Global ETD Search

11	A study of information security awareness on teleworking security risks and recommendations since Covid19 pandemic Galajda, Lukas January 2023 (has links) This study is looking at “the changed” world for employees that were lucky and could continue their work from places other than the office since the Covid-19 pandemic outbreak using teleworking tools. Their numbers grew exponentially and while they still had to perform their duties as usual, they could not rely on the security infrastructure built at the office. The attackers saw this immediately and took the opportunity to unleash various techniques with malicious intent. Now the time is right to find out whether the coronavirus pandemic did at least some good and to what extent the remote workers are aware of information security guidelines. This quantitative study begins with the formation of the research question and first thoughts about the research model. Then the search thru the literature thoroughly finds mostly used attacks as well as the best way how to protect against them and the review of theory builds a research model that fits the aim of the study. Thru a quantitative online survey via snowballing method answers from users from all over the world are collected and analyzed and the hypotheses drawn from the model are verified. Lastly, results are discussed, and a conclusion is provided. The study findings are that the teleworkers are quite highly aware of information security awareness or ISA, thanks to sufficient knowledge and attitude towards information security, and in turn, this awareness leads to correct behavior in information security. More specifically, knowledge is more strongly associated with ISA of telework risks than recommendations, attitude, on the other hand, is more strongly related to telework recommendations than the risks, also ISA of telework risks has a greater influence on behavior than ISA of telework recommendations. The contribution of this study is the revelation that the impact of telework and the coronavirus pandemic did not change the course of information security awareness perception in comparison to pre-pandemic studies. Also, thanks to the subcategorization of ISA to risks and recommendations it was revealed that awareness of teleworking risk is quite higher than awareness of recommendations after the Covid-19 period. information security awareness teleworking security risks security recommendations Information Systems
12	Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users Edwards, Keith 01 January 2015 (has links) Attacks on computer systems continue to be a problem. The majority of the attacks target home computer users. To help mitigate the attacks some companies provide security awareness training to their employees. However, not all people work for a company that provides security awareness training and typically, home computer users do not have the incentive to take security awareness training on their own. Research in security awareness and security behavior has produced conflicting results. Therefore, it is not clear, how security aware home computer users are or to what extent security awareness affects the security behavior of home computer users. The goal of this study was to determine if there is a relationship between security awareness and users practicing good security behavior. This study adapted its research model from the health belief model (HBM), which accesses a patient’s decision to perform health related activities. The research model included the HBM constructs of perceived severity, perceived susceptibility, perceived threat, perceived benefits, perceived barriers, cues to action, and self-efficacy. The research model also contained the security awareness (SA) and concern for information privacy (CFIP) constructs. The model used SA to ascertain the effect of security awareness on a person’s self-efficacy in information security (SEIS), perceived threat, CFIP, and security behavior. The research model included CFIP to ascertain its effect on security behavior. The developed survey measured the participants' security awareness, concern for information privacy, self-efficacy, expectations of security actions, perceived security threats, cues to action, and security behavior. SurveyMonkey administered the survey. SurveyMonkey randomly selected 267 participants from its 30 million-member base. The findings of this study indicate home computer users are security aware. SA does not have a direct effect on a user’s security behavior, perceived threat, or CFIP. However, it does have influence on SEIS. SEIS has a weak effect on expectations. CFIP has an effect on a user’s security behavior after removing perceived threat from the research model. Perceived susceptibility has a direct effect on a user’s security behavior, but perceived severity or perceived threat does not. Information privacy concerns Information security awareness Information Security Behavior Information technology Computer science Computer Sciences Computer Security
13	A Comparison of Users' Personal Information Sharing Awareness, Habits, and Practices in Social Networking Sites and E-Learning Systems Ball, Albert 01 January 2012 (has links) Although reports of identity theft continue to be widely published, users continue to post an increasing amount of personal information online, especially within social networking sites (SNS) and e-learning systems (ELS). Research has suggested that many users lack awareness of the threats that risky online personal information sharing poses to their personal information. However, even among users who claim to be aware of security threats to their personal information, actual awareness of these security threats is often found to be lacking. Although attempts to raise users' awareness about the risks of sharing their personal information have become more common, it is unclear if users are unaware of the risks, or are simply unwilling or unable to protect themselves. Research has also shown that users' habits may also have an influence on their practices. However, user behavior is complex, and the relationship between habit and practices is not clear. Habit theory has been validated across many disciplines, including psychology, genetics, and economics, with very limited attention in IS. Thus, the main goal of this study was to assess the influence of users' personal information sharing awareness (PISA) on their personal information sharing habits (PISH) and personal information sharing practices (PISP), as well as to compare the three constructs between SNS and ELS. Although habit has been studied significantly in other disciplines, a limited number of research studies have been conducted regarding IS usage and habit. Therefore, this study also investigated the influence of users' PISH on their PISP within the contexts of SNS and ELS. An empirical survey instrument was developed based on prior literature to collect and analyze data relevant to these three constructs. Path analysis was conducted on the data to determine the influence of users' PISA on their PISH and PISP, as well as the influence of users' PISH on their PISP. This study also utilized ANCOVA to determine if, and to what extent, any differences may exist between users' PISA, PISH, and PISP within SNS and ELS. The survey was deployed to the student body and faculty members at a small private university in the Southeast United States; a total of 390 responses was received. Prior to final data analysis, pre-analysis data screening was performed to ensure the validity and accuracy of the collected data. Cronbach's Alpha was performed on PISA, PISH, and PISP, with all three constructs demonstrating high reliability. PISH was found to be the most significant factor evaluated in this study, as users' habits were determined to have the strongest influence on their PISP within the contexts of SNS and ELS. The main contribution of this study was to advance the understanding of users' awareness of information security threats, their personal information sharing habits, and their personal information sharing practices. Information gained from this study may help organizations in the development of better approaches to the securing of users' personal information. E-learning Systems Information Security Information Security Awareness Information Security Habits Information Security Practices Social Networks Computer Sciences
14	Studies on Employees’ Information Security Awareness Häußinger, Felix 13 May 2015 (has links) No description available. 330 Information Security Awareness Information Security Behahavior Information Systems Security Antecedents of Information Security Endogenous Motivation Wirtschaftswissenschaften (PPN621567140)
15	Enhancing information security in organisations in Qatar Al-Hamar, Aisha January 2018 (has links) Due to the universal use of technology and its pervasive connection to the world, organisations have become more exposed to frequent and various threats. Therefore, organisations today are giving more attention to information security as it has become a vital and challenging issue. Many researchers have noted that the significance of information security, particularly information security policies and awareness, is growing due to increasing use of IT and computerization. In the last 15 years, the State of Qatar has witnessed remarkable growth and development of its civilization, having embraced information technology as a base for innovation and success. The country has undergone tremendous improvements in the health care, education and transport sectors. Information technology plays a strategic role in building the country's knowledge-based economy. Due to Qatar s increasing use of the internet and connection to the global environment, it needs to adequately address the global threats arising online. As a result, the scope of this research is to investigate information security in Qatar and in particular the National Information Assurance (NIA) policy. There are many solutions for information security some technical and some non-technical such as policies and making users aware of the dangers. This research focusses on enhancing information security through non-technical solutions. The aim of this research is to improve Qatari organisations information security processes by developing a comprehensive Information Security Management framework that is applicable for implementation of the NIA policy, taking into account Qatar's culture and environment. To achieve the aim of this research, different research methodologies, strategies and data collection methods will be used, such as a literature review, surveys, interviews and case studies. The main findings of this research are that there is insufficient information security awareness in organisations in Qatar and a lack of a security culture, and that the current NIA policy has many barriers that need to be addressed. The barriers include a lack of information security awareness, a lack of dedicated information security staff, and a lack of a security culture. These barriers are addressed by the proposed information security management framework, which is based on four strategic goals: empowering Qataris in the field of information security, enhancing information security awareness and culture, activating the Qatar National Information Assurance policy in real life, and enabling Qatar to become a regional leader in information security. The research also provides an information security awareness programme for employees and university students. At the time of writing this thesis, there are already indications that the research will have a positive impact on information security in Qatar. A significant example is that the information security awareness programme for employees has been approved for implementation at the Ministry of Administrative Development Labour and Social Affairs (ADLSA) in Qatar. In addition, the recommendations proposed have been communicated to the responsible organisations in Qatar, and the author has been informed that each organisation has decided to act upon the recommendations made.
16	Information security awareness and behaviour: of trained and untrained home users in Sweden. Hammarstrand, Johanna, Fu, Tommy January 2015 (has links) Today we live in an information society that is constantly growing in terms of the amount of information that are processed, stored, and communicated. Information security is a field that is of concern for both the individual and the society as a whole, as both groups are exposed to information every day. A society like this will demand more emphasis on information security. Previous researchers that has addressed this problem argues that security awareness is the most significant factor in order to raise the general security level. They also mention education as a solution to increase the security awareness and thereby achieve a secure environment. The aim of this thesis is to examine the differences between trained and untrained home users in security awareness and behaviour. The research was conducted, using a quantitative method in form of a survey research with the distribution of self-completion questionnaires. The study has a total of 162 respondents that participated. The result was presented and analysed through the use of the software program, IBM SPSS. The results of the findings suggest that the awareness of the trained home users is higher than of those who are untrained home users. Additionally, the discussion suggests that the home users who have participated in awareness raising initiatives, such as education and training, does not necessarily apply more security measures in their home environment, than those who are regarded as untrained home users. Hence, this study suggests that the increase in awareness may not necessarily be the only factor that affects the user’s behaviour, since those who have not participated in awareness raising initiatives applies security measures, almost to the same extent to those who have. This thesis might be able to act as a foundation for future research within the field, considering that the research is a comparative study between trained and untrained home users of the variables security awareness and behaviour where the found results, does not fully agree with previous research. However, an increase in awareness is a good start, but may need to be paired with appropriate training from other parties, such as internet service providers (ISPs) and banks. Maybe the solution could be to develop and strive for a continuous information security culture of the Swedish society, which may result in a deeper learning and understanding of security issues and inspire home users to be engaged and proactive about their information security behaviour. information security awareness information security behaviour trained home user untrained home user Computer and Information Sciences Data- och informationsvetenskap
17	Classification Storage : A practical solution to file classification for information security / Classification Storage : En praktisk lösning till fil klassificering för informationssäkerhet Sloof, Joël January 2021 (has links) In the information age we currently live in, data has become the most valuable resource in the world. These data resources are high value targets for cyber criminals and digital warfare. To mitigate these threats, information security, laws and legislation is required. It can be challenging for organisations to have control over their data, to comply with laws and legislation that require data classification. Data classification is often required to determine appropriate security measured for storing sensitive data. The goal of this thesis is to create a system that makes it easy for organisations to handle file classifications, and raise information security awareness among users. In this thesis, the Classification Storage system is designed, implemented and evaluated. The Classification Storage system is a Client--Server solution that together create a virtual filesystem. The virtual filesystem is presented as one network drive, while data is stored separately, based on the classifications that are set by users. Evaluating the Classification Storage system is realised through a usability study. The study shows that users find the Classification Storage system to be intuitive, easy to use and users become more information security aware by using the system. / I dagens informationsålder har data blivit den mest värdefulla tillgången i världen. Datatillgångar har blivit högt prioriterade mål för cyberkriminella och digital krigsföring. För att minska dessa hot, finns det ett behov av informationssäkerhet, lagar och lagstiftning. Det kan vara utmanande för organisationer att ha kontroll över sitt data för att följa lagar som kräver data klassificering för att lagra känsligt data. Målet med avhandlingen är att skapa ett system som gör det lättare för organisationer att hantera filklassificering och som ökar informationssäkerhets medvetande bland användare. Classification Storage systemet har designats, implementerats och evaluerats i avhandlingen. Classification Storage systemet är en Klient--Server lösning som tillsammans skapar ett virtuellt filsystem. Det virtuella filsystemet är presenterad som en nätverksenhet, där data lagras separat, beroende på den klassificeringen användare sätter. Classification Storage systemet är evaluerat genom en användbarhetsstudie. Studien visar att användare tycker att Classification Storage systemet är intuitivt, lätt att använda och användare blir mer informationssäkerhets medveten genom att använda systemet. Data Classification Information Classification UserDriven Classification Information Security Awareness Dataklassificering Informationsklassificering Användardriven Klassificering Informationssäkerhet Medvetenhet Computer Sciences Datavetenskap (datalogi)
18	Information Security Training and Serious Games Agrianidis, Anastasios January 2021 (has links) The digital transformation of the 21st century has led to a series of new possibilities and challenges, where one major concern of many major organizations and enterprises is promoting Information Security Awareness and Training (ISAT) for their employees. This aspect of Information Security (IS) can promote cybersecurity in the work environment against threats related to the human factor. Apart from traditional methods as workshops and seminars, researchers study the effect of gamification on ISAT, by proposing customized digital games to train employees regardless their IT skills. This thesis is trying to propose what techniques and approaches can be considered to train people throughout a full threat progression by studying the features of previous efforts. For this purpose, a literature study based on the principles of a systematic literature review (SLR) is essential to gather the available data and review their characteristics. More specifically, the solutions of the researchers are analyzed against the seven steps of the Lockheed Martin Cyber Kill Chain (LM CKC), where each game is classified to one or more phases, according to the training they offer. Thus, some tools can provide a wide range of training, covering many aspects of the CKC, while others are targeting a specific IS topic. The results also suggest that popular attacks involving social engineering, phishing, password and anti-malware software are addressed by many games, mainly in the early stages of the CKC and are focus on trainees without professional IT background. On the other hand, in the last two phases of the CKC, the majority of categorized games involves countermeasures that IS specialists must launch to prevent the security breach. Therefore, this study offers insight on the characteristics of serious games, which can influence an ISAT program, tailored to the enterprise’s distinct IS issue(s) and the IT background of the trainees. Information Security Awareness Training Serious Games Lockheed Martin Cyber Kill Chain Computer Systems Datorsystem Information Systems
19	Impact of demographic factors on information security awareness : a study on professionals and students in Sweden Ojala Burman, Emma January 2021 (has links) Over the past year, cyberattacks have increased and one of the reasons is a lack of security awareness in society. The Covid-19 pandemic has forced a drastic change in working conditions and the most prominent shift is that many people had to start working from home. From an information security perspective, this places great demands on the individual since they are not protected by their organization's security solutions in the same degree as in the physical office space. This is being exploited by cybercriminals and the issue of focusing on the human aspect of information security is becoming more essential. Education is used to increase information security awareness (ISA), which in turn leads to improved security behavior. Through education, organizations can therefore reduce the risk of being exposed to various cyberattacks. To develop training programs within information security, one should look for the underlying factors that have an impact on ISA. Therefore, the purpose of this study is to see if demographic factors have any impact on ISA among Swedish professionals and students. The study is based on a quantitative survey in which a total of 157 professionals and students participated. The study was conducted using The Human Aspects of Information Security Questionnaire (HAIS-Q), which is a validated questionnaire developed to measure ISA. The results of the study strengthen previous findings that knowledge about security policies is a crucial factor for a high ISA. In addition, age and level of education also show an impact on ISA. Information about underlying factors that impact ISA can be useful when designing training programs in information security for Swedish professionals and students. Information security information security awareness security behavior Information Systems, Social aspects
20	INFORMATION SECURITY AWARENESS TRAINING FOR END-USER : A Survey on the Perspective of Nordic Municipalities Al Salek, Aous January 2021 (has links) The reliance on information systems in daily operations in organizations made these systems and the security thereof a vital asset that must be protected. Traditionally, technical solutions were thought to be the critical factor in achieving security requirements. However, this has changed with research advancements into information security, suggesting that users are the root cause of the majority of information security incidents. It is widely accepted that an integral part of the methodology of securing information systems is end-user Information Security Awareness Train-ing (ISAT). The goal of ISAT is described to be a change in user behavior. As a result, research into the area has been steadily improving the ways ISAT is carried out. Yet, information security incidents are still on the rise with no indication of slowing down. Previous research has mainly examined users’ experience in relation to ISAT with very little focus on the organizational per-spective. In this study, the organizational perspective on the preferences and expectations of ISAT is examined by inviting all Nordic municipalities to participate in an online survey. The survey consisted of two parts; the first part focused on the current state of ISAT in Nordic municipalities. The second part examined the ideal design of ISAT according to participants. The results obtained from the survey revealed that the participating Nordic municipalities are well aware of recent developments in ISAT. Furthermore, their preferences and expectations of ISAT and what they consider an ideal design of ISAT conform to what is suggested in the literature—with some ex-ceptions. However, there seems to be a gap between knowing about recent developments and having a desired ideal design that conforms to the literature on one side, and actually applying these in production on the other side. information security information security awareness training information systems ISAT user security training Information Systems

Search results