Factors Affecting Information Systems Security Investment in Selected Public Organizations in Ethiopia
No Thumbnail Available
Date
2023-06
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
Ethiopian public institutions are investing in various IT infrastructure and systems to improve the effectiveness and efficiency of their operations. Organizations are highly dependent on network connection and information systems which make them to become hot point of cyber-security. With respect to this, the government of Ethiopia adopts a digitization strategy that strength security capacity as a key element. However, most Organizations have hesitated to make security investments due to several reasons. Most organizations do not consider how cyber-attacks affect the costs and benefits, which results in underinvestment in cyber-security. Due to the dearth of information determining the benefit on information security investment (ROSI) is always challenging. Decision-makers are frequently confused by the abundance of competing solutions and unsure of whether their investments in security are appropriate or even effective. The goal of this study is to identify the factors that affect investment in information security based on TOE framework. In addition, the study determines the significance of those factors that affect information system security investment and provide suggestion on how information system security could be guided. Identifying the factors that influence security investment decisions will assist decision-makers to drive better cyber-security investment decision-making in a proper manner. The study used a quantitative research method using questionnaires as a data collection tool. A total of 105 questionnaire sets were distributed, and 86 were returned, which accounts for 81.9% of the total response rate. Descriptive and explanatory analyses were used to examine the data. The result revealed that among organizational factors: management support, economy, awareness, decision support process, risk assessment, future Growth, and organization culture have significant impact on information security investment. Similarly, environmental factors, namely; legal and regulatory framework, have an impact on security investment. Based on the results, information system security investment could be guided by the support and commitment of management. Raising the information system security awareness among management and key decision makers can increase investment in information system security. The greater awareness and support on security among the decision makers, the greater the security investment. Furthermore, Organizations must take risk assessment; create security controls, policies, and frameworks in order to maintain their spending in information security.
Key words: Information system security, Information system security investment, Technology, Organization, Environment
Description
Keywords
Information system security, Information system security investment, Technology, Organization, Environment