Establishing an Information Security Awareness and Culture
Date
20152015
Author
Subject
Metadata
Show full item recordAbstract
In today’s business environment all business operations are enabled by technology. Its always on and connected nature has brought new business possibilities but at the same time has increased the number of potential threats. Information security has become an established discipline as more and more businesses realize its value. Many surveys have indicated the importance of protecting valuable information and an important aspect that must be addressed in this regard is information security awareness. The human component has been recognized to have an important role in information security since the only way to reduce security risks is through making employees more information security aware. This also means that employees take responsibility of their actions when dealing with information in their everyday activities. The research is concentrated mainly on information security concepts alongside their relation to the human factor with evidence that users remain susceptible to information security threats, thus illustrating the need for more effective user training in order to raise the level of security awareness. Two surveys were undertaken in order to investigate the potential of raising security awareness within existing education systems by measuring the level of security awareness amongst the online population. The surveys analyzed not only the awareness levels and needs of students during their study and their preparation towards entering the workforce, but also whether this awareness level changes as they progress in their studies. The results of both surveys established that the awareness level of students concerning information security concepts is not at a sufficient level for students entering university education and does not significantly change as they progress their academic life towards entering the workforce. In respect to this, the research proposes and develops the information security toolkit as a prototype awareness raising initiative. The research goes one step further by piloting and evaluating toolkit effectiveness. As an awareness raising method, the toolkit will be the basis for the general technology user to understand the challenges associated with secure use of information technology and help him assess its current knowledge, identify lacks and weaknesses and acquire the required knowledge in order to be competent and confident users of technology.
Collections
Publisher
Commissioning body
The following license files are associated with this item:
Related items
Showing items related by title, author, creator and subject.
-
Information security burnout: Identification of sources and mitigating factors from security demands and resources
Cong Pham, H; Brennan, L; Furnell, SMThis study examines how information security burnout can develop from complying with organisational security demands, and whether security burnout can be reduced by engaging organisational and personal resources. The Job ... -
A generic Information Security framework for Mobile Systems
Sharma, Ajith (University of Plymouth, 2007)Mobile devices have faced tremendous changes in the past few years. Mobile devices are now tending to blend in to the category of pes. The mobile devices now are a useful blend of software and hardware, which are now ... -
GLOBAL THREATS, LOCAL PROTECTION: INFORMATION SECURITY AWARENESS & TRAINING
AL-GHATAM, HAMZA (University of Plymouth, 2006)Information security awareness is what should be looked at, after security products failed to deal with the huge security problems that facing computer user. All signs show that security products by its own can't handle ...