The Role of Libraries in Creating a Safer Cyberspace: Awareness of Estonian Library Employees in Information Security

Abstract

The purpose of the study was to find out the knowledge, attitude and behavior of library employees related to information security in seven areas of the information security policy involving employees: password management, use of email, use of the Internet, use of social media, use of mobile devices, handling of information and reporting of cyber incidents. The theoretical part provides an overview of the importance of the topic in the context of libraries, the reasons why information security and cyber security must be at the same high level in libraries as, for example, in banks or healthcare institutions – we can only imagine what would happen if the digitized cultural memory of Estonia disappears or user data is leaked. The HAIS-Q (Human Aspects of Information Security Questionnaire) developed by Parsons et al. was used to collect data in order to assess information security awareness (ISA) within the organization. The method is based on three factors developed by the same authors: the Knowledge-Attitude-Behavior (KAB) model, which determines the security awareness of employees. The target group of the online questionnaire was Estonian librarians. A total of 388 librarians from public, research, school and specialist libraries responded to the survey. The mean and standard deviation of each focus area, descriptive statistics, Cronbach’s coefficient and Pearson correlation analysis were used to achieve the research objective. The results revealed that the chosen methodology is well suited for assessing the cyber literacy of not only library staff, but also the staff of all memory institutions (archives, museums) and identifying training needs.