Assessing Information Security Awareness Among Indonesian Government Employees: A Case Study of the Meteorology, Climatology, and Geophysics Agency
Downloads
Background: Cybersecurity is important for government agencies and the usefulness shows the need for a thorough understanding of information security awareness (ISA) among employees in order to enhance protective measures and ensure compliance with regulations. The Meteorology, Climatology, and Geophysical Agency (BMKG) of Indonesia is very important in providing essential national data and this responsibility shows the need to assess and promote ISA among the employees. The efforts to ensure a robust ISA culture can allow BMKG to safeguard sensitive meteorological and geophysical data, strengthen operational resilience, maintain public trust, and mitigate potential cyber threats that are capable of compromising national security.
Objective: This study aimed to evaluate the level of organizational ISA among employees at BMKG and to improve measures considered important.
Methods: The Human Aspects of Information Security Questionnaire (HAIS-Q) was administered as the reference model to assess the knowledge, attitudes, and behaviors of employees regarding information security. A descriptive statistical analysis and Partial Least Squares Structural Equation Modelling (PLS-SEM) were further applied to analyze data from 459 BMKG employees across various security domains, including password management, email use, internet use, social media use, mobile device security, and incident reporting.
Results: The results showed that BMKG employees possessed a high overall level of ISA (88.06%) with the average knowledge, attitudes, and behaviors recorded to be 88.06%, 81.89%, and 80.74%, respectively. Meanwhile, specific areas such as email use (78.70%) and mobile device use (73.19%) had only moderate awareness. The structural model analysis also showed that behavior exerted the most significant influence on ISA (β = 0.423), followed by attitude (β = 0.289) and knowledge (β = 0.214).
Conclusion: The overall awareness level was positive but there was a need for targeted efforts in password management, email use, and mobile device security to improve ISA practices. Moreover, the implementation of comprehensive information security policies, regular training, and organizational support was suggested to be important for fostering a robust security culture within BMKG.
Keywords: Information Security Awareness, Cybersecurity, BMKG, PLS-SEM, Government Employees, Indonesia
M. Mansoor, “An interaction effect of perceived government response on COVID-19 and government agency’s use of ICT in building trust among citizens of Pakistan,” Transforming Government: People, Process and Policy, vol. 15, no. 4, pp. 693–707, Nov. 2021, doi: 10.1108/TG-01-2021-0002.
Y.-P. Yuan et al., “Government Digital Transformation: Understanding the Role of Government Social Media,” Gov Inf Q, vol. 40, no. 1, p. 101775, Jan. 2023, doi: 10.1016/j.giq.2022.101775.
A. Mishra, Y. I. Alzoubi, A. Q. Gill, and M. J. Anwar, “Cybersecurity Enterprises Policies: A Comparative Study,” Sensors, vol. 22, no. 2, pp. 1–36, 2022, doi: 10.3390/s22020538.
T. M. Washington, “Stakeholder Perceptions of the Organization’s Information Security Policy: A Q Methodology Study to Support Evidence-Based Policymaking in the Federal Government,” University of Fairfax PP - United States -- Virginia, US, United States -- Virginia, US, 2023.
A. Mishra, Y. I. Alzoubi, M. J. Anwar, and A. Q. Gill, “Attributes impacting cybersecurity policy development: An evidence from seven nations,” Comput Secur, vol. 120, p. 102820, Sep. 2022, doi: 10.1016/j.cose.2022.102820.
A. Uyar, K. Nimer, C. Kuzey, M. Shahbaz, and F. Schneider, “Can e-government initiatives alleviate tax evasion? The moderation effect of ICT,” Technol Forecast Soc Change, vol. 166, p. 120597, May 2021, doi: 10.1016/j.techfore.2021.120597.
A. M. Samsor, “Challenges and Prospects of e-Government implementation in Afghanistan,” International Trade, Politics and Development, vol. 5, no. 1, pp. 51–70, May 2021, doi: 10.1108/ITPD-01-2020-0001.
A. Visvizi and M. D. Lytras, “Government at risk: between distributed risks and threats and effective policy-responses,” Transforming Government: People, Process and Policy, vol. 14, no. 3, pp. 333–336, Jul. 2020, doi: 10.1108/TG-06-2020-0137.
R. M. Alguliyev, Y. N. Imamverdiyev, R. Sh. Mahmudov, and R. M. Aliguliyev, “Information security as a national security component,” Information Security Journal: A Global Perspective, vol. 30, no. 1, pp. 1–18, Jan. 2021, doi: 10.1080/19393555.2020.1795323.
S. Mishra, M. A. Alowaidi, and S. K. Sharma, “Impact of security standards and policies on the credibility of e-government,” J Ambient Intell Humaniz Comput, 2021, doi: 10.1007/s12652-020-02767-5.
Statista Market Forecast, “Cybersecurity - Worldwide.” Accessed: Feb. 05, 2024. [Online]. Available: https://www.statista.com/outlook/tmo/cybersecurity/worldwide#revenue
Statista Market Forecast, “Estimated cost of cybercrime worldwide 2017-2028.” Accessed: Mar. 05, 2024. [Online]. Available: https://www.statista.com/forecasts/1280009/cost-cybercrime-worldwide
International Monetary Fund, “Cyber threats to the financial system are growing, and the global community must cooperate to protect it.” Accessed: Mar. 05, 2024. [Online]. Available: https://www.imf.org/external/pubs/ft/fandd/2021/03/global-cyber-threat-to-financial-systems-maurer.htm
S. AlGhamdi, K. T. Win, and E. Vlahu-Gjorgievska, “Information security governance challenges and critical success factors: Systematic review,” Comput Secur, vol. 99, p. 102030, Dec. 2020, doi: 10.1016/j.cose.2020.102030.
R. Yuliana and Z. Arifin Hasibuan, “Best practice framework for information technology security governance in Indonesian government,” International Journal of Electrical and Computer Engineering (IJECE), vol. 12, no. 6, p. 6522, Dec. 2022, doi: 10.11591/ijece.v12i6.pp6522-6534.
A. Kő, G. Tarján, and A. Mitev, “Information security awareness maturity: conceptual and practical aspects in Hungarian organizations,” Information Technology & People, vol. 36, no. 8, pp. 174–195, Dec. 2023, doi: 10.1108/ITP-11-2021-0849.
D. F. Norris, L. Mateczun, A. Joshi, and T. Finin, “Managing cybersecurity at the grassroots: Evidence from the first nationwide survey of local government cybersecurity,” J Urban Aff, vol. 43, no. 8, pp. 1173–1195, Sep. 2021, doi: 10.1080/07352166.2020.1727295.
S. T. Hossain, T. Yigitcanlar, K. Nguyen, and Y. Xu, “Local Government Cybersecurity Landscape: A Systematic Review and Conceptual Framework,” Applied Sciences, vol. 14, no. 13, p. 5501, Jun. 2024, doi: 10.3390/app14135501.
S. T. R. and S. K. T., “A Review on Major Cyber Threats and Recommended Counter Measures,” Int J Res Appl Sci Eng Technol, vol. 11, no. 3, pp. 1758–1761, Mar. 2023, doi: 10.22214/ijraset.2023.49764.
W. Hatcher, W. L. Meares, and J. Heslen, “The cybersecurity of municipalities in the United States: an exploratory survey of policies and practices,” Journal of Cyber Policy, vol. 5, no. 2, pp. 302–325, May 2020, doi: 10.1080/23738871.2020.1792956.
T. Baker and A. Shortland, “The government behind insurance governance: Lessons for ransomware,” Regul Gov, vol. 17, no. 4, pp. 1000–1020, Oct. 2023, doi: 10.1111/rego.12505.
N. Saxena, E. Hayes, E. Bertino, P. Ojo, K.-K. R. Choo, and P. Burnap, “Impact and Key Challenges of Insider Threats on Organizations and Critical Businesses,” Electronics (Basel), vol. 9, no. 9, p. 1460, Sep. 2020, doi: 10.3390/electronics9091460.
A. Frandell and M. Feeney, “Cybersecurity Threats in Local Government: A Sociotechnical Perspective,” The American Review of Public Administration, vol. 52, no. 8, pp. 558–572, Nov. 2022, doi: 10.1177/02750740221125432.
A. Hussain, A. Mohamed, and S. Razali, “A Review on Cybersecurity,” in Proceedings of the 3rd International Conference on Networking, Information Systems & Security, New York, NY, USA: ACM, Mar. 2020, pp. 1–7. doi: 10.1145/3386723.3387847.
S. AlGhamdi, K. T. Win, and E. Vlahu-Gjorgievska, “Information security governance challenges and critical success factors: Systematic review,” Comput Secur, vol. 99, p. 102030, Dec. 2020, doi: 10.1016/j.cose.2020.102030.
R. Shandler and M. A. Gomez, “The hidden threat of cyber-attacks – undermining public confidence in government,” Journal of Information Technology & Politics, vol. 20, no. 4, pp. 359–374, Oct. 2023, doi: 10.1080/19331681.2022.2112796.
S. Iftikhar, “Cyberterrorism as a global threat: a review on repercussions and countermeasures,” PeerJ Comput Sci, vol. 10, p. e1772, Jan. 2024, doi: 10.7717/peerj-cs.1772.
S. Kaur, S. Sharma, and A. Singh, “Cyber Security: Attacks, Implications and Legitimations across the Globe,” Int J Comput Appl, vol. 114, no. 6, pp. 21–23, Mar. 2015, doi: 10.5120/19983-1932.
H. Jahankhani, L. N. K. Meda, and M. Samadi, “Cybersecurity Challenges in Small and Medium Enterprise (SMEs),” 2022, pp. 1–19. doi: 10.1007/978-3-030-98225-6_1.
S. Oni, K. Araife Berepubo, A. A. Oni, and S. Joshua, “E-Government and the Challenge of Cybercrime in Nigeria,” in 2019 Sixth International Conference on eDemocracy & eGovernment (ICEDEG), IEEE, Apr. 2019, pp. 137–142. doi: 10.1109/ICEDEG.2019.8734329.
H. Harvey et al., “The Impact of a National Cyberattack Affecting Clinical Trials: The Cancer Trials Ireland Experience,” JCO Clin Cancer Inform, no. 7, Apr. 2023, doi: 10.1200/CCI.22.00149.
K. Khando, S. Gao, S. M. Islam, and A. Salman, “Enhancing employees information security awareness in private and public organisations: A systematic literature review,” Comput Secur, vol. 106, p. 102267, Jul. 2021, doi: 10.1016/j.cose.2021.102267.
A. R. Ahlan, M. Lubis, and A. R. Lubis, “Information Security Awareness at the Knowledge-Based Institution: Its Antecedents and Measures,” Procedia Comput Sci, vol. 72, pp. 361–373, 2015, doi: 10.1016/j.procs.2015.12.151.
T. Grassegger and D. Nedbal, “The Role of Employees’ Information Security Awareness on the Intention to Resist Social Engineering,” Procedia Comput Sci, vol. 181, pp. 59–66, 2021, doi: 10.1016/j.procs.2021.01.103.
L. Y. C. Chang and N. Coppel, “Building cyber security awareness in a developing country: Lessons from Myanmar,” Comput Secur, vol. 97, p. 101959, Oct. 2020, doi: 10.1016/j.cose.2020.101959.
A. Alzubaidi, “Measuring the level of cyber-security awareness for cybercrime in Saudi Arabia,” Heliyon, vol. 7, no. 1, p. e06016, Jan. 2021, doi: 10.1016/j.heliyon.2021.e06016.
M. Hassan, K. Saeedi, H. Almagwashi, and S. Alarifi, “Information Security Risk Awareness Survey of Non-governmental Organization in Saudi Arabia,” 2023, pp. 39–71. doi: 10.1007/978-3-031-19560-0_4.
R. AlMindeel and J. T. Martins, “Information security awareness in a developing country context: insights from the government sector in Saudi Arabia,” Information Technology & People, vol. 34, no. 2, pp. 770–788, May 2020, doi: 10.1108/ITP-06-2019-0269.
Bulgurcu, Cavusoglu, and Benbasat, “Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness,” MIS Quarterly, vol. 34, no. 3, p. 523, 2010, doi: 10.2307/25750690.
H. A. R. Amjad, U. Naeem, M. A. Zaffar, M. F. Zaffar, and K.-K. R. Choo, “Improving Security Awareness in the Government Sector,” in Proceedings of the 17th International Digital Government Research Conference on Digital Government Research, New York, NY, USA: ACM, Jun. 2016, pp. 1–7. doi: 10.1145/2912160.2912186.
J. Kävrestad, F. Burvall, and M. Nohlberg, “A taxonomy of factors that contribute to organizational Cybersecurity Awareness (CSA),” Information & Computer Security, Jun. 2024, doi: 10.1108/ICS-11-2023-0209.
N. A. Hassan, “Security Awareness Training: Best Practices for Implementing a Security Awareness Training Program,” in Ransomware Revealed, Berkeley, CA: Apress, 2019, pp. 155–173. doi: 10.1007/978-1-4842-4255-1_6.
W. Stallings, Cryptography and Network Security: Principles and Practice, Global Edition, 8th ed. Harlow: Pearson Education, 2023.
M. Alsharif, S. Mishra, and M. AlShehri, “Impact of Human Vulnerabilities on Cybersecurity,” Computer Systems Science and Engineering, vol. 40, no. 3, pp. 1153–1166, 2021, doi: 10.32604/CSSE.2022.019938.
A. Mishra, Y. I. Alzoubi, A. Q. Gill, and M. J. Anwar, “Cybersecurity Enterprises Policies: A Comparative Study,” Sensors, vol. 22, no. 2, pp. 1–36, 2022, doi: 10.3390/s22020538.
E. Yildirim, “The Importance of Information Security Awareness for the Success of Business Enterprises,” 2016, pp. 211–222. doi: 10.1007/978-3-319-41932-9_17.
S. R. Muller and M. L. Lind, “Factors in Information Assurance Professionals’ Intentions to Adhere to Information Security Policies,” International Journal of Systems and Software Security and Protection, vol. 11, no. 1, pp. 17–32, Jan. 2020, doi: 10.4018/IJSSSP.2020010102.
K. Arbanas, M. Spremic, and N. Zajdela Hrustek, “Holistic framework for evaluating and improving information security culture,” Aslib Journal of Information Management, vol. 73, no. 5, pp. 699–719, Sep. 2021, doi: 10.1108/AJIM-02-2021-0037.
Direktorat Operasi Keamanan Siber BSSN, “Laporan Tahunan Monitoring Keamanan Siber Tahun 2021,” Jakarta, 2022.
G. Papp and P. Lovaas, “Assessing Small Institutions’ Cyber Security Awareness Using Human Aspects of Information Security Questionnaire (HAIS-Q),” 2021, pp. 933–948. doi: 10.1007/978-3-030-80129-8_62.
A. Zulfia, R. Adawiyah, A. N. Hidayanto, and N. F. A. Budi, “Measurement of Employee Information Security Awareness Using the Human Aspects of Information Security Questionnaire (HAIS-Q): Case Study at PT. PQS,” in 2019 5th International Conference on Computing Engineering and Design (ICCED), 2019, pp. 1–5. doi: 10.1109/ICCED46541.2019.9161120.
D. S. Hermawan, F. Setiadi, and D. Oktaria, “Measurement Level of Information Security Awareness for Employees Using KAB Model with Study Case at XYZ Agency,” in 2022 1st International Conference on Software Engineering and Information Technology (ICoSEIT), 2022, pp. 174–179. doi: 10.1109/ICoSEIT55604.2022.10029989.
M. S. Mahardika, A. N. Hidayanto, P. A. Paramartha, L. D. Ompusunggu, R. Mahdalina, and F. Affan, “Measurement of employee awareness levels for information security at the center of analysis and information services judicial commission Republic of Indonesia,” Advances in Science, Technology and Engineering Systems, vol. 5, no. 3, pp. 501–509, 2020, doi: 10.25046/aj050362.
E. A. Puspitaningrum, F. T. Devani, V. Q. Putri, A. N. Hidayanto, Solikin, and I. C. Hapsari, “Measurement of Employee Information Security Awareness: Case Study at A Government Institution,” in 2018 Third International Conference on Informatics and Computing (ICIC), IEEE, Oct. 2018, pp. 1–6. doi: 10.1109/IAC.2018.8780571.
S. TALIB, R. ABDUL MUNIR, N. N. ABDUL MOLOK, and M. R. AHMAD, “INFORMATION SECURITY GOVERNANCE ISSUES IN MALAYSIAN GOVERNMENT SECTOR,” Journal of Information Systems and Digital Technologies, vol. 5, no. 2, pp. 1–18, Nov. 2023, doi: 10.31436/jisdt.v5i2.404.
S. Tenzin, T. McGill, and M. Dixon, “An Investigation of the Factors That Influence Information Security Culture in Government Organizations in Bhutan,” Journal of Global Information Technology Management, vol. 27, no. 1, pp. 37–62, Jan. 2024, doi: 10.1080/1097198X.2023.2297634.
A. McCormac, T. Zwaans, K. Parsons, D. Calic, M. Butavicius, and M. Pattinson, “Individual differences and Information Security Awareness,” Comput Human Behav, vol. 69, pp. 151–156, Apr. 2017, doi: 10.1016/j.chb.2016.11.065.
M. Pattinson et al., “Matching training to individual learning styles improves information security awareness,” Information & Computer Security, vol. 28, no. 1, pp. 1–14, Nov. 2019, doi: 10.1108/ICS-01-2019-0022.
J. Zhen, K. Dong, Z. Xie, and L. Chen, “Factors Influencing Employees’ Information Security Awareness in the Telework Environment,” Electronics (Switzerland), vol. 11, no. 21, 2022, doi: 10.3390/electronics11213458.
S. Bauer, E. W. N. Bernroider, and K. Chudzikowski, “Prevention is better than cure! Designing information security awareness programs to overcome users’ non-compliance with information security policies in banks,” Comput Secur, vol. 68, pp. 145–159, Jul. 2017, doi: 10.1016/j.cose.2017.04.009.
A. Koohang, J. Anderson, J. H. Nord, and J. Paliszkiewicz, “Building an awareness-centered information security policy compliance model,” Industrial Management & Data Systems, vol. 120, no. 1, pp. 231–247, Dec. 2019, doi: 10.1108/IMDS-07-2019-0412.
W. Rocha Flores and M. Ekstedt, “Shaping intention to resist social engineering through transformational leadership, information security culture and awareness,” Comput Secur, vol. 59, pp. 26–44, Jun. 2016, doi: 10.1016/j.cose.2016.01.004.
ISACA, ISSE 2009 Securing Electronic Business Processes. Wiesbaden: Vieweg+Teubner, 2010. doi: 10.1007/978-3-8348-9363-5.
P. K. Sari et al., “Information security cultural differences among health care facilities in Indonesia,” Heliyon, vol. 7, no. 6, 2021, doi: 10.1016/j.heliyon.2021.e07248.
E. Yildirim, “The Importance of Information Security Awareness for the Success of Business Enterprises,” 2016, pp. 211–222. doi: 10.1007/978-3-319-41932-9_17.
P. A. W. Putro, D. I. Sensuse, and W. S. S. Wibowo, “Framework for critical information infrastructure protection in smart government: a case study in Indonesia,” Information & Computer Security, vol. 32, no. 1, pp. 112–129, Jan. 2024, doi: 10.1108/ICS-03-2023-0031.
R. Von Solms, K.-L. Thomson, and P. M. Maninjwa, “Information Security Governance control through comprehensive policy architectures,” in 2011 Information Security for South Africa, IEEE, Aug. 2011, pp. 1–6. doi: 10.1109/ISSA.2011.6027522.
S. Schinagl and A. Shahim, “What do we know about information security governance?,” Information & Computer Security, vol. 28, no. 2, pp. 261–292, Jan. 2020, doi: 10.1108/ICS-02-2019-0033.
A. McIlwraith, Information Security and Employee Behaviour: How to Reduce Risk Through Employee Education, Training, and Awareness, 2nd ed. New York, NY, USA: Routledge, 2022.
K. Parsons, D. Calic, M. Pattinson, M. Butavicius, A. McCormac, and T. Zwaans, “The Human Aspects of Information Security Questionnaire (HAIS-Q): Two further validation studies,” Comput Secur, vol. 66, pp. 40–51, May 2017, doi: 10.1016/j.cose.2017.01.004.
M. Pattinson et al., “Matching training to individual learning styles improves information security awareness,” Information & Computer Security, vol. 28, no. 1, pp. 1–14, Nov. 2019, doi: 10.1108/ICS-01-2019-0022.
J. Zhen, K. Dong, Z. Xie, and L. Chen, “Factors Influencing Employees’ Information Security Awareness in the Telework Environment,” Electronics (Switzerland), vol. 11, no. 21, 2022, doi: 10.3390/electronics11213458.
B. Alkhazi, M. Alshaikh, S. Alkhezi, and H. Labbaci, “Assessment of the Impact of Information Security Awareness Training Methods on Knowledge, Attitude, and Behavior,” IEEE Access, vol. 10, pp. 132132–132143, 2022, doi: 10.1109/ACCESS.2022.3230286.
M. Tvaronavičienė, T. Plėta, S. Della Casa, and J. Latvys, “Cyber security management of critical energy infrastructure in national cybersecurity strategies: cases of USA, UK, France, Estonia and Lithuania,” Insights into Regional Development, vol. 2, no. 4, pp. 802–813, Dec. 2020, doi: 10.9770/IRD.2020.2.4(6).
E. Lee, Y.-D. Seo, S.-R. Oh, and Y.-G. Kim, “A Survey on Standards for Interoperability and Security in the Internet of Things,” IEEE Communications Surveys & Tutorials, vol. 23, no. 2, pp. 1020–1047, 2021, doi: 10.1109/COMST.2021.3067354.
W. Stallings, Cryptography and Network Security: Principles and Practice, Global Edition, 8th ed. Harlow: Pearson Education, 2023.
H. A. Kruger and W. D. Kearney, “A prototype for assessing information security awareness,” Comput Secur, vol. 25, no. 4, pp. 289–296, 2006, doi: 10.1016/j.cose.2006.02.008.
Rosihan and A. N. Hidayanto, “Measurement of Employee Information Security Awareness: A Case Study at an Indonesian Correctional Institution,” in 2022 1st International Conference on Information System & Information Technology (ICISIT), IEEE, Jul. 2022, pp. 318–323. doi: 10.1109/ICISIT54091.2022.9872988.
H. Chen and Y. Hai, “Exploring the critical success factors of information security management: a mixed-method approach,” Information & Computer Security, Jan. 2024, doi: 10.1108/ICS-03-2023-0034.
Y. Normandia, L. Kumaralalita, A. N. Hidayanto, W. S. Nugroho, and M. R. Shihab, “Measurement of Employee Information Security Awareness Using Analytic Hierarchy Process (AHP): A Case Study of Foreign Affairs Ministry,” in 2018 International Conference on Computing, Engineering, and Design (ICCED), IEEE, Sep. 2018, pp. 52–56. doi: 10.1109/ICCED.2018.00020.
K. Parsons, A. McCormac, M. Butavicius, M. Pattinson, and C. Jerram, “Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q),” Comput Secur, vol. 42, pp. 165–176, May 2014, doi: 10.1016/j.cose.2013.12.003.
N. S. Sulaiman, M. A. Fauzi, S. Hussain, and W. Wider, “Cybersecurity Behavior among Government Employees: The Role of Protection Motivation Theory and Responsibility in Mitigating Cyberattacks,” Information, vol. 13, no. 9, p. 413, Aug. 2022, doi: 10.3390/info13090413.
A. McCormac, T. Zwaans, K. Parsons, D. Calic, M. Butavicius, and M. Pattinson, “Individual differences and Information Security Awareness,” Comput Human Behav, vol. 69, pp. 151–156, Apr. 2017, doi: 10.1016/j.chb.2016.11.065.
A. Lopes, L. Reis, H. São Mamede, and A. Santos, “Information Security Threat Assessment Using Social Engineering in the Organizational Context – Literature Review,” Lecture Notes in Networks and Systems, vol. 469 LNNS, pp. 233–242, 2022, doi: 10.1007/978-3-031-04819-7_24.
L. B. Bhagwat and B. M. Patil, “Detection of Ransomware Attack: A Review,” 2020, pp. 15–22. doi: 10.1007/978-981-15-0790-8_2.
H. A. Acosta-Maestre, “The Empirical Study of the Factors that Influence Threat Avoidance Behavior in Ransomware Security Incidents,” Nova Southeastern University PP - United States -- Florida, United States -- Florida, 2021.
C. Lamers, E. Spoerl, G. Levey, N. Choudhury, and M. Ahmed, “Ransomware: A Threat to Cyber Smart Cities,” 2023, pp. 185–204. doi: 10.1007/978-3-031-24946-4_13.
Direktorat Operasi Keamanan Siber BSSN, “Laporan Tahunan Monitoring Keamanan Siber Tahun 2021,” Jakarta, 2022.
J. W. Han, O. J. Hoe, J. S. Wing, and S. N. Brohi, “A Conceptual Security Approach with Awareness Strategy and Implementation Policy to Eliminate Ransomware,” in Proceedings of the 2017 International Conference on Computer Science and Artificial Intelligence, in CSAI 2017. New York, NY, USA: Association for Computing Machinery, 2017, pp. 222–226. doi: 10.1145/3168390.3168398.
M. Muslih, “Towards a Better Organizational Structure,” Journal of Business and Economics, vol. 12, no. 4, pp. 446–454, Apr. 2021, doi: 10.15341/jbe(2155-7950)/04.12.2021/010.
G. K. Singh, P. S. Ughara, M. M. Ishaq, A. P. Singh, and K. Chauhan, “Meteorological Progress: A Comprehensive Review of Weather Prediction,” in 2023 3rd International Conference on Innovative Mechanisms for Industry Applications (ICIMIA), IEEE, Dec. 2023, pp. 485–490. doi: 10.1109/ICIMIA60377.2023.10425965.
I. Gultepe, “A Review on Weather Impact on Aviation Operations: Visibility, Wind, Precipitation, Icing,” Journal of Airline Operations and Aviation Management, vol. 2, no. 1, pp. 1–44, Aug. 2023, doi: 10.56801/jaoam.v2i1.1.
A.-M. LUCHIAN, “THE IMPACT OF WEATHER ON FLIGHT PERFORMANCE AND AVIATION COMMUNICATION,” SCIENTIFIC RESEARCH AND EDUCATION IN THE AIR FORCE, vol. 25, pp. 179–184, Jul. 2024, doi: 10.19062/2247-3173.2024.25.20.
S. Matzkin, R. Shandler, and D. Canetti, “The limits of cyberattacks in eroding political trust: A tripartite survey experiment,” The British Journal of Politics and International Relations, vol. 26, no. 4, pp. 1033–1054, Nov. 2024, doi: 10.1177/13691481231210383.
M. G. Ikhsan and K. Ramli, “Measuring the Information Security Awareness Level of Government Employees Through Phishing Assessment,” in 2019 34th International Technical Conference on Circuits/Systems, Computers and Communications (ITC-CSCC), IEEE, Jun. 2019, pp. 1–4. doi: 10.1109/ITC-CSCC.2019.8793292.
J. Recker, Scientific Research in Information Systems. in Progress in IS. Cham: Springer International Publishing, 2021. doi: 10.1007/978-3-030-85436-2.
J. W. Cresswell, Research Design: Qualitative, Quantitative, and Mixed Methods Approaches, Fourth. Sage Publications, Inc, 2014.
M. A. Alnatheer, “Information Security Culture Critical Success Factors,” in 2015 12th International Conference on Information Technology - New Generations, IEEE, Apr. 2015, pp. 731–735. doi: 10.1109/ITNG.2015.124.
A. Prasetyo, D. Irawan, D. I. Sensuse, S. Lusa, P. A. Wibowo, and A. Yulfitri, “Evaluation of e-Service Quality Impacts Customer Satisfaction: One-Gate Integrated Service Application in Indonesian Weather Agency,” International Journal of Advanced Computer Science and Applications, vol. 14, no. 1, pp. 145–152, 2023, doi: 10.14569/IJACSA.2023.0140116.
A. McCormac, D. Calic, M. Butavicius, K. Parsons, T. Zwaans, and M. Pattinson, “A Reliable Measure of Information Security Awareness and the Identification of Bias in Responses,” Australasian Journal of Information Systems, vol. 21, Nov. 2017, doi: 10.3127/ajis.v21i0.1697.
M. Pattinson, M. Butavicius, K. Parsons, A. McCormac, and D. Calic, “Managing information security awareness at an Australian bank: a comparative study,” Information & Computer Security, vol. 25, no. 2, pp. 181–189, Jun. 2017, doi: 10.1108/ICS-03-2017-0017.
J. F. Hair Jr, G. T. M. Hult, C. M. Ringle, and M. Sarstedt, A Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM). SAGE Publications, 2021.
J. J. Tejada, J. Raymond, and B. Punzalan, “On the Misuse of Slovin’s Formula,” The Philippine Statistician, vol. 61, no. 1, p. 8, 2012.
J. F. Hair, G. T. Hult, C. Ringle, and M. Sarstedt, A Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM). 2017.
J. F. Hair, J. J. Risher, M. Sarstedt, and C. M. Ringle, “When to use and how to report the results of PLS-SEM,” European Business Review, vol. 31, no. 1, pp. 2–24, Jan. 2019, doi: 10.1108/EBR-11-2018-0203.
J. F. Hair, G. T. M. Hult, C. M. Ringle, M. Sarstedt, N. P. Danks, and S. Ray, Partial Least Squares Structural Equation Modeling (PLS-SEM) Using R. in Classroom Companion: Business. Cham: Springer International Publishing, 2021. doi: 10.1007/978-3-030-80519-7.
W. S. Wibowo, A. Fadhil, D. I. Sensuse, S. Lusa, P. A. W. Putro, and A. Yulfitri, “Pinpointing Factors in the Success of Integrated Information System Toward Open Government Data Initiative: A Perspective from Employees,” International Journal of Advanced Computer Science and Applications, vol. 14, no. 1, pp. 94–109, 2023, doi: 10.14569/IJACSA.2023.0140111.
J. Henseler, C. M. Ringle, and M. Sarstedt, “A new criterion for assessing discriminant validity in variance-based structural equation modeling,” J Acad Mark Sci, vol. 43, no. 1, pp. 115–135, 2015, doi: 10.1007/s11747-014-0403-8.
M. Sarstedt, J. F. Hair, J.-H. Cheah, J.-M. Becker, and C. M. Ringle, “How to Specify, Estimate, and Validate Higher-Order Constructs in PLS-SEM,” Australasian Marketing Journal, vol. 27, no. 3, pp. 197–211, Aug. 2019, doi: 10.1016/j.ausmj.2019.05.003.
A. Rechavi, T. Berenblum, and D. Maimon, “The secondary global market for hacked data,” International Journal of Cyber Criminology, vol. 12, no. 2, pp. 408–426, 2018, doi: 10.5281/zenodo.3366118.
D. Shoemaker, A. Kohnke, and K. Sigler, “The Cybersecurity Body of Knowledge,” The Cybersecurity Body of Knowledge, pp. 39–85, 2020, doi: 10.1201/9781003022596-2.
K. J. Knapp, R. Franklin Morris, T. E. Marshall, and T. A. Byrd, “Information security policy: An organizational-level process model,” Comput Secur, vol. 28, no. 7, pp. 493–508, Oct. 2009, doi: 10.1016/j.cose.2009.07.001.
Copyright (c) 2025 The Authors. Published by Universitas Airlangga.
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
All accepted papers will be published under a Creative Commons Attribution 4.0 International (CC BY 4.0) License. Authors retain copyright and grant the journal right of first publication. CC-BY Licenced means lets others to Share (copy and redistribute the material in any medium or format) and Adapt (remix, transform, and build upon the material for any purpose, even commercially).
