The Impact of Information Security Awareness Training on Information Security Behaviour: The Case for Further Research

نویسندگان

  • Tony Stephanou
  • Rabelani Dagada
چکیده

Information Security awareness initiatives are seen as critical to any information security programme. But, how do we determine the effectiveness of these awareness initiatives? We could get our employees to write a test afterwards to determine how well they understand the policies, but this does not show how it affects the employee’s on the job behaviour. Does awareness training have a direct influence on the security behaviour of individuals, and what is the direct benefit of awareness training? This paper represents a study in progress that aims to answer the question: to what extent does information security awareness training influence information security behaviour? Research carried out on information security has traditionally been slanted towards technical aspects of security, typically rooted in computer science and mathematics. Security was traditionally seen as a service to be provided and not something that was influenced by users. However, it was soon recognised that focusing on technical issues alone is inadequate. Technologies meant to provide security ultimately depend on the effective implementation and operation of these technologies by people. Thus awareness of policies is needed by all individuals in an organisation to ensure that policies are well understood and not misinterpreted. Some researchers have maintained that educating users is futile mainly because it is believed that it is difficult to teach users complex security issues and secondly, because security is seen as secondary by the user they will not pay enough attention to it. This paper reflects research in progress and discusses some of the problems with existing information security awareness research and proposes a model to be tested for examining the impact of information security awareness training on information security behaviour.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Measures for improving information security management in organisations: the impact of training and awareness programmes

Security breaches have attracted corporate attention and major organisations are now determined to stop security breaches as they are detrimental to their success. Users’ security awareness and cautious behaviour play an important role in information security both within and outside the organisation. Arguably the most common factor contributing to these breaches is that of human behaviour towar...

متن کامل

Investigate the Quality of Social Security Organization Policy-Making on Social Security Pensioners Life Style Changes

This article has been done with aims to investigate impact of the quality of social security organization policy-making on pensioners' life style in that organization in the city of Mahabad and based on the criteria of environmental, Economic, Social, Political, Health, Personal security, life expectancy, housing and other services have been research case that are the most important factors tha...

متن کامل

Exploring the Type of Relationship between Information Security Management and Organizational Culture (Case Study in TAM Iran Khodro Co.)

A culture conducive to information security practice is extremely important for organizations since information has to be critical assets in modern enterprises. Thus for understanding and improving the organizational behavior with regard to information security, enterprises may look into organizational culture and examine how it affects the effectiveness of implementing ISM. This study aims ...

متن کامل

An Information Security Training and Awareness Approach (ISTAAP) to Instil an Information Security-Positive Culture

This paper proposes a unique information security training and awareness approach (ISTAAP) that can be used to instil an information security-positive culture which will assist in addressing the risk that human behaviour poses to the protection of information. An information security culture assessment tool is used as the critical diagnostic instrument to assess the information security culture...

متن کامل

Critical Success Factors in implementing information security governance (Case study: Iranian Central Oil Fields Company)

The oil industry, as one of the main industries of the country, has always faced cyber attacks and security threats. Therefore, the integration of information security in corporate governance is essential and a governance challenge. The integration of information security and corporate governance is called information security governance. In this research, we identified "critical success factor...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2008