Abstract
The protection of sensitive data is crucial for the success of corporate operations. As the threats to information security in the supply chain become more prevalent, companies face the potential for significant damage. Recognizing the increased importance of information as a critical asset, organizations must prioritize data safeguarding even more. Extensive research has shown that maintaining information security throughout the supply chain is vital for both companies and individuals. The main goal of this thesis is to uncover and thoroughly examine information security threats that impact the supply chain, offering effective strategies for organizations to mitigate these risks. Notably, there is limited existing research on addressing the human aspect of information security within supply chains, particularly concerning insider threats.This research is grounded in three theories, including General Deterrent Theory, Social Bond Theory, Theory of Planned Behaviour, and Management Control Mechanisms. It contributes significantly to the body of knowledge by examining and evaluating the influence of these theories on threat mitigation in the supply chain in Nigeria. The research proposes a model to reduce information security threats in the supply chain, serving as a decision-making tool and reference guide for manufacturing companies. The study employed a mixed-method approach, utilizing both qualitative and quantitative methods to answer the research question and achieve its objectives. Data collection involved 498 usable online questionnaires from 150 companies, using a non-probability convenience sampling technique. The collected data underwent analysis using Structural Equation Modeling (SEM) with Partial Least Squares (PLS). Additionally, semi-structured interviews were conducted with nine subject experts with relevant experience from nine companies, and content analysis was utilized to complement the validation of the constructs.
The results indicate that top management support, attitude, and self-efficacy have a positive relationship in mitigating information security threats in the supply chain. Further analysis reveals that commitment has a positive relationship with attitude and self-efficacy in mitigating information threats. Rewards have a positive relationship with attitude, subjective norms, and a direct relationship with information security. Sanctions are significantly related to attitude and subjective norms, except for self-efficacy. Surprisingly, monitoring/evaluation has a positive relationship with attitude, subjective norms, and self-efficacy in mitigating information security threats in the supply chain. The study's final results demonstrate the appropriateness and robustness of the developed model. They also suggest that any attempt to investigate employees’ behavior in information security threats in the supply chain will be incomplete unless all three theories (GDT, SBT, and TPB) and control mechanisms are considered. Lastly, the study proposes several guidelines to assist organizations in building and maintaining a successful secure information security in supply chain.
| Date of Award | Aug 2023 |
|---|---|
| Original language | English |
| Awarding Institution |
|
| Supervisor | Muhammad Mustafa Kamal (Supervisor), Rebwar Kamal Gharib (Supervisor) & Mahdi Bashiri (Supervisor) |