Perception of the degree of awareness in information security before and after an intervention in a religious institution in Mexico
DOI:
https://doi.org/10.35997/unaciencia.v17i33.780Keywords:
Awareness, cybersecurity, cyber threats, training, HAIS-Q, ISAAbstract
The objective of this research is: to determine if there is a significant difference in the degree of awareness of information security before and after an intervention in administrative personnel of a religious institution in central Mexico. To answer the research question, is there a significant difference in the degree of awareness of information security before and after an intervention among administrative personnel of a religious institution in central Mexico? A pre-experimental research was carried out with the same subjects. To measure information security awareness (ISA), the HAIS-Q questionnaire was applied, which consists of 63 items grouped into seven areas of interest, which are: Password management, use of email, management of mobile devices, Internet use, use of social networks, information management and incident reporting. The questionnaire was administered to a group of 26 people from a religious institution in central Mexico. Each participant was assigned a unique identification number that only they knew. This was done with the purpose of protecting the privacy of each individual and to distinguish each instrument, facilitating subsequent grouping for analysis. The application of the questionnaire was carried out through the Google Forms platform. Subsequently, a cybersecurity intervention was carried out combining training with stories. The intervention focused on each of the seven areas of interest of the HAIS-Q and lasted five days, with sessions lasting thirty to forty-five minutes each. Then, the HAIS-Q questionnaire was administered again to the same group of 26 people to compare the results with those obtained in the first application. The information security awareness (ISA) variable showed significant differences in the means (p < .001) and a high effect size (d = 1.06). These results confirm the rejection of the null hypothesis of this research.
Downloads
References
Aron, A., & Aron, E. (2001). Estadística para Psicología.
Castañeda, C. (2020). Concientización México y la ciberguerra. Revista Mexicana en Ciencias Penales, 3(10), 74–82.
CCN-CERT. (2019). Ciberamenazas y tendencias. https://bit.ly/31WMmr8
Centro Criptológico Nacional, Computer Emergency Response Team. (2021). Ciberamenazas y tendencias. https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos/6338-ccn-cert-ia-13-21-ciberamenazas-y-tendencias-edicion-2021-1/file.html
Cohen, J. (1972). Statistical power analysis for the behavioral sciences (2a ed.). Lawrence Erlbaum Associates.
Domínguez, R., Flores, O. A., & Sánchez, J. A. (2021). Exploratory analysis of a measurement scale of an information security management system. International Conference on Computer Science, Computer Engineering & Applied Computing (CSCE), EUA.
Domínguez, R., Flores, O., & del Valle, J. A. (2022, julio). Evaluation of an information security management system at a Mexican higher education institution. International Conference on Computational Science and Computational Intelligence (CSCI), EUA.
Espinoza Arana, E. D. (2018). Desarrollo e implementación de un sistema de control de acceso a redes inalámbricas mediante RADIUS [Tesis de maestría, Universidad Nacional Mayor de San Marcos].
Furnell, S., & Clarke, N. (2022). Power to the people? The evolving recognition of human aspects of security. Computers & Security, 31, 983–988.
Galba, T., Solic, K., & Lukic, I. (2015). An information security and privacy self-assessment (ISPSA) tool for internet users. Acta Polytechnica Hungarica, 12(7), 149–162.
ISC2 Cybersecurity Workforce Study. (2023). How the economy, skills gap, and artificial intelligence are challenging the global cybersecurity workforce. https://www.isc2.org/-/media/Project/ISC2/Main/Media/documents/research/ISC2_Cybersecurity_Workforce_Study_2023.pdf
Kaspersky. (2020). ¿Qué es la ciberseguridad? https://latam.kaspersky.com/resource-center/definitions/what-is-cyber-security
Malekos, Z., & Lostri, E. (2020). The hidden costs of cybercrime [Informe técnico]. McAfee. https://bit.ly/3zYkcZ1
McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M., & Pattinson, M. (2017, noviembre). Individual differences and information security awareness. Computers in Human Behavior. https://doi.org/10.1016/j.chb.2016.11.065
Mendevil, J., Sanz, B., & Gutierrez, M. (2022). Formación y concienciación en ciberseguridad basada en competencias: Una revisión sistemática de literatura. Pixel-Bit. Revista de Medios y Educación, 66, 197–225.
Ögütçü, G., Testik, Ö. M., & Chouseinoglou, O. (2015). Analysis of personal information security behavior and awareness. Computers & Security. http://dx.doi.org/10.1016/j.cose.2015.10.002
Parsons, K., Calic, D., Pattinson, M., Butavicius, M., McCormac, A., & Zwaans, T. (2017, enero). The Human Aspects of Information Security Questionnaire (HAIS-Q): Two further validation studies. Computers & Security, 66, 40–51. http://dx.doi.org/10.1016/j.cose.2017.01.004
PricewaterhouseCoopers. (2016). Turnaround and transformation in cybersecurity: Key findings from The Global State of Information Security Survey.
Universidad de Palermo, Facultad de Negocios. (2022). El storytelling, el arte de contar historias con efectividad. https://www.palermo.edu/negocios/que-es-el-storytelling.html
Wiley, A., McCormac, A., & Calic, D. (2020). More than the individual: Examining the relationship between culture and information security awareness. Computers & Security, 88, 101640. https://doi.org/10.1016/j.cose.2019.101640
World Economic Forum. (2022). The global risks report. https://www3.weforum.org/docs/WEF_The_Global_Risks_Report_2022.pdf
Zwilling, M., et al. (2022). Cyber security awareness, knowledge, and behavior: A comparative study. Journal of Computer Information Systems, 82–97. https://doi.org/10.1080/08874417.2020.1712269
Downloads
Published
Issue
Section
License
Copyright (c) 2024 Unaciencia Revista de Estudios e Investigaciones
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
