Hacking a Bridge: An Exploratory Study of Compliance-based Information Security Management in Banking Organization

摘要

This work is approached through the lens of compliant security by drawing on the concepts of neutralization theory, a prominenl postulation in the criminology domain and the 'big five' personality construct. This research is conducted based on a case study of ISO/IEC27001 Standard certified banks, to empirically evaluate the link between cyber security protocols violation and how employees rationalise security behaviour. We propose that compliance-based security has the propensity for a heightened sense of false security and vulnerability perception, by showing that systemic security violation in compliance-base security model can be explained by the level of linkages from the personality construct and the neutralization theory. Based on the survey responses from banking organization employees and the application of partial least square structural equation modelling (PLS-SME) analysis to test the hypothesis and validate survey samples, we can draw a strong inference to support the importance of individual security scenario effect as a vital complementary element of compliance-based security. We then suggest how information security can be addressed in that context.