Capítulo 3. Cobertura y focalización.
89. Con base en los indicadores de gestión y productos del programa, ¿el programa mostró progreso en la realización de sus Actividades y en la entrega de sus
Table (4. 28): Domain Ten: Compliance
# Question St rongly Dis ag ree Dis ag re e N eit her Agr ee nor Dis ag re e Agr ee St rongly Agree R esp on se s
Mean % Sign Test
# 0 5 16 15 5
64 All relevant statutory,
regulatory and contractual requirements were explicitly defined and documented for each information system. Specific controls and individual responsibilities to meet these requirements were defined and documented. % 0 12.2 39 36.6 12.2 41 2.49 62.20 .002 # 0 8 14 14 5 65 There exist and well
implemented some procedures to ensure compliance with legal restrictions on use of material in respect of which there may be intellectual property rights (copyright, design rights, trade marks).
% 0 19.5 34.1 34.1 12.2
41 2.39 59.76 .0271
# 0 3 6 19 12
66 There is a
management structure and control in place to protect data and privacy of personal information.
% 0 7.5 15 47.5 30
40 2.93 73.17 .0000
# 1 6 10 18 6
67 All areas within the
organization are considered for regular review to ensure compliance with security policy, standards and procedures. % 2.4 14.6 24.4 43.9 14.6 41 2.54 63.41 .002 # 0 2 7 19 13 68 Access to system
audit tools such as software or data files are protected to prevent any possible misuse or
compromise.
% 0 4.9 17.1 46.3 31.7
41 3.05 76.22 .0000
The results related to domain ten (Compliance), shown in Table (4.28) denote the following facts:
-In reference to paragraph (64): little less than one halve of Palestinian IT companies (48.8%) defined and documented all relevant statutory, regulatory and contractual requirements for each information system, while other companies (12.2%) do not defined and document such kind of requirements. This is due to the fact that the mean of responses to this paragraph is 2.49 with a significance level of 0.002 for the sign test, which is less than 0.05.
-In reference to paragraph (65): less than one halve of companies (46.3%) have and well implement some procedures to ensure compliance with legal restrictions on use of material in respect of which there may be intellectual property rights, while other companies (19.5%) do not have such kind of procedures. This is due to the fact that the mean of responses to this paragraph is 2.39 with a significance level of 0.0271 for the sign test, which is less than 0.05.
-In reference to paragraph (66): most of companies (77.5%) have a management structures and controls to protect data and privacy of personal information, while other companies (7.5%) do not have such kind of structure and control. This is confirmed since the mean of responses to this paragraph is 2.93 with a significance level of 0.0000 for the sign test, which is less than 0.05.
-In reference to paragraph (67): less than two thirds of companies (58.5%) considering all areas for regular review to ensure compliance with security policy, while other companies (17%) do not consider that areas for regular review. This is due to the fact that the mean of responses to this paragraph is 2.54 with a significance level of 0.002 for the sign test, which is less than 0.05.
-In reference to paragraph (68): most of companies (78%) protecting the access to system audit tools to prevent any misuse or compromise, while other companies (4.9%) do not protect the access to system audit tools. This is confirmed since the mean of responses to this paragraph is 3.05 with a significance level of 0.0000 for the sign test, which is less than 0.05.
Testing Hypothesis 10:
There is a significant effect for Compliance with legal requirements on the effectiveness of Information Security Management in Palestinian Information Technology companies.
To test this hypothesis, the researcher used the sign test to check the significance of the Compliance domain.
Table (4. 29): Sign test results of the domain Compliance
Domain Mean % Sign Test
Compliance 2.69 67.25 .0003
The results in Table (4.29) show that the mean of responses on the domain “Compliance” questions is 2.69 and its percentage weight is 67.25%, and the value of sign test is 0.0003 which is less than 0.05. This confirmed that the Compliance with legal requirements in the Palestinian IT companies affecting the effectiveness of Information Security Management in these companies to some extent. This agrees with the study of (Luthy and Forcht, 2006) which stated that organizations worldwide lack explicit references to information management. The authors also added that that awareness of applicable laws and regulations, along with their potential impacts on information management systems, is critical for compliance.
According to the previous results we can accept the hypothesis “There is a significant
effect for Compliance with legal requirements on the effectiveness of Information Security Management in Palestinian Information Technology companies”
Testing Hypothesis 11:
There are differences denoting a statistical significance between Information Technology companies in Palestine in applying the Information Security Management attributed to the following variables:
-Company age in IT field. -Type of Operating Systems. -Staff qualifications.
-Staff experience years
-Company main working field -Yearly security budget
To test this hypothesis the researcher uses Kruskal-Wallis test for testing the differences between IT companies in applying Information Security Management.
The hypothesis separated into six sub hypotheses and every sub hypothesis tested separately.
Testing Hypothesis 11.1
There are differences denoting a statistical significance between Information Technology Companies in Palestine in applying Information Security Management due to Companies age in IT field.
Table (4. 30): Kruskal-Wallis test for testing the differences between IT companies in applying Information Security Management due to the company age in IT field
# Variable Significance Df Chi-Square
1 Information Security Management 0.505 3 2.34
The results in the table (4.30) show that the significance of Information Security Management is above 0.05, this denotes that there are no differences between IT companies in applying Information Security Management due to the company age in IT filed.
According to these results; we cannot accept the sub hypothesis “There are differences
denoting a statistical significance between Information Technology Companies in Palestine in applying Information Security Management due to Companies age in IT field”
Testing Hypothesis 11.2
There are differences denoting a statistical significance between Information Technology Companies in Palestine in applying Information Security Management due to the type of Operating Systems.
Table (4. 31): Kruskal-Wallis test for testing the differences between IT companies in applying Information Security Management due to the type of Operating Systems
# Variable Significance Df Chi-Square
1 Information Security Management 0.073 2 5.22
The results in the table (4.31) show that the significance of Information Security Management is above 0.05, this denotes that there are no differences between IT companies in applying Information Security Management due to the Operating system.
According to these results; we cannot accept the sub hypothesis “There are differences
denoting a statistical significance between Information Technology Companies in Palestine in applying Information Security Management due to the type of Operating Systems”
Testing Hypothesis 11.3
There are differences denoting a statistical significance between Information Technology Companies in Palestine in applying Information Security Management due to Staff Qualifications.
Table (4. 32): Kruskal-Wallis test for testing the differences between IT companies in applying Information Security Management due to Staff Qualifications
# Variable Significance Df Chi-Square
1 Information Security Management 0.188 1 1.73
The results in the table (4.32) show that the significance of Information Security Management is above 0.05, this denotes that there are no differences between IT companies in applying Information Security Management due to Staff Qualifications.
According to these results we cannot accept the sub hypothesis “There are differences
denoting a statistical significance between Information Technology Companies in Palestine in applying Information Security Management due to Staff Qualifications”
Testing Hypothesis 11.4
There are differences denoting a statistical significance between Information Technology Companies in Palestine in applying Information Security Management due to Staff Experience Years.
Table (4. 33): Kruskal-Wallis test for testing the differences between IT companies in applying Information Security Management due to Staff Experience Years.
# Variable Significance Df Chi-Square
1 Information Security Management 0.201 1 1.63
The results in the table (4.33) show that the significance of Information Security Management are above 0.05, this denotes that there are no differences between IT companies in applying Information Security Management due to Staff Experience Years.
According to these results we cannot accept the sub hypothesis “There are differences
denoting a statistical significance between Information Technology Companies in Palestine in applying Information Security Management due to Staff Experience Years”
Testing Hypothesis 11.5
There are differences denoting a statistical significance between Information Technology Companies in Palestine in applying Information Security Management due to the Company Main Working Field.
Table (4. 34): Kruskal-Wallis test for testing the differences between IT companies in applying Information Security Management due to the Company Main Working Field
# Variable Significance Df Chi-Square
1 Information Security Management 0.868 3 0.723
The results in the table (4.34) show that the significance of Information Security Management is above 0.05, this denotes that there are no differences between IT companies in applying Information Security Management due to the Company Main Working Field.
According to these results we cannot accept the sub hypothesis “There are differences
denoting a statistical significance between Information Technology Companies in Palestine in applying Information Security Management due to the Company Main Working Field”
Testing Hypothesis 11.6
There are differences denoting a statistical significance between Information Technology Companies in Palestine in applying Information Security Management due to Yearly Security Budget.
Table (4. 35): Kruskal-Wallis test for testing the differences between IT companies in applying Information Security Management due to Yearly Security Budget.
# Variable Significance Df Chi-Square
1 Information Security Management 0.055 3 7.58
The results in the table (4.35) show that the significance of Information Security Management is above 0.05, this denotes that there are no differences between IT companies in applying Information Security Management due to Yearly Security Budget.
According to these results we cannot accept the sub hypothesis “There are differences
denoting a statistical significance between Information Technology Companies in Palestine in applying Information Security Management due to Yearly Security Budget”