Strategy to Improve Employee Security Awareness at Information
Technology Directorate Bank XYZ
Dublin Core
Title
Strategy to Improve Employee Security Awareness at Information
Technology Directorate Bank XYZ
Technology Directorate Bank XYZ
Subject
information security awareness, information security awareness strategies, Human Aspect of Information Security
Questionnaire (HAIS-Q), information security measurement, Knowledge Attitude Behaviour (KAB)
Questionnaire (HAIS-Q), information security measurement, Knowledge Attitude Behaviour (KAB)
Description
Bank handles private information like customer financial transactions and personal data. There was a 63% increase in
cyberattacks attempted against Bank XYZ in 2021, and 1,323 attempted attacks on corporate email Bank XYZ. Therefore,
implementing security awareness training for all employees is crucial for Bank XYZ. The information security awareness
program must be assessed to determine the program's efficiency and the level of information security awareness among
employees. Therefore, this study assesses the information security awareness at Bank XYZ, especially the Information
Technology (IT) Directorate using the Human Aspect of Information Security Questionnaire (HAIS-Q) method. The findings
of this study revealed that employees at Bank XYZ in the information security work unit had a "Good" level of awareness. In
contrast, the results from other IT work units were “Medium”. Based on the assessment results, Bank XYZ's security awareness
strategy recommendation is to align awareness content with information security policies and procedures, use a variety of
media awareness, and focus on the "Internet Use" and "Information Handling" awareness areas. As a way of determining the
achievement of information security Key Performance Indicators (KPI), security awareness measurement must be done
regularly, for example, once a year
cyberattacks attempted against Bank XYZ in 2021, and 1,323 attempted attacks on corporate email Bank XYZ. Therefore,
implementing security awareness training for all employees is crucial for Bank XYZ. The information security awareness
program must be assessed to determine the program's efficiency and the level of information security awareness among
employees. Therefore, this study assesses the information security awareness at Bank XYZ, especially the Information
Technology (IT) Directorate using the Human Aspect of Information Security Questionnaire (HAIS-Q) method. The findings
of this study revealed that employees at Bank XYZ in the information security work unit had a "Good" level of awareness. In
contrast, the results from other IT work units were “Medium”. Based on the assessment results, Bank XYZ's security awareness
strategy recommendation is to align awareness content with information security policies and procedures, use a variety of
media awareness, and focus on the "Internet Use" and "Information Handling" awareness areas. As a way of determining the
achievement of information security Key Performance Indicators (KPI), security awareness measurement must be done
regularly, for example, once a year
Creator
1Halida Ernita,
2Yova Ruldeviyani,
3Desiana Nurul Maftuhah, 4Rahmad Mulyadi
2Yova Ruldeviyani,
3Desiana Nurul Maftuhah, 4Rahmad Mulyadi
Publisher
Universitas Indonesia
Contributor
22-08-2022
Format
PDF
Language
Indonesia
Type
Text
Files
Collection
Citation
1Halida Ernita,
2Yova Ruldeviyani,
3Desiana Nurul Maftuhah, 4Rahmad Mulyadi, “Strategy to Improve Employee Security Awareness at Information
Technology Directorate Bank XYZ,” Repository Horizon University Indonesia, accessed June 27, 2025, https://repository.horizon.ac.id/items/show/9211.
Technology Directorate Bank XYZ,” Repository Horizon University Indonesia, accessed June 27, 2025, https://repository.horizon.ac.id/items/show/9211.