Perception of Information Security of Management of Banking and Insurance Companies in Countries of Western Balkans: Research Results

We present the textual interpretations of the results gathered from 35 banking and insurance companies and 4 information security auditing companies.
Comparative analyses of median value of perception of information security procedures of both samples of respondents are illustrated in the Figure 2. From the Figure 2 it is noticeable that highest graded factor by banking and insurance managers was Physical and environmental security (4.57), while their lowest grade went to factor of Compliance (3.26). Highest graded factor by auditing managers was Physical and environmental security (3.00), and lowest graded were Information security incident management and Communications (both 1.75). The biggest gap in perception was in Organisation of Information Security (2.24) while lowest gap in perception was in Information System Acquisition, Development and Maintenance (0.99).
Generally looking, significant gap is noticeable regarding intensity of perception of information security procedures of respondents from both groups. Managers in organisations gave significantly higher grades to all aspect of information security in companies than auditing managers. It is noticeable that they significantly disagree regarding how good information security procedures are implemented in banking and insurance companies. Also, it can be noticed that managers in organisations underestimate importance of information security in comparison with auditing managers. Financial services markets

Ranking of median values of variables of both groups of respondents are illustrated in Table 2. Spearman’s Rank Correlation Coefficient was calculated to show strength of correlation between groups. Spearman’s rank correlation coefficient is a non-parametric measure of statistical dependence between groups. Correlation coefficient of 0.59 indicates that there is rather intense strength of correlation.


Figure 2: Comparative Analyses of Intensity of Perception of Information Security Procedures

Table 2: Ranking of Information Security Procedures

Companies Information security procedures Auditors
1 Information security policy 1
2 Organisation of information security 6
3 Responsibility for Assets 7
4 Information classification 8
5 Human Resources Security 2
6 Physical and Environmental Security 3
7 Communications 10
8 Access Control 4
9 Information systems development and maintenance 5
10 Information security incident management 11
11 Business Continuity management 12
12 Compliance 9