Establishing a Personalized Information Security Culture

2012 ◽  
pp. 53-69 ◽  
Author(s):  
Shuhaili Talib ◽  
Nathan L. Clarke ◽  
Steven M. Furnell
Keyword(s):  
Information Security ◽  
Home Environment ◽  
Security Culture ◽  
Information Security Awareness ◽  
Use Of Technology ◽  
Awareness Programs ◽  
Awareness Raising ◽  
Knowledge And Practice ◽  
Information Security Culture ◽  
Individual Security

Good security cannot be achieved through technical means alone and a solid understanding of the issues and how to protect one’s self is required from users. Whilst many initiatives, programs and strategies have been proposed to improve the level of information security awareness, most have been directed at organizations. Given people’s use of technology is primarily focused between the workplace and home; this paper seeks to understand the knowledge and practice relationship between these environments. Through a developed survey, it was identified that the majority of the learning about information security occurred in the workplace, where clear motivations, such as legislation and regulation, existed. Results found that users were more than willing to engage with such awareness raising initiatives. From a comparison of practice between work and home environments, it was found that this knowledge and practice obtained at the workplace was transferred to the home environment. Given this positive transferability of knowledge and the willingness to learn about how to remain secure, an opportunity exists to move away from specific organizational awareness programs and to move towards awareness raising strategies that will develop an all-round individual security culture for users independent of the environment they are operating in.

Establishing A Personalized Information Security Culture

2011 ◽  
Vol 3 (1) ◽  
pp. 63-79 ◽  
Author(s):  
Shuhaili Talib ◽  
Nathan L. Clarke ◽  
Steven M. Furnell
Keyword(s):  
Information Security ◽  
Home Environment ◽  
Security Culture ◽  
Information Security Awareness ◽  
Use Of Technology ◽  
Awareness Programs ◽  
Awareness Raising ◽  
Knowledge And Practice ◽  
Information Security Culture ◽  
Individual Security

Good security cannot be achieved through technical means alone and a solid understanding of the issues and how to protect one’s self is required from users. Whilst many initiatives, programs and strategies have been proposed to improve the level of information security awareness, most have been directed at organizations. Given people’s use of technology is primarily focused between the workplace and home; this paper seeks to understand the knowledge and practice relationship between these environments. Through a developed survey, it was identified that the majority of the learning about information security occurred in the workplace, where clear motivations, such as legislation and regulation, existed. Results found that users were more than willing to engage with such awareness raising initiatives. From a comparison of practice between work and home environments, it was found that this knowledge and practice obtained at the workplace was transferred to the home environment. Given this positive transferability of knowledge and the willingness to learn about how to remain secure, an opportunity exists to move away from specific organizational awareness programs and to move towards awareness raising strategies that will develop an all-round individual security culture for users independent of the environment they are operating in.

scholarly journals Building an effective information security awareness program

2020 ◽  
Vol 338 ◽  
pp. 189-200
Author(s):  
Ildikó Legárd
Keyword(s):  
Information Security ◽  
Human Factor ◽  
Significant Risk ◽  
Security Awareness ◽  
Security Culture ◽  
Information Security Awareness ◽  
Weakest Link ◽  
Awareness Program ◽  
Awareness Programs ◽  
And Behavior

Many researchers and experts in the field of information security agree that the user is the weakest link in an organization’s chain of information security. Even if the system’s and the stored data’s physical and logical protection is well developed, the human factor exposes security to significant risk. The effective protection against the threats is to provide security awareness through implementing a well-developed and successful Information Security Awareness Program. Although organizations are able to recognize the importance of information security awareness, the implementation of the awareness programs can be difficult. The aim of this study is to help organizations to develop an effective Information Security Awareness Program tailored to the characteristics of the organization. The paper presents how we can build a program that influences and improves the user’s knowledge, attitude and behavior the most towards information security and makes positive changes in the security culture of an organization. To achieve that goal, the study identifies the key elements of the implementation, compares traditional awareness programs with modern trainings and highlights the importance of communication channels and methods. There is no single solution to improve information security, the essay summarizes and shows the most effective techniques that experts can use in order to seize the user’s attention toward information security, to establish credibility and trust, and to motivate action.

Information Security Awareness

2009 ◽  
pp. 307-324 ◽  
Author(s):  
Gary Hinson
Keyword(s):  
Information Security ◽  
Technical Information ◽  
Security Awareness ◽  
Educational Activities ◽  
Security Culture ◽  
Information Security Awareness ◽  
Security Controls ◽  
Employee Communications ◽  
Awareness Programs ◽  
Security Awareness Training

This chapter highlights the broad range of factors that are relevant to the design of information security awareness programs, primarily by reference to the literature. It emphasizes the need to supplement technical information security controls with security awareness, training and educational activities to address human vulnerabilities. It outlines requirements noted in standards, laws and regulations, and explains the value of motivational employee communications techniques in creating a security culture.

The Contributions of Information Security Culture and Human Relations to the Improvement of Situational Awareness

2012 ◽  
pp. 10-28 ◽  
Author(s):  
Janne Merete Hagen
Keyword(s):  
Information Security ◽  
Situational Awareness ◽  
Near Miss ◽  
Business Practices ◽  
Human Relations ◽  
Security Culture ◽  
General Deterrence ◽  
Information Security Awareness ◽  
Technical Theory ◽  
Information Security Culture

The chapter gives an overview of business practices and how people and human relations influence situational awareness and information security in an organization. There is still a long way to go in training employees in information security and improving employees’ information security awareness. Motivated and trained employees have the ability to detect and report security weaknesses and breaches, including near-miss incidents, and in this way, they may provide a valuable defense-in-depth-capability that is often lacking. The chapter discusses two approaches to overcome the barriers to building situational awareness promulgated in the general deterrence theory and socio-technical theory.

Predicting information security culture among employees of telecommunication companies in an emerging market

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Nurul Asmui Azmi Md Azmi ◽  
Ai Ping Teoh ◽  
Ali Vafaei-Zadeh ◽  
Haniruzila Hanifah
Keyword(s):  
Information Security ◽  
Emerging Market ◽  
Mediating Effect ◽  
Security Awareness ◽  
Content Type ◽  
Security Culture ◽  
Information Security Awareness ◽  
The Relationship ◽  
Information Security Culture ◽  
Telecommunications Companies

Purpose The purpose of this study is to examine factors, which influence information security culture among employees of telecommunications companies. The motivation for this study was the rise in the number of data breach incidents caused by the organizations’ own employees. Design/methodology/approach A total of 139 usable responses were collected via a Web-based questionnaire survey from employees of Malaysian telecommunications companies. Data were analysed by using SmartPLS 3. Findings Security education, training and awareness (SETA) programmes and information security awareness were found to have a positive and significant impact on Information Security Culture. Additionally, self-reported employees’ security behaviour was found to act as a partial mediator on the relationship between information security awareness and information security culture. Research limitations/implications The study was cross-sectional in nature. Therefore, it could not measure changes in population over time. Practical implications The empirical data provides a new perspective on significant elements that influence information security culture in an emerging market. Organizations in the telecommunications industry can now recognize that SETA programmes and information security awareness have a significant impact on information security culture. Employees’ security behaviour also mediates the relationship between information security awareness and information security culture. Originality/value This is the first study to analyse the mediating effect of employees’ security behaviour on the relationship between information security awareness and information security culture in the Malaysian telecommunications context.

Success in Security Awareness

ITNOW ◽  
2020 ◽  
Vol 62 (4) ◽  
pp. 50-51
Author(s):  
Federico Iaschi
Keyword(s):  
Information Security ◽  
Security Awareness ◽  
Security Culture ◽  
Information Security Awareness ◽  
Awareness Programme ◽  
Information Security Culture

Abstract Information security culture can affect your business, both good and bad. Federico Iaschi, MBCS CISSP CISM, describes the crucial steps that help develop a successful information security awareness programme.

Empowering Adolescents Through Instilling Information Security Culture in Zimbabwean Schools

2022 ◽  
pp. 146-162
Author(s):  
Trymore Z. Ruvinga ◽  
Theo Tsokota ◽  
Colletor Tendeukai Chipfumbu Kangara ◽  
Pamela T. Nyambuya
Keyword(s):  
Focus Group ◽  
Information Security ◽  
Secondary School ◽  
School Children ◽  
Security Culture ◽  
Secondary School Education ◽  
Excellent Opportunity ◽  
Use Of Technology ◽  
Information Security Culture ◽  
Deliberate Effort

There is an excellent opportunity to ensure that information security culture (ISU) is embedded in school children before they are employed in the industry. However, for the majority of time spent in primary and secondary school education, pupils are alienated from supervised use of technology, making it difficult to teach pupils proper use of technology. Thus, there is no deliberate effort to empower and impart ISC to school pupils in Zimbabwe. The purpose of this study is to develop a framework for instilling information security culture in secondary school pupils. Based on the literature, the first version of the framework was developed and subjected to a focus group for review. Data from this focus group was analysed, resulting in a second improved version of the framework. Consequently, it was shown that the framework was relevant, useful, and applicable within Zimbabwean settings.

The formation of information security culture of college students

2019 ◽  
pp. 29-36
Author(s):  
I. D. Rudinskiy ◽  
D. Ya. Okolot
Keyword(s):  
College Students ◽  
Information Security ◽  
Information Society ◽  
Technical Aspect ◽  
Data Sources ◽  
Structural Components ◽  
Security Culture ◽  
The Individual ◽  
Information Security Culture ◽  
Ability And Willingness

The article discusses aspects of the formation of information security culture of college students. The relevance of the work is due to the increasing threats to the information security of the individual and society due to the rapid increase in the number of information services used. Based on this, one of the important problems of the development of the information society is the formation of a culture of information security of the individual as part of the general culture in its socio-technical aspect and as part of the professional culture of the individual. The study revealed the structural components of the phenomenon of information security culture, identified the reasons for the interest in the target group of students. It justifies the need for future mid-level specialists to form an additional universal competency that ensures the individual’s ability and willingness to recognize the need for certain information, to identify and evaluate the reliability and reliability of data sources. As a result of the study, recommendations were formulated on the basis of which a culture of information security for college students can be formed and developed and a decomposition of this process into enlarged stages is proposed. The proposals on the list of disciplines are formulated, within the framework of the study of which a culture of information security can develop. The authors believe that the recommendations developed will help future mid-level specialists to master the universal competency, consisting in the ability and willingness to recognize the need for certain information, to identify and evaluate the reliability and reliability of data sources, as well as to correctly access the necessary information and its further legitimate use, which ultimately forms a culture of information security.

Sign in / Sign up

Export Citation Format

Share Document