Qualitative Analysis of the Behavioral Pattern of Information Security Experts in Facing Cyber Threats

Document Type : Original Article

Authors

1 Ph.D. Student, Department of Knowledge and Information Science, Science and Research Branch, Islamic Azad University, Tehran, Iran

2 Associate Professor, Department of Knowledge and Information Science, Science and Research Branch, Islamic Azad University, Tehran. Iran

3 Associate Professor, Department of Educational Sciences, Yadgar Imam Khomeini Shahrari Branch, Islamic Azad University, Tehran, Iran

Abstract

Purpose: Simultaneously with the developments of the 20th century and the process of globalization in the present era, information and communication technology has facilitated the emergence of a networked society. The new world has evolved into a network whose primary structure is information and electronic communication systems. The transformation of social interactions into virtual communities has led to the rise of social insecurity and new forms of crimes and misdemeanors in virtual spaces. Gradually, with the expansion of information and communication technology, especially the Internet, and subsequently the proliferation of threats and risks associated with it, the concepts of information security, information systems security, and cyber security were also developed. Just as soldiers are trained to handle various threats in war, the world of information is a real battlefield, with hackers and cyber-attacks posing significant risks. Information security experts should be equipped with the necessary skills to effectively deal with cyber-attacks, much like expert soldiers. The current applied developmental research is focused on identifying key indicators to design effective behavioral patterns for information security experts dealing with cyber threats.
Method: In this study, a purposeful and development-oriented approach was employed, using a meta-composite and qualitative-quantitative (sequential-exploratory) method. Initially, 112 sources were selected from 270 primary sources using a library method and were the focus of the work. To identify the security components of information systems, the Barroso and Sandlowski 2007 seven-step technique was utilized, resulting in the calculation of 142 indicators from the selected documents. After clustering the indicators using RapidMiner software, the research identified 5 dimensions and 17 components. Subsequently, a two-stage Delphi method involving two groups of 15 experts was employed to evaluate the questions, value assessment, and validity. Following the completion of the qualitative phase, the study progressed to the quantitative or exploratory stage. An invitation letter and questionnaire, comprising 125 verified indicators, were then prepared and sent to 156 information security experts. And after receiving 111 complete questionnaires, which meets Cochran's requirement for a minimum statistical population size of 111 people, the questionnaire collection phase concluded, and the analysis process commenced with the assistance of SPSS and MATLAB software.
Findings: In this study, the dimension of "security threats" has the highest factor load weight of 0.983 among all other dimensions. Within the "security threats" dimension, the component of "unintentional damages" has the highest weight compared to other components. The dimension of "security vulnerabilities" follows with a factor load weight of 0.979, ranking second. The "process factors" dimension ranks third with a factor load weight of 0.975, and the "human factors" dimension also has a factor load weight of 0.975. The fourth rank is held by the dimension of "0.970," and finally, the "technical factors" dimension, with a factor loading of 0.920, ranks last among the dimensions of this research. Despite receiving the lowest score and weighting overall, the "technical factors" dimension has the highest factor load weight assigned to the components of "encryption" and "equipment," with a score of 0.978, and the lowest score assigned to the components of "monitoring" with a weight of 0.88 and "planning" with a weight of 0.84. In the following, the obtained results and prioritizations were compared with those of other studies, and the validity of the results was confirmed based on the validation and verification of the comparisons.
Conclusion: In general, it should be noted that, contrary to the opinion of most data-oriented companies that prioritize "technical factors" in information security, the results obtained in this study have shown that this assumption was incorrect. The importance of the behavioral patterns of information security experts has been confirmed, which is influenced by laws, organizational structure, organizational culture, and training. Finally, with the assistance of the weights assigned to the obtained components and indicators, suggestions were made to modify the behavioral patterns of information security experts after ranking and prioritizing the components and characteristics.

Keywords

Main Subjects

References

Ahangar, A., Babal-Hawaeji, F., Hosseini Beheshti, M.S., Hariri, N. & Khademi, M. (2022). Drawing and analyzing the network structure of information security concepts. Journal of Information Processing and Management, 37(2): 473-495. https://doi.org/10.52547/jipm.37.2.473[in persian]
Alhogail, A. (2015). Design and validation of information security culture framework. Computers in human behavior, 49: 567-575.
Bhattacharya, C.B., Sen, S. & Korschun, D. (2011). Leveraging corporate responsibility: the stakeholder route to maximizing business and social value. Cambridge University Press.
Colwill, C. (2009). Human factors in information security: the insider threat–who can you trust these days? Information security technical report,14(4): 186-196.
Deal, T. & Kennedy, A. (1999). The new corporate cultures: revitalizing the workplace after downsizing, mergers, and reengineering. Cambridge: Basic books.
Dhillon, G. & Backhouse, J. (2000). Technical opinion: information system security management in the new millennium. Communications of the acm, 43(7): 125-128.
merete Hagen, J., Albrechtsen, E. & Hovden, J. (2008). Implementation and effectiveness of organizational information security measures. Information management & computer security, 16(4): 377-397.
Niekerk, J.V. & Solms, R.V. (2005). A holistic framework for the fostering of an information security sub-culture in organizations. Nelson Mandela Metropolitan University.
Pathari, V. & Sonar, R. (2012). Identifying linkages between statements in information security policy, procedures and controls. Information management & computer security, 20(4): 264-280.
ragavendran, V.A. (2023). An analysis of the literature on society's concerns on india's cybersecurity in the twenty-first century. International journal of social sciences and management review,
Vol. 6.
Scholl, M. (2023). Sustainable information security sensitization in smes: designing measures with long-term effect. Proceedings of the 56th Hawaii International Conference on System Sciences.
Shabani, M.M., Rafati Asl, S.M. & Sohrabi, S. (2021). Feasibility of establishing knowledge management in a knowledge-oriented organization. Law enforcement information technology magazine, 4(8): 67-84. https://doi.org/10.22034/pitc.2022.1266565.1114 [in persian]
Shafii Nikabadi, M., Jafarian, A. & Jalili Boalhasani, A. (2022). The effect of information security management on the integration of organizational processes in the supply chain. Journal of Information Processing and Management, 27(2): 560-604. [in persian]
Shahini, Sh., Faraj Pahlo, A., Khademizadeh, Sh. & Nadran Tahan, M. (2022). Presenting a proposed architecture for using the Internet of Things in Iranian academic libraries. Journal of information processing and management, 37(2): 473-495. https://doi.org/10.22034/JIPM.2023.701680
[in persian]
Shahriari, M., Maddi, B. & Saberi, M. (2018). Analysis of security challenges of LTE network, and barriers and opportunities of network localization in the standard platform. Electronic and Cyber Defense, 7(26): 121-132. [in persian]
Thomson, K. & Van Niekerk, J. (2012). Combating information security apathy by encouraging prosocial organisational behaviour. Information Management & Computer Security, 20(1): 39-46.
Send comment about this article
CAPTCHA Image
Sciences and Techniques of Information Management
Volume 9, Issue 4
December 2023
Pages 419-457

Files

Share

How to cite

Statistics