Spelling suggestions: "subject:"2security awareness"" "subject:"2security owareness""
41 |
Studies on Employees’ Information Security AwarenessHäußinger, Felix 13 May 2015 (has links)
No description available.
|
42 |
Enhancing information security in organisations in QatarAl-Hamar, Aisha January 2018 (has links)
Due to the universal use of technology and its pervasive connection to the world, organisations have become more exposed to frequent and various threats. Therefore, organisations today are giving more attention to information security as it has become a vital and challenging issue. Many researchers have noted that the significance of information security, particularly information security policies and awareness, is growing due to increasing use of IT and computerization. In the last 15 years, the State of Qatar has witnessed remarkable growth and development of its civilization, having embraced information technology as a base for innovation and success. The country has undergone tremendous improvements in the health care, education and transport sectors. Information technology plays a strategic role in building the country's knowledge-based economy. Due to Qatar s increasing use of the internet and connection to the global environment, it needs to adequately address the global threats arising online. As a result, the scope of this research is to investigate information security in Qatar and in particular the National Information Assurance (NIA) policy. There are many solutions for information security some technical and some non-technical such as policies and making users aware of the dangers. This research focusses on enhancing information security through non-technical solutions. The aim of this research is to improve Qatari organisations information security processes by developing a comprehensive Information Security Management framework that is applicable for implementation of the NIA policy, taking into account Qatar's culture and environment. To achieve the aim of this research, different research methodologies, strategies and data collection methods will be used, such as a literature review, surveys, interviews and case studies. The main findings of this research are that there is insufficient information security awareness in organisations in Qatar and a lack of a security culture, and that the current NIA policy has many barriers that need to be addressed. The barriers include a lack of information security awareness, a lack of dedicated information security staff, and a lack of a security culture. These barriers are addressed by the proposed information security management framework, which is based on four strategic goals: empowering Qataris in the field of information security, enhancing information security awareness and culture, activating the Qatar National Information Assurance policy in real life, and enabling Qatar to become a regional leader in information security. The research also provides an information security awareness programme for employees and university students. At the time of writing this thesis, there are already indications that the research will have a positive impact on information security in Qatar. A significant example is that the information security awareness programme for employees has been approved for implementation at the Ministry of Administrative Development Labour and Social Affairs (ADLSA) in Qatar. In addition, the recommendations proposed have been communicated to the responsible organisations in Qatar, and the author has been informed that each organisation has decided to act upon the recommendations made.
|
43 |
Enhancing security risk awareness in end-users via affective feedbackShepherd, Lynsay A. January 2016 (has links)
Background: Risky security behaviour displayed by end-users has the potential to leave devices vulnerable to compromise, despite the availability of security tools designed to aid users in defending themselves against potential online threats. This indicates a need to modify the behaviour of end-users, allowing them to consider the security implications of their actions online. Previous research has indicated affective feedback may serve as a successful method of educating users about risky security behaviours. Thus, by influencing end-users via affective feedback it may be possible to engage users, improving their security awareness. Aims: Develop and apply knowledge of monitoring techniques and affective feedback, establishing if this changes users’ awareness of risky security behaviour in the context of a browser-based environment. Methodology: The methodology employs the use of log files derived from the monitoring solution, and information provided by users during the experiments. Questionnaire data was compared against log files and information provided during experiments, providing an overall quantitative approach. Results: In the case of the log files and questionnaires, participants were found to have engaged in instances of risky security behaviours, which they were unaware of, and this indicated a low-level of awareness of risky security behaviour. Whilst the results indicate the affective feedback did not make a difference to behaviour during the course of the experiments, participants felt that the affective feedback delivered had an impact, raising their security awareness, encouraging them to learn about online security. Conclusions: This body of research has made a novel contribution to the field of affective feedback and usable security. Whilst the results indicate the affective feedback made no difference to behaviour, users felt it had an impact on them, persuading them to consider their security behaviours online, and encouraging them to increase their knowledge of risky security behaviours. The research highlights the potential application of affective feedback in the field of usable security. Future work seeks to explore different ways in which affective feedback can be positioned on-screen, and how feedback can be tailored to target specific groups, such as children, or elderly people, with the aim of raising security awareness.
|
44 |
Information security awareness and behaviour: of trained and untrained home users in Sweden.Hammarstrand, Johanna, Fu, Tommy January 2015 (has links)
Today we live in an information society that is constantly growing in terms of the amount of information that are processed, stored, and communicated. Information security is a field that is of concern for both the individual and the society as a whole, as both groups are exposed to information every day. A society like this will demand more emphasis on information security. Previous researchers that has addressed this problem argues that security awareness is the most significant factor in order to raise the general security level. They also mention education as a solution to increase the security awareness and thereby achieve a secure environment. The aim of this thesis is to examine the differences between trained and untrained home users in security awareness and behaviour. The research was conducted, using a quantitative method in form of a survey research with the distribution of self-completion questionnaires. The study has a total of 162 respondents that participated. The result was presented and analysed through the use of the software program, IBM SPSS. The results of the findings suggest that the awareness of the trained home users is higher than of those who are untrained home users. Additionally, the discussion suggests that the home users who have participated in awareness raising initiatives, such as education and training, does not necessarily apply more security measures in their home environment, than those who are regarded as untrained home users. Hence, this study suggests that the increase in awareness may not necessarily be the only factor that affects the user’s behaviour, since those who have not participated in awareness raising initiatives applies security measures, almost to the same extent to those who have. This thesis might be able to act as a foundation for future research within the field, considering that the research is a comparative study between trained and untrained home users of the variables security awareness and behaviour where the found results, does not fully agree with previous research. However, an increase in awareness is a good start, but may need to be paired with appropriate training from other parties, such as internet service providers (ISPs) and banks. Maybe the solution could be to develop and strive for a continuous information security culture of the Swedish society, which may result in a deeper learning and understanding of security issues and inspire home users to be engaged and proactive about their information security behaviour.
|
45 |
The Impact of Information Security Awareness on Compliance with Information Security Policies: a Phishing PerspectiveHanus, Bartlomiej T. 08 1900 (has links)
This research seeks to derive and examine a multidimensional definition of information security awareness, investigate its antecedents, and analyze its effects on compliance with organizational information security policies. The above research goals are tested through the theoretical lens of technology threat avoidance theory and protection motivation theory. Information security awareness is defined as a second-order construct composed of the elements of threat and coping appraisals supplemented by the responsibilities construct to account for organizational environment. The study is executed in two stages. First, the participants (employees of a municipality) are exposed to a series of phishing and spear-phishing messages to assess if there are any common characteristics shared by the phishing victims. The differences between the phished and the not phished group are assessed through multiple discriminant analysis. Second, the same individuals are asked to participate in a survey designed to examine their security awareness. The research model is tested using PLS-SEM approach. The results indicate that security awareness is in fact a second-order formative construct composed of six components. There are significant differences in security awareness levels between the victims of the phishing experiment and the employees who maintain compliance with security policies. The study extends the theory by proposing and validating a universal definition of security awareness. It provides practitioners with an instrument to examine awareness in a plethora of settings and design customized security training activities.
|
46 |
Návrh zavedení programu budování bezpečnostního povědomí na gymnáziu / Proposal for the implementation of security awareness program at grammar schoolHolásková, Marie January 2018 (has links)
The diploma thesis deals with the issue of building security awareness at grammar schools. The thesis can be divided into three main parts. The introductory part introduces the theoretical definition of basic concepts in the area of information security and a brief description of the legislative requirements to be followed in solving the work. The second part analyzes the current situation of selected grammar school, including risk analysis, HOS 8 analysis and SWOT analysis. In the practical part, the proposal to introduce a security awareness program adapted to the grammar school.
|
47 |
Budování bezpečnostního povědomí na základní škole / Increase of Security Awareness at the Primary SchoolKolajová, Jana January 2019 (has links)
This diploma thesis is focused on the development of informational environment safety awareness at primary schools. The thesis consists of three main parts. The introduction explains the basic safety terms and briefly describe the legislative essentials necessary for this proposal. The second part consists of the analysis of the current situation at the school chosen for this research, including SLEPT analysis, Porter´s analysis, 7S analysis, and SWOT analysis. The practical part introduces the proposal of implementation of the program which is tailored to the requirements and needs of the primary school. The final part evaluates the pros and cons of the implemented solution.
|
48 |
Zavedení bezpečnostních opatření dle ISMS pro základní školu / Implementing of security measures according to ISMS for elementary schoolPexa, Marek January 2019 (has links)
The diploma thesis deals with introduction of security measures for primary and elementary school. The thesis is devided into three main parts. The first part deals with basic theoretical concepts of information security and legislative elements needed for understanding the issue. The second part desrcibes the current state for primary and elementary school. The last practical part includes proposal of security measures and recommendations.
|
49 |
Základy bezpečnostního povědomí pro žáky základních škol / Basics of security awareness for pupils at primary schoolPřibyl, Aleš January 2020 (has links)
This diploma thesis looks at building educational modules that will serve to build a basic awareness of safety for children in primary schools. The theoretical part describes the basic information from this area. The next part describes the assignment of individual modules and also describes the schools where the teaching took place. The practical section contains detailed fillings of these education modules.
|
50 |
Classification Storage : A practical solution to file classification for information security / Classification Storage : En praktisk lösning till fil klassificering för informationssäkerhetSloof, Joël January 2021 (has links)
In the information age we currently live in, data has become the most valuable resource in the world. These data resources are high value targets for cyber criminals and digital warfare. To mitigate these threats, information security, laws and legislation is required. It can be challenging for organisations to have control over their data, to comply with laws and legislation that require data classification. Data classification is often required to determine appropriate security measured for storing sensitive data. The goal of this thesis is to create a system that makes it easy for organisations to handle file classifications, and raise information security awareness among users. In this thesis, the Classification Storage system is designed, implemented and evaluated. The Classification Storage system is a Client--Server solution that together create a virtual filesystem. The virtual filesystem is presented as one network drive, while data is stored separately, based on the classifications that are set by users. Evaluating the Classification Storage system is realised through a usability study. The study shows that users find the Classification Storage system to be intuitive, easy to use and users become more information security aware by using the system. / I dagens informationsålder har data blivit den mest värdefulla tillgången i världen. Datatillgångar har blivit högt prioriterade mål för cyberkriminella och digital krigsföring. För att minska dessa hot, finns det ett behov av informationssäkerhet, lagar och lagstiftning. Det kan vara utmanande för organisationer att ha kontroll över sitt data för att följa lagar som kräver data klassificering för att lagra känsligt data. Målet med avhandlingen är att skapa ett system som gör det lättare för organisationer att hantera filklassificering och som ökar informationssäkerhets medvetande bland användare. Classification Storage systemet har designats, implementerats och evaluerats i avhandlingen. Classification Storage systemet är en Klient--Server lösning som tillsammans skapar ett virtuellt filsystem. Det virtuella filsystemet är presenterad som en nätverksenhet, där data lagras separat, beroende på den klassificeringen användare sätter. Classification Storage systemet är evaluerat genom en användbarhetsstudie. Studien visar att användare tycker att Classification Storage systemet är intuitivt, lätt att använda och användare blir mer informationssäkerhets medveten genom att använda systemet.
|
Page generated in 0.0736 seconds