Designing and Psychometric Evaluation of Questionnaire of Human Factors Affecting Information Security in Libraries

Authors

Masoumeh Amini, Hamadan University of Medical SciencesFollow
Hossein VakiliMofrad, Hamadan University of Medical SciencesFollow
Mohammad Karim Saberi, Hamadan University of Medical SciencesFollow

Document Type

Article

Citation

Alavi, R., Islam, S., & Lee, W. C. (2016). A Risk-Driven Investment Model for Analysing Human Factors in Information Security. (A thesis submitted for the degree of Doctor of Philosophy), The University of East London, School of Architecture, Computing and Engineering (ACE).

Ali Ahmadi, A. (2009). ICT Strategic Planning. Tehran: Knowledge Production Publications, [Persian].

Almunawar, M., Susanto, H., & Tuan, y. (2011). “information security management system standards: A comparative study of the big five". Inter-national journal of electrical & computer sciences IJECS-IJENS, 11, 23-27.

Arianpour, M., Karbala Aghaei , K., & Abam, Z. (2016). Compliance with ISO / IAS Standards. 27002 and 27019 in the field of "Information Security Management" at the National Library and Archives of the Islamic Republic of Iran. (Arshad thesis), Alzahra University, Faculty of Educational Sciences and Psychology, Department of Information Science and Dentistry. [Persian].

Atiku Maidabino, A., & Awang Ngah, Z. (2010). Collection Security Issues in Malaysian Academic Libraries: An Exploratory Survey. Library Philosophy and Practice.

Baghban Zadeh, M. (2014). Identification and validation of human factors affecting information security using the ANP and DEMATEL combined fuzzy approach. (Master's thesis).[Persian]).

Bishop, M. (2005). Position: Insider is relative. In: C.F. Hempelmann and V. Raskin (eds.), Proceedings of the New Security Paradigms Workshop. New York: ACM Press.

EllahI, S., Taheri, M., & Hasanzadeh, A. (2008). A framework for human-related factors in information system security. Management researches in Iran., 13(2), 1-22. [Persian].

Eloff, M. M., & Von Solms, S. H. (2000). Information security management: An approach to combine process certification and product evaluation. Computers & Security, 19(8), 698–709.

Ferdinand, O., Patrick, I., & Thelma, N. (2015). library and information resources security: traditional and electronic security measures. International journal of academic research and reflection, 3(3).

Habibi, S. H., Seyed-Akbari, L., Torab-Miandoab, A., & Samad-Soltani, T. (2019). Usability of Central Library Websites of Iranian Universities of Medical Sciences: An Evaluation. Desidoc Journal of Library & Information Technology, 39(4), 162-168. DOI:10.14429/djlit.39.4.14462. [Persian]

Hawkey, K., Botta, D., Werlinger, R., Muldner, K., Gagne, A., & Beznosov, K. (2008). Human, Organizational, and Technological Factors of IT Security. In CHI’08 extended abstract on Human factors in computing systems. 3639–3644.

Jo, H., Kim, S., & Won, D. (2011). Advanced information security management evaluation system. KSII T Internet Info. 5(6).

Kaviani, M., Tajfar, A. H., & Karimzadegan Moghadam, D. (2013). Presenting a framework for identifying effective factors on end-users awareness and its role on computer information security in Banks- Case study: Bank Melli. (A Thesis Submitted for the Award of Master of Science Degree management Information security.[Persian]).

Khakbiz M, M. S. A., Mirghafori H. (2017). Identification and Prioritization Of Organizational Information Systems Security Factors Using MADM: Yazd University Faculty of Economics, Management & Accounting Thesis submitted for a master degree of Industrial management.[Persian].

Khaleghi, M. (2004). Implementation guide for information security management system. Tehran: Secretariat of the Supreme Council for the Security of the Information Interchange Space. [Persian].

Kruger, H. A., Drevin, L., & Steyn, T. (2010). A Vocabulary test to assess information. Information Management & Computer Security Journal. 18(5), 316-319.

Lawshe, C. (1975). A Qualitative Approach to Content Validity. Personnel Psychology 28(8), 563-575.

Mahmoud Zadeh, I., & Rad Rajabi, M. (2006). Security management in information systems. Journal of Management Sciences of Iran, 1(4), 78-112. [Persian].

Nkiki, C., & Yusuf, F. O. (2008). Library and information support for New Partnership for Africa's Development (NEPAD). Library Philosophy and Practices.

Parsons.k, McCormac.A, Butavicius.M, & Ferguson, L. (2010). Human Factors and Information Security: Individual, Culture and Security Environment. Defense Science and Technology Organisation. Command, Control, Communications, and Intelligence Division.

Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: Guidelines for effective information security management. CRC Press.

Shaw, R. S., Charlie, C., Harris, A., & Huang, H. j. (2009). The impact of information richness on information security awareness training effectiveness. Computer & Education(52), 93-100.

Soomro, Z., Shah, M., & Ahmed, J. (2016). Information security management needs a more holistic approach: A literature review. International Journal of Information Management, 36(2), 215-225. DOI:10.1016.

Taheri, M. (2007). Providing a framework for the role of human factors in the security of information systems. (Master thesis), Tehran: Tarbiat Modarres University- Faculty of Humanities- Department of Information Technology Management.[Persian].

Udoumoh, C. N., & Okoro, C. C. (2007). The effect of library policies on overdue materials in university libraries in the South-South Zone, Nigeria. Library Philosophy and Practice.

vali, H., Yaghoubi, N., & Oraee Yazdani, B. (2012). Identifying and prioritizing the factors affecting the adoption and development of information security policies in the organization (Study at the National Iranian Oil Products Distribution Company). (Master's thesis. [Persian]).

Wilson, M., & Hash, J. (2003). Building an information technology security awareness and training program. National Institute of Standards and Technology, 20-79.

Abstract

Background and Purpose: Information security is the use of a set of policies, solutions, tools, hardware, and software to provide a threat-free environment in the generation, refinement, transmission, and distribution of information. The purpose of this study was to assess the validity and reliability of the Human Factors Inventory affecting libraries' information security.

Materials and methods: The present study was a cross-sectional study conducted for designing and psychometric evaluation for the inventory. After designing the initial list of inventory items, the opinion of expert lecturers and senior managers of Iranian libraries was used to evaluate face and content validity using Lawshe, content validity ratio (CVR) and Content validity index (CVI). Cronbach's alpha coefficient was used to assess the overall reliability of the questionnaire. Data were analyzed using SPSS software.

Results: The results showed that each of the items in the inventory had face validity and content validity (CVR> 0.75). Besides, the content validity index was set to 0.87 in all dimensions of the inventory, which is an acceptable number for the inventory. Cronbach's alpha coefficient was calculated as 0.946 and the reliability of the instrument was confirmed.

Originality/Value: In this study, for the first time, an inventory was designed and psychometrically assessed for human factors affecting library information security. Library and information science professionals and librarians can use this tool in research activities.