scholarly journals Security Awareness Level Evaluation of Healthcare Participants Through Educational Games

2021 ◽  
Vol 8 (3) ◽  
pp. 25-41
Author(s):  
Mario A. Pulido ◽  
Chris W. Johnson ◽  
Ahmed Alzahrani
Keyword(s):  
Information Security ◽  
Educational Games ◽  
Security Policies ◽  
Healthcare Personnel ◽  
Development Theory ◽  
Security Awareness ◽  
Board Game ◽  
Acceptable Use Policy ◽  
Security Incidents ◽  
Awareness Level

The purpose of this paper consists of implementing an educational board game to evaluate the information security awareness level of healthcare personnel. The National Health Service Greater Glasgow and Clyde (NHSGGC) Information Security Acceptable Use Policy was used as a basis to generate the educational content of the board game and Lev Vygotsky’s social development theory was followed for the learning process of the participants. Two evaluations were carried out during this study. The results obtained during the first evaluation showed that it is fundamental to design the board game based on a set of rules in information security enacted by an organization to properly guide the participants with the knowledge they need to counter security incidents. The second evaluation showed that redesigning the content of the board game based on the information security policies of the NHSGGC, resulted in a more effective way of guiding participants on the procedures required for compliance with the policies of this health institution and offer them an understanding of the risks behind security incidents. This was demonstrated during this evaluation since the results obtained gave an approximation that it is possible to increase the level of awareness of information security in people regardless of their area of work or studies.

Are users competent to comply with information security policies? An analysis of professional competence models

2018 ◽  
Vol 31 (5) ◽  
pp. 1047-1068 ◽  
Author(s):  
Aggeliki Tsohou ◽  
Philipp Holtkamp
Keyword(s):  
Information Security ◽  
Professional Competence ◽  
Competency Model ◽  
Security Policies ◽  
Security Awareness ◽  
Content Type ◽  
Compliance Behavior ◽  
Individual Perception ◽  
Perception Of Security ◽  
Competence Models

Purpose Information security policies (ISPs) are used by organizations to communicate rules on the use of information systems (IS). Research studies show that compliance with the ISPs is not a straightforward issue and that several factors influence individual behavior toward ISP compliance, such as security awareness or individual perception of security threats. The purpose of this paper is to investigate the competencies associated with users’ ISP compliance behavior. Design/methodology/approach In order to reveal the competencies that are associated with the users’ ISP compliance behavior, the authors systematically analyze the ISP compliance literature and the authors develop an ISP compliance competency model. The authors then target to explore if IS users are equipped with these competencies; to do so, the authors analyze professional competence models from various industry sectors and compare the competencies that they include with the developed ISP compliance competencies. Findings The authors identify the competencies associated with ISP compliance and the authors provide evidence on the lack of attention in information security responsibilities demonstrated in professional competence frameworks. Research limitations/implications ISP compliance research has focused on identifying the antecedents of ISP compliance behavior. The authors offer an ISP compliance competency model and guide researchers in investigating the issue further by focusing on the professional competencies that are necessary for IS users. Practical implications The findings offer new contributions to practitioners by highlighting the lack of attention on the information security responsibilities demonstrated in professional competence frameworks. The paper also provides implications for the design of information security awareness programs and information security management systems in organizations. Originality/value To the best of the authors’ knowledge, the paper is the first study that addresses ISP compliance behavior from a professional competence perspective.

Towards the Human Information Security Firewall

2011 ◽  
Vol 1 (2) ◽  
pp. 10-17 ◽  
Author(s):  
Rossouw von Solms ◽  
Matthew Warren
Keyword(s):  
Information Security ◽  
Case Studies ◽  
Social Systems ◽  
Real Life ◽  
Human Security ◽  
Security Awareness ◽  
Security Issues ◽  
Risk Framework ◽  
The Relationship ◽  
Security Incidents

Human security is often forgotten as a major information security factor. This paper explores the security issues that relate to human security and in particular the relationship to risk. The paper also uses case studies of real life security incidents to show the problems and issues that relate to a younger workforce and their lack of security awareness due to their own background and the use of social systems, such as Facebook. The paper also proposes a risk framework that can be used to understand human security issues.

scholarly journals Pengukuran Kesadaran Keamanan Informasi Dan Privasi Pada Pengguna Smartphone Android Di Indonesia

2018 ◽  
Vol 8 (2) ◽  
pp. 115
Author(s):  
Robbi Akraman ◽  
Candiwan Candiwan ◽  
Yudi Priyadi
Keyword(s):  
Information Security ◽  
Personal Data ◽  
Security And Privacy ◽  
Average Level ◽  
Security Issues ◽  
Secondary Use ◽  
The Many ◽  
And Behavior ◽  
Security Incidents ◽  
Awareness Level

Based on statistical data, it is known that Android is the most popular smartphone with the largest number of users in the world, which is about 1.8 billion users. The high number of users also invite the many cases of information security and privacy caused by the lack of awareness of the user such as : spam, spoofing/phising, network incident, malware, uploading something personal data such as photos, phone numbers, addresses or having no antivirus. This study aims to find out about the awareness of the security of information and privacy of Android smartphone users by doing measurement of problem. The awareness has  some dimensions such as attitude, knowledge and behavior with the seven focus areas of information security namely trust in app repository, misconception about app testing, security and agreement message, pirated application, adoption Security control, spam sms and report of security incidents and three focus areas of privacy are perceived surveillance, perceived intrusion, secondary use of information. This research uses analytical hierarchy process (AHP) to measure the level of awareness of information security and privacy of smartphone users. Overall, the results of the research show that information security has an average level of awareness (71%) but the focus area of report for security incidents has a poor level of awareness (37%) this occur because users prefer to solve their own information security issues experienced and privacy has an average level of awareness (76%). However, for secondary use of information in attitude dimension has low awareness level (66%). Based on the results of this study, it can be concluded that smartphone users in Indonesia have a poor awareness level in maintaining security and privacy of their information. 

scholarly journals A Reliable Measure of Information Security Awareness and the Identification of Bias in Responses

2017 ◽  
Vol 21 ◽  
Author(s):  
Agata McCormac ◽  
Dragana Calic ◽  
Marcus Butavicius ◽  
Kathryn Parsons ◽  
Tara Zwaans ◽  
...  
Keyword(s):  
Information Security ◽  
Security Awareness ◽  
Cultural Changes ◽  
Information Security Awareness ◽  
Training Interventions ◽  
Human Aspects ◽  
Current State ◽  
Awareness Programs ◽  
Test Retest Reliability ◽  
Security Incidents

The Human Aspects of Information Security Questionnaire (HAIS-Q) is designed to measure Information Security Awareness. More specifically, the tool measures an individual’s knowledge, attitude, and self-reported behaviour relating to information security in the workplace. This paper reports on the reliability of the HAIS-Q, including test-retest reliability and internal consistency. The paper also assesses the reliability of three preliminary over-claiming items, designed specifically to complement the HAIS-Q, and identify those individuals who provide socially desirable responses. A total of 197 working Australians completed two iterations of the HAIS-Q and the over-claiming items, approximately 4 weeks apart. Results of the analysis showed that the HAIS-Q was externally reliable and internally consistent. Therefore, the HAIS-Q can be used to reliably measure information security awareness. Reliability testing on the preliminary over-claiming items was not as robust and further development is required and recommended. The implications of these findings mean that organisations can confidently use the HAIS-Q to not only measure the current state of employee information security awareness within their organisation, but they can also measure the effectiveness and impacts of training interventions, information security awareness programs and campaigns. The influence of cultural changes and the effect of security incidents can also be assessed. 

Sign in / Sign up

Export Citation Format

Share Document