تحلیل ساختار عاملی مقیاس" ارزیابیِ فرهنگ و آگاهی امنیتِ سایبری" (مطالعه موردی: کارمندان شعب بانک در شهر اهواز)

نوع مقاله : مقاله پژوهشی

نویسندگان

1 دانشجوی دکترای سنجش و اندازه گیری، گروه روانشناسی، دانشکده روانشناسی، دانشگاه آزاد اسلامی، واحد ساوه، ساوه، ایران.

2 استادیار گروه روان شناسی، دانشگاه آزاد اسلامی واحد مرودشت، مرودشت، ایران.

3 دانشیار گروه مدیریت آموزشی، دانشکده علوم انسانی، دانشگاه آزاد اسلامی، واحد ساوه، ساوه، ایران.

چکیده

مقدمه و هدف: این پژوهش با هدف تحلیل ساختار عاملی مقیاس "ارزیابیِ فرهنگ و آگاهی امنیتِ سایبری" در بین کارمندان بانک شهر اهواز در بهار و تابستان سال 1401 انجام شد.
روش: روش پژوهش با تکیه بر روش‌های روانسنجی (تحلیل عاملی) و ابزار مورد استفاده مقیاس محقق ساخته ارزیابیِ فرهنگ و آگاهی امنیتِ سایبری (1401) بوده است. جامعه کارمندان شعب بانک شهر اهواز و نمونه آماری 581 نفر کارمند بوده که به شیوه تصادفی ساده انتخاب شدند. روش تجزیه و تحلیل داده‌ها در بررسی ساختار عاملی، تحلیل عاملی اکتشافی و تحلیل عاملی تاییدی و در بررسی اعتبار، ضریب آلفای کرونباخ بوده است.
بحث: یافته‌ها نشان داد ضریب آلفای کرونباخ به میزان 88/0 حاصل شده و ساختار عاملی بدست آمده طی تحلیل اکتشافی از شاخص‌های برازندگی (CFI، GFI، RFI، NFI، IFI) مطلوبی برخوردار بوده است که پوشش دهنده 6 عامل (منابع انسانی ناکارآمد، بودجه‌بندی و آگاه‌سازی، ظرفیت‌سازی، موقعیت کارمند، فرهنگ حفاظت از اطلاعات و رفتار و درک امنیتی) می‌باشد.
نتیجه‌گیری: نتایج نشان داد این مقیاس در بین کارمندان بانک دارای ساختار عاملی و اعتبار قابل قبولی است؛ از این رو، می‌توان این ابزار را به عنوان ابزاری معتبر جهت ارزیابی و رتبه‌بندی عوامل موثر بر ارتقاء فرهنگ و آگاهی امنیتِ سایبری در بین کارمندان شعب بانک کشور بکار برد.

کلیدواژه‌ها


عنوان مقاله [English]

Analyzing the Factor Structure of the Scale "Evaluation of Cyber Security Culture and Awareness" (Case study: Employees of Bank branches in Ahvaz City)

نویسندگان [English]

  • Sedigheh Heydari 1
  • Majid Barzegar 2
  • Amirhossein Mohammad davoudi 3
1 PhD student in Assessment and Measurement, Department of Psychology, Islamic Azad University, Saveh Branch, Saveh, Iran.
2 Assistant Professor, Department of Psychology, , Islamic Azad University Marvdasht Branch, Marvdasht, Iran.
3 Associate Professor, Department of Educational Management, Faculty of Humanities, Islamic Azad University, Saveh Branch, Saveh, Iran.
چکیده [English]

Introduction & Objective: This research was conducted with the aim of analyzing the factor structure of the scale "evaluation of cyber security culture and awareness" among the Employees of bank branches Ahvaz city in the spring and summer of 2022.
Method: The research method was based on psychometric methods (factor analysis) and the tool used was the researcher-made scale for the evaluation of cyber security culture and awareness (2022). The population of employees of bank branches Ahvaz city and the statistical sample is 581 employees who were selected by simple random method. The method of data analysis was factor structure, EFA and CFA, and Cronbach's alpha coefficient.
Discussion: The fundings showed that the Cronbach's alpha coefficient was 0.88 in reliability and factor structure obtained during the EFA had favorable fit indices (CFI, GFI, RFI, NFI, IFI) covering 6 factors (inefficient human resources, budgeting and awareness, capacity building, employee position, culture of protection of information and security behavior and understanding).
Conclusion: The results showed that this scale has an acceptable factor structure and reliability among bank employees; Therefore, this tool can be used as a reliable tool to evaluate and rank the factors affecting the promotion of cyber security culture and awareness among the employees of Bank of Country branches.

کلیدواژه‌ها [English]

  • Factor structure
  • Reliability
  • Culture and Awareness
  • Cyber Security
References

1- Yuchong L, Qinghui L. A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 1-11, In Press. 2021, https://www.sciencedirect.com/science/article/pii/S2352484721007289

2- Al-Alawi AI, Al-Bassam SA. Assessing The Factors of Cybersecurity Awareness in the Banking Sector. AGJSR 2021, 37 (4): 17-32. https://www.researchgate.net/profile/Adel-Al-Alawi/publication/352855616

3- Georgiadou A, Mouzakitis S, Askounis D. Detecting Insider Threat via a Cyber-Security Culture Framework. Journal of Computer Information Systems, 2021b , 1-11.  https://www.tandfonline.com/doi/abs/10.1080/08874417.2021.1903367

4- Georgiadou A, Mouzakitis S, Askounis D. Designing a cyber-security culture assessment survey targeting critical infrastructures during covid-19 crisis. International Journal of Network Security & Its Applications (IJNSA), 2021c,  Vol, 13, 33-50. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3787197

5- Georgiadou A, Mouzakitis S, Askounis D. Assessing MITRE ATT&CK Risk Using a Cyber-Security Culture Framework. Sensors, 2021d , 21(9), 3267. https://www.mdpi.com/1424-8220/21/9/3267

6- Cardoso L, Castanho M. A CYBERCULTURE STUDY: K-POP AND THE NEW MEDIA-BTS AND TWITTER. European Journal of Social Sciences Studies, 2021, 6(6). https://www.oapub.org/soc/index.php/EJSSS/article/view/1127/1713

7- Progoulakis I, Nikitakos N, Rohmeyer P, Bunin B, Dalaklis D, Karamperidis S. Perspectives on Cyber Security for Offshore Oil and Gas Assets. Journal of Marine Science and Engineering, 2021, 9(2), 112. https://www.mdpi.com/2077-1312/9/2/112

8- Trim PR, Lee YI. The global cyber security model: counteracting cyber attacks through a resilient partnership arrangement. Big Data and Cognitive Computing, 2021, 5(3), 32. https://www.mdpi.com/2504-2289/5/3/32

9- Bethel KL. An Evaluation of Organizational Culture: Its Influence on Security Culture: A Case Study (Doctoral dissertation, Northcentral University). 2020, https://www.proquest.com/openview /001623eb1e1a44dfce30d35f6555a6b1/1?pq-origsite=gscholar&cbl=18750&diss=y

10- Pavlova E. Enhancing the Organisational Culture related to Cyber Security during the University Digital Transformation. Information & Security, 2020, 46(3), 239-249. https://scholar.google.com/scholar?hl=en&as_sdt=0%2C5&q=Enhancing+the+Organisational+Culture+related+to+Cyber+Security+during+the+University+Digital+Transformation&btnG=

11- Georgiadou A, Mouzakitis S, Askounis D. Working from home during COVID-19 crisis: a cyber security culture assessment survey. Security Journal, 2021a, 1-20.  https://link.springer.com/article/10.1057/s41284-021-00286-2

12- Collins EI, Hinds J. Exploring workers' subjective experiences of habit formation in cyber-security: A qualitative survey. Cyberpsychology, Behavior, and Social Networking. 2021, Exploring workers' subjective experiences of habit formation in cyber-security: A qualitative survey — the University of Bath's research portal

13- Hasan S, Ali M, Kurnia S, Thurasamy R. Evaluating the cyber security readiness of organizations and its influence on performance. Journal of Information Security and Applications, 2021, 58, 102726. https://www.sciencedirect.com/science/article/abs/pii/S2214212620308656

14- Papatsaroucha D, Nikoloudakis Y, Kefaloukos I, Pallis E, Markakis E. A Survey on Human and Personality Vulnerability Assessment in Cyber-security: Challenges, Approaches, and Open Issues. arXiv preprint arXiv:2106.09986. 2021, https://arxiv.org/abs/2106.09986.

15- Sahraei M, Valavi M, Bayat B, Taraghi A. Provide a native model of cyber monitoring,monitoring and alerting based on the ooda cycle. National Security, 2020, 10(37), 473-512. https://ns.sndu.ac.ir/article_1118.html?lang=en

16- Erola A, Agrafiotis I, Nurse JR, Axon L, Goldsmith M, Creese S. A system to calculate cyber-value-at-risk. Computers & Security, 2022, 113, 102545. Pp: 1-12.https://www.sciencedirect.com/science/article/pii/S0167404821003692

17- Ahmed OS. Teacher’s awareness to develop student cyber security: A Case Study. Turkish Journal of Computer and Mathematics Education (TURCOMAT), 2021, 12(10), 5148-5156. https://www.turcomat.org/index.php/turkbilmat/article/view/5297

18- Al-Ghamdi MI. Effects of knowledge of cyber security on prevention of attacks. Materials Today: Proceedings. 2021, https://www.sciencedirect.com/science/article/pii/S2214785321029941

19- Legárd I. Building an effective information security awareness program. Central and Eastern European eDem and eGov Days, 2020, 338, 189-200. https://ejournals.facultas.at/index.php/ocgcp/article/view/1887

20- Nguyen TA, Koblandin K, Suleymanova S, Volokh V. Effects of ‘Digital’Country’s Information Security on Political Stability. Journal of Cyber Security and Mobility, 2022, 29-52. https://journals.riverpublishers.com/index.php/JCSANDM/article/view/8377

21- Matyokurehwa K, Rudhumbu N, Gombiro C, Mlambo C. Cybersecurity awareness in Zimbabwean universities: Perspectives from the students. Security and Privacy, 2021, 4(2), e141. https://onlinelibrary.wiley.com/doi/abs/10.1002/spy2.141

22- Orehek Š, Petrič G. A systematic review of scales for measuring information security culture. Information & Computer Security. 2020, https://www.emerald.com/insight/content/doi/10.1108/ICS-12-2019-0140/full/html

23- Karimzadeh B, Pourghahramani B, Beigi J. Designing a Native Model of Social Capital to Prevent Cybercrime. Journal of Social Order, 2021, 13(2), 115-148. [in Persian] DOR:20.1001.1.20086024.1400.13.2.5.1 , http://sopra.jrl.police.ir/article_97406.html?lang=en

24- Sayyadi Tooranloo H, Mirghafoori SH, Mahdavi MR, Saghafi S. Analysis of factors related to the establishment of Cybercrime using a Fuzzy approach. Quarterly of Order & Security Guards, 13(3), 27-54. 2020, [in Persian] https://doi.org/10.22034/osra.2020.94388, http://osra.jrl.police.ir/article_94388.html?lang=en

25- Razavi SY, Sadehmiri J. Influential components in raising the level of awareness and intelligence of NAJA personnel against the threats and injuries of soft war based on the intellectual system of Imam Khamenei, the Supreme Leader. Police Protectoral and Security Studies quarterly, 2020, 15(55), 43-77. [in Persian] http://spaps.jrl.police.ir/article_94797.html?lang=en

26- Farashi A, Estarky A, abiri D. The role of preventive actions in protecting the organization's cyber missions. Police Protectoral and Security Studies quarterly, 2020, 15(55), 129-160. [in Persian] http://spaps.jrl.police.ir/article_94799.html?lang=en

27- Khando K, Gao S, Islam SM, Salman A. Enhancing employees information security awareness in private and public organisations: A systematic literature review. Computers & Security, 106, 102267. 2021, https://www.sciencedirect.com/science/article/pii/S0167404821000912

28- Iser B, Brandtweiner R. Role of awareness to prevent personal disasters: reducing the risks of falling for phishing by strengthening user awareness. Wit Transactions On The Built Environment, 207, 79-88. 2022, https://www.witpress.com/elibrary/wit-transactions-on-the-built-environment/207/38183

29- Richardson MD, Lemoine PA, Stephens WE, Waller RE. Planning for Cyber Security in Schools: The Human Factor. Educational Planning, 2020, 27(2), 23-39. Retrieved from https://eric.ed.gov/?id=EJ1252710

30- Priyadarshini I, Kumar R, Sharma R, Singh PK, Satapathy SC. Identifying cyber insecurities in trustworthy space and energy sector for smart grids. Computers & Electrical Engineering, 93, 107204. 2021, https://www.sciencedirect.com/science/article/abs/pii/S0045790621002007

31- Nurse JR. Cybersecurity Awareness. arXiv preprint arXiv:2103.00474. 2021, https://doi.org/10.1007/978-3-642-27739-9 1596-1

32- Quayyum F, Cruzes DS, Jaccheri L. Cybersecurity awareness for children: A systematic literature review. International Journal of Child-Computer Interaction, 30, 100343. 2021, https://www.sciencedirect.com/science/article/pii/S2212868921000581

33- Mai PT, Tick A. Cyber Security Awareness and behavior of youth in smartphone usage: A comparative study between university students in Hungary and Vietnam. Acta Polytech. Hung, 18, 67-89. 2021, http://acta.uni-obuda.hu/Issue115. htm

34- Khan AH, Sawhney PB, Das S, Pandey D. SartCyber Security Awareness Measurement Model (APAT). In 2020 International Conference on Power Electronics & IoT Applications in Renewable Energy and its Control (PARC) (pp. 298-302). 2020, February, IEEE. https://ieeexplore.ieee.org/abstract/document/9087242

35- Hatzivasilis G, Ioannidis S, Smyrlis M, Spanoudakis G, Frati F, Goeke L, Koshutanski H. Modern aspects of cyber-security training and continuous adaptation of Programmes to trainees. Applied Sciences, 2020, 10(16), 5702. https://www.mdpi.com/2076-3417/10/16/5702

36- Furnell S, Collins E. Cyber security: what are we talking about?. Computer Fraud & Security, 2021(7), 6-11. https://www.sciencedirect.com/science/article/abs/pii/S1361372321000737

37- Coventry L, Branley-Bell D, Sillence E, Magalini S, Mari P, Magkanaraki A, Anastasopoulou K. Cyber-risk in healthcare: Exploring facilitators and barriers to secure behaviour. In International Conference on Human-Computer Interaction, 2020, July (pp. 105-122). Springer, Cham. https://link.springer.com/chapter/10.1007/978-3-030-50309-3_8

38- Tavakoli F, Mortazavi M, Keshavarztork M. Determining Strategic Factors Affecting the Prevention of Cybercrime with Fuzzy Delphi Approach. Journal of Social Order, 2021, 12(4), 113-140. [in Persian] DOR:20.1001.1.20086024.1399.12.4.5.8http://sopra.jrl.police.ir/article_95455.html?lang=en

39- Zakeri Hamane R, Azam Azade M, GHaziNejad M, Bastani S. Qualitative Study of Users’ Sense of Online Security in Social Networks. New Media Studies, 2020, 6(21), 141-178. [in Persian] https://doi.org/10.22054/nms.2020.42506.741, https://nms.atu.ac.ir/article_11875.html?lang=en

40- Uchendu B, Nurse JR, Bada M, Furnell S. Developing a cyber security culture: Current practices and future needs. Computers & Security, 2021, 109, 102387. https://www.sciencedirect.com/science/article/pii/S016740482100211X

41- Mamade BK, Dabala DM. Exploring The Correlation between Cyber Security Awareness, Protection Measures and the State of Victimhood: The Case Study of Ambo University’s Academic Staffs. Journal of Cyber Security and Mobility, 699-724. 2021, https://journals.riverpublishers.com/index.php/JCSANDM/article/view/5673

42- Abebe G, Lessa L. Human Factors Influence in Information Systems Security: Towards a Conceptual Framework. Proceedings of the 2nd African International Conference on Industrial Engineering and Operations Management Harare. 2020, http://ieomsociety.org/harare2020/