In this paper, the authors discuss employees’ beliefs about their abilities to competently use computer information security tools in the determination of effective information security practices within organizations. In the first section the authors present a background about information security practices at work. Then, the authors present a research approach based on social cognitive theory ...

ICT resources are important assets of any organization and the protection of these resources are equally important. To be able to protect themselves and their profitability, many organizations have established information security awareness programs. In order for a security awareness program to add value to an organization and at the same time make a contribution to the field of information sec...

The primary goal of this study is to examine the relationship between managerial information security awareness and managerial actions toward information security for the purpose of putting stress on the significant roles of managerial information security awareness in an organization’s total information security performance. Under the assumption that managerial actions toward information secur...

Compliance and systems misuse has been the focus of researchers in the last couple of years. However, given that voids in this area is still significant and systems abuse is a pressing issue likely to persist in the future, more investigation is needed in this area. Toward this end, we conducted a research study to help understand factors motivating compliance behavior intentions. Drawing on Th...

TUBITAK National Research Institute of Electronics and Cryptology (UEKAE) Department of Information Systems Security makes social engineering attacks to Turkish public agencies within the frame of “Information Security Tests” [19]. This paper will make an analysis of the social engineering tests that have been carried out in several Turkish public agencies. The tests include phone calling to sa...

Employees’ information security awareness (ISA) is a key antecedent of information security behavior. However, to date we know very little about the factors that are responsible for some employees having a higher level of ISA than others. Our study addresses this gap. We propose a model that comprises institutional, individual, and environmental factors preceding ISA. The model was empirically ...