Understanding the Information Security Awareness Process in Real Estate Organizations Using the SECI Model

Information security awareness plays a key role in organizations using information systems for their business operations. Recent trends have indicated that not only critical infrastructure sectors but also organizations such as retail services are targeted by criminals as long as there is data of interest and the level of information security (and awareness) is relatively low. One such example concerns real estate organizations where they process their customers’ personal and sensitive information. In this study, we applied Nonaka’s Socialization, Externalization, Internalization, and Combination (SECI) model as the theoretical lens to understand how real estate business employees gain awareness and understanding of information security. Data collected from 105 real estate organizations is tested using the structural equation modelling approach. The results indicate Socialization, Internalization and Combination were found to support the development of information security awareness among employees while data analysis does not support Externalization.

[1]  James C. Anderson,et al.  STRUCTURAL EQUATION MODELING IN PRACTICE: A REVIEW AND RECOMMENDED TWO-STEP APPROACH , 1988 .

[2]  Detmar W. Straub,et al.  Security lapses and the omission of information security measures: A threat control model and empirical test , 2008, Comput. Hum. Behav..

[3]  Abdul Rasheed,et al.  Factors promoting knowledge sharing & knowledge creation in banking sector of Pakistan , 2013 .

[4]  Anu Puusa,et al.  Is Tacit Knowledge Really Tacit ? , 2010 .

[5]  John P. Rice,et al.  The Applicability of the SECI Model to Multi-Organisational Endeavours: An Integrative Review , 2005 .

[6]  I. Nonaka A Dynamic Theory of Organizational Knowledge Creation , 1994 .

[7]  Chei Sian Lee,et al.  ICT and Knowledge Management: Perspectives from the SECI Model , 2013, Electron. Libr..

[8]  Neil F. Doherty,et al.  The information security policy unpacked: A critical study of the content of university policies , 2009, Int. J. Inf. Manag..

[9]  Irene M. Y. Woon,et al.  Perceptions of Information Security at the Workplace : Linking Information Security Climate to Compliant Behavior , 2006 .

[10]  Michael E. Whitman Enemy at the gate: threats to information security , 2003, CACM.

[11]  Omar F. El-Gayar,et al.  Information Security Policy Compliance: The Role of Information Security Awareness , 2012, AMCIS.

[12]  C. Fornell,et al.  Evaluating structural equation models with unobservable variables and measurement error. , 1981 .

[13]  Philippe Byosiere,et al.  Knowledge domains and knowledge conversion: an empirical investigation , 2008, J. Knowl. Manag..

[14]  S. Walt THE RELATIONSHIP BETWEEN THEORY AND POLICY IN INTERNATIONAL RELATIONS , 2005 .

[15]  J. Schweitzer Security awareness , 1986, PCS '86.

[16]  Mikko T. Siponen,et al.  Toward a New Meta-Theory for Designing Information Systems (IS) Security Training Approaches , 2011, J. Assoc. Inf. Syst..

[17]  Nesren Waly,et al.  Improving Organisational Information Security Management: The Impact of Training and Awareness , 2012, 2012 IEEE 14th International Conference on High Performance Computing and Communication & 2012 IEEE 9th International Conference on Embedded Software and Systems.

[18]  N. Easa Knowledge creation process & Innovation in Egyptian Banking Sector , 2011 .

[19]  Mo Adam Mahmood,et al.  Employees' adherence to information security policies: An exploratory field study , 2014, Inf. Manag..

[20]  J. Nunnally Psychometric Theory (2nd ed), New York: McGraw-Hill. , 1978 .

[21]  Miranda Kajtazi,et al.  Information Security Policy Compliance: An Empirical Study on Escalation of Commitment , 2013, AMCIS.

[22]  Kaj U. Koskinen,et al.  The role of tacit knowledge in innovation processes of small technology companies , 2002 .

[23]  L. Cronbach Coefficient alpha and the internal structure of tests , 1951 .

[24]  I. Nonaka,et al.  Organizational Knowledge Creation Theory: Evolutionary Paths and Future Advances , 2006 .

[25]  Rossouw von Solms,et al.  From policies to culture , 2004, Comput. Secur..

[26]  Elizabeth A. Smith The role of tacit and explicit knowledge in the workplace , 2001, J. Knowl. Manag..

[27]  Jia-Chi Huang,et al.  Knowledge Conversion Abilities and Knowledge Creation and Innovation: A New Perspective on Team Composition , 2002 .

[28]  Paul Hildreth,et al.  The duality of knowledge , 2002, Inf. Res..

[29]  Kim-Kwang Raymond Choo,et al.  Information security in the South Australian real estate industry: A study of 40 real estate organisations , 2014, Inf. Manag. Comput. Secur..

[30]  Michael E. Whitman,et al.  In defense of the realm: understanding the threats to information security , 2004, Int. J. Inf. Manag..

[31]  Neil F. Doherty,et al.  The application of information security policies in large UK-based organizations: an exploratory investigation , 2003, Inf. Manag. Comput. Secur..

[32]  R. Bagozzi,et al.  On the evaluation of structural equation models , 1988 .

[33]  Rolph E. Anderson,et al.  Nederlandse samenvatting en bewerking van 'Multivariate data analysis, 4th Edition, 1995' , 1998 .

[34]  M. Eric Johnson,et al.  Embedding Information Security into the Organization , 2007, IEEE Security & Privacy.

[35]  R. Bagozzi,et al.  On the evaluation of structural equation models , 1988 .

[36]  Pedro López-Sáez,et al.  External knowledge acquisition processes in knowledge-intensive clusters , 2010, J. Knowl. Manag..

[37]  J. Hair Multivariate data analysis , 1972 .

[38]  Richard J. Varey The Knowing Organization: : How Organizations Use Information to Construct Meaning, Create Knowledge, and Make Decisions , 2013 .

[39]  Irene Woon,et al.  A Protection Motivation Theory Approach to Home Wireless Security , 2005, ICIS.

[40]  Qing Hu,et al.  Future directions for behavioral information security research , 2013, Comput. Secur..