ISSN: 2222-6990
Open access
The recent escalation in leakages of classified information (CI) has attracted sustained interest from information security scholars and practitioners alike. CI is sensitive information that must be protected from being accessed by unauthorised persons. Thus, the purpose of this research is to identify the key factors that influence CI leakages in Institutions of Higher Learning (IHL). In doing this, we conducted a literature survey with a meta-analysis of 19 articles to identify the Key Predicting Factors (KPFs) that influences CI assurance in IHL. The factors found are categorised to organisational (communication structures), regulatory (enforceability), human (social norms, self-efficacy, training, and awareness of being monitored), and technological (internet of data, access control and storage control). These factors were validated via Delphi method to ascertain its consistency by information security experts. This research contributed to the knowledge by identifying KPFs influencing CI violation in IHL. In view of all factors that have been mentioned so far, there is no single information security theory/model that covers all identified KPFs. Therefore, we suggested for the development of a security violation prevention model to safeguard CI in IHL using KPFs.
Abu Bakar, N., Mohd, M., & Sulaiman, R. (2017). Information leakage preventive training. Paper presented at the 6th International Conference on Electrical Engineering and Informatics (ICEEI), Langkawi, Malaysia, 25-27 November 2017.
Ahmad, Z., Ong, T. S., Liew, T. H., & Norhashim, M. (2019). Security monitoring and information security assurance behaviour among employees. Information and Computer Security, 27(2), 165-188. doi:10.1108/ics-10-2017-0073
Anderl, R. (2014). Industrie 4.0: advanced engineering of smart products and smart production. Paper presented at the 19th International Seminar on High Technology, Piracicaba, Brasil, October 9th, 2014.
Bandura, A. (1977a). Self-efficacy: Toward a unifying theory of behavioral change. Psychological Review, 84(2), 191-215. doi:10.1037/0033-295x.84.2.191
Bandura, A. (1977b). Social Learning Theory. Englewood Cliffs, New Jersey: Prentice-Hall, Inc.
Bandura, A. (1986). Social Foundations of Thought and Action. New Jersey: Prentice-Hall.
Breaux, T. D., Antón, A. I., Karat, C.-M., & Karat, J. (2006). Enforceability vs. accountability in electronic policies. Paper presented at the Seventh IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06), London, Ont., Canada, 5-7 June 2006.
Chen, H., & Li, W. (2014). Understanding Organization Employee's Information Security Omission Behavior: An Integrated Model of Social norm and Deterrence. Paper presented at the Pacific Asia Conference on Information Systems (PACIS) 2014 Proceedings.
CyberScout. (2019). 2019 End of the year Data Breach Reports. Identity Theft Resource Center (ITRC).
D'Arcy, J., & Greene, G. (2014). Security culture and the employment relationship as drivers of employees’ security compliance. Information Management & Computer Security, 22(5), 474-489. doi:10.1108/imcs-08-2013-0057
Fischbach, K., Gloor, P. A., & Schoder, D. (2009). Analysis of Informal Communication Networks – A Case Study. Business & Information Systems Engineering, 1(2), 140-149. doi:10.1007/s12599-008-0018-z
Gul, S., Asif, M., Ahmad, S., Yasir, M., Majid, M., & Malik, M. S. A. (2017). A Survey on Role of Internet of Things in Education. International Journal of Computer Science and Network Security, 17(5), 159-165.
Hanus, B., & Wu, Y. A. (2015). Impact of Users’ Security Awareness on Desktop Security Behavior: A Protection Motivation Theory Perspective. Information Systems Management, 33(1), 2-16. doi:10.1080/10580530.2015.1117842
Horne, C. A., Ahmad, A., & Maynard, S. B. (2016). A Theory on Information Security. Paper presented at the Australasian Conference on Information Systems 2016, Wollongong, Australia.
Hovav, A., & D’Arcy, J. (2012). Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South Korea. Information & Management, 49(2), 99-110. doi:10.1016/j.im.2011.12.005
Hwang, I., Kim, D., Kim, T., & Kim, S. (2017). Why not comply with information security? An empirical approach for the causes of non-compliance. Online Information Review, 41(1), 2-18. doi:10.1108/oir-11-2015-0358
McIlwraith, A. (2006). Information Security and Employee Behaviour: How to Reduce Risk through Employee Education, Training and Awareness. Aldershot, England: Gower Publishing Limited.
Mikalef, P., & Pateli, A. (2016). Developing and Validating a Measurement Instrument of IT- Enabled Dynamic Capabilities. AIS Electronic Library (AISeL) Research Papers ECIS, 26.
Ng, B.-Y., Kankanhalli, A., & Xu, Y. (2009). Studying users' computer security behavior: A health belief perspective. Decision Support Systems, 46(4), 815-825. doi:10.1016/j.dss.2008.11.010
Pascual, R. (2009). Enhancing project-oriented learning by joining communities of practice and opening spaces for relatedness. European Journal of Engineering Education, 35(1), 3-16. doi:10.1080/03043790902989234
Patz, R. (2017). Leaking, leak prevention, and decoupling in public administrations: the case of the European Commission. West European Politics, 41(4), 1049-1071. doi:10.1080/01402382.2017.1394103
Qi, L., Xiao, S. M., & Tang, F. M. (2012). The Application of Information Flow Control Technology Based on Electronic Confidentiality Level Identifier in the Removable Storage Medium. Advanced Materials Research, 461, 182-186. doi:10.4028/www.scientific.net/AMR.461.182
Ravidas, S., Lekidis, A., Paci, F., & Zannone, N. (2019). Access control in Internet-of-Things: A survey. Journal of Network and Computer Applications, 144, 79-101. doi:10.1016/j.jnca.2019.06.017
Reiff, M. R. (2005). Punishment, Compensation, and Law: A Theory of Enforceability. Cambridge,UK: Cambridge University Press.
Rhee, H.-S., Kim, C., & Ryu, Y. U. (2009). Self-efficacy in information security: Its influence on end users' information security practice behavior. Computers & Security, 28(8), 816-826. doi:10.1016/j.cose.2009.05.008
Simpson, C. J. (2019). Unauthorized Disclosures of Sensitive and Classified Information: A Meta-Synthesis of Leadership Support, Security Policy, and Security Education, Training and Awareness within the Federal Government Information Security Culture. (PhD Thesis). Delaware State University,
Steyskal, S., & Kirrane, S. (2015). If You Can't Enforce It, Contract It: Enforceability in Policy-Driven (Linked) Data Markets. Paper presented at the 11th International Conference on Semantic Systems – SEMANTiCS 2015, Vienna, Austria, September 15–17, 2015.
Tene, O., & Polonetsky, J. (2013). A theory of creepy: technology, privacy and shifting social norms. Yale Journal of Law & Technology, 59, 59-102.
Torten, R., Reaiche, C., & Boyle, S. (2018). The impact of security awarness on information technology professionals’ behavior. Computers & Security, 79, 68-79. doi:10.1016/j.cose.2018.08.007
Uslu, B. (2018). The components of communication systems in universities: their influence on academic work life. Tertiary Education and Management, 24(1), 34-48. doi:10.1080/13583883.2017.1359662
Vijandren. (2019). Universiti Malaya Staff Personal Data, Banking and Salary Details Leaked Online. lowyat.net. Retrieved from https://www.lowyat.net/2019/196895/universiti-malaya-staff-data-leaked-online/#
Wall, J. D., Lowry, P. B., & Barlow, J. B. (2016). Organizational Violations of Externally Governed Privacy and Security Rules: Explaining and Predicting Selective Violations under Conditions of Strain and Excess. Journal of the Association for Information Systems, 17(1), 39-76.
Walton, R., & Limited, W.-M. (2006). Balancing the insider and outsider threat. Computer Fraud & Security, 2006(11), 8-11. doi:10.1016/s1361-3723(06)70440-7
Warkentin, M., Johnston, A. C., Shropshire, J., & Barnett, W. D. (2016). Continuance of protective security behavior: A longitudinal study. Decision Support Systems, 92, 25-35. doi:10.1016/j.dss.2016.09.013
Webster, J., & Watson, R. T. (2002). Analyzing the past to prepare for the future: Writing a literature review. MIS Quarterly, xiii-xxiii.
Wood, P. (2014). Walls of straw - the cyber risks to higher education. Insights, 72(2), 192-197.
Yang, D.-L., Liu, F., & Liang, Y.-D. (2010). A Survey of the Internet of Things. Paper presented at the 2010 International Conference on E-Business Intelligence (ICEBI2010), Kunming, Yunnan, P.R.China, December 19-21, 2010.
Zhang, X., Du, H.-T., Chen, J.-Q., Lin, Y., & Zeng, L.-J. (2011). Ensure Data Security in Cloud Storage. Paper presented at the 2011 International Conference on Network Computing and Information Security.
In-Text Citation: (Ahmadu et al., 2022)
To Cite this Article: Ahmadu, B., Hussin, A. R. C., and Bahari, M. (2022). Identification of key Predicting Factors Affecting Classified Information Assurance in Institutions of Higher Learning. International Journal of Academic Research in Business and Social Sciences. 12(7), 1 – 11.
Copyright: © 2022 The Author(s)
Published by Human Resource Management Academic Research Society (www.hrmars.com)
This article is published under the Creative Commons Attribution (CC BY 4.0) license. Anyone may reproduce, distribute, translate and create derivative works of this article (for both commercial and non0-commercial purposes), subject to full attribution to the original publication and authors. The full terms of this license may be seen at: http://creativecommons.org/licences/by/4.0/legalcode