International Journal of Business Analytics and Intelligence

Dakito Alemu Kesto
Accounting & Finance Program Unit, School of Commerce, CoBE, Addis Ababa University, Ethiopia

Tilahun Muluneh
Addis Ababa University, Ethiopia

Abstract

Nowadays, it is clear that information security is one of the most basic issues that organisations need to focus on. Despite huge investments made by companies to keep their information systems safe, there are many information security breaches that infiltrate companies’ systems; consequently, these cost them their reputation, affect customers’ confidence, and bring huge financial losses. Ethiopian companies are not immune to this security problem, and there are many signs of information security breaches. The literature suggests that almost all investments in information security related issues are for technological solutions. However, this type of solutions alone do not work well, and according to some researchers, there is one significant element that has been given very little attention, the human factor. Most of the information security breaches are caused by employees who are legitimate users of the company’s systems. So ‘how can we counter the illegal action of our own employees?’ is the main objective this study tried to address. The findings showed strong evidence on the influence of contextual factors and national culture, on employees’ information security behaviour, and consequently, it highlighted the importance of taking some level of precaution when organisations introduce new policies or standards that are copied from abroad. Policy makers and ISS managers in Ethiopia, particularly at the Information Network Security Agency (INSA), can learn how important it is to modify or adapt their ISP, which was copied from ISO 27002, based on the findings of this study.

Keywords

References