Information security policy : the National Payment System in Libya
dc.contributor.author | Sherif, Emad | en_GB |
dc.date.accessioned | 2012-07-24T15:24:36Z | |
dc.date.available | 2012-07-24T15:24:36Z | |
dc.date.issued | 2012-05 | |
dc.identifier.citation | Sherif, Emad. (2012) 'Information security policy : the National Payment System in Libya'. MSc Thesis. University of Bedfordshire. | en_GB |
dc.identifier.uri | http://hdl.handle.net/10547/235594 | |
dc.description | A Thesis submitted at the University of Bedfordshire In partial fulfilment for the degree of Master of Science in Information Management and Security | en_GB |
dc.description.abstract | Information security officers, practitioners and academics agree that information security policy is the basis of any organisation’s information security. Information security practitioners share and agree that it is rare that information security policy bring out the desirable results. In order to study and analyse this problem, academics have focused on various methods to motivate employees toward policy compliance, however, they have not paid much attention on employees’ expectations and how they perceive the information security policy. Also, employees’ satisfaction and awareness of information security policy is critical as it may improve the security level by decreasing the internal threat risks. In this thesis, analysing organisation’s employees’ expectation about information security policies based on a framework that is formed regarding internal threat motivation, consequences, security behaviour and security countermeasures. Therefore, single case study was adopted in this thesis. The study outcomes along with the case study findings state that organisation’s employees’ expectations toward an information security policy should be paid much attention during forming security regulations and even during implementation of information security policy within organisations. The thesis concludes that employees’ security behaviour is related to their information security background and awareness, as well as, security countermeasures, where if the countermeasures perceived negatively, it may negatively help to increase the risk in terms of internal threat. Finally, security countermeasures must be defined before taking negative actions toward employees, as well as, information security training should be scheduled regularly within organisation and they should be arranged regarding to the organisational groups’ professions. | |
dc.language.iso | en | en |
dc.publisher | University of Bedfordshire | en_GB |
dc.subject | G500 Information Systems | en_GB |
dc.subject | information security | en_GB |
dc.subject | data security | en_GB |
dc.subject | computer security | en_GB |
dc.subject | security policy | en_GB |
dc.subject | internal threat | en_GB |
dc.subject | external threat | en_GB |
dc.subject | National Payment System | en_GB |
dc.subject | Libya | en_GB |
dc.title | Information security policy : the National Payment System in Libya | en |
dc.type | Thesis or dissertation | en |
html.description.abstract | Information security officers, practitioners and academics agree that information security policy is the basis of any organisation’s information security. Information security practitioners share and agree that it is rare that information security policy bring out the desirable results. In order to study and analyse this problem, academics have focused on various methods to motivate employees toward policy compliance, however, they have not paid much attention on employees’ expectations and how they perceive the information security policy. Also, employees’ satisfaction and awareness of information security policy is critical as it may improve the security level by decreasing the internal threat risks. In this thesis, analysing organisation’s employees’ expectation about information security policies based on a framework that is formed regarding internal threat motivation, consequences, security behaviour and security countermeasures. Therefore, single case study was adopted in this thesis. The study outcomes along with the case study findings state that organisation’s employees’ expectations toward an information security policy should be paid much attention during forming security regulations and even during implementation of information security policy within organisations. The thesis concludes that employees’ security behaviour is related to their information security background and awareness, as well as, security countermeasures, where if the countermeasures perceived negatively, it may negatively help to increase the risk in terms of internal threat. Finally, security countermeasures must be defined before taking negative actions toward employees, as well as, information security training should be scheduled regularly within organisation and they should be arranged regarding to the organisational groups’ professions. |