Perception of Information Security of Management of Banking and Insurance Companies in Countries of Western Balkans: Methods of Analysis

Perception of Information Security of Management of Banking and Insurance Companies in Countries of Western Balkans: Methods of AnalysisThe questionnaire was divided into two parts and comprised 18 questions. First part of the questionnaire covered information security according to ISO/IEC 27001:2005 norm, while second part covered information security barriers and marketing aspects of information security. Perception was expressed with grade of formalisation of procedures of information security in written form and it was measured with 12 variables on Likert scale from 1 to 5 (1 – procedure is not formalized in written form at all, 5 – procedure is fully formalized in written form). Bank
These variables were:
•    Information security policy
•    Organisation of information security
•    Responsibility for Assets
•    Information classification
•    Human Resources Security
•    Physical and Environmental Security
•    Communications
•    Access Control
•    Information systems acquisition, development and maintenance
•    Information security incident management
•    Business Continuity management
•    Compliance.
There were 6 information security barriers defined as following:
•    Price of standardisation of information security
•    Insufficient number of auditors
•    Insufficient knowledge of company managers about information security importance
•    Insufficient expertise of company managers in organisational issues
•    Inadequate marketing approach by auditors
•    Insufficient expertise of IT employees in companies.
Perception of barriers was ranked according to importance of barriers with values from 1 to 6 (1 – highest importance of barrier, 6 – lowest highest importance of barrier). Marketing aspects of standardisation of information security were measured according to auditors’ market activities. There were measured auditors approach to the companies and perception of price.
Auditors approach was defined by the following alternatives:
•    Sending pricelist and offers to potential clients
•    Sending electronic education materials to potential clients
•    Sending hard copy education materials to potential clients
•    Systematic marketing campaigns from auditors
•    Promotion of favourable financial conditions of certification
•    Personal contact between auditors and company managers.
Data analysis was carried out using descriptive statistics, Spearman’s coefficient of rank correlation, correlation and factor analyses. Factor analysis was conducted for banking and insurance companies.