The Influence of Management Support, Regulatory Frameworks and Technological Infrastructure on Information Security Culture in Government Institutions in Tanzania
Keywords:
Information Security Culture, Leadership and Management Support, Regulatory Frameworks, Technical Infrastructure, Government Institutions
Abstract
This study delves into the intricate dynamics of information security culture within the Ministry of Finance in Tanzania, investigating the influential roles of leadership and management support, regulatory frameworks, and technological infrastructure. A cross-sectional research design was used with a quantitative research approach. A sample size of 84 respondents was drawn from a population of 503. Utilising a comprehensive survey that covers variables like commitment, compliance, and resource accessibility, the research reveals crucial findings. Leadership and management support foster a robust information security culture, directly impacting employee awareness, responsibility, and proactive security behaviours. Concurrently, compliance with regulatory frameworks emerges as pivotal, necessitating continuous training programs to ensure understanding and adherence. The study also underscores the profound impact of technological infrastructure on information security, emphasising the importance of accessible and reliable resources in fortifying the organisation's security posture. The research sheds light on the current information security culture within the Ministry of Finance. It furnishes actionable recommendations for sustained improvement, offering a valuable contribution to the broader discourse on cybersecurity within government institutions.
Downloads
Download data is not yet available.
References
Aguilera, B., Carracedo, S., & Saenz, C. (2022). Research ethics systems in Latin America and the Caribbean: a systemic assessment using indicators. The Lancet Global Health.
Aguilera, R. V. (2023). Corporate purpose in comparative perspective: The role of governance. Strategy Science.
Alhosani, K. E. H. A., Khalid, S. K. A., Samsudin, N. A., Jamel, S., & bin Mohamad, K. M. (2019). A policy-driven, human-oriented information security model: A case study in UAE banking sector. In 2019 IEEE Conference on Application, Information and Network Security (AINS) (pp. 12-17). IEEE.
Ali, R. F., Dominic, P., & Karunakaran, P. K. (2020). Information security policy and compliance in oil and gas organisations—A pilot study. Solid State Technol, 63(1s), 1275-1282.
Al-Mekhlafi, A., Becker, T., & Klawonn, F. (2020). Sample size and performance estimation for biomarker combinations based on pilot studies with small sample sizes. Communications in Statistics-Theory and Methods, pp. 1-15.
Alqahtani, A. A. (2019). A systematic literature review of information security culture research. Computers & Security, 82, 128-147.
Alshaikh, M. (2020). Developing cybersecurity culture to influence employee behaviour: A practice perspective. Computers & Security, 98, p. 102003.
Al-Taee, S. H. H., & Flayyih, H. H. (2023). Impact of the electronic internal auditing based on IT governance to reduce auditing risk. Corporate Governance and Organizational Behavior Review, 7(1), 94-100.
Barnes, B., & Daim, T. (2022). Information Security Maturity Model for Healthcare Organizations in the United States. IEEE Transactions on Engineering Management.
Baye, A., Inns, A., Lake, C., & Slavin, R. E. (2019). A synthesis of quantitative research on reading programs for secondary students. Reading Research Quarterly, 54(2), 133-166.
Becker, I. (2019). Measuring and Understanding Security Behaviours (Doctoral dissertation, UCL (University College London)).
Berndt, A. E. (2020). Sampling methods. Journal of Human Lactation, 36(2), 224-226.
Chandra, N. A., & Sadikin, M. (2020). ISM Application Tool, A Contribution to Address the Information Security Management System Implementation Barrier. Journal of information and communication convergence engineering, 18(1), 39-48.
Chen, Y. A. N., Ramamurthy, K., & Wen, K. W. (2015). Impacts of comprehensive information security programs on information security culture. Journal of Computer Information Systems, 55(3), 11-19.
Cram, W. A., Proudfoot, J. G., & D'arcy, J. (2017). Organisational information security policies: a review and research framework. European Journal of Information Systems, 26(6), 605-641.
Da Veiga, A., & Martins, N. (2015). We are improving the information security culture through monitoring and implementation actions illustrated through a case study. Computers & Security, 49, 162-176.
Da Veiga, A., Astakhova, L. V., Botha, A., & Herselman, M. (2020). Defining organisational information security culture—Perspectives from academia and industry. Computers & Security, 92, p. 101713.
Dunn Cavelty, M., & Smeets, M. (2023). Regulatory cybersecurity governance in the making: The formation of ENISA and its struggle for epistemic authority. Journal of European Public Policy, 30(7), 1330-1352.
Farid, G., Warraich, N. F., & Iftikhar, S. (2023). Digital information security management policy in academic libraries: A systematic review (2010–2022). Journal of Information Science, 01655515231160026.
Georgiadou, A., Mouzakitis, S., Bounas, K., & Askounis, D. (2022). A cyber-security culture framework for assessing organisation readiness. Journal of Computer Information Systems, 62(3), 452-462.
Guhr, N., Lebek, B., & Breitner, M. H. (2019). The impact of leadership on employees' intended information security behaviour: An examination of the full‐range leadership theory. Information Systems Journal, 29(2), 340-362.
Hopcraft, R., Tam, K., Misas, J. D. P., Moara-Nkwe, K., & Jones, K. (2023). Developing a Maritime Cyber Safety Culture: Improving Safety of Operations. Maritime Technology and Research, 5(1).
Hu, S. H., & Hwang, I. H. (2021). Analysis of the effects of self-control and organisation-control on information security attitude. Journal of Digital Convergence, 19(8), 49-57.
Johri, A., & Kumar, S. (2023). Exploring Customer Awareness towards Their Cyber Security in the Kingdom of Saudi Arabia: A Study in the Era of Banking Digital Transformation. Human Behavior and Emerging Technologies, 2023.
Kamariotou, M., & Kitsios, F. (2023). Information Systems Strategy and Security Policy: A Conceptual Framework. Electronics, 12(2), 382.
Kiganda, M. (2022). An Assessment of the factors affecting cyber resilience in microfinance institutions in Kenya (Doctoral dissertation, Strathmore University).
Ključnikov, A., Mura, L., & Sklenár, D. (2019). Information security management in SMEs: factors of success. Entrepreneurship and Sustainability Issues, 6(4), p. 2081.
Kothe, E. J., Ling, M., North, M., Klas, A., Mullan, B. A., & Novoradovskaya, L. (2019). Protection motivation theory and pro‐environmental behaviour: A systematic mapping review. Australian Journal of Psychology, 71(4), 411-432.
Lundgren, J., Dahlberg, T., & Jøsang, A. (2016). Regulatory Compliance and Information Security: Integrating Compliance Controls with Security Controls. International Journal of Information Security and Privacy (IJISP), 10(1), 25-42.
Mahfuth, A., Yussof, S., Baker, A. A., & Ali, N. A. (2017). A systematic literature review: Information security culture. In 2017 International Conference on Research and Innovation in Information Systems (ICRIIS) (pp. 1-6). IEEE.
Masrek, M. N., Harun, Q. N., & Sahid, N. Z. (2018). Assessing the information security culture in a government context: the case of a developing country. International Journal of Civil Engineering and Technology, 9(8), 96-112.
McIlwraith, A. (2021). Information security and employee behaviour: how to reduce risk through employee education, training and awareness. Routledge.
Meng, J., & Berger, B. K. (2019). The impact of organisational culture and leadership performance on PR professionals’ job satisfaction: Testing the joint mediating effects of engagement and trust. Public Relations Review, 45(1), 64-75.
Möller, D. P. (2023). Cybersecurity in digital transformation. In Guide to Cybersecurity in Digital Transformation: Trends, Methods, Technologies, Applications and Best Practices (pp. 1- 70). Cham: Springer Nature Switzerland.
Neitzel, A. J., Lake, C., Pellegrini, M., & Slavin, R. E. (2022). A synthesis of quantitative research on programs for struggling readers in elementary schools. Reading Research Quarterly, 57(1), 149-179.
Netshakhuma, N. S. (2023). Cybersecurity Management in South African Universities. In Cybersecurity Issues, Challenges, and Solutions in the Business World (pp. 196-211). IGI Global.
Nixon, T. S., & Barnes, J. C. (2019). Calibrating student perceptions of punishment: A specific test of general deterrence. American Journal of Criminal Justice, 44(3), 430-456.
Norbekov, J. (2020). Ensuring information security is an ideological problem. Mental Enlightenment Scientific-Methodological Journal, 2020(1), 56-65.
Nyarko, D. A., & Fong, R. C. W. (2023, January). Cyber Security Compliance Among Remote Workers. In Cybersecurity in the Age of Smart Societies: Proceedings of the 14th International Conference on Global Security, Safety and Sustainability, London, September 2022 (pp. 343-369). Cham: Springer International Publishing.
Okoye, K., Hussein, H., Arrona-Palacios, A., Quintero, H. N., Ortega, L. O. P., Sanchez, A. L., ... & Hosseini, S. (2023). Impact of digital technologies upon teaching and learning in higher education in Latin America: an outlook on the reach, barriers, and bottlenecks. Education and Information Technologies, 28(2), 2291-2360.
Saeed, S. (2023). Digital Workplaces and Information Security Behavior of Business Employees: An Empirical Study of Saudi Arabia. Sustainability, 15(7), 6019.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organisations. Computers & Security, 56, 70-82.
Scholl, M. (2023). Sustainable Information Security Sensitisation in SMEs: Designing Measures with Long-Term Effect.
Shaikh, F. A., & Siponen, M. (2023). Information security risk assessments following cybersecurity breaches: The mediating role of top management attention to cybersecurity. Computers & Security, 124, 102974.
Shouran, Z., Priyambodo, T., & Ashari, A. (2019). Information System Security: Human Aspects. International journal of scientific & technology research, 8(03), 111-115.
Tejay, G. P., & Mohammed, Z. A. (2023). Cultivating security culture for information security success: A mixed-methods study based on anthropological perspective. Information & Management, 60(3), 103751.
Tolah, A., Furnell, S. M., & Papadaki, M. (2019, June). A comprehensive framework for understanding security culture in organisations. In IFIP World Conference on Information Security Education (pp. 143-156). Springer, Cham.
Topa, I., & Karyda, M. (2019). From theory to practice: guidelines for enhancing information security management. Information & Computer Security.
Trump, B., Cummings, C., Klasa, K., Galaitsi, S., & Linkov, I. (2023). Governing biotechnology to provide safety and security and address ethical, legal, and social implications. Frontiers in genetics, 13, 1052371.
Vaughans, F. E. (2019). A Case Study: Factors that Influence Well-Meaning 'Insiders' Perception, Judgment, and Actions Related to Information Security (Doctoral dissertation, Capella University).
Zolotar, O. O., Zaitsev, M. M., Topolnitskyi, V. V., Bieliakov, K. I., & Koropatnik, I. M. (2021). Prospects and current status of defence information security in Ukraine. Linguistics and Culture Review, 5(S3), 513-524.
Aguilera, R. V. (2023). Corporate purpose in comparative perspective: The role of governance. Strategy Science.
Alhosani, K. E. H. A., Khalid, S. K. A., Samsudin, N. A., Jamel, S., & bin Mohamad, K. M. (2019). A policy-driven, human-oriented information security model: A case study in UAE banking sector. In 2019 IEEE Conference on Application, Information and Network Security (AINS) (pp. 12-17). IEEE.
Ali, R. F., Dominic, P., & Karunakaran, P. K. (2020). Information security policy and compliance in oil and gas organisations—A pilot study. Solid State Technol, 63(1s), 1275-1282.
Al-Mekhlafi, A., Becker, T., & Klawonn, F. (2020). Sample size and performance estimation for biomarker combinations based on pilot studies with small sample sizes. Communications in Statistics-Theory and Methods, pp. 1-15.
Alqahtani, A. A. (2019). A systematic literature review of information security culture research. Computers & Security, 82, 128-147.
Alshaikh, M. (2020). Developing cybersecurity culture to influence employee behaviour: A practice perspective. Computers & Security, 98, p. 102003.
Al-Taee, S. H. H., & Flayyih, H. H. (2023). Impact of the electronic internal auditing based on IT governance to reduce auditing risk. Corporate Governance and Organizational Behavior Review, 7(1), 94-100.
Barnes, B., & Daim, T. (2022). Information Security Maturity Model for Healthcare Organizations in the United States. IEEE Transactions on Engineering Management.
Baye, A., Inns, A., Lake, C., & Slavin, R. E. (2019). A synthesis of quantitative research on reading programs for secondary students. Reading Research Quarterly, 54(2), 133-166.
Becker, I. (2019). Measuring and Understanding Security Behaviours (Doctoral dissertation, UCL (University College London)).
Berndt, A. E. (2020). Sampling methods. Journal of Human Lactation, 36(2), 224-226.
Chandra, N. A., & Sadikin, M. (2020). ISM Application Tool, A Contribution to Address the Information Security Management System Implementation Barrier. Journal of information and communication convergence engineering, 18(1), 39-48.
Chen, Y. A. N., Ramamurthy, K., & Wen, K. W. (2015). Impacts of comprehensive information security programs on information security culture. Journal of Computer Information Systems, 55(3), 11-19.
Cram, W. A., Proudfoot, J. G., & D'arcy, J. (2017). Organisational information security policies: a review and research framework. European Journal of Information Systems, 26(6), 605-641.
Da Veiga, A., & Martins, N. (2015). We are improving the information security culture through monitoring and implementation actions illustrated through a case study. Computers & Security, 49, 162-176.
Da Veiga, A., Astakhova, L. V., Botha, A., & Herselman, M. (2020). Defining organisational information security culture—Perspectives from academia and industry. Computers & Security, 92, p. 101713.
Dunn Cavelty, M., & Smeets, M. (2023). Regulatory cybersecurity governance in the making: The formation of ENISA and its struggle for epistemic authority. Journal of European Public Policy, 30(7), 1330-1352.
Farid, G., Warraich, N. F., & Iftikhar, S. (2023). Digital information security management policy in academic libraries: A systematic review (2010–2022). Journal of Information Science, 01655515231160026.
Georgiadou, A., Mouzakitis, S., Bounas, K., & Askounis, D. (2022). A cyber-security culture framework for assessing organisation readiness. Journal of Computer Information Systems, 62(3), 452-462.
Guhr, N., Lebek, B., & Breitner, M. H. (2019). The impact of leadership on employees' intended information security behaviour: An examination of the full‐range leadership theory. Information Systems Journal, 29(2), 340-362.
Hopcraft, R., Tam, K., Misas, J. D. P., Moara-Nkwe, K., & Jones, K. (2023). Developing a Maritime Cyber Safety Culture: Improving Safety of Operations. Maritime Technology and Research, 5(1).
Hu, S. H., & Hwang, I. H. (2021). Analysis of the effects of self-control and organisation-control on information security attitude. Journal of Digital Convergence, 19(8), 49-57.
Johri, A., & Kumar, S. (2023). Exploring Customer Awareness towards Their Cyber Security in the Kingdom of Saudi Arabia: A Study in the Era of Banking Digital Transformation. Human Behavior and Emerging Technologies, 2023.
Kamariotou, M., & Kitsios, F. (2023). Information Systems Strategy and Security Policy: A Conceptual Framework. Electronics, 12(2), 382.
Kiganda, M. (2022). An Assessment of the factors affecting cyber resilience in microfinance institutions in Kenya (Doctoral dissertation, Strathmore University).
Ključnikov, A., Mura, L., & Sklenár, D. (2019). Information security management in SMEs: factors of success. Entrepreneurship and Sustainability Issues, 6(4), p. 2081.
Kothe, E. J., Ling, M., North, M., Klas, A., Mullan, B. A., & Novoradovskaya, L. (2019). Protection motivation theory and pro‐environmental behaviour: A systematic mapping review. Australian Journal of Psychology, 71(4), 411-432.
Lundgren, J., Dahlberg, T., & Jøsang, A. (2016). Regulatory Compliance and Information Security: Integrating Compliance Controls with Security Controls. International Journal of Information Security and Privacy (IJISP), 10(1), 25-42.
Mahfuth, A., Yussof, S., Baker, A. A., & Ali, N. A. (2017). A systematic literature review: Information security culture. In 2017 International Conference on Research and Innovation in Information Systems (ICRIIS) (pp. 1-6). IEEE.
Masrek, M. N., Harun, Q. N., & Sahid, N. Z. (2018). Assessing the information security culture in a government context: the case of a developing country. International Journal of Civil Engineering and Technology, 9(8), 96-112.
McIlwraith, A. (2021). Information security and employee behaviour: how to reduce risk through employee education, training and awareness. Routledge.
Meng, J., & Berger, B. K. (2019). The impact of organisational culture and leadership performance on PR professionals’ job satisfaction: Testing the joint mediating effects of engagement and trust. Public Relations Review, 45(1), 64-75.
Möller, D. P. (2023). Cybersecurity in digital transformation. In Guide to Cybersecurity in Digital Transformation: Trends, Methods, Technologies, Applications and Best Practices (pp. 1- 70). Cham: Springer Nature Switzerland.
Neitzel, A. J., Lake, C., Pellegrini, M., & Slavin, R. E. (2022). A synthesis of quantitative research on programs for struggling readers in elementary schools. Reading Research Quarterly, 57(1), 149-179.
Netshakhuma, N. S. (2023). Cybersecurity Management in South African Universities. In Cybersecurity Issues, Challenges, and Solutions in the Business World (pp. 196-211). IGI Global.
Nixon, T. S., & Barnes, J. C. (2019). Calibrating student perceptions of punishment: A specific test of general deterrence. American Journal of Criminal Justice, 44(3), 430-456.
Norbekov, J. (2020). Ensuring information security is an ideological problem. Mental Enlightenment Scientific-Methodological Journal, 2020(1), 56-65.
Nyarko, D. A., & Fong, R. C. W. (2023, January). Cyber Security Compliance Among Remote Workers. In Cybersecurity in the Age of Smart Societies: Proceedings of the 14th International Conference on Global Security, Safety and Sustainability, London, September 2022 (pp. 343-369). Cham: Springer International Publishing.
Okoye, K., Hussein, H., Arrona-Palacios, A., Quintero, H. N., Ortega, L. O. P., Sanchez, A. L., ... & Hosseini, S. (2023). Impact of digital technologies upon teaching and learning in higher education in Latin America: an outlook on the reach, barriers, and bottlenecks. Education and Information Technologies, 28(2), 2291-2360.
Saeed, S. (2023). Digital Workplaces and Information Security Behavior of Business Employees: An Empirical Study of Saudi Arabia. Sustainability, 15(7), 6019.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organisations. Computers & Security, 56, 70-82.
Scholl, M. (2023). Sustainable Information Security Sensitisation in SMEs: Designing Measures with Long-Term Effect.
Shaikh, F. A., & Siponen, M. (2023). Information security risk assessments following cybersecurity breaches: The mediating role of top management attention to cybersecurity. Computers & Security, 124, 102974.
Shouran, Z., Priyambodo, T., & Ashari, A. (2019). Information System Security: Human Aspects. International journal of scientific & technology research, 8(03), 111-115.
Tejay, G. P., & Mohammed, Z. A. (2023). Cultivating security culture for information security success: A mixed-methods study based on anthropological perspective. Information & Management, 60(3), 103751.
Tolah, A., Furnell, S. M., & Papadaki, M. (2019, June). A comprehensive framework for understanding security culture in organisations. In IFIP World Conference on Information Security Education (pp. 143-156). Springer, Cham.
Topa, I., & Karyda, M. (2019). From theory to practice: guidelines for enhancing information security management. Information & Computer Security.
Trump, B., Cummings, C., Klasa, K., Galaitsi, S., & Linkov, I. (2023). Governing biotechnology to provide safety and security and address ethical, legal, and social implications. Frontiers in genetics, 13, 1052371.
Vaughans, F. E. (2019). A Case Study: Factors that Influence Well-Meaning 'Insiders' Perception, Judgment, and Actions Related to Information Security (Doctoral dissertation, Capella University).
Zolotar, O. O., Zaitsev, M. M., Topolnitskyi, V. V., Bieliakov, K. I., & Koropatnik, I. M. (2021). Prospects and current status of defence information security in Ukraine. Linguistics and Culture Review, 5(S3), 513-524.
Published
2023-11-26
How to Cite
S. Mpeka, K., A. Semlambo, A., & Kazoba Simon, J. (2023). The Influence of Management Support, Regulatory Frameworks and Technological Infrastructure on Information Security Culture in Government Institutions in Tanzania. GPH-International Journal of Business Management, 6(11), 137-152. https://doi.org/10.5281/zenodo.10207196
Section
Articles
Copyright (c) 2023 Kizito S. Mpeka, Adam A. Semlambo & Joel Kazoba Simon
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Author(s) and co-author(s) jointly and severally represent and warrant that the Article is original with the author(s) and does not infringe any copyright or violate any other right of any third parties and that the Article has not been published elsewhere. Author(s) agree to the terms that the GPH Journal will have the full right to remove the published article on any misconduct found in the published article.
