We present the textual interpretations of the results gathered from 35 banking and insurance companies and 4 information security auditing companies.
Comparative analyses of median value of perception of information security procedures of both samples of respondents are illustrated in the Figure 2. From the Figure 2 it is noticeable that highest graded factor by banking and insurance managers was Physical and environmental security (4.57), while their lowest grade went to factor of Compliance (3.26). Highest graded factor by auditing managers was Physical and environmental security (3.00), and lowest graded were Information security incident management and Communications (both 1.75). The biggest gap in perception was in Organisation of Information Security (2.24) while lowest gap in perception was in Information System Acquisition, Development and Maintenance (0.99).
Generally looking, significant gap is noticeable regarding intensity of perception of information security procedures of respondents from both groups. Managers in organisations gave significantly higher grades to all aspect of information security in companies than auditing managers. It is noticeable that they significantly disagree regarding how good information security procedures are implemented in banking and insurance companies. Also, it can be noticed that managers in organisations underestimate importance of information security in comparison with auditing managers. Financial services markets
Ranking of median values of variables of both groups of respondents are illustrated in Table 2. Spearman’s Rank Correlation Coefficient was calculated to show strength of correlation between groups. Spearman’s rank correlation coefficient is a non-parametric measure of statistical dependence between groups. Correlation coefficient of 0.59 indicates that there is rather intense strength of correlation.
Figure 2: Comparative Analyses of Intensity of Perception of Information Security Procedures
Table 2: Ranking of Information Security Procedures
|Companies||Information security procedures||Auditors|
|1||Information security policy||1|
|2||Organisation of information security||6|
|3||Responsibility for Assets||7|
|5||Human Resources Security||2|
|6||Physical and Environmental Security||3|
|9||Information systems development and maintenance||5|
|10||Information security incident management||11|
|11||Business Continuity management||12|