The role of user awareness in the information technology and security governance nexus - evidence from Ghana's banking industry

This study proposes a model to explain the interplay among information security governance, information technology governance, and information security awareness, with guidance from the information security governance theoretical lens. Employing a questionnaire survey with a sample size of 300 and structural equation modelling, the study revealed several key relationships: business/IT strategic alignment positively correlates with information technology governance, underscoring the importance of aligning IT strategies with broader organisational goals. Weak but consistent positive relationship is identified between value delivery and information technology governance, emphasising the link between extracting value from IT investments and effective governance. Contrary to expectations, risk management and information security governance exhibit an inverse relationship. Information security awareness shows a significant but inverse relationship with information security governance. Both resource management and information technology governance, as well as performance measurement and information technology governance, demonstrate no significant relationships, suggesting that adept resource management and performance monitoring alone may not ensure enhanced governance. Moreover, no significant relationship is found between information security governance and information technology governance, indicating a limited influence of managing information security on overall information technology governance practices. The study concludes by offering recommendations to stakeholders within the domain based on the outlined findings.