Measures for improving information security management in organisations: the impact of training and awareness programmes

Security breaches have attracted corporate attention and major organisations are now determined to stop security breaches as they are detrimental to their success. Users’ security awareness and cautious behaviour play an important role in information security both within and outside the organisation. Arguably the most common factor contributing to these breaches is that of human behaviour towards security, which suggests that changes in human behaviour can have an impact on improving security. One of the measures suggested to modify employee behaviour is through training and awareness-raising. However, before effective training and awareness programmes can be developed to achieve this aim, it is essential to understand what factors influence user behaviour and attitudes to information security. For this study, interviews with employees within the public and private sector were conducted to explore factors that influence security behaviour when using information. Our findings offer some preliminary recognition of implications for the designs of more effective training and awareness programmes that assure and sustain, in the long term, the appropriate behaviour towards security. Keywords—Information security, awareness, security behaviour, training and awareness programme, qualitative research.