1 |
The role of 'perceptions of information value' in information security compliance behaviour : a study in Brunei Darussalam's public organisationsHaji-Tajuddin, Sharul T. January 2016 (has links)
It has been widely accepted that information is an asset and it needs to be protected. Many types of countermeasures were developed and implemented to ensure continuous protection of information where it is deemed necessary. Unfortunately, in many cases, breaches of security are the result of non-compliance behaviours of users or stakeholders of the system. These non-compliance behaviours increase the vulnerability of such system. Organisations are trying to improve their stakeholders compliance behaviour through different ways for example by providing necessary awareness, education and training and to the extent of providing rewards for healthy behaviours and reprimanding and penalising stakeholders for breaches of security. Despite all these efforts, information security breaches are still on the rise and many types of research have been done to understand this issue. It is postulated that an object is protected if it is appreciated. Appreciation of an object might relate to a value perceived by the owner in association with the object. For the similar reason, this thesis investigates the role of perceptions of information value in the context of its security. It is postulated that perceptions of information value could become an alternative way to understand information security compliance behaviour. Utilising a conceptual framework deduced from current literature to structurally analyse a list of research objectives, empirical evidence of the potential role of information perceived value in promoting better compliance behaviour have indeed been discovered. There is evidence that a perception of information value is developed through a systematic process of value assignment or information value assignment process. These processes are significant to the development of stakeholders intention to behave. The finding of this process has provided a platform for the organisation to understand the casual behind the information security behaviours displayed by stakeholders in the organisation. Further evidence has also suggested that the information value assignment is fuelled or influenced by several factors. These factors have provided a unique opportunity for the organisation to manipulate and nurture to have maximum impact on their information value assignment process, resulting in a possible improved intention to behave, thus, subsequently might affect the actual information security compliance behaviour.
|
2 |
Information Security Behavior: A Cross-Cultural Comparison of Irish and US EmployeesConnolly, Lena Y., Lang, M., Wall, D.S. 16 June 2020 (has links)
Yes / This study explores how aspects of perceived national culture affect the information security attitudes and behavior of employees. Data was collected using 19 semi-structured interviews in Ireland and the United States of America (US). The main findings are that US employees in the observed organizations are more inclined to adopt formalized information security policies and procedures than Irish employees, and are also more likely to have higher levels of compliance and lower levels of non-compliance.
|
3 |
Information security awareness and behaviour: of trained and untrained home users in Sweden.Hammarstrand, Johanna, Fu, Tommy January 2015 (has links)
Today we live in an information society that is constantly growing in terms of the amount of information that are processed, stored, and communicated. Information security is a field that is of concern for both the individual and the society as a whole, as both groups are exposed to information every day. A society like this will demand more emphasis on information security. Previous researchers that has addressed this problem argues that security awareness is the most significant factor in order to raise the general security level. They also mention education as a solution to increase the security awareness and thereby achieve a secure environment. The aim of this thesis is to examine the differences between trained and untrained home users in security awareness and behaviour. The research was conducted, using a quantitative method in form of a survey research with the distribution of self-completion questionnaires. The study has a total of 162 respondents that participated. The result was presented and analysed through the use of the software program, IBM SPSS. The results of the findings suggest that the awareness of the trained home users is higher than of those who are untrained home users. Additionally, the discussion suggests that the home users who have participated in awareness raising initiatives, such as education and training, does not necessarily apply more security measures in their home environment, than those who are regarded as untrained home users. Hence, this study suggests that the increase in awareness may not necessarily be the only factor that affects the user’s behaviour, since those who have not participated in awareness raising initiatives applies security measures, almost to the same extent to those who have. This thesis might be able to act as a foundation for future research within the field, considering that the research is a comparative study between trained and untrained home users of the variables security awareness and behaviour where the found results, does not fully agree with previous research. However, an increase in awareness is a good start, but may need to be paired with appropriate training from other parties, such as internet service providers (ISPs) and banks. Maybe the solution could be to develop and strive for a continuous information security culture of the Swedish society, which may result in a deeper learning and understanding of security issues and inspire home users to be engaged and proactive about their information security behaviour.
|
4 |
ISeBIS-skalans användbarhet vid utvärdering av användares säkerhetsintentionerLindqvist, Jill January 2017 (has links)
The General Data Protection Regulation, an EU law that enters into force in May 2018, aims to protect the sensitive data of individuals in our digitized world. The responsibility for the sensitive data collected will be transferred to the enforcement organizations. This requires that the correct data protection is ensured. In this work, organizations must ensure that their employees have knowledge of information security. To know which training efforts are needed, a tool for measuring the maturity of information security in the organization is needed. Studies show that it is difficult to measure users' security intentions and that there is a lack of tools for this. The Information Security Behaviour Scale, ISeBIS-scale, was in this study designed with the aim of testing whether this scale could be used and how it could be used to evaluate change in a user's information security intentions following a training effort. In a case study, the ISeBIS scale was tested in an explanatory sequential mixed method. The selection team received a web survey, underwent education in information security and then responded to the questionnaire again. After the results were analysed, semistructured interviews were conducted with a selection of respondents to explain the trends seen in the study. The study shows that to only use the ISeBIS scale is inadequate as a tool for evaluating user safety behavior. The result after the training was difficult to analyze with both negative and positive outcomes in the scale's statement. However, it turned out that in combination with interviews with respondents it is seen that it is a useful tool to draw attention to the underlying factors of the answers, such as a lack of knowledge of the security features used daily and shortcomings in security processes in the organization. Which might not have been so transparent without the use of ISeBIS. The interviewees all meant that the ISeBIS scale and the education given created awareness and above all more discussion about how information security appeared in the organization and what could be improved in the short and long term.
|
5 |
Towards an information security awareness process for engineering SMEs in emerging economiesGundu, Tapiwa January 2013 (has links)
With most employees in Engineering Small and Medium Enterprises (SME) now having access to their own personal workstations, the need for information security management to safeguard against loss/alteration or theft of the firms’ important information has increased. These Engineering SMEs tend to be more concerned with vulnerabilities from external threats, although industry research suggests that a substantial proportion of security incidents originate from insiders within the firm. Hence, technical preventative measures such as antivirus software and firewalls are proving to solve only part of the problem as the employees controlling them lack adequate information security knowledge. This tends to expose a firm to risk and costly mistakes made by naïve/uninformed employees. This dissertation presents an information security awareness process that seeks to cultivate positive security behaviours using a behavioural intention model based on the Theory of Reasoned Action, Protection Motivation Theory and the Behaviourism Theory. The process and model have been refined and verified using expert review and tested through action research at an Engineering SME in South Africa. The main finding was information security levels of employees within the firm were low, but the proposed information security awareness process increased their knowledge thereby positively altering their behaviour.
|
Page generated in 0.1066 seconds