Perception of Information Security of Management of Banking and Insurance Companies in Countries of Western Balkans: Factor Analyses

Perception of Information Security of Management of Banking and Insurance Companies in Countries of Western Balkans: Factor AnalysesFactor analysis (Factor analysis was conducted with use of SPSS Statistics 17) was used to determine number of factors which explain relationships between variables and connection of those variables with factors. Based on correlation matrix of 12 variables and testing of null hypothesis that single coefficients of correlation are equal to null (Null hypothesis is accepted for values of significance greater than 0.05), it can be concluded that null hypothesis may accept coefficients of correlation of variable Information security policy and variables Information classification, Human Resources Security, Communications and Access Control; variable Compliance and Physical and Environmental Security, Information security incident management and Business Continuity management; variables Responsibility for Assets and Communications; variable Human Resources Security and variables Communications and Information security incident management; variable Communications and variables Information systems acquisition, development and maintenance and Information security incident management; variable Access Control and variables Information security incident management and Business Continuity management; and variables Information security incident management and Compliance. This means that it cannot be expected that these couples of variables occur together in explanation of single factors. Bartlett’s Test of Sphericity is highly significant and indicates a conclusion that there is a significant correlation between variables. Banker-customer

Kaiser-Meyer-Olkin Measure of Sampling Adequacy (KMO statistics) has value of 0.66 and this confirms justification of application of factor analyses in the research (Factor analyses is recommended only if KMO statistics is greater than 0.5.). As an Extraction method it was used Principal Component Analysis, while number of factors were determined based on characteristic values (Principal Component Analysis) which were assigned to factors greater than 1. Analyses showed that four factors fulfilled these criteria. Percentage of explained variance for these four factors was 75.96. Rotation was applied using the Varimax rotation method with Kaiser’s normalisation. Table 3 shows the results. The results confirm the justification for using factor analysis when identifying managers’ impression about state of information security in banking and insurance companies. Interpretation and explanation of factors is based on weight of factors, specificity of information security research and our assessments.
First factor, F1 – (Readiness of employees), explains 68.4, 64.8, 56.9 and 45.4 percent of the variance of variables Access Control, Human Resources Security, Physical and Environmental Security and Information systems acquisition, development and maintenance. All variables which explain this factor have coefficients of correlation greater than 0.5, with highest coefficient of correlation (0.80) between variables Physical and Environmental
Security and Access Control. The second factor, F2 – (Adaptability of organisation), explains 74.3, 54.2 and 29.6 percent of variables Information security policy, Information security incident management and Business Continuity management. Highest coefficient of correlation (0.51) is between variables Information security incident management and Business Continuity management. Third factor, F3 – (Availability of resources), explains 75.9, 59.0 and 25.4 percent of variables Organisation of information security, Responsibility for Assets and Information classification. Highest coefficient of correlation (0.63) is between variables Organisation of information security and Responsibility for Assets. Fourth factor, F4 – (Normative aspects of security), explains 83.7 and 60.1 percent of variables Communications management and Compliance. Coefficient of correlation between these variables is 0.70.

Table 3: Results of Factor Analysis after Rotation

Factor Factorloading Variables included in the factor Strength of factors in explaining variance of variables (%)
0.827 Access Control 68.4
F1 0.805 Human Resources Security 64.8
(Readiness of employees) 0.7540.674 Physical and Environmental SecurityInformation systems acquisition, development and maintenance 56.945.4
f2 0.862 Information security policy 74.3
(Adaptability of organisation) 0.7360.544 Information security incident managementBusiness Continuity management 54.229.6
F3(Availability of resources) 0.8710.768 Organisation of information securityResponsibility for Assets 75.959.0
0.504 Information classification 25.4
F4(Normative aspects of security) 0.9150.775 CommunicationsmanagementCompliance 83.760.1