K., Zwaans, T., & Pattinson, M. (2017). A reliable measure of information security awareness and the identification of bias in responses. Australasian Journal of Information Systems, 21. https://doi.org/10.3127/ajis.v21i0.1697
McKeown, D. A. (2019). Building a risk-based information security culture. ISSA Journal, 17(4), 14–21.
Mensch, S., & Wilkie, L. (2011). Information security activities of college students: An exploratory study. Academy of Information and Management Sciences Journal, 14(2), 91–116.
Mylonas, A., Kastania, A., & Gritzalis, D. (2013). Delegate the smartphone user? Security awareness in smartphone platforms. Computers & Security, 34, 47–66.
Nasir, A. (2020). Information security culture model for malaysian organizations: A Review. International Journal of Advanced Trends in Computer Science and Engineering, 9(1.3), 117–121. https://doi.org/10.30534/ijatcse/2020/1691.32020
Nel, F., & Drevin, L. (2019). Key elements of an information security culture in organisations. Information and Computer Security, 27(2), 146–164. https://doi.org/10.1108/ICS-12-2016-0095
Osborne, S., & Hammoud, M. S. (2017). Effective employee engagement in the Workplace. International Journal of Applied Management and Technology, 16(1). https://doi.org/10.5590/ijamt.2017.16.1.04
Oyinloye, T., Eze, T., & Speakman, L., (2020). Towards cyber-user awareness: Design and Evaluation. Reading, Academic Conferences International Limited: 577-588, XVI.
Polit, D. F., & Beck, C. T. (2006). The content validity index: Are you sure you know what’s being reported? critique and recommendations. Research in Nursing & Health, 29(5), 489–497. https://doi.org/10.1002/nur.20147
Rahim, N. H. A., Hamid, S., Mat Kiah, M. L., Shamshirband, S., & Furnell, S. (2015). A systematic review of approaches to assessing cybersecurity awareness. Kybernetes, 44(4), 606-622. doi: http://dx.doi.org.proxy.cecybrary.com/10.1108/K-12-2014-0283
Rajivan, P., Aharonov-Majar, E., & Gonzalez, C. (2020). Update now or later? effects of experience, cost, and risk preference on update decisions. Journal of Cybersecurity, 6(1). https://doi.org/10.1093/cybsec/tyaa002
Rubenstein, S., & Francis, T. (2008). Are your medical records at risk? Wall Street Journal - Eastern Edition, 251(100), D1-D2.
Schoenmakers, K., Greene, D., Stutterheim, S., Lin, H., & Palmer, M. J. (2023). The security mindset: Characteristics, development, and consequences. Journal of Cybersecurity, 9(1). https://doi.org/10.1093/cybsec/tyad010
Sebescen, N., & Vitak, J. (2017). Securing the human: Employee security vulnerability risk in organizational settings. Journal of the Association for Information Science and Technology, 68(9), 2237–2247. https://doi.org/10.1002/asi.23851
Shamsudin, N. N. A., Yatin, S. F. M., Nazim, N. F. M., Talib, A. W., Sopiee, M. A. M., & Shaari, F. N. (2019). Information Security Behaviors among Employees. International Journal of Academic Research in Business and Social Sciences, 9(6). https://doi.org/10.6007/ijarbss/v9-i6/5972
Sierra, J. J. (2016). Open-versus close-ended survey questions. https://www.researchgate.net/publication/282249876 @report{Sierra2016, author = {Jeremy J Sierra}, title = {Open-versus close-ended survey questions}, url = {https://www.researchgate.net/publication/282249876}, year = {2016}, }
Singh, N., Gupta, A.M. and Ojha, A. (2014), “Identifying factors of organizational information security management’”, Journal of Enterprise Information Management, Vol. 27 No. 5, pp. 644-667.
Stanciu, V., & Tinca, A. (2016). Students’ awareness on information security between own perception and reality – an empirical study. Accounting & Management Information Systems, 15(1), 112–130.
Tan, M., & Sagala Aguilar, K. (2012). An investigation of students’ perception of Bluetooth security. Information Management & Computer Security, 20(5), 364–381
Tasevski, P. (2016). It and cyber security awareness – raising campaigns. Information & Security: An International Journal, 34, 7–22. https://doi.org/10.11610/isij.3401
Tsohou, A., Karyda, M., Kokolakis, S., & Kiountouzis, E. (2015). Managing the introduction of information security awareness programmes in organisations. European Journal of Information Systems, 24(1), 38-58. doi: http://dx.doi.org.proxy.cecybrary.com/10.1057/ejis.2013.27
U. Sekaran, & R. Bougie, Research methods for business: A Skill-Building Approach, 2016.
Valiente Jr, C. (2017). Addressing malware with cybersecurity awareness. ISSA Journal, 15(10), 16-22.
Van Niekerk, J.F. and Von Solms, R. (2010), “Information security culture: a management perspective”, Computers and Security, Vol. 29 No. 4, pp. 476-486, doi: 10.1016/j.cose.2009.10.005
Vance, A., Lowry, P. B., & Eggett, D. (2013). Using accountability to reduce access policy violations in Information Systems. Journal of Management Information Systems, 29(4), 263–290. https://doi.org/10.2753/mis0742-1222290410
Yeniman Yildirim, E., Akalp, G., Aytac, S., & Bayram, N. (2011). Factors influencing information security management in small- and medium-sized enterprises: A case study from Turkey. International Journal of Information Management, 31(4), 360–365. https://doi.org/10.1016/j.ijinfomgt.2010.10.006
Z. Musanni1Xp, E. Siregar, E. Ahman, & S. H. Senen, ―Factors Influencing Innovative Work Behavior: An Individual Factors Perspective‖, International Journal of Scientific & Technology Research, vol. 8, no. 9, 324–327, 2019.
Zhang, J., Reithel, B. J., & Li, H. (2009). Impact of perceived technical protection on security behaviors. Information Management & Computer Security, 17(4), 330–340. https://doi.org/10.1108/09685220910993980
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Mohd Sharulnizam Kamarulzaman, Shamila Mohamed Shuhidan, Khalid Abdul Wahid, Amirudin Abdul Wahab, Abdul Jalil Toha @ Tohara
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Copyright of articles that appear in the journal belongs exclusively to Faculty of Information Management, Universiti Teknologi MARA (Publisher). This copyright covers the rights to reproduce the article, including reprints, electronic reproductions or any other reproductions of similar nature.
