JOIV : Int.
Inform.
Visualization, 8.
: IT for Global Goals: Building a Sustainable Tomorrow - November 2024 1976-1986
INTERNATIONAL JOURNAL
ON INFORMATICS VISUALIZATION
INTERNATIONAL
JOURNAL ON
INFORMATICS
VISUALIZATION
journal homepage : w.
org/index.
php/joiv Cybersecurity Behavior in the West Sumatra Universities Gushelmi a,b.
Rodziah Latih b,*.
Abdullah Mohd.
Zin c Faculty of Computer Science.
Universitas Putra Indonesia YPTK.
Padang.
West Sumatra.
Indonesia Faculty of Information Science and Technology.
Universiti Kebangsaan Malaysia.
Bangi.
Selangor.
Malaysia Faculty of Computing and Multimedia.
Universiti Poly-Tech Malaysia.
Kuala Lumpur.
Malaysia Corresponding author: *rodziah.
latih@ukm.
AbstractAi User cybersecurity behavior refers to the actions, habits, and decisions made by individuals when using technology and information that affect the level of security of the data and systems they access.
Previous research has shown that user cybersecurity behavior is one of the leading causes of computer and information security issues in many organizations, particularly education.
address this issue, researchers must find solutions to improve user cybersecurity behavior within an organization.
Therefore, this study aims to find the factors influencing user cybersecurity behavior in higher education institutions in West Sumatra in 2020.
This study was conducted using a survey research method.
A questionnaire was distributed to 155 respondents.
The questionnaire consisted of 28 questions covering seven factors influencing user cybersecurity behavior.
The survey data will be analyzed using the Structural Equation Model based on Partial Least Square.
The research findings indicate that all variables, such as Misuse Prevention and Compliance.
Body of Knowledge.
Skill.
Behavioral Intervention.
Attitude.
Security Compliance Behavior, and Technology, have significant relationships.
The relationships between these factors will be shown in the framework to be developed.
This indicates that the education sector in Indonesia is aware of cyber threats and the importance of security procedures in the workplace.
For further research, a deeper exploration of specific security issues is needed to propose potential solutions or actions that can be implemented to improve user cybersecurity behavior in the education sector, particularly in Indonesia.
KeywordsAi User cybersecurity.
Manuscript received 12 Apr.
revised 9 Aug.
accepted 25 Oct.
Date of publication 30 Nov.
International Journal on Informatics Visualization is licensed under a Creative Commons Attribution-Share Alike 4.
0 International License.
category of cybercrime.
This particular type of malware is designed to block access to a system or data until the attacker receives the demanded payment .
It is directed at businesses, governments, and consumers.
WannaCry is one instance of ransomware that impacted several systems globally in 2017 .
Until the victim pays the ransom to obtain the decryption key, users are unable to access files or systems .
Information security and computer issues in businesses are influenced by a variety of factors .
User cybersecurity behavior is the primary contributor, accounting for around 95% of the issues .
All user behavior about computer system security is called user cybersecurity behavior.
Encryption, smart cards, firewalls, and biometric technology .
are insufficient to provide sufficient information security if the organization's user cybersecurity behavior is still low .
But most firms aren't paying much attention to user cybersecurity behavior .
Examples of poor user cybersecurity practices that might leave a company vulnerable to cybercrimes include INTRODUCTION Numerous facets of human existence have changed due to ICT and communication technology.
It has simplified corporate procedures and has been implemented in numerous Cybercrime is one of the unforeseen effects of ICT.
Cyberbullying, cyber fraud, spam, ransomware, trolling, phishing, identity theft, and denial of service are examples of cybercrime .
, .
One of the most prevalent categories of cybercrime is thought to be cyberbullying.
It encompasses all types of online harassment, such as doxing, posting someone else's private information online, home address stalking, sexual harassment, framing, breaking into someone else's social media accounts, and posting on their behalf .
Identity theft is the second most prevalent kind of cybercrime, in which someone obtains our personal information and uses it without our permission to take money, open credit accounts, file claims for health insurance, and other purposes .
Ransomware is the third most prevalent cyberloafing, exchanging passwords with other parties, and neglecting to update antivirus software.
Cyberloafing uses company computers and the Internet for private purposes .
, .
Researchers must first ascertain the organization's level of user security behavior to take steps to mitigate this It is possible to enhance user security behavior and guarantee the computer and information security of the organization by determining the level of such behavior.
This paper is organized as follows: Section 2 explains the background of the study and the methods used in making this Section 3 discusses the results and findings of the Finally, section 4 concludes the study and discusses its H51: There is a significant relationship between Misuse Prevention & Compliance and Attitude.
H50: There is no significant relationship between Misuse Prevention & Compliance and Attitude.
H61: There is a significant relationship between Body of Knowledge and Compliance Behavior.
H60: There is no significant relationship between Body of Knowledge and Compliance Behavior.
H71: There is a significant relationship between Attitude and Compliance Behavior.
H70: There is no significant relationship between Attitude and Compliance Behavior.
H81: There is a significant relationship between Attitude and Behavioral Intervention H80: There is no significant relationship between Attitude and Behavioral Intervention.
H91: There is a significant relationship between Behavioral Intervention and Compliance Behavior.
H90: There is no significant relationship between Behavioral Intervention and Compliance Behavior.
H101: There is a significant relationship between Technology and Misuse Prevention & Compliance.
H100: There is no significant relationship between Technology and Misuse Prevention & Compliance.
H111: Skills serve as an intermediary between Knowledge and H110: Skills do not serve as an intermediary between Knowledge and attitudes.
H121: Prevention of Abuse & Compliance is an intermediary between Knowledge and attitudes.
H120: Prevention of Abuse & Compliance is not an intermediary between Knowledge and attitudes.
H131: Knowledge serves as an intermediary between Attitudes and Safety Compliance Behavior.
H130: Knowledge does not serve as an intermediary between Attitudes and Safety Compliance Behavior.
H141: Attitudes are an intermediary between Behavioral Interventions and Safety Compliance Behavior.
H140: Attitudes do not serve as an intermediary between Behavioral Interventions and Safety Compliance Behavior.
To obtain the results, it will be analyzed by using the Smart SEM-PLS application version 4.
SEM-PLS analysis is a multivariate statistical method that can be studied in making data collection-free assumptions .
, .
SEM (Structural Equation Model bas.
explores the relationship between variables and validates or rejects hypotheses.
SEM-PLS
estimates the regression between pending variables and isolates the error when measuring pending variables.
The normality of the data distribution indicates the type of test that should be used in data analysis.
that is why skewness and kurtosis tests are used in the first step of data analysis.
The decision is between -2 and 2, which indicates a normal In the estimation done, the indicator data appears to be typically scattered.
The conceptual model can be visualized as shown in Fig.
II.
MATERIALS AND METHOD
Factors Influence User Security Behavior Based on the considerations and the quantitative aspects of this research and its focus, non-probability sampling is considered more appropriate for selecting a sample from the This is because this research only conducts a case study at universities in West Sumatra.
Indonesia.
The population of this study consists of all users of the university's cybersecurity system.
The simple random sampling method .
was used.
The sample was randomly selected, comprising ten percent of the total population.
This study determined the total population of respondents to be 1,550 people.
A sample of ten percent was randomly selected, resulting in 155 respondents.
The questionnaire comprises two sections: (A) Respondent demographics and (B) Factors influencing user In section B, respondents will provide their views on the given statements by marking their answers using a 4point Likert scale.
From the hypothesized theoretical framework, there are seven factors/constructs, namely misuse prevention and compliance .
, body of knowledge .
, skill .
, behavioral intervention .
, attitude .
, compliance behavior .
, and technological support .
This study's hypothesis is based on a literature review that addresses the relationship between the examined variables.
Several hypotheses of this study are as follows:
H11: There is a significant relationship between Knowledge Base and Attitude.
H10: There is no significant relationship between knowledge base and Attitude.
H21: There is a significant relationship between Knowledge Base and Skills.
H20: There is no significant relationship between knowledge base and Skills.
H31: There is a significant relationship between Body of Knowledge and Misuse Prevention & Compliance.
H30: There is no significant relationship between Body of Knowledge and Misuse Prevention & Compliance.
H41: There is a significant relationship between Skill and Attitude.
H40: There is no significant relationship between Skill and Attitude.
Fig.
1 Conceptual Model The information in Table 1 shows that the skewness and kurtosis for each indicator are between -2 and 2.
hence, the data distribution for each indicator is estimated to be normally distributed.
Therefore, this data set can be ensured to generate valid and unbiased statistical analysis results.
RESULT AND DISCUSSION
Measurement of Relationship between Factors .
Descriptive Statistics:
Descriptive statistics is a process used to describe the work and summarize the data concisely and clearly.
The main goal is to present comprehensive information about the data's features, patterns, and relationships under observation.
This is the first step in analyzing data and can provide a deep understanding of the phenomenon under study.
The descriptive analysis includes minimum, maximum, standardized difference, skewness, and kurtosis statistics.
Finally, descriptive analysis summarizes the main findings found in the data.
It provides a better understanding of the underlying features and patterns of the phenomenon of Table 2 shows that the mean score for the factor structure for misuse prevention and compliance has a mean score of 12 (SD=0.
with a skew of 0.
317 and kurtosis of -0.
Body of knowledge has a mean score of 3.
51 (SD=0.
with a skew of -0.
219 and kurtosis of -0.
Proficiency has a mean score of 3.
21 (SD=0.
with a skew of -0.
105 and kurtosis of -0.
Behavioral interventions had a mean score range of 3.
31 (SD=0.
with a skew of 0.
417 and kurtosis 0.
Attitudes had a mean score range of 3.
29 (SD=0.
with a skew of 0.
473 and kurtosis -0.
Security compliance behavior has a mean score of 3.
34 (SD=0.
with a skew of 0.
377 and kurtosis -1.
348, and Technology has a mean score of 3.
34 (SD=0.
with a skew of -0.
042 and Here, all variables show a normal data distribution as the statistical skewness and kurtosis are between -2 and 2.
In the statistical methodology of SEM-PLS, the size model must first be assessed before the structured model is The main factor in determining the quality of the TABLE I NORMALITY ASSESSMENT Indicators Deviation Statistics Kurtosis Statistics Misuse Prevention and Compliance 1 Misuse Prevention and Compliance 2 Misuse Prevention and Compliance 3 Misuse Prevention and Compliance 4 Body of Knowledge 1 Body of Knowledge 2 Body of Knowledge 3 Body of Knowledge 4 Skill 1 Skill 2 Skill 3 Skill 4 Behavior Intervention 1 Behavior Intervention 2 Behavior Intervention 3 Behavior Intervention 4 Attitude1 Attitude 2 Attitude 3 Attitude 4 Compliance Behavior 1 Compliance Behavior 2 Compliance Behavior 3 Compliance Behavior 4 Technology Support1 Technology Support1 2 Technology Support1 3 Technology Support1 4 size model is to assess the convergent and discriminant validity of the size model .
, .
Latent Variables TABLE II
DESCRIPTIVE STATISTICS
Variables Misuse Prevention and Compliance Body of Knowledge Skill Behavioral Intervention Attitude Security Compliance Behavior Technology Average Min Max Tilt Kurtosis Misuse Prevention and Compliance Security Compliance Behavior SD= Standard deviation.
Min=Minimal.
Max=Maximum Since the first-stage measure model shown in Fig.
2 is a fully bounced measure model, convergent validity assessment, criteria such as indicator loading.
Cronbach Alpha () confidence.
Composite confidence (A) and mean variance extracted (PVE)/AVE were used.
Skill Technology Indicators Body of Knowledge 2 Body of Knowledge 3 Body of Knowledge 4 Misuse Prevention and Compliance 2 1 Misuse Prevention and Compliance 2 Misuse Prevention and Compliance 3 Misuse Prevention and Compliance 4 Security Compliance Behavior 1 Security Compliance Behavior 2 Security Compliance Behavior 3* Security Compliance Behavior 4 Skill 1 Skill 2 Skill 3 Skill 4 Technology 1 Technology 2 Technology 3* Technology 4 Loading The process of removing indicators that had loadings below the recommended 0.
Three indicators were discarded in this process, i.
Behavioral Intervention 3.
Behavioral Security Compliance 3, and Technology 3.
The loading values for each indicator were scrutinized each time the one item with the lowest loading value was removed.
This process was repeated until the indicators that had loadings below 0.
6 were indicators with loadings below 0.
6 were discarded because they did not have good multiple relationships with other indicators, as shown in Table 4.
TABLE IV
MEASUREMENT FRAMEWORK INDICATOR LOADINGS (AFTER CFA)
Fig.
2 Size Model Stage 1 Latent Variables .
Indicator Loading of the Measurement Framework:
The research framework was developed based on the literature review with theoretical background.
Hence, confirmatory factor analysis (CFA) was considered a suitable approach for this research.
CFA investigates whether the measured variables are consistent with our understanding of the variables and indicators in the research framework.
Table 3 shows the indicator loading decision of the first size This result shows several indicators that have loading values below the recommended threshold of 0.
Therefore, all these indicators must be removed first to achieve unidimensionality for each construct.
Attitude Behavioral Intervention Behavioral Intervention 4 Body of Knowledge 1 Body of Knowledge 2 Body of Knowledge Body of Knowledge 3 Body of Knowledge 4 Misuse Prevention and Compliance 1 Misuse Prevention andMisuse Prevention and Compliance 2 Compliance Misuse Prevention and Compliance 3 Misuse Prevention and Compliance 4 Security Compliance Behavior 1 Security Compliance Security Compliance Behavior 2 Behavior Security Compliance Behavior 4 Skill 1 Skill 2 Skill Skill 3 Skill 4 Technology 1 Technology Technology 2 Technology 4 TABLE i MEASUREMENT FRAMEWORK INDICATOR LOADING (BEFORE CFA) Latent Variables Attitude Behavioral Intervention Body of Knowledge Indicators Attitude 1 Attitude 2 Attitude 3 Attitude 4 Behavioral Intervention 1 Behavioral Intervention 2 Behavioral Intervention 3* Behavioral Intervention 4 Body of Knowledge 1 Indicators Attitude 1 Attitude 2 Attitude 3 Attitude 4 Behavioral Intervention 1 Behavioral Intervention 2 Loading Loading Cronbach Alpha () and Reliability Composite (A), with the decision of AVE higher loaded to the respective latent constructs compared to the latent construct balances .
, .
In conclusion, this discriminant assessment shows that indicator loadings are clearly different relative to the structure expressed in the theoretical framework.
Hence, this study shows discriminant conditions for all hidden constructs.
its findings agree with the results of the Fornell-Larcker discriminant analysis.
Table 7 shows the effect of independent constructs on the dependent constructs for the first stage of the measurement For the first stage, the effect of the independent construct (Body of Knowledge and Technolog.
and its intermediate constructs (Behavioral security compliance, skills, attitude, and misuse prevention & Complianc.
while the dependent construct (Attitud.
The constructs used at this stage result from the measure framework obtained from the previous CFA (Confirmatory Factor Analysi.
Table 5 shows the assessment results of two types of reliability.
Cronbach Alpha () and composite reliability (A), with the AVE results for each embedded construct in the first rule assessment framework.
Both reliability assessments show that all latent constructs have a good level of reliability, as the lowest value on the reliability composite is 0.
828, and the Cronbach Alpha is 0.
Therefore, it can be confirmed that the internal consistency of each construct is sufficient and can serve as evidence of the dimensionality of each construct .
, .
TABLE V
COMPARISON OF PVE.
COMPOSITE RELIABILITY AND CRONBACH ALPHA
Construct
Before item removed After item removed AVE
AVE
Behavioral Intervention Security Compliance Behavior Technology 0.
TABLE VII
THE EFFECT OF INDEPENDENT CONSTRUCTS ON DEPENDENT CONSTRUCTS
Path T Statistics Body of Knowledge -> Skill Body of Knowledge -> Misuse Prevention and Compliance Body of Knowledge -> Attitude Body of Knowledge -> Security Compliance Behavior Behavioral Interventions -> Security Compliance Behavior Skill -> Attitude Misuse Prevention and Compliance -> Attitude Attitude -> Behavioral Interventions Attitude -> Security Compliance Behavior Technology -> Misuse Prevention and Compliance These three indicators have been removed by examining the impact on the convergent validity assessment .
AVE/PVE
= Average Extracted Varianc.
Composite Trustworthiness, and Cronbach Alpha.
Behavioral Indicator Complying with Security 3 (Loading=0.
was the first to be removed as it had the lowest loading value.
These three indicators were necessary and helpful to remove from the analysis as they could all improve the convergent validity assessment .
, mean Explained Variance and Composite Reliabilit.
Fornell-Larcker Table 6 shows the discriminant analysis results for the first stage assessment framework using the Fornell-Larcker criterion .
The power AVE values for each hidden construct have been calculated using this methodology.
It was also used to compare the relationship values between the hidden constructs.
According to the analysis, the power point value of AVE is greater than the outer factor of the borders.
Therefore, it confirms that this first stage assessment framework has achieved discriminant even with no constructs accounting for the same thing, and the indicators accounting for each construct show a greater relationship than the relationship between the hidden variables.
Fig.
3 Size Model stage 2
TABLE VI
FORNELL-LARCKER DISCRIMINANT ASSESSMENT
The significant effect of the independent construct on the dependent construct is identified through the t-statistic value.
A t statistic value exceeding 1.
96 indicates that the effect of an independent hidden variable on the dependent construct is Ten paths have a significant effect, namely from the Knowledge Body construct to the proficiency construct, from the Knowledge Body construct to the Misuse Prevention and Compliance construct, from the Knowledge Body construct to the Attitude construct, from the Knowledge Body construct to the Security Behavior construct, from the Behavioral Intervention construct to the Behavior of Security Compliance, from the Proficiency construct to the Attitude construct, from the Misuse Prevention and Compliance construct to the Attitude construct, from the Attitude construct to the Behavioral Intervention construct, from the Attitude .
Attention: Constructs.
=Body of Knowledge.
=Behavioral Interventions.
=Knowledge.
=Misuse Prevention Compliance.
=Attitude.
=Technology.
=Security Compliance Behavior.
AVE of each construct and element other than the bullet value is the value of the intermediate relationship between the constructs.
With this assessment, the discriminant state of the latent constructs holds when the loading levels of the target indicators to measure the respective latent constructs are construct to the Behavior of Security Compliance construct and from the Technology construct to the Misuse Prevention and Compliance construct.
can be shown in Fig.
Table 9 shows the detailed analysis of forecast linkage assessment for endogenous constructs with their respective exogenous constructs.
The result of the analysis found that the Knowledge Body construct has a small relationship to the Behavioral Intervention construct (Q2=0.
Proficiency (Q2=0.
Misuse prevention and compliance (Q2=0.
Attitude (Q2=0.
, and Security compliance behavior construct (Q2=0.
In conclusion, the endogenous constructs in this framework can be predicted by their respective endogenous constructs as they have Q2 statistics that exceed zero .
Thus, this framework has sufficient forecasting power to predict the respective endogenous constructs .
Structured Framework Assessment The main element discussed in this section is assessing a specific structured framework.
As stated earlier, the valuation of structured trusses is based on various methodologies.
These methodologies consist of determination pivot (R.
, forecast multiplication (Q.
, and size effect assessment .
for structured frames.
This section also needs to assess the pass intervals of both structured frameworks.
The following small
section will discuss the assessment details of both structured TABLE IX
PREDICTIVE RELEVANCE OF ENDOGENOUS CONSTRUCTS
Determination Percentage (R.
Forecast Percentage (Q.
, and Impression Rating .
In SEM-PLS investigations, most attention is paid to the explained variance of endogenous hidden constructs, which is measured through the use of estimating the covariance .
The exogenous hidden constructs each explain variation in the endogenous hidden constructs.
This estimation shows the amount of this variation.
Referring to Table 8, the R2 value for the construct Security compliance behavior is 0.
The value indicates that 5% of the total variation of this construct is explained by the three exogenous constructs .
Attitude.
Body of Knowledge, and Behavioral Intervention.
In comparison, other factors explain the remaining 95% of the variation.
The R2 for this endogenous construct has a moderate level of variation .
, .
, .
, .
, .
Endogenous VL Behavioral Interventions Skill Misuse Prevention and Compliance Attitude Security Compliance Behavior Note Medium Small Medium Medium Big An equally important assessment in structured framework assessment is the effect size .
of exogenous constructs on endogenous constructs .
Table 10 shows that the construct Body of knowledge has a negligible effect on Proficiency .
2=0.
Misuse Prevention and compliance .
2=0.
Attitude .
2=0.
, and Security Compliant Behavior .
2=0.
Next, the Proficiency construct has a negligible effect on Attitude .
2=0.
Misuse Prevention and compliance .
2=0.
, the attitude construct has a significant effect on Intervention .
2=0.
, the Attitude construct has a medium effect on Use prevention and compliance .
2=0.
and the Attitude construct has a significant effect on Security Compliant Behavior .
2=0.
Finally, the technology construct has a medium effect on Misuse Prevention and compliance .
2=0.
TABLE Vi
ASSESSMENT STRUCTURED FRAMEWORK R2
Endogenous VL Behavioral Interventions Skill Misuse Prevention and Compliance Attitude Security Compliance Behavior Note Medium Small Medium Medium Large TABLE X EFFECT SIZE (F.
ENDOGENOUS CONSTRUCT OF A STRUCTURED FRAMEWORK
e2 In addition, the analysis also found that the variation in the endogenous constructs Behavioral Intervention, proficiency.
Misuse prevention, and Attitude was explained by the exogenous construct Knowledge body at 28.
2% (R2=0.
7% (R2=0.
, 32.
2% (R2=0.
6% (R2=0.
Almost all of these values are moderate except proficiency at a low level.
However, for the study of even better results, the R2 values need to be increased by future The value was improved by incorporating more variables into the framework studied and increasing the number of respondents studied.
As suggested by other principal investigators in the context of SEM-PLS, a Stone-Geisser (Q.
assessment was conducted to measure the overall predictive relevance of the endogenous hidden constructs in this Framework.
However, this assessment is limited to the reflective endogenous latent The value of Q2 is zero.
This means that each reflective construct in this framework, i.
, behavioral intervention constructs, skills, misuse prevention, and perspectives, have sufficient predictive linkage with their respective exogenous constructs.
The Q2 assessment decision can be found in Table 9 .
VL Endogenous: Skill VL Exogenous: Body of Knowledge VL Endogenous: Misuse Prevention and Compliance VL Exogenous: Body of Knowledge VL Endogenous: Skill VL Exogenous: Body of Knowledge VL Endogenous Security Compliance Behavior VL Exogenous: Body of Knowledge VL Endogenous: Attitude VL Exogenous: Skill VL Endogenous: Attitude VL Exogenous: Misuse Prevention and Compliance VL Endogenous: Behavioral Interventions VL Exogenous: Attitude VL Endogenous: Misuse Prevention and Compliance VL Exogenous: Attitude VL Endogenous: Security Compliance Behavior VL Exogenous: Attitude VL Endogenous: Misuse Prevention and Compliance VL Exogenous: Technology Note 107 Small 037 Small 086 Small 050 Small 046 Small 093 Small 393 Large 294 Medium 404 Large 294 Medium With the above three statistical analyses performed, the structured work-frame has met the minimum criteria for determining peptide (R.
, forecast correlation (Q.
, and effect size .
Therefore, the structured framework proposed in Figure 4.
8 can be assessed.
increases, the mean score of Attitude will also increase.
Furthermore, if the mean score for misuse prevention and compliance increases, the mean score for attitude will also Furthermore, if the mean score of Attitude increases, the mean score of Behavioral intervention and Security compliance behavior will also increase.
Furthermore, if the mean score of technology increases, the mean score of Misuse prevention & compliance will also increase.
Path Coefficient Evaluation Table 11 shows the results of the route multiplication in the proposed structured framework Fig.
The results show that all the routes, i.
BoK E SK.
BoK E MDC.
BoK E AT.
BoK E SCB.
BI ESCB.
SK E AT.
MDC E AT.
AT E BI.
AT E SCB.
TS EMDC have t values exceeding 1.
Thus, all routes have significant effects from exogenous to endogenous constructs.
Assessment of Delivery Impression In transmission analysis, the predominant researchers state that testing direct and indirect effects through the bootstrap route procedure, also known as bootstrap, is essential to confirm the existence of transmission effects .
This method is better stated than Baron and Kenny.
Hair et al.
suggested, the t-test procedure has been used to assess the indirect effects of the bootstrap procedure.
Testing Delivery Impressions:
The effects analysis aims to examine the intermediary effects between several proposed pathways.
Table 12 shows the results of the indirect effects of mediation analysis for the structured framework.
The results indicate that the indirect effect of the BoKESKEBI pathway is significant .
ndirect effect coefficient = 0.
135, t=3.
072, p <0.
Furthermore, the BoKESKEAT pathway is significant .
ndirect effect coefficient = 0.
103, t=2.
638, p<0.
, the ATEBIESCB pathway is significant .
ndirect effect coefficient = 0.
t=3.
184, p<0.
, and the BoKEATESCB pathway is significant .
ndirect effect coefficient = 0.
151, t=2.
p<0.
Additionally, the BoKESKEATESCB pathway is significant .
ndirect effect coefficient = 0.
135, t=3.
p<0.
, and the TSEMDCEATESCB pathway is significant .
ndirect effect coefficient = 0.
154, t=2.
p<0.
These effects suggest that these indirect effects are important coefficients at the 99% confidence interval, as the observed t-value for these indirect effects is greater than the 99% critical t-statistic value .
, observed t-value > 2.
The following results indicate that the indirect effect of the SKEATEBI pathway is significant .
ndirect effect coefficient = 0.
112, t=2.
264, p <0.
, and the BoKESKEATEBI pathway is significant .
ndirect effect coefficient = 0.
035, t=2.
033, p<0.
Furthermore, the BoKEMDCEATEBI pathway is significant .
ndirect effect coefficient = 0.
154, t=2.
734, p<0.
, the MDCEATEBI pathway is significant .
ndirect effect coefficient = 0.
t=2.
176, p<0.
, and the TSEMDCEATEBI pathway is significant .
ndirect effect coefficient = 0.
065, t=2.
p<0.
Additionally, the MDCEATEBIESCB pathway is significant .
ndirect effect coefficient = 0.
109, t=2.
p<0.
, the SKEATESCB pathway is significant .
ndirect effect coefficient = 0.
053, t=2.
318, p<0.
, and the BoKEMDCEATESCB pathway is significant .
ndirect effect coefficient = 0.
112, t=2.
264, p<0.
Furthermore, the MDCEATESCB pathway is significant .
ndirect effect coefficient = 0.
035, t=2.
033, p<0.
These effects indicate that these indirect effects are important coefficients at the 95% confidence interval, as the observed t-value for these indirect effects is greater than the 95% critical t-statistic value .
, observed t-value > 1.
Fig.
4 Structured Framework Evaluation TABLE XI
STRUCTURED FRAMEWORK OF PATH COEFFICIENTS
Path
BoK E SK
BoKE MDC
BoK E AT BoK E SCB
BI E SCB
SK E AT
MDC E AT
AT E BI
AT E SCB
TS EMDC
PL T-Value P-Value Result Significant Significant Significant Significant Significant Significant Significant Significant Significant Significant Attention: BoK=Knowledge Body.
SK=Skills.
MDC=Misuse Prevention and AT=Attitude.
SCB=Security Behavior.
BI=Behavioral Intervention.
*Percentage is significant at 95% confidence level (*) if tstatistic >1.
<0.
and percentage is significant at 99% confidence level (**) if t-statistic >2.
<0.
The analysis showed that the body of knowledge exerted significant .
on proficiency, misuse prevention & compliance, attitude, and security compliance behavior, respectively, with =0.
311, =0.
353, =0.
256, and =.
Behavioral interventions provided a significant .
effect on security compliance behaviors with =0.
Proficiency is significant .
on Attitude, i.
, =0.
Misuse prevention and compliance are significant .
to attitude, i.
, =0.
Attitude is significant .
to Behavioral intervention and Behavioral compliance, =0.
and =0.
518, respectively.
Seterus Technology gives significant .
to the Prevention of misuse and compliance, i.
, =0.
Therefore, it can be concluded that if the mean body of knowledge increases, then the mean proficiency, prevention of misuse & compliance, attitudes, and behaviors of complying with security will also increase.
Similarly, if the mean score of Behavioral interventions increases, then the mean score of Security compliance behaviors will also Furthermore, if the mean score of proficiency TABLE Xi
BOOTSTRAP CONFIDENCE INTERVALS FOR INDIRECT EFFECTS STRUCTURED
However, the analysis also shows that the indirect effect for the BoKEMDCEAT pathway is insignificant .
ndirect effect coefficient = 0.
021, t=1.
424, p>0.
Additionally, the TSEMDCEAT pathway is not significant .
ndirect effect t=1.
p>0.
BoKEATEBIESCB pathway is not significant .
ndirect effect coefficient = 0.
005, t=1.
071, p>0.
, and the SKEATEBIESCB pathway is not significant .
ndirect effect coefficient = 0.
084, t=1.
632, p>0.
Furthermore, the BoKESKEATEBIESCB pathway is not significant .
ndirect effect coefficient = 0.
024, t=1.
457, p>0.
, and the BoKEMDCEATEBIESCB pathway is not significant .
ndirect effect coefficient = 0.
009, t=1.
278, p>0.
These effects are insignificant because the observed t-value for these indirect effects is less than the 95% critical t-statistic value .
, observed t-value < 1.
FRAMEWORK
T-Value p-Value 0,003 95% Bootstrap Confidence Interval (Indirect Effect Coefficien.
BoK E SK E AT Bok E MDC E
BoK
ESCB
ATE BI ESCB
T-bootstrap Path BCA-bootstrap .
025, 0.
020, 0.
044, 0.
043, 0.
069, 0.
073, 0.
011, 0.
009, 0.
Note: Partial Mediation.
TS = Not Significant.
KTLP = Indirect Effect Coefficient.
a Path coefficient is significant at the 95% confidence level (*) if t-statistic > 1.
<0.
and significant at the 99% confidence level () if t-statistic > 2.
<0.
**.
In conclusion, it can be summarized that Skills (SK) mediate the correlation between Body of Knowledge (BoK) and Attitude (AT), as evidenced by the observed t-values and the 95% bootstrap confidence interval analysis of the indirect effect coefficients.
Misuse Prevention (MDC) provides complete mediation in the correlation between Body of Knowledge (BoK) and Attitude (AT).
Furthermore.
Attitude (AT) also mediates the correlation between Skills (SK) and Security Compliance Behavior (SCB).
Additionally.
Behavioral Intervention (BI) mediates the correlation between Attitude (AT) and Security Compliance Behavior (SCB).
TABLE XII
ANALYZE THE INDIRECT EFFECTS OF THE STRUCTURED FRAMEWORK
Path Analysis KTLP
BoK E SK E BI
SK E AT E BI
BoK E SK E AT EBI
BoK E MDC E AT E BI
MDC E AT E BI
TS E MDC E AT E BI
BoK E SK E AT BoK E MDC EAT
TS EMDC EAT
BoK EAT EBI ESCB
SK E AT E BI ESCB
BoK ESK E AT E BI
ESCB
BoK E MDC E AT E BI 0.
ESCB
AT E BI ESCB
MDC E AT E BI ESCB
TS EMDC EAT EBI E 0.
SCB
BoK E AT E SCB
SK EAT E SCB
BoK ESK EAT ESCB BoK EMDC EAT ESCB 0.
MDC EAT ESCB
TS EMDC EAT E SCB
Path Analysis KTLPa .
Classification of Mediation Effects Through partial and full mediation concepts, this study uses procedures derived from the study by Zhao et al.
and aligns with the study by Baron and Kenny .
According to Hair et al.
, if the indirect effect is significant, the research must determine whether the direct effect is significant to classify the construct as indirect only .
ull mediatio.
, complementary mediation .
artial mediatio.
, or competitive mediation .
artial Indirect-only mediation occurs if the direct effect is found to be insignificant.
The research can differentiate between complementary and competitive mediation if the direct effect is For the mediation effects in the second regulatory framework, as shown in Table 14.
TABLE XIV
BOOTSTRAP CONFIDENCE INTERVALS FOR INDIRECT EFFECTS STRUCTURED
Note: BoK = Body of Knowledge.
SK = Skills.
MDC = Misuse Prevention and Compliance.
AT = Attitude.
SCB = Security Compliance Behavior.
BI =
Behavioral Intervention.
TS = Not Significant.
KTLP = Indirect Effect Coefficient.
a Coefficient is significant at the 95% confidence level (*) if tstatistic > 1.
<0.
and significant at the 99% confidence level () if tstatistic > 2.
<0.
**.
FRAMEWORK
KTLPa (Indirect Effect Coefficien.
PCa PLa BoK EAT 0.
Types of Mediation BoK E SK Partial Mediation E AT Bok E MDC 0.
BoKE AT 0.
256 Partial Mediation E AT BoK E AT 0.
BoK E
187 Partial
ESCB
SCB
Mediation ATE BI AT E SCB 0.
518 Partial
ESCB
Mediation Note: Partial Mediation.
NS = Not Significant.
ITCE = Indirect Effect Coefficient.
PC = Path Coefficient.
aPath coefficient is significant at the (*) confidence level if t-statistic > 1.
< 0.
and the coefficient is significant at the 99% confidence level (**) if t-statistic > 2.
< 0.
Path Equally important, a bootstrap confidence interval assessment for each indirect effect was also conducted and reported in the mediation effect test.
Table 13 shows the results of the 95% bootstrap confidence interval.
From the Table, it was found that the bootstrap confidence interval for these indirect effects includes zero for all types of bootstrap confidence interval analyses.
Therefore, this confirms that mediation effects exist for the indirect coefficients.
Evidence from this analysis indicates that the paths of indirect effects (Table .
are consistent with the observed t-values of the indirect effects (Table .
Path It can be concluded that Skills .
SK) provide partial mediation effects on the correlation between Body of Knowledge .
BoK) and Attitude .
AT).
Misuse Prevention and Compliance .
MDC) provide partial for these indirect effects are less than 95% of the critical tstatistic values .
, observed t < 1.
The response rate analysis indicates a rate of 86%.
SEMPLS analysis has demonstrated that the indicators used in this study possess a high ability to clarify the issues of interest.
The evaluation criteria for SEM-PLS, including indicator loadings.
Cronbach's Alpha (), composite reliability (A), and Fornell-Larcker discriminant analysis, confirm that all indicators meet the minimum evaluation criteria.
The measurement framework shows an acceptable level of capability for addressing the research phenomena of interest in this study.
The SEM-PLS path results show that an increase in the average level of Knowledge Body leads to an increase in the average level of Skills.
Prevention of Misuse & Compliance.
Attitudes, and Security Compliance Behavior.
Similarly, an increase in the average level of Behavioral Intervention leads to an increase in the average level of Security Compliance Behavior.
Furthermore, an increase in the average level of Skills leads to an increase in the average level of Attitudes.
An increase in the average level of Prevention of Misuse and Compliance leads to an increase in the average level of Attitudes.
An increase in the average level of Attitudes also leads to an increase in the average levels of Behavioral Intervention and Security Compliance Behavior.
Additionally, an increase in the average level of Technology leads to an increase in the average level of Prevention of Misuse & Compliance.
Path coefficient assessments also show that the Knowledge Body has the largest contribution effect on Prevention of Misuse and Compliance, as the path coefficient value is the highest among the endogenous constructs from Knowledge Management Practices.
Skills.
Attitudes, and Security Compliance Behavior follow, ignoring negative and positive The analysis also indicates that the Knowledge Body has a significant .
effect on Skills.
Prevention of Misuse & Compliance.
Attitudes, and Security Compliance Behavior.
Behavioral Intervention has a significant .
effect on Security Compliance Behavior.
Skills have a significant .
effect on Attitudes.
Prevention of Misuse and Compliance has a significant .
effect on Attitudes.
Attitudes have a significant .
effect on both Behavioral Intervention and Security Compliance Behavior.
Technology has a significant .
effect on Prevention of Misuse and Compliance, as the path coefficient value has a t-statistic above 1.
mediation effects on the correlation between Body of Knowledge .
BoK) and Attitude .
AT).
Attitude .
AT) provides partial mediation effects on the correlation between Body of Knowledge .
BoK) and Compliance Behavior .
SCB).
Behavioral Intervention .
BI)
provides partial mediation effects on the correlation between Attitude .
AT) and Compliance Behavior .
SCB).
Discussion of Findings Table 15 shows the results of the indirect effect analysis for the third structural framework.
The results indicate that the indirect effect of the BoKIeSKIeBI path is significant .
ndirect effect coefficient = 0.
135, t = 3.
072, p < 0.
Similarly, the BoKIeSKIeAT path is significant .
ndirect effect coefficient = 0.
103, t = 2.
638, p < 0.
, as is the ATIeBIIeSCB path .
ndirect effect coefficient = 0.
132, t = 184, p < 0.
Additionally, the BoKIeATIeSCB path is significant .
ndirect effect coefficient = 0.
151, t = 2.
760, p < .
, and the BoKIeSKIeATIeSCB path is significant .
ndirect effect coefficient = 0.
135, t = 3.
072, p < 0.
Furthermore, the TSIeMDCIeATIeSCB path is significant .
ndirect effect coefficient = 0.
154, t = 2.
734, p < 0.
These effects indicate that the indirect effects are significant at the 99% confidence interval because the observed t-values for these indirect effects are greater than 99% of the critical tstatistic values .
, observed t > 2.
The following results show that the indirect effect of the SKIeATIeBI path is significant .
ndirect effect coefficient = 112, t = 2.
264, p < 0.
Similarly, the BoKIeSKIeATIeBI path is significant .
ndirect effect coefficient = 0.
035, t = 2.
033, p < 0.
, and the BoKIeMDCIeATIeBI path is significant .
ndirect effect coefficient = 0.
154, t = 2.
734, p < 0.
The MDCIeATIeBI path is also significant .
ndirect effect coefficient = 0.
055, t = 176, p < 0.
, as is the TSIeMDCIeATIeBI path .
ndirect effect coefficient = 0.
065, t = 2.
376, p < 0.
Additionally, the MDCIeATIeBIIeSCB path is significant .
ndirect effect coefficient = 0.
109, t = 2.
535, p < 0.
, and the SKIeATIeSCB path is significant .
ndirect effect coefficient = 0.
053, t = 2.
318, p < 0.
The BoKIeMDCIeATIeSCB path is significant .
ndirect effect coefficient = 0.
112, t = 264, p < 0.
, and the MDCIeATIeSCB path is significant .
ndirect effect coefficient = 0.
035, t = 2.
033, p < 0.
These effects indicate that the indirect effects are significant at the 95% confidence interval because the observed t-values for these indirect effects are greater than 95% of the critical tstatistic values .
, observed t > 1.
However, the analysis also shows that the indirect effects for the BoKIeMDCIeAT path are not significant .
ndirect effect coefficient = 0.
021, t = 1.
424, p > 0.
Similarly, the TSIeMDCIeAT path is not significant .
ndirect effect coefficient = 0.
018, t = 1.
159, p > 0.
The BoKIeATIeBIIeSCB path is not significant .
ndirect effect coefficient = 0.
005, t = 1.
071, p > 0.
, and the SKIeATIeBIIeSCB path is not significant .
ndirect effect coefficient = 0.
084, t = 1.
632, p > 0.
The BoKIeSKIeATIeBIIeSCB path is not significant .
ndirect effect coefficient = 0.
024, t = 1.
457, p > 0.
, and the BoKIeMDCIeATIeBIIeSCB path is not significant .
ndirect effect coefficient = 0.
009, t = 1.
278, p > 0.
These are considered not significant because the observed t-values TABLE XV
SUMMARY OF CORRELATION HYPOTHESIS TEST RESULTS
Hypothesis H1: There is a significant relationship between Knowledge and Attitude.
H2: There is an important correlation between Knowledge and Skills.
H3: There is an important correlation between Knowledge Bodies and Misuse Prevention & Compliance.
H4: There is a significant correlation between Skills and Attitudes.
H5: There is a significant correlation between Misuse Prevention & Compliance and Attitude.
Result
Statistics Analysis Support
PLS-SEM
Support Support Support Support Hypothesis Result H6: There is a significant correlation between Knowledge and Security Compliance Behavior.
H7: There is a significant correlation between Attitude and Security Compliance Behavior.
H8: There is a significant correlation between Attitude and Behavioral Intervention.
H9: There is a significant correlation between Behavioral Interventions and Security Compliance Behavior.
H10: There is a significant correlation between Technology and the Prevention of Misuse & Compliance.
Support average level of Attitudes.
Additionally, an increase in the average level of Attitudes leads to an increase in the average levels of Behavioral Intervention and Security Compliance Behavior.
Moreover, an increase in the average level of Technology leads to an increase in the average level of Prevention of Misuse & Compliance.
This study is significant in helping university service employees understand the importance of maintaining information security.
To enhance data validity, it is recommended that the study incorporate both qualitative and quantitative methods.
Statistics Analysis Support
Support
Support
Support
ACKNOWLEDGMENT
The authors thank the Yayasan Universitas Putra Indonesia "YPTK" Padang and Universiti Kebangsaan Malaysia for supporting this research.
It can also be concluded that Skills fully mediate the correlation between Knowledge Body and Attitudes.
Prevention of Misuse and Compliance provides a full mediating effect on the correlation between Knowledge Body and Attitudes.
Attitudes provide a full mediating effect on the correlation between Knowledge Body and Security Compliance Behavior.
Behavioral Intervention provides a full mediating effect on the correlation between Attitudes and Security Compliance Behavior.
The summary of the mediation hypothesis results is shown in Table 16.
REFERENCES