Information Security Policy And Compliance In Oil And Gas Organizations-A Pilot Study

Abstract

Purpose- Oil and gas organizations considered as the backbone of every country’s economy. Information
security attacks on these organizations have been increased rapidly in the last decade. Oil and gas
organizations often invest in technical solutions to mitigate information security risks. Whereas, most
information security attacks occur due to internal employees’ negligence towards information security
policy. This paper based on the pilot study to analyze appropriate information security governance and
social bonding effects on oil and gas organizations employee’s behavior towards information security policy
compliance.
Research methodology- This paper is survey-based research, and a self-administered questionnaire was used
for data collection. Survey items were adapted from different authentic studies. All items were measured
through a 1 to 5 Likert-scale from 1 strongly disagree to 5 strongly agree. The survey was conducted in an
oil refinery’s IT department.
Findings- This research indicates that appropriate information security governance and information security
awareness improves social bonding, and good social bonding between employees can enhance information
security policy compliance in oil and gas organizations.
Conclusion- Oil and gas organizations must invest in employee’s education and training regarding
information security. Moreover, the alignment of security policies and procedures are needed in oil and gas
organizations. Our paper shows that information security policy compliance can be improved with the
effectiveness of governance towards security education training and awareness, security policy and
procedures, physical security monitoring, and risk assessment and analysis.