Towards using pervasive information security education to influence information security behaviour in undergraduate computing graduates

Information security has become increasingly important and is far more than a collection of physical and technical controls. It is widely cited in literature that humans are potentially the ‘weakest link’ when it comes to information security, whether intentionally or unintentionally. For information security to be truly effective, the behaviour and actions of users, with regard to information security, should become part of their daily activities and, ultimately, part of an information security culture. Therefore, it could be argued that graduates entering the employment of an organisation should be aware and properly educated with regard to information security and its related practices. This information security awareness and education should, preferably, be a part of their formalized studies. This is particularly important for those graduates with computing qualifications as they could play a vital role in ensuring the protection of an organisation’s information assets. This paper motivates the need for the implementation of pervasive information security education in computing undergraduate curricula, which could positively influence the information security behaviour of computing graduates. This research is based on a literature study.