Abstract:
In modern organizations, information security is a key area of concern. To achieve information security in a methodical manner, many organizations adopt standards for the development and application of security mechanisms as well as policies. However, the use of these information security standards in the development of security techniques and policies, must take into consideration the structure and other properties that define the particular characteristics of the organization.
This research is focused on determining human factors of the successful achievement of widely used information security standards in an organization having a highly hierarchical management structure. The research for this purpose was conducted as a case study. I have selected Sri Lanka Navy as the highly hierarchical organization.
The data for the research was collected from relevant personnel at different levels within the highly hierarchical organization. Information Technology department of the highly hierarchical organization is used on behalf of the organization for the data collection due to convenience and as it represents the same characteristics. The research has involved the use of control and management of collecting information by using a self-administered questionnaire. The data collected using this research instrument was analyzed by statistical methods to validate a set of hypotheses that were created based on an identified collection of factors, which influences the determination of human factors of the achievement of information security in a highly hierarchical organization.
The independent variables are “control of work,” “delegation,” “co-operation,” “awareness” and “attitudes” and reflect good internal consistency in the data collection instrument. The dependent variable named “Human Factors for successful achievement of Information Security in a highly hierarchical organization” has similarly high internal consistency within the research instrument.
In conclusion, the most effective human factors have been identified by using aforesaid different types of analytical methods of achievement in the information security of the highly hierarchical organization.