CRITICAL ANALYSIS OF IMPACT OF 
INFORMATION SECURITY POLICIES ON 
EMPLOYEES’ JOB STRESS IN 
SRI LANKAN TELECOM SECTOR 
 
 
By 
Totage Sankha Fernando 
 
 
 
 
The Dissertation was submitted to the Department of Computer Science 
& Engineering of the University of Moratuwa in partial fulfilment of the 
requirement for the Degree of Master of Business Administration in 
Information Technology 
 
 
 
 
Department of Computer Science & Engineering 
University of Moratuwa 
December 2009 
  ii 
DECLARATION 
 
“I hereby certify that this dissertation does not incorporate, without acknowledgement  
, any material previously submitted for a Degree or Diploma in any University and to 
the best of my knowledge and belief, it does not contain any material previously 
published or written by another person or myself except where due reference is made 
in the text. I also hereby give consent for my dissertation, if accepted, to be made 
available for photocopying and for interlibrary loans, and for the title and summary to 
be made available to outside organizations.” 
 
 
 
. . . . . . . . . . . . . . . . . . . . . .    ... . . . . . . . . . . . .. . . . . . . . . 
Signature of the Candidate      Date 
 
To the best of my knowledge, the above particulars are correct. 
 
 
 
. . . . . . . . . . . . . . . . . . . . . .    . . . . . . . . . . . .. . . . . . . . . 
Signature of the Supervisor      Date 
  iii 
ABSTRACT 
 
Job Stress is an extensively discussed topic worldwide and many researchers have 
done empirical studies to analyze the factors affecting job stress and have identified 
many stressors. Information Security Policy can be defined as a set of controls and 
procedures adapted by a particular organization to provide adequate protection to 
maintain confidentiality of data. It has become essential to enforce IS Policy to protect 
confidential information of the company in a competitive environment. However, 
some of the restrictions enforced by such policies may create unpleasant working 
environment. Moreover, there is a belief that some IS policies are affecting job stress 
of the employees. Therefore, the  main objective of this research is to investigate the 
job stress resulting from IS Policies. 
 
Both quantitative and qualitative methods have been employed for this study. Even 
though the term job stress is a discussed topic, no study has been carried out so far to 
analyze the job stress resulting from the IS Policy in the Sri Lankan context. 
Therefore, all the employees who are working with telecommunication operators in 
Sri Lanka were considered as the target population and proportionate stratified 
random sampling method was used to select the sample.  
 
Research findings reveled that job stress resulting from the IS Polices may go high 
when the availability and awareness about such policies are at a low level. Further, if 
the policies are not properly enforced, that may also lead to the increase of the level of 
job stress. Research findings showed that employees’ privacy violations by IS Policy 
and effects of IS Policy violations are having a strong positive relationship with the 
job stress. Therefore, it is suggested that restrictions enforced by the IS polices should 
also be added to list of job stressors. This study concludes with a discussion and 
necessary recommendations for reformulations of the information security polices in 
Sri Lankan telecommunication sector. 
  iv 
ACKNOWLEDGEMENT  
 
First and foremost I would like to express my sincere gratitude to my supervisor Eng. 
Kithsiri Samarasinghe, Department of Electronic and Telecommunication 
Engineering, University of Moratuwa, for his continuous support and guidance 
throughout the research.  
 
My sincere gratitude and thanks are extended to Ms.Vishaka Nanayakkara and Dr. 
Chandana Gamage for the guidance and support given throughout the course to make 
this MBA a success. Further, I would like to thank the members of the  Department of 
Computer Science & Engineering, University of Moratuwa for supporting me in every 
possible way. 
 
I take this opportunity to convey my honest gratitude to my family, colleagues and 
friends for bearing with me the hardships that I encountered during the past two years, 
for their patience, kindness and encouragement, which kept me going until the end. 
 
Finally yet importantly, I would like to thank the employees from telecommunication 
operators in Sri Lanka who participated in my survey for sparing their valuable time 
to provide information to make this research a success. 
  v 
TABLE OF CONTENTS 
  
DECLARATION…………………………………………………………………. ii 
ABSTRACT……………………………………………………………………….. iii 
ACKNOWLEDGEMENT………………………………………………………...iv  
LIST OF TABLES................................................................................................... viii 
LIST OF FIGURES…………………………………………….………………… x 
ABBREVIATIONS……………………………………………….………………. xi 
 
1 CHAPTER: INTRODUCTION ..........................................................................1 
1.1 INTRODUCTION .........................................................................................1 
1.2 BACKGROUND ...........................................................................................1 
1.3 PREVIOUS STUDIES...................................................................................2 
1.4 PROBLEM STATEMENT............................................................................3 
1.5 RESEARCH OBJECTIVES ..........................................................................3 
1.6 STUDY ADOPTED.......................................................................................4 
1.7 EXPECTED RESULTS FROM THE STUDY .............................................5 
1.8 THESIS ORGANIZATION...........................................................................5 
1.9 SUMMARY...................................................................................................6 
 
2 CHAPTER: LITERATURE REVIEW..............................................................7 
2.1 INTRODUCTION .........................................................................................7 
2.2 WHAT IS INFORMATION..........................................................................7 
2.3 INFORMATION SECURITY .......................................................................8 
2.3.1 Confidentiality .......................................................................................8 
2.3.2 Integrity..................................................................................................8 
2.3.3 Availability.............................................................................................9 
2.4 INFORMATION SECURITY POLICY......................................................11 
2.5 INTERNATIONAL STANDARDS FOR IS POLICY ...............................12 
2.6 JOB STRESS ...............................................................................................13 
2.6.1 Extra Organizational Stressors.............................................................15 
2.6.2 Organizational Stressors ......................................................................15 
2.6.3 Group Stressors....................................................................................15 
2.6.4 Individual Stressors..............................................................................16 
  vi 
2.7 IS POLICY AND JOB STRESS..................................................................16 
2.8 SUMMARY.................................................................................................20 
 
3 CHAPTER: RESEARCH DESIGN .................................................................21 
3.1 INTRODUCTION .......................................................................................21 
3.2 CONCEPTUAL FRAMEWORK ................................................................21 
3.3 DEFINITIONS OF VARIABLES ...............................................................22 
3.4 HYPOTHESES DEVELOPMENT .............................................................24 
3.5 SUMMARY.................................................................................................25 
 
4 CHAPTER: RESEARCH METHODOLOGY ...............................................26 
4.1 INTRODUCTION .......................................................................................26 
4.2 SAMPLE DESIGN ......................................................................................26 
4.2.1 Target Population.................................................................................26 
4.2.2 Sampling Method .................................................................................27 
4.2.3 Sample Size..........................................................................................28 
4.3 OPERATIONAL MEASURES ...................................................................29 
4.4 SCALE OF MEASUREMENT ...................................................................31 
4.5 RELIABILITY ANALYSIS ........................................................................32 
4.6 STATISTICAL ANALYSIS .......................................................................35 
4.7 SUMMARY.................................................................................................35 
 
5 CHAPTER: DATA COLLECTION AND ANALYSIS .................................36 
5.1 INTRODUCTION .......................................................................................36 
5.2 DATA COLLECTION ................................................................................36 
5.2.1 Research Questionnaire........................................................................36 
5.2.2  Interviews.............................................................................................37 
5.3 DATA ANALYSIS......................................................................................38 
5.3.1 Reliability Analysis..............................................................................38 
5.4 DESCRIPTIVE ANALYSIS .......................................................................39 
5.4.1 Frequency Analysis..............................................................................40 
5.4.2 Measures of Central tendency and Dispersion.....................................43 
5.5 INFERENTIAL ANALYSIS .......................................................................44 
5.5.1 Correlation Analysis ............................................................................45 
5.5.2 Hypothesis Testing...............................................................................48 
  vii 
5.5.3 Simple Regression Analysis ................................................................50 
5.5.4 Multiple Regression Analysis ..............................................................61 
5.6 SUMMARY.................................................................................................63 
 
6 CHAPTER: DATA INTERPRETATION & CONCLUSION ......................64 
6.1 INTRODUCTION .......................................................................................64 
6.2 DATA INTERPRETATION .......................................................................64 
6.2.1 Interpretation of the Hypothesis...........................................................64 
6.2.2 Interpretation of the Simple Regression Analysis ...............................66 
6.2.3 Interpretation of the Multiple Regression Analysis .............................68 
6.3 RECOMMENDATIONS.............................................................................70 
6.4 FUTURE STUDIES.....................................................................................71 
6.5 LIMITATIONS OF THE STUDY...............................................................72 
6.6 CONCLUSION............................................................................................73 
6.7 SUMMARY.................................................................................................74 
 
REFERENCES ............................................................................................................75 
APPENDIX - A............................................................................................................79 
APPENDIX – B ...........................................................................................................82 
  
  viii 
LIST OF TABLES 
  
Table 2-1 International Standards for IS Policy ..........................................................13 
Table 4-1 Number of Staff – Telecommunication Operators ......................................27 
Table 4-2 Number of Employees in Each Employee Category...................................28 
Table 4-3 Number of Subjects for the Sample .............................................................29 
Table 4-4 Operationalization of Variables...................................................................30 
Table 4-5 Scale of Measurement of Variables.............................................................31 
Table 4-6 Likert Scale..................................................................................................32 
Table 4-7 Reliability Statistics for Employees’ Job Stress ..........................................33 
Table 4-8 Reliability Statistics for Availability of Information Security Policy.........33 
Table 4-9 Reliability Statistics for Awareness of Information Security Policy...........33 
Table 4-10 Reliability Statistics for Privacy Violations by Information Security Policy
......................................................................................................................................34 
Table 4-11 Reliability Statistics for Enforcement Methods of Information Security 
Policy ...........................................................................................................................34 
Table 4-12 Reliability Statistics for Effects of Information Security Policy Violations
......................................................................................................................................34 
Table 4-13 Statistical Analysis Techniques to Analyze the Data ................................35 
Table 5-1 Respondent’s Statistics ................................................................................37 
Table 5-2 Interviewee’s Statistics................................................................................38 
Table 5-3 Reliability Statistics for Independent Variables ..........................................38 
Table 5-4 Reliability Statistics for Employees’ Job Stress ..........................................39 
Table 5-5 Frequency Analysis for Job Category .........................................................40 
Table 5-6 Frequency Analysis for Job Function..........................................................41 
Table 5-7 Frequency Analysis for Telco Experience...................................................43 
Table 5-8 Descriptive Statistic for Interval Scale Variables........................................44 
Table 5-9 Correlation Analysis for Availability of IS Policy......................................45 
Table 5-10 Correlation Analysis for Awareness of IS Policy......................................46 
Table 5-11 Correlation Analysis for Privacy Violations by IS Policy.........................46 
Table 5-12 Correlation Analysis for Enforcement Methods of IS Policy ...................47 
Table 5-13 Correlation Analysis for Effects of IS Policy Violations ..........................47 
Table 5-14 Summary of Hypothesis Test Results........................................................50 
  ix 
Table 5-15 Model Summary for Availability of IS Policy ..........................................51 
Table 5-16 ANOVA for Availability of IS Policy.......................................................51 
Table 5-17 Coefficients for Availability of IS Policy..................................................52 
Table 5-18 Model Summary for Awareness of IS Policy............................................53 
Table 5-19 ANOVA for Awareness of IS Policy ........................................................53 
Table 5-20 Coefficients for Awareness of IS Policy ...................................................53 
Table 5-21 Model Summary for Privacy Violations by IS Policy...............................55 
Table 5-22 ANOVA for Privacy Violations by IS Policy ...........................................55 
Table 5-23 Coefficients for Privacy Violations by IS Policy ......................................55 
Table 5-24 Model Summary for Enforcement Methods of IS Policy..........................57 
Table 5-25 ANOVA for Enforcement Methods of IS Policy ......................................57 
Table 5-26 Coefficients for Enforcement Methods of IS Policy.................................57 
Table 5-27 Model Summary for Effects of IS Policy Violations ................................59 
Table 5-28 ANOVA for Effects of IS Policy Violations .............................................59 
Table 5-29 Coefficients for Effects of IS Policy Violations ........................................60 
Table 5-30 Model Summary for Multiple Regression Analysis ..................................61 
Table 5-31 ANOVA for Multiple Regression Analysis ..............................................62 
Table 5-32 Coefficients for Multiple Regression Analysis .........................................62 
  x 
LIST OF FIGURES 
 
Figure 2-1 Monitoring Computer Activities of Employees .........................................17 
Figure 2-2 Limiting Personal Internet Use ..................................................................18 
Figure 2-3 IS Security Orientation Program for New Employees ...............................19 
Figure 2-4 IS Security Awareness Programs ...............................................................19 
Figure 3-1 Conceptual Framework ..............................................................................21 
Figure 5-1 Frequency Ana lysis (Histogram) for Job Category ...................................41 
Figure 5-2 Frequency Analysis (Histogram) for Job Function....................................42 
Figure 5-3 Frequency Analysis (Histogram) for Telco Experience.............................43 
Figure 5-4 Simple Regression Analysis for Availability of IS Policy.........................52 
Figure 5-5 Simple Regression Analysis for Awareness of IS Policy ..........................54 
Figure 5-6 Simple Regression Analysis for Privacy Violations by IS Policy .............56 
Figure 5-7 Simple Regression Analysis for Enforcement Methods of IS Policy........58 
Figure 5-8 Simple Regression Analysis for Effects of IS Policy Violations ...............60 
  xi 
ABBREVIATIONS 
 
ANOVA : Analysis of Variance  
BS  : British Standards 
IS  : Information Security 
ISO  : International Organization of Standardization 
IS Policy : Information Security Policy 
IT  : Information Technology 
MBA  : Master of Business Administration 
TRCSL : Telecommunication Regulatory Commission of Sri Lanka 
WWW  : World Wide Web