Åtgärder för förbättrad säkerhetsmedvetenhet om organisatoriska riktlinjer

Joseph, Niclas, Rönnqvist, Ludvig

January 2024

In recent years, both the private and the government sector in Sweden have seen an increase in currentcyber and IT-related attacks. Despite a trend of increased technological aspects, investment securityincidents and breaches continue to rise. Organizations tend to overlook the importance of users, while statistics show that the majority of security incidents occur when an employee undermines existingcontrols. As a result of these incidents and attacks, IT security has become one of the most relevantand rapidly growing areas of focus in modern IT security. Employee awareness of organizational rules and guidelines is critical to ensuring a last line of defense. This study is carried out in a municipality in northern Sweden, where previous surveys show a trendof naivety and a lack of IT security. The Swedish municipalities have an important missioninfrastructure protection of sensitive sensitivity and information about their citizens. It is therefore particularly important that such an organization can demand and communicate thenecessary IT security requirements to its employees. In this study, we examine employees' awareness,perception and behavior towards the municipality's guidelines for information security, studies have identified potential measures that can contribute to increasing employees' security awareness and compliance with security measures and guidelines at an organizational level. The study uses qualitative methods to collect and analyze employees' awareness, perception and behavior towards information security guidelines. The method for collecting empirical evidenceconsists of two parts. Primary data is collected through a total of six semi-structured interviews, and secondary data is collected through the policy, rules, guidelines and security guidelines in document form. The analysis is carried out to point out potential patterns, regularities, specific deviations or underlying causes. The study found that employees show high general awareness of IT security, quick awareness of specific security measures and guidelines is slightly worse. The study presents five central measures and areas of action to improve precise awareness: Adaptation of the introductory training and additional training in relevant IT security areas, clearer communication channels between management, clarifying and developing an IT security policy in joint action.

IT-säkerhet

IT-säkerhetsmedvetenhet

Policy

IT-Riktlinjer

Information Systems