Evaluating the Influence of Attitude versus Knowledge and Individual Factor versus Intervention Factor on Information Security Awareness in Local Government

Local government as a public organization that typically collects mass amounts of sensitive data is one of the vulnerable and targeted sectors for information security attacks. The human aspect is the most critical but weak link to information security incidents. Among government organizations, local governments usually have more limited human resources either in number and competencies including information security awareness. This study aims to validate the Information Security Awareness (ISA) model for local government, including confirming the influence of knowledge and attitude on information security behavior, evaluating the stronger predictor between knowledge and attitude toward information security behavior, and analyzing the influence of gender (as an individual factor) and training (as an intervention factor) on the information security behavior. Utilizing the HAIS-Q assessment tool, this study collected responses from 704 employees of 68 departments/units under the government of East Java Province, Indonesia. The results suggest that in the local government context, there is a significant direct relationship between Knowledge of information security and information security Behavior and its indirect relationship via Attitude toward information security behavior. However, Attitude toward information security behavior has a stronger effect on Behavior than Knowledge. This study also suggests significant differences in information security behavior between employees who have trained and those who have not, regardless of gender. The proposed model suggests that to improve Information Security Awareness among employees, local government should focus on improving employees' Attitudes toward information security behavior, either by improving their Knowledge of Information Security via training or their affective attitude toward information security behavior.