Abstract
Nowadays, it is clear that information security is one of the most basic issues that organisations need to focus on. Despite huge investments made by companies to keep their information systems safe, there are many information security breaches that infiltrate companies systems, consequently, these cost them their reputation, affect customers confidence, and bring huge financial losses. Ethiopian companies are not immune to this security problem, and there are many signs of information security breaches. The literature suggests that almost all investments in information security related issues are for technological solutions. However, this type of solutions alone do not work well, and according to some researchers, there is one significant element that has been given very little attention, the human factor. Most of the information security breaches are caused by employees who are legitimate users of the companys systems. So ‘how can we counter the illegal action of our own employees is the main objective this study tried to address. The findings showed strong evidence on the influence of contextual factors and national culture, on employees information security behaviour, and consequently, it highlighted the importance of taking some level of precaution when organisations introduce new policies or standards that are copied from abroad. Policy makers and ISS managers in Ethiopia, particularly at the Information Network Security Agency (INSA), can learn how important it is to modify or adapt their ISP, which was copied from ISO 27002, based on the findings of this study.
Keywords: Contextual Factors, National Culture, Employees’ Information Security Behaviour, Financial Institutions, Information Systems Security
View PDF