Information Security Awareness

2009 ◽  
pp. 307-324 ◽  
Author(s):  
Gary Hinson
Keyword(s):  
Information Security ◽  
Technical Information ◽  
Security Awareness ◽  
Educational Activities ◽  
Security Culture ◽  
Information Security Awareness ◽  
Security Controls ◽  
Employee Communications ◽  
Awareness Programs ◽  
Security Awareness Training

This chapter highlights the broad range of factors that are relevant to the design of information security awareness programs, primarily by reference to the literature. It emphasizes the need to supplement technical information security controls with security awareness, training and educational activities to address human vulnerabilities. It outlines requirements noted in standards, laws and regulations, and explains the value of motivational employee communications techniques in creating a security culture.

scholarly journals Building an effective information security awareness program

2020 ◽  
Vol 338 ◽  
pp. 189-200
Author(s):  
Ildikó Legárd
Keyword(s):  
Information Security ◽  
Human Factor ◽  
Significant Risk ◽  
Security Awareness ◽  
Security Culture ◽  
Information Security Awareness ◽  
Weakest Link ◽  
Awareness Program ◽  
Awareness Programs ◽  
And Behavior

Many researchers and experts in the field of information security agree that the user is the weakest link in an organization’s chain of information security. Even if the system’s and the stored data’s physical and logical protection is well developed, the human factor exposes security to significant risk. The effective protection against the threats is to provide security awareness through implementing a well-developed and successful Information Security Awareness Program. Although organizations are able to recognize the importance of information security awareness, the implementation of the awareness programs can be difficult. The aim of this study is to help organizations to develop an effective Information Security Awareness Program tailored to the characteristics of the organization. The paper presents how we can build a program that influences and improves the user’s knowledge, attitude and behavior the most towards information security and makes positive changes in the security culture of an organization. To achieve that goal, the study identifies the key elements of the implementation, compares traditional awareness programs with modern trainings and highlights the importance of communication channels and methods. There is no single solution to improve information security, the essay summarizes and shows the most effective techniques that experts can use in order to seize the user’s attention toward information security, to establish credibility and trust, and to motivate action.

Information Security Awareness On-Line Materials Design with Knowledge Maps

2014 ◽  
pp. 288-303 ◽  
Author(s):  
Ruey-Shiang Shaw ◽  
Huan-Chao Keh ◽  
Nan-Ching Huang ◽  
Tien-Chuan Huang
Keyword(s):  
Information Security ◽  
Learning Performance ◽  
Knowledge Map ◽  
Security Awareness ◽  
Public And Private ◽  
Knowledge Maps ◽  
Information Security Awareness ◽  
Training Materials ◽  
E Learning ◽  
Security Awareness Training

Information Security Awareness, though known as a primary and important issue in the domain of Information Security, CSI computer crime and security survey showed poor security awareness training in public and private sectors. In many studies, the authors have found that the usage of knowledge maps helps the process of learning and conception building. Therefore, the authors have tried to figure out if the implementation of knowledge maps on the training materials of Information Security Awareness will improve the learning performance. Based on the e-learning materials for E-Mail Information Security Awareness, the authors designed them in the format of knowledge maps and compared the learning performance with common browsing-based materials. The results showed the knowledge map-based materials lead to higher learning performance than browse-based ones.

Establishing a Personalized Information Security Culture

2012 ◽  
pp. 53-69 ◽  
Author(s):  
Shuhaili Talib ◽  
Nathan L. Clarke ◽  
Steven M. Furnell
Keyword(s):  
Information Security ◽  
Home Environment ◽  
Security Culture ◽  
Information Security Awareness ◽  
Use Of Technology ◽  
Awareness Programs ◽  
Awareness Raising ◽  
Knowledge And Practice ◽  
Information Security Culture ◽  
Individual Security

Good security cannot be achieved through technical means alone and a solid understanding of the issues and how to protect one’s self is required from users. Whilst many initiatives, programs and strategies have been proposed to improve the level of information security awareness, most have been directed at organizations. Given people’s use of technology is primarily focused between the workplace and home; this paper seeks to understand the knowledge and practice relationship between these environments. Through a developed survey, it was identified that the majority of the learning about information security occurred in the workplace, where clear motivations, such as legislation and regulation, existed. Results found that users were more than willing to engage with such awareness raising initiatives. From a comparison of practice between work and home environments, it was found that this knowledge and practice obtained at the workplace was transferred to the home environment. Given this positive transferability of knowledge and the willingness to learn about how to remain secure, an opportunity exists to move away from specific organizational awareness programs and to move towards awareness raising strategies that will develop an all-round individual security culture for users independent of the environment they are operating in.

Recommendations for information security awareness training for college students

2014 ◽  
Vol 22 (1) ◽  
pp. 115-126 ◽  
Author(s):  
Eyong B. Kim
Keyword(s):  
College Students ◽  
Information Security ◽  
New England ◽  
Web Sites ◽  
Security Awareness ◽  
Awareness Training ◽  
Content Type ◽  
Information Security Awareness ◽  
The Status ◽  
Security Awareness Training

Purpose – The purpose of this paper is to survey the status of information security awareness among college students in order to develop effective information security awareness training (ISAT). Design/methodology/approach – Based on a review of the literature and theoretical standpoints as well as the National Institute of Standards and Technology Special Publication 800-50 report, the author developed a questionnaire to investigate the attitudes toward information security awareness of undergraduate and graduate students in a business college at a mid-sized university in New England. Based on that survey and the previous literature, suggestions for more effective ISAT are provided. Findings – College students understand the importance and the need for ISAT but many of them do not participate in it. However, security topics that are not commonly covered by any installed (or built-in) programs or web sites have a significant relationship with information security awareness. It seems that students learned security concepts piecemeal from variety of sources. Practical implications – Universities can assess their ISAT for students based on the findings of this study. Originality/value – If any universities want to improve their current ISAT, or establish it, the findings of this study offer some guidelines.

Information security awareness training

2012 ◽  
pp. 193-225
Author(s):  
Jack Wiles ◽  
Terry Gudaitis ◽  
Jennifer Jabbusch ◽  
Russ Rogers ◽  
Sean Lowther
Keyword(s):  
Information Security ◽  
Security Awareness ◽  
Awareness Training ◽  
Information Security Awareness ◽  
Security Awareness Training

Information Security Awareness On-Line Materials Design with Knowledge Maps

2011 ◽  
Vol 9 (4) ◽  
pp. 41-56 ◽  
Author(s):  
Ruey-Shiang Shaw ◽  
Huan-Chao Keh ◽  
Nan-Ching Huang
Keyword(s):  
Information Security ◽  
Learning Performance ◽  
Knowledge Map ◽  
Security Awareness ◽  
Public And Private ◽  
Knowledge Maps ◽  
Information Security Awareness ◽  
E Learning ◽  
On Line ◽  
Security Awareness Training

Information Security Awareness, though known as a primary and important issue in the domain of Information Security, CSI computer crime and security survey showed poor security awareness training in public and private sectors. In many studies, the authors have found that the usage of knowledge maps helps the process of learning and conception building. Therefore, the authors have tried to figure out if the implementation of knowledge maps on the training materials of Information Security Awareness will improve the learning performance. Based on the e-learning materials for E-Mail Information Security Awareness, the authors designed them in the format of knowledge maps and compared the learning performance with common browsing-based materials. The results showed the knowledge map-based materials lead to higher learning performance than browse-based ones.

Establishing A Personalized Information Security Culture

2011 ◽  
Vol 3 (1) ◽  
pp. 63-79 ◽  
Author(s):  
Shuhaili Talib ◽  
Nathan L. Clarke ◽  
Steven M. Furnell
Keyword(s):  
Information Security ◽  
Home Environment ◽  
Security Culture ◽  
Information Security Awareness ◽  
Use Of Technology ◽  
Awareness Programs ◽  
Awareness Raising ◽  
Knowledge And Practice ◽  
Information Security Culture ◽  
Individual Security

Good security cannot be achieved through technical means alone and a solid understanding of the issues and how to protect one’s self is required from users. Whilst many initiatives, programs and strategies have been proposed to improve the level of information security awareness, most have been directed at organizations. Given people’s use of technology is primarily focused between the workplace and home; this paper seeks to understand the knowledge and practice relationship between these environments. Through a developed survey, it was identified that the majority of the learning about information security occurred in the workplace, where clear motivations, such as legislation and regulation, existed. Results found that users were more than willing to engage with such awareness raising initiatives. From a comparison of practice between work and home environments, it was found that this knowledge and practice obtained at the workplace was transferred to the home environment. Given this positive transferability of knowledge and the willingness to learn about how to remain secure, an opportunity exists to move away from specific organizational awareness programs and to move towards awareness raising strategies that will develop an all-round individual security culture for users independent of the environment they are operating in.

Information Security Awareness at Saudi Arabians’ Organizations

2012 ◽  
Vol 6 (3) ◽  
pp. 38-55 ◽  
Author(s):  
Zakarya A. Alzamil
Keyword(s):  
Information Security ◽  
Public Relations ◽  
The State ◽  
Security Threats ◽  
Security Awareness ◽  
Organizational Attitudes ◽  
Information Security Awareness ◽  
It Employees ◽  
Awareness Programs ◽  
Saudi Arabians

Information security awareness is human and organizational attitudes which can be described as a behavior or an attitude of an organization and/or its members towards protecting the organization’s information assets. The goal of this paper is to understand the state of the information security awareness at some of the Saudi Arabians’ organizations, i.e., governments and privates by investigating the perception of their information technology’s employees. The author believes that understanding the state of information security awareness of IT employees can give a better understanding of the level of awareness at the entire organization. The results of this study show that most of the IT employees at the surveyed organizations have some misconceptions about information security practices. In addition, many responses indicated that many IT employees are not aware of the internal information security threats. Such results required very urgent actions from the top management of these organizations to consider the information security awareness programs within their public relations and training programs.

Sign in / Sign up

Export Citation Format

Share Document