scholarly journals EFFECTIVE METHODS FOR SUCCESSFUL INFORMATION SECURITY AWARENESS

2021 ◽  
Vol 9 (1) ◽  
pp. 108-127
Author(s):  
Ildikó Legárd
Keyword(s):  
Information Security ◽  
Technological Development ◽  
Real Life ◽  
Communication Channels ◽  
Security Awareness ◽  
Effective Solution ◽  
Information Security Awareness ◽  
Interactive Games ◽  
Awareness Programs ◽  
Digital Competencies

Information security awareness is becoming increasingly important these days. It is not enough to have a well-developed physical and logical protection of the  system and stored data; the users of these systems have to keep up with  technological development and have to be sufficiently aware or cautious when  using these systems. Information Security Awareness Programs provide the most  effective solution for the improvement of users’ information security knowledge  and digital competencies. The aim of this study is to help organisations in finding  and providing an effective way of knowledge transfer. The study identifies the key  elements of the implementation of the awareness programs and highlights the  importance of communication channels and methods. The essay summarises and  shows the most effective techniques that experts can use in order to draw the user’s attention toward information security, like real-life simulation scenarios,  interactive games, themed awareness videos and other gamification techniques. 

scholarly journals Building an effective information security awareness program

2020 ◽  
Vol 338 ◽  
pp. 189-200
Author(s):  
Ildikó Legárd
Keyword(s):  
Information Security ◽  
Human Factor ◽  
Significant Risk ◽  
Security Awareness ◽  
Security Culture ◽  
Information Security Awareness ◽  
Weakest Link ◽  
Awareness Program ◽  
Awareness Programs ◽  
And Behavior

Many researchers and experts in the field of information security agree that the user is the weakest link in an organization’s chain of information security. Even if the system’s and the stored data’s physical and logical protection is well developed, the human factor exposes security to significant risk. The effective protection against the threats is to provide security awareness through implementing a well-developed and successful Information Security Awareness Program. Although organizations are able to recognize the importance of information security awareness, the implementation of the awareness programs can be difficult. The aim of this study is to help organizations to develop an effective Information Security Awareness Program tailored to the characteristics of the organization. The paper presents how we can build a program that influences and improves the user’s knowledge, attitude and behavior the most towards information security and makes positive changes in the security culture of an organization. To achieve that goal, the study identifies the key elements of the implementation, compares traditional awareness programs with modern trainings and highlights the importance of communication channels and methods. There is no single solution to improve information security, the essay summarizes and shows the most effective techniques that experts can use in order to seize the user’s attention toward information security, to establish credibility and trust, and to motivate action.

Information Security Awareness at Saudi Arabians’ Organizations

2012 ◽  
Vol 6 (3) ◽  
pp. 38-55 ◽  
Author(s):  
Zakarya A. Alzamil
Keyword(s):  
Information Security ◽  
Public Relations ◽  
The State ◽  
Security Threats ◽  
Security Awareness ◽  
Organizational Attitudes ◽  
Information Security Awareness ◽  
It Employees ◽  
Awareness Programs ◽  
Saudi Arabians

Information security awareness is human and organizational attitudes which can be described as a behavior or an attitude of an organization and/or its members towards protecting the organization’s information assets. The goal of this paper is to understand the state of the information security awareness at some of the Saudi Arabians’ organizations, i.e., governments and privates by investigating the perception of their information technology’s employees. The author believes that understanding the state of information security awareness of IT employees can give a better understanding of the level of awareness at the entire organization. The results of this study show that most of the IT employees at the surveyed organizations have some misconceptions about information security practices. In addition, many responses indicated that many IT employees are not aware of the internal information security threats. Such results required very urgent actions from the top management of these organizations to consider the information security awareness programs within their public relations and training programs.

Information Security Awareness

2009 ◽  
pp. 307-324 ◽  
Author(s):  
Gary Hinson
Keyword(s):  
Information Security ◽  
Technical Information ◽  
Security Awareness ◽  
Educational Activities ◽  
Security Culture ◽  
Information Security Awareness ◽  
Security Controls ◽  
Employee Communications ◽  
Awareness Programs ◽  
Security Awareness Training

This chapter highlights the broad range of factors that are relevant to the design of information security awareness programs, primarily by reference to the literature. It emphasizes the need to supplement technical information security controls with security awareness, training and educational activities to address human vulnerabilities. It outlines requirements noted in standards, laws and regulations, and explains the value of motivational employee communications techniques in creating a security culture.

scholarly journals A Reliable Measure of Information Security Awareness and the Identification of Bias in Responses

2017 ◽  
Vol 21 ◽  
Author(s):  
Agata McCormac ◽  
Dragana Calic ◽  
Marcus Butavicius ◽  
Kathryn Parsons ◽  
Tara Zwaans ◽  
...  
Keyword(s):  
Information Security ◽  
Security Awareness ◽  
Cultural Changes ◽  
Information Security Awareness ◽  
Training Interventions ◽  
Human Aspects ◽  
Current State ◽  
Awareness Programs ◽  
Test Retest Reliability ◽  
Security Incidents

The Human Aspects of Information Security Questionnaire (HAIS-Q) is designed to measure Information Security Awareness. More specifically, the tool measures an individual’s knowledge, attitude, and self-reported behaviour relating to information security in the workplace. This paper reports on the reliability of the HAIS-Q, including test-retest reliability and internal consistency. The paper also assesses the reliability of three preliminary over-claiming items, designed specifically to complement the HAIS-Q, and identify those individuals who provide socially desirable responses. A total of 197 working Australians completed two iterations of the HAIS-Q and the over-claiming items, approximately 4 weeks apart. Results of the analysis showed that the HAIS-Q was externally reliable and internally consistent. Therefore, the HAIS-Q can be used to reliably measure information security awareness. Reliability testing on the preliminary over-claiming items was not as robust and further development is required and recommended. The implications of these findings mean that organisations can confidently use the HAIS-Q to not only measure the current state of employee information security awareness within their organisation, but they can also measure the effectiveness and impacts of training interventions, information security awareness programs and campaigns. The influence of cultural changes and the effect of security incidents can also be assessed. 

scholarly journals STRESS AS A MEDIATOR BETWEEN RISK AND PROTECTIVE FACTORS AND ONLINE RISKY BEHAVIORS IN ADOLESCENTS

2021 ◽  
Vol 14 (2) ◽  
pp. 149-171
Author(s):  
Tena Velki ◽  
Marija Milić
Keyword(s):  
Life Satisfaction ◽  
Information Security ◽  
Risky Behavior ◽  
Protective Factor ◽  
Real Life ◽  
Risky Behaviors ◽  
Security Awareness ◽  
Information Security Awareness ◽  
Mediating Role

Objective: the aim of the study was to examine the mediating role of stress in associations between online risky behavior and three factors, namely, real-life risky behaviors and information security awareness as risk factors, and life satisfaction as a protective factor. Method: participants were university students (N=883, 40.5% male, and 59.5% female) with an average age of M=21.93 years (SD=4.29). They filled out the Users’ Information Security Awareness Questionnaire, Youth self-reported delinquency and risk behaviors questionnaire, Life satisfaction scale and Perceived Stress Scale. Result: Mediational analysis revealed a mediating role of stress: stress had a partially mediating role in the association between real-life risky behaviors and online risky behavior, making the association stronger. However, stress had a fully mediating role in the association between life satisfaction and online risky behavior, that is, the association was non-significant in the presence of stress. Conclusions: Overall results indicate that stress experienced in real-life situations can be a trigger for online risky behavior in adolescents. Under stressed conditions, adolescents choose to focus on negative outcomes more frequently because they refocus their cognitive resources on emotion regulation and leave inhibitory processes necessary to prevent risky behaviors uncontrolled.

An Effective Cybersecurity Training Model to Support an Organizational Awareness Program

2019 ◽  
Vol 21 (3) ◽  
pp. 26-39 ◽  
Author(s):  
Regner Sabillon ◽  
Jordi Serra-Ruiz ◽  
Victor Cavaller ◽  
Jeimy J. Cano M.
Keyword(s):  
Information Security ◽  
Training Model ◽  
Future Research ◽  
Security Awareness ◽  
Awareness Training ◽  
Human Errors ◽  
Specific Content ◽  
Information Security Awareness ◽  
New Approaches ◽  
Awareness Programs

Traditional cybersecurity, security or information security awareness programs have become ineffective to change people's behavior in recognizing, failing to block or reporting cyberthreats within their organizational environment. As a result, human errors and actions continue to demonstrate that we are the weakest links in cybersecurity. This article studies the most recent cybersecurity awareness programs and its attributes. Furthermore, the authors compiled recent awareness methodologies, frameworks and approaches. The authors introduce a suggested awareness training model to address existing deficiencies in awareness training. The Cybersecurity Awareness TRAining Model (CATRAM) has been designed to deliver training to different organizational audiences, each of these groups with specific content and separate objectives. The authors concluded their study by addressing the need of future research to target new approaches to keep cybersecurity awareness focused on the everchanging cyberthreat landscape.

Sign in / Sign up

Export Citation Format

Share Document