Employees' Role in Improving Information Systems Security

Aliti, Admirim, Akkaya, Deniz

January 2011

Information security is one of the most essential concerns in today’s organizations. IT departments in larger organizations are tasked to implement security, by both ensuring to have pertinent hardware and software, and likewise enlighten, teach and educate organization’s employees about security issues. The aim of this research is to focus on the human factor of the organization, which impacts the security of the information, since technological solutions of technical problems become incomprehensible without human recognition about security. If the security is not addressed in firms, this might lead to essential data of the organization to be compromised. This study explores ways to enhance information security and improve the human factor by integrating the crucial information security elements in organizations. Social constructivist worldview is adopted throughout the study, and an inductive based - qualitative approach, a single case study design and hermeneutical analysis for analyzing the observations and interviews are utilized. The research setting for this study is Växjö Municipality in Sweden. The empirical investigation suggests that human factor plays an essential role in maintaining information security, and organizations can improve employees’ role by keeping their security policies up to date and find the best ways to disseminate that information. As a result, this research comes up with “information security human management model” for organizations.

Information security

information security policy

human factor in organizations

employees' role

Information Systems