Information Security Awareness among Non-Academic Staff in the University of Ibadan, NigeriaAuthor : H. T. AbdulRahman and S. O. Oladipupo
Volume 8 No.2 April-June 2019 pp 77-84
This study applied the established factors from the existing literatures on information security awareness to investigate information security awareness among non-academic staff in the University of Ibadan, Nigeria. The objectives of this study are; to identify the factors that influence information security awareness and to determine the level of information security awareness among non-academic staff. This study employed a survey design. Stratified random sampling technique was utilized to select the respondents for the study. The study participants consist of non-academic staff in the University of Ibadan. A field survey of 300 respondents was carried out using questionnaire as the main instrument. Descriptive statistics was used for data analysis. Findings of this study revealed that information security awareness is significantly influenced by policy of information security, education of information security, knowledge of technology, and non-academic staff’s behavior. Furthermore, findings show that the level of information security awareness among non-academic staff in the University of Ibadan was high. Finally, findings were discussed and recommendations for the future research were also addressed.
Information Security, Awareness, Non-Academic Staff, University of Ibadan, Nigeria
 E. Albrechtsen, and J. Hovden, “Improving information security awareness and behaviour through dialogue, participation and collective reflection, An intervention study”, Computers & Security, Vol. 29, pp. 432-445, 2010.
 J. Boyce, and D. Jennings, “Information assurance: Managing organizational IT”, Woburn, MA, Butterworth-Heinemann, 2002.
 M.D. Caroll, “Information security: Examining and managing the insider threat”, ACM Proceedings of the 3rd Annual Conference on Information Security Curriculum Development 2006 (InfoSecCD 06), pp. 156-158, Kennesaw, Georgia, 2006.
 C. C. Chen, R. S. Shaw, and S.C. Yang, “Mitigating information security risks by increasing user security awareness: a case study of an information security awareness system”, Information Technology, Learning, and Performance Journal., Vol. 24, No.1, pp. 1-14, 2006.
 CISSP, CISM, R. P. Thomas, “Implementing an Information Security Awareness Program”, Security Management Practices, Vol.14, No.2, pp. 37-49, 2005.
 J. D’Arcy, A. Hovav, and D. Galletta, “User Awareness of Security Countermeasures and Its Impact on Information System Misuse: A Deterrence Approach”, Information System Research., Vol. 20, No. 1, pp.79-98, 2009.
 ENISA, “A Users’ Guide: How to Raise Information Security Awareness”, Annual Global Information.2006. March 28, 2019, Retrieved fromwww.vistorm.com/uplds/EY_Global_Information_Security
 J. Everet, “Internet Security awareness: switch to a better programme”, Employee Benefits Journal,Vol. 23, No.3,pp. 14-18, 1998.
 S. K. W. Fakeh, M. N. Zulhemay, M. S. Shahibi, J. Ali, and M. K. Z. Zaini, “Information security awareness amongst academic librarians”, Journal of applied sciences research, Vol. 8, No. 3, pp.1723-1735, 2012, ISSN 1819-544X.
 S. Flinn, and J. Lumsden, “User Perceptions of Privacy and Security on the Web”, National Research Council, 2005.
 G. J. Gordon, “Ascertaining the relationship between security awareness and the security behaviour of individuals”, Nova Southeastern: Nova Southeastern University, 2010.
 F. J. Haeussinger and J. J. Kranz, “Information security awareness: Its antecedents and mediating effects on security compliant behaviour”, 34thInternational Conference on Information Systems., pp.1-16, 2013.
 S. Hansche, “Designing a security awareness program: Part I”, Information Systems., Vol. 9, No. 6, pp.14-23, 2001.
 S. Hinde , “Careless about privacy”, UK., 2003.
 F. Kaur, and N. Mustafa, “Examining the effects of knowledge, attitude and behaviour on information security awareness: case on SME”, 3rd International Conference on Research and Innovation in Information System-2013 (ICRIIS’ 13)., pp. 286-290, 2013.
 H. A. Kruger, and W. D. Kearney, “A prototype for assessing information security awareness”, Computer & Security., Vol. 25, No. 4, pp. 289-296, 2006.
 H. Kruger, L. Drevin, and T. Styen, “A vocabulary test to assess information security awareness”, Information Security & Computer Security., Vol. 18, No. 5, pp. 316-327, 2010.
 D. D. Maeyer, “Setting Up an Effective Information Security Awareness Program”,Information Security Solutions Europe/SECURE 2007 Conference (Part 1)., Warsaw, Poland, 25–27 September, Vieweg, pp. 49–52, 2007.
 A. Martins, and J. Eloff, “Information Security Culture,” Proc. of IFIP TC11 17th International Conference on Information Security (SEC2002)., IFIP Conference Proceedings, Cairo, Egypt, 2003.
 J. Mathisen, “Measuring information security awareness – a survey showing the Norwegian way to do it”, Master’s thesis., Gjøvik University College, 2004. www.nislab.noiv Oslo
 A.R. NurulHidayah, “A Prototype to Evaluate Information Security Awareness Level for Teacher and Student in Secondary School”, Master Dissertation, pp. 1-97, 2009.
 S. O. Oladipupo, “Determinants of Information Security Awareness among Employees of Capital Market Registrars in Lagos, Nigeria: An Empirical Study”. Asian Journal of Computer Science and Technology (AJCST)., Vol. 8, No. 1, pp. 48-52, 2019.
 P. Puhakainen, “A Design Theory for Information Security Awareness”, Doctoral Dissertation, Department of Information Processing Science, University of Oulu, Finland, 2006. http://herkules.oulu.fi/ isbn9514281144/isbn9514281144.pdf.
 A. Segev, J. Porra andRoldan, “Internet security and the case of Bank of America”, Communications of the ACM, Vol. 41, No. 10, 81-87, 1998.
 P.S. Shashi, “What are we managing – knowledge or information”, The journal of information and knowledge management systems., Vol. 37, No. 2, 169-179, 2007.
 M. T. Siponen, “A conceptual foundation for organizational information security awareness”, Information Management & Computer Security., Vol. 8, No. 1, 2000.
 D. Straub, “Effective IS security”. Information Systems Research, Vol. 1, No. 3, pp. 255-276, 1990.
 D. W. Straub and R. J. Welke, “Copingwith SystemsRisk: Security Planning Models for Management Decision Making”, MIS Quarterly., Vol.22, No.4, pp. 441–469.1998.
 T. Takemura, “A quantitative study on Japanese workers’ awareness to information security using the data collected by web-based survey”, American Journal of Economics and Administration., Vol. 2, No. 1, pp. 20 -26, 2010.
 M. Thomson, “The development of an effective information security awareness program for use in an organization”. Unpublished master’s thesis.,Port Elizabeth Technikon, Port Elizabeth, South Africa, 1998.
 M. E. Thomson and R.V. Solms, “Information security awareness: educating your users effectively”, Information Management & Computer Security., Vol. 6, No. 4, pp. 167-173, 1998.
 C. M. Trompeter and J. H. P. Eloff, “A framework for the implementation of socio-ethical controls in information security”, Computers & Security., Vol. 20, No. 5, pp. 384-391, 2001.
 R. Von Solms, “Information security management (1): Why information security is so important”, Information Management and Computer Security., Vol. 6, No. 4, pp. 174 – 177. MCB University Press, 1998.
 B. Von Solms and R. Von Solms, “The 10 deadly sins of information security management”, Computers & Security, Vol. 23, No. 5, pp. 371-376, 2004.
 C. Vroom, and R. Von Solms, “Towards information security behavioural compliance”, Computers & Security., Vol. 23, No. 3, 191–198, 2004.
 L. Yngstrom, and F. Björck, “The Value and Assessment of Information Security Education and Training. In: Proceedings of the IFIP TC11 WG11.8 First World Conference on Information Security Education (WISE1)., Stockholm, pp. 271-292, 1999.
 Y. Zahri, and M. Z. Ahmad Nasir, “Future Cyber Weapons”, The Star In Tech, pp. 1-4, 2003.