Mitigating Information Security Risks by Increasing User Security Awareness: A Case Study of an Information Security Awareness System

نویسندگان

  • Charlie C. Chen
  • R. S. Shaw
  • Samuel C. Yang
چکیده

Organizations that lack security awareness can miss detecting many obvious security risks such as Trojans, phishing, viruses, and intellectual property theft in their daily activities. This lack of awareness can render sophisticated Internet security technologies useless and expose the organization to enormous risks. This paper adopts the systems development research methodology to investigate the security awareness needs of an insurance company that has an e-business presence. A pilot of a security awareness system was constructed for this investigative purpose. Various managers in the organization took part in the study. The pilot system was fine-tuned based on the usage experiences and feedback of participants. The findings indicate that the architecture of an information security awareness system needs to provide effective system management components that allow a system manager to customize the system interface in order to meet individual needs. In addition, the system itself needs to provide different functions such as an information portal, newsgroups, discussion forums, histories of security breach events, security awareness activities, and quality articles to facilitate the transmission of awareness concepts. The results of this study provide important lessons for organizations that plan to implement an effective information security awareness system.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Linking student information security awareness and behavioural intent

This study analysed existing theories from the social sciences in order to gain a better understanding of factors which contribute to student mobile phone users’ poor information security behaviour. Two key aspects associated with information security behaviour were considered, namely: awareness and behavioural intent. Researchers have identified the most common cause of poor security practices...

متن کامل

Information Security Policy Compliance: A User Acceptance Perspective

Compliance with information security policies (ISPs) is a key factor in reducing an organization’s information security risks. As such, understanding employees’ compliance behavior with ISPs is an important first step to leverage knowledge worker assets in efforts targeted toward reducing information security risks. This study adapts the Technology Acceptance Model (TAM) to examine users’ behav...

متن کامل

Usability evaluation of the user interface in electronic prescribing systems of Iran Health Insurance Organization and Social Security Organization

Introduction: The e-prescribing system is one of the basic technologies in the health system structure which was developed with the aim of properly managing healthcare resources and services, preventing common manual prescribing errors, and increasing patient safety. Given that the user interface of e-prescribing system is considered as the main factor of user acceptance, the purpose of the pre...

متن کامل

A toolkit approach to information security awareness and education

In today’s business environment where all operations are enabled by technology, information security has become an established discipline as more and more businesses realize its value. The human component has been recognized to have an important role in information security since the only way to reduce security risks is through making employees more information security aware. Towards this goal...

متن کامل

Cyber security for home users: A new way of protection through awareness enforcement

We are currently living in an age, where the use of the Internet has become second nature to millions of people. Not only do businesses depend on the Internet for all types of electronic transactions, but more and more home users are experiencing the immense benefit of the Internet. However, this dependence and use of the Internet bring new and dangerous risks. This is due to increasing attempt...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2007