Assessing Information Security Landscape Among End-Users Using PPT Framework
Assessing Information Security Landscape Among End-Users Using PPT Framework |
||
 |
 |
|
| © 2025 by IJETT Journal | ||
| Volume-73 Issue-8 |
||
| Year of Publication : 2025 | ||
| Author : Noli B. Lucila Jr | ||
| DOI : 10.14445/22315381/IJETT-V73I8P103 | ||
How to Cite?
Noli B. Lucila Jr, "Assessing Information Security Landscape Among End-Users Using PPT Framework," International Journal of Engineering Trends and Technology, vol. 73, no. 8, pp.28-41, 2025. Crossref, https://doi.org/10.14445/22315381/IJETT-V73I8P103
Abstract
Information security’s importance in education has grown significantly in the digital age as educational institutions utilize technology to improve the learning experience. From the existing literature, although numerous studies have focused on security technologies, research on end-user factors has been scarce. Therefore, this study evaluates the information security landscape among end-users in an educational setting based on the People, Process and Technology (PPT) Framework. A Likert scale survey was given to 192 personnel and 378 students to obtain primary data through validated scales and items relating to research objectives based on the Center of Internet Security (CIS) Controls. The findings revealed the university’s security strengths, weaknesses, and areas for improvement to enhance resilience against emerging threats. This study, like others, has limitations, such as not including the university’s network infrastructure and security operations.
Keywords
Information security, Information security landscape, Security practices, PPT framework, People-process-technology.
References
[1] Alexandra Borgeaud, IT Security Services Spending Worldwide 2017-2024, Statista, 2025. [Online]. Available: https://www.statista.com/statistics/217362/worldwide-it-security-spending/
[2] Thomas J. Parenty, and Jack J. Domet, A Leader’s Guide to Cybersecurity: Why Boards Need to Lead--and How to Do It, Harvard Business Review Press, Boston, MA, USA, 2019.
[Google Scholar] [Publisher Link]
[3] William J. Triplett, “Addressing Human Factors in Cybersecurity Leadership,” Journal of Cybersecurity and Privacy, vol. 2, no. 3, pp. 573-586, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[4] Isabella Corradini, Building a Cybersecurity Culture in Organizations: How to Bridge the Gap between People and Digital Technology, 1st ed., Springer, Cham, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[5] Alessandro Pollini et al., “Leveraging Human Factors in Cybersecurity: An Integrated Methodological Approach,” Cognition, Technology & Work, vol. 24, no. 2, pp. 371-390, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[6] Andreea Bendovschi, “Cyber-Attacks - Trends, Patterns and Security Countermeasures,” Procedia Economics and Finance, vol. 28, pp. 24-31, 2015.
[CrossRef] [Google Scholar] [Publisher Link]
[7] Khando Khando et al., “Enhancing Employees Information Security Awareness in Private and Public Organizations: A Systematic Literature Review,” Computers & Security, vol. 106, pp. 1-22, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[8] Neeshe Khan, Robert J. Houghton, and Sarah Sharples, “Understanding Factors that Influence Unintentional Insider Threat: A Framework to Counteract Unintentional Risks,” Cognition, Technology & Work, vol. 24, no. 3, pp. 393-421, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[9] Kathryn Marie Parsons et al., “The Influence of Organizational Information Security Culture on Cybersecurity Decision Making,” Journal of Cognitive Engineering and Decision Making, vol. 9, no. 2, pp. 117-129, 2015.
[CrossRef] [Google Scholar] [Publisher Link]
[10] Kamy Farahbod, Conrad Shayo, and Jay Varzandeh, “Cybersecurity Indices and Cybercrime Annual Loss and Economic Impacts,” Journal of Business and Behavioral Sciences, vol. 32, no. 1, pp. 63-71, 2020.
[Google Scholar]
[11] Md. Haris Uddin Sharif, and Mehmood Ali Mohammed, “A Literature Review of Financial Losses Statistics for Cyber Security and Future Trend,” World Journal of Advanced Research and Reviews, vol. 15, no. 1, pp. 138-156, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[12] Jason E. Thomas, “Individual Cyber Security: Empowering Employees to Resist Spear Phishing to Prevent Identity Theft and Ransomware Attacks,” International Journal of Business Management, vol. 13, no. 6, pp. 1-24, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[13] Uchenna Daniel Ani, Hongmei He, and Ashutosh Tiwari, “Human Factor Security: Evaluating the Cybersecurity Capacity of the Industrial Workforce,” Journal of Systems and Information Technology, vol. 21, no. 1, pp. 2-35, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[14] “The New Users’ Guide: How to Raise Information Security Awareness,” General Report, The European Union Agency for Cybersecurity, 2010.
[Google Scholar] [Publisher Link]
[15] Rodrigo Hickmann Klein, and Edimara Mezzomo Luciano, “What Influences Information Security Behavior? A Study with Brazilian Users,” JISTEM-Journal of Information Systems and Technology Management, vol. 13, no. 3, pp. 479-496, 2016.
[CrossRef] [Google Scholar] [Publisher Link]
[16] Abdul Rahman Ahlan, Muharman Lubis, and Arif Ridho Lubis, “Information Security Awareness at the Knowledge-Based Institution: Its Antecedents and Measures,” Procedia Computer Science, vol. 72, pp. 361-373, 2015.
[CrossRef] [Google Scholar] [Publisher Link]
[17] Clay Posey et al., “Motivating the Insider to Protect Organizational Information Assets: Evidence from Protection Motivation Theory and Rival Explanations,” The Dewald Roode Workshop in Information Systems Security 2011, Blacksburg, Virginia, USA, pp. 1-51, 2011.
[Google Scholar] [Publisher Link]
[18] Matthew Bush, and Atefeh Mashatan, “From Zero to One Hundred: Demystifying Zero Trust and its Implications on Enterprise People, Process, and Technology,” Queue, vol. 20, no. 4, pp. 80-106, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[19] Michael D. Richardson et al., “Planning for Cyber Security in Schools: The Human Factor,” Educational Planning, vol. 27, no. 2, pp. 23-39, 2020.
[Google Scholar] [Publisher Link]
[20] Ramakrishna Ayyagari, and Norilyz Figueroa, “Is Seeing Believing? Training Users on Information Security: Evidence from Java Applets,” Journal of Information Systems Education, vol. 28, no. 2, pp. 115-122, 2017.
[Google Scholar] [Publisher Link]
[21] Bruce Schneier, People, Process, and Technology, Schneier on Security, 2013. [Online]. Available: https://www.schneier.com/blog/archives/2013/01/people_process.html
[22] Michael Nieles, Kelley Dempsey, and Victoria Yan Pillitteri, An Introduction to Information Security, National Institute of Standards and Technology Special Publication, vol. 800, no. 12, pp. 1-101, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[23] Jongkil Jeong et al., “Towards an Improved Understanding of Human Factors in Cybersecurity,” IEEE 5th International Conference on Collaboration and Internet Computing (CIC), Los Angeles, CA, USA, pp. 338-345, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[24] Henry W. Glaspie and Waldemar Karwowski, “Human Factors in Information Security Culture: A Literature Review,” International Conference on Applied Human Factors and Ergonomics, Los Angeles, California, USA, pp. 269-280, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[25] Uje D. Apeji, and Funlade T. Sunmola, “Principles and Factors Influencing Visibility in Sustainable Supply Chains,” Procedia Computer Science, vol. 200, pp. 1516-1527, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[26] Bryan O’Nomerp O. Payawal, “Integrative Action Research Paper on Improving the Service Quality of an Information Technology Service Team to Ensure Customer Retention,” Master’s Thesis, De La Salle University, Manila, 2020.
[Google Scholar] [Publisher Link]
[27] Joklan Imelda Camelia Goni, and Amy Van Looy, “Process Innovation Capability in Less-Structured Business Processes: A Systematic Literature Review,” Business Process Management Journal, vol. 28, no. 3, pp. 557-584, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[28] Mircea Prodan, Adriana Prodan, and Anca Alecandra Purcarea, “Three New Dimensions to People, Process, Technology Improvement Model,” New Contributions in Information Systems and Technologies, Springer, Cham, vol. 1, pp. 481-490, 2015.
[CrossRef] [Google Scholar] [Publisher Link]
[29] Valentina Tortoriello, “Definition of a DevSecOps Operating Model for Software Development in a Large Enterprise,” Master’s Thesis, Polytechnic University of Turin, pp. 1-129, 2022.
[Google Scholar] [Publisher Link]
[30] Deepesh Shahjee, and Nilesh Ware, “Integrated Network and Security Operation Center: A Systematic Analysis,” IEEE Access, vol. 10, pp. 27881-27898, 2022.
[CrossRef] [Google Scholar] [Publisher Link]
[31] Funlade T. Sunmola, and Alireza Javahernia, “Manufacturing Process Innovation Deployment Readiness from an Extended People, Process, and Technology Framework Viewpoint,” Procedia Manufacturing, vol. 55, pp. 409-416, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[32] Milan Stojkov et al., “Towards Cross-Standard Compliance Readiness: Security Requirements Model for Smart Grid,” Energies, vol. 14, no. 21, pp. 1-29, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[33] Hyun-Ju Choi et al., “Communities of Practice and Knowledge Management Systems: Effects on Knowledge Management Activities and Innovation Performance,” Knowledge Management Research & Practice, vol. 18, no. 1, pp. 53-68, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[34] Retno Dwiyanti, Suwarti Suwarti, and Tri Naimah, “The Role of Organizational Culture Factors to Psychological Contracts (Transnational Contracts, Balance Contracts, and Relational Contracts),” Journal of Advanced Research in Law and Economics (JARLE), vol. 9, no. 8(38), pp. 2570-2577, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[35] Steven Furnell, and Nathan Clarke, “Power to the People? The Evolving Recognition of Human Aspects of Security,” Computers & Security, vol. 31, no. 8, pp. 983-988, 2012.
[CrossRef] [Google Scholar] [Publisher Link]
[36] Zheng Yan et al., “Finding the Weakest Links in the Weakest Link: How Well do Undergraduate Students make Cybersecurity Judgment?,” Computers in Human Behavior, vol. 84, pp. 375-382, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[37] Sorana Campean, “The Human Factor at the Center of a Cyber Security Culture,” International Journal of Information Security and Cybercrime (IJISC), vol. 8, no. 1, pp. 51-58, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[38] Nader Sohrabi Safa, “The Information Security Landscape in the Supply Chain,” Computer Fraud & Security, vol. 2017, no. 6, pp. 16-20, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[39] Nina Klimburg-Witjes, and Alexander Wentland, “Hacking Humans? Social Engineering and the Construction of the ‘Deficient User’ in Cybersecurity Discourses,” Science, Technology, & Human Values, vol. 46, no. 6, pp. 1316-1339, 2021.
[CrossRef] [Google Scholar] [Publisher Link]
[40] Yvette Kamariza, “Implementation of Information Security Policies in Public Organizations: Top Management as a Success Factor,” Master’s Dissertation, Jonköping University (Jonkoping International Business School, JIBS, Informatics), 2017.
[Google Scholar]
[41] Lena Y. Connolly, and David S. Wall, “The Rise of Crypto-Ransomware in a Changing Cybercrime Landscape: Taxonomizing Countermeasures,” Computers & Security, vol. 87, pp. 1-8, 2019.
[CrossRef] [Google Scholar] [Publisher Link]
[42] Emile Walker et al., Cybersecurity -The Human Factor: Prioritizing People Solutions to Improve the Cyber Resiliency of the Federal Workforce, Federal Information Systems Security Educators’s Association, FISSEA, pp. 1-12, 2017. [Online]. Available: https://csrc.nist.gov/CSRC/media/Events/FISSEA-30th-Annual-Conference/documents/FISSEA2017_Witkowski_Benczik_Jarrin_Walker_Materials_Final.pdf
[43] Nader Sohrabi Safa, Rossouw Von Solms, and Steven Furnell, “Information Security Policy Compliance Model in Organizations,” Computers & Security, vol. 56, pp. 70-82, 2016.
[CrossRef] [Google Scholar] [Publisher Link]
[44] Lennart Jaeger, “Information Security Awareness: Literature Review and Integrative Framework,” Proceedings of the 51st Hawaii International Conference on System Sciences, Hilton Waikoloa Village, Hawaii, pp. 4703-4712, 2018.
[Google Scholar] [Publisher Link]
[45] Kathryn Parsons et al., “The Human Aspects of Information Security Questionnaire (HAIS-Q): Two Further Validation Studies,” Computers & Security, vol. 66, pp. 40-51, 2017.
[CrossRef] [Google Scholar] [Publisher Link]
[46] Clay Posey et al., “Bridging the Divide: A Qualitative Comparison of Information Security Thought Patterns between Information Security Professionals and Ordinary Organizational Insiders,” Information & Management, vol. 51, no. 5, pp. 551-567, 2014.
[CrossRef] [Google Scholar] [Publisher Link]
[47] Nancy A. Renfroe, and Joseph L. Smith, “Threat/Vulnerability Assessments and Risk Analysis,” Applied Research Associates, Inc., pp. 1-9, 2010.
[Google Scholar]
[48] Bako Ali, and Ali Ismail Awad, “Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes,” Sensors, vol. 18, no. 3, pp. 1-17, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[49] Halima Ibrahim Kure, Shareeful Islam, and Mohammad Abdur Razzaque, “An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System,” Applied Sciences, vol. 8, no. 6, pp. 1-29, 2018.
[CrossRef] [Google Scholar] [Publisher Link]
[50] Abhilash Panda, and Andrew Bower, “Cyber Security and the Disaster Resilience Framework,” International Journal of Disaster Resilience in the Built Environment, vol. 11, no. 4, pp. 507-518, 2020.
[CrossRef] [Google Scholar] [Publisher Link]
[51] Christopher A. Ford, “International Security in Cyberspace: New Models for Reducing Risk,” Arms Control and International Security Papers, vol. 1, no. 20, pp. 1-8, 2020.
[Google Scholar]
[52] Ying Li, and Mikko Siponen, “A Call for Research on Home Users’ Information Security Behaviour,” Pacific Asia Conference on Information Systems (PACIS) 2011 Proceedings, vol. 112, pp. 1-11, 2011.
[Google Scholar] [Publisher Link]
[53] Robert E. Crossler et al., “Future Directions for Behavioral Information Security Research,” Computers & Security, vol. 32, pp. 90-101, 2013.
[CrossRef] [Google Scholar] [Publisher Link]
[54] Leon Hempel et al., “Validated CRISP Methodology,” CRISP Project, pp. 1-91, 2015.
[Google Scholar]
[55] Vincenzo Pavone, Sara Degli-Esposti, and Elvira Santiago Gómez, “Key Factors Affecting Acceptance and Acceptability of Surveillance-Oriented Security Technologies,” SurPRISE Project European Union Framework 7 Security Research Programme, pp. 1-187, 2015.
[Google Scholar]
[56] Ali Vedadi, Merrill Warkentin, and Alan Dennis, “Herd Behavior in Information Security Decision-Making,” Information & Management, vol. 58, no. 8, 2021.
[CrossRef] [Google Scholar] [Publisher Link]