Iranian Journal of Information Processing & Management (Dec 2023)
Investigating the effect of moral indifference and organizational culture on behaviors related to information security awareness, considering the mediating role of cognitive-emotional variables and security culture
Abstract
When it comes to information security (IS), human behavior is a factor that should not be underestimated. Information Security Awareness (ISA) programs are in place as a preventative measure; But data security breaches still exist, and banks hold valuable personal and financial information that makes them a target for cybercriminals. Based on this, the aim of the present study is to investigate the effect of moral disengagement and organizational culture on behaviors related to information security awareness, taking into account the mediating role of cognitive- effective variables of ISA (knowledge and attitude) and security culture of employees of Saderat and Mellat banks. The current research is applied in terms of its purpose, and in terms of data collection, it is descriptive and correlational and is based on the structural equation model. The statistical population of the research was the employees of Mellat and Saderat Bank branches in Tehran; In this regard, the sample size was estimated to be 430 people. In this study, descriptive analysis method with SPSS software and partial least squares (PLS) approach with Smart PLS software were used for data analysis; Because the use of the partial least squares approach as a method of evaluating relationships between variables related to human behavior in the field of information security has been the most common approach in quantitative studies. The findings of the research confirmed the relationships of the model and the path analysis results showed the influence of the variable "moral disengagement" on the variables of "information security awareness behaviors" (first hypothesis), "information security awareness knowledge" (second hypothesis) and "information security awareness attitude" (third hypothesis) is significantly negative. Also, the effect of the variable "information security awareness knowledge" on "information security awareness behaviors" (fourth hypothesis), the effect of the "information security awareness attitude" variable on "information security awareness behaviors" (fifth hypothesis), the effect of the "organizational culture" variable "on the variables of "information security awareness behaviors" and "organizational security culture" (sixth and seventh hypotheses) and the effect of the "organizational security culture" variable on "information security awareness behaviors" (eighth hypothesis) is positive and significant.
Keywords
