NDLTD Global ETD Search
  • Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 11
  • 2
  • 2
  • 1
  • 1
  • Tagged with
  • 22
  • 22
  • 16
  • 7
  • 6
  • 6
  • 6
  • 6
  • 6
  • 5
  • 5
  • 5
  • 5
  • 5
  • 5
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.

Search results

Showing 1 to 10 of 22 (0.067 seconds)
1

Cultivating and assessing information security culture

Da Veiga, Adele 24 April 2009 (has links)
The manner in which employees perceive and interact (behave) with controls implemented to protect information assets is one of the main threats to the protection of such assets and the effective use of information security controls. Should the interaction not be conducive to the protection of the information assets, it could have a profound impact on the profit of an organisation, productive working hours could be lost, confidential information might be disclosed to unauthorised people and compliance with legal and regulatory regulations could be affected - all this, despite the fact that adequate technical and procedural controls might be in place. Current research highlights the importance of a strong information security culture to address the threat that employee behaviour poses to the protection of information assets. Various research perspectives propose how an acceptable level of information security culture should be cultivated, and how to assess this culture to determine whether it is on an acceptable level. These approaches are however not adequate to cultivate information security culture, as all the relevant information security components and the influences on the information security culture have to be considered. This leads to the question as to whether the assessment instruments proposed to assess the information security culture are indeed adequate and valid. The main contribution of this research relates to the development of an information security culture framework and process consisting of an assessment instrument to assess information security culture. In order to develop the information security culture framework, the researcher developed a Comprehensive Information Security Framework (CISF) that equips organisations with a holistic approach to the implementation of information security. The framework provides a single point of reference for the governance of information security. The Information Security Culture Framework (ISCF) is developed using the CISF as foundation. The ISCF can be used by organisations to cultivate an information security culture conducive to the protection of information assets. It considers all the components required for information security culture, namely information security, organisational culture and organisational behaviour. It integrates the aforementioned concepts and illustrates the influence between the components. The ISCF further serves as a basis for designing an information security culture assessment instrument. This instrument is incorporated as part of an Information Security Culture Assessment process (lSCULA) defined by the researcher. ISCULA provides management with the steps to conduct an information security culture assessment, as well as the steps to validate the assessment instrument. The application of ISCULA is tested in an empirical study conducted in an organisation. It illustrates how to validate an information security culture assessment instrument by ensuring that it is designed based on the ISCF and meets the statistical requirements for a valid and reliable assessment instrument. Both the ISCF and the ISCULA process can ultimately be deployed by organisations to minimise the threat that employee behaviour poses to the protection of information assets. / Thesis (PhD)--University of Pretoria, 2009. / Computer Science / unrestricted
Information security culture
UCTD
2

Understanding Information Security Culture in an Organization: An Interpretive Case Study

Bess, Donald Arlo 01 January 2012 (has links)
Information systems are considered to be a critical and strategic part of most organizations today. Because of this it has become increasingly important to ensure that there is an effective information security program in place protecting those information systems. It has been well established by researchers that the success of an information security program is heavily dependent upon the actions of the organizational members that interact with the information security program. Because of the interaction between people and the information security program an appropriate information security culture is required to effectively influence and control the actions of the members within that organization. While the importance of an information security culture has been well established by researchers there has been little research conducted to date that assist in understanding and managing information security culture within organizations. To expand the body of knowledge in this area this study will explore the information security culture of a large organization using interpretive case study methodology. The use of semi-structured interviews to collect data has allowed the researcher to report back their interpretation of shared meanings, consciousness, language and artifacts observed while at the research site. Structuration theory was applied as a theoretical lens with which to better understand information security culture and explore ways in which organizations can better understand and manage information security culture. We found structures of signification and legitimacy were the most influential on employee's behavior towards information security. While the structure of domination exerted minimal influence over employee's behavior. This research study contributes to the existing body of knowledge regarding information security culture by examining the role of structural properties exhibited within information security culture. Structural properties of information security culture have not been adequately considered within the existing literature. By expanding our understanding of the role of social structures such as systems of meaning, power and legitimacy on information security culture researchers will have a deeper understanding of this phenomena call information security culture. This will enable us to better understand how to develop and manage an appropriate information security culture.
Information Security Culture
Computer Sciences
3

Framework for Adoption of Information and Communication Technology security culture in SMMEs in Gauteng Province, South Africa

Mokwetli, M. A. January 2019 (has links)
M. Tech. (Department of Information Technology, Faculty of Applied and Computer Sciences), Vaal University of Technology. / Information and Communication Technology (ICT) has become prevalent in our everyday business and personal lives. As such, users and organisations must know how to protect themselves against human errors that led to more companies losing or sharing information that should not be shared. The issue emanates from lack of ICT security culture both in individuals and organisations. This research is based on a wide theoretical review that is focused on proposing a conceptual model on technological, environmental and organisational factors that influence the adoption of ICT security culture and implementation in Small Medium and Micro Enterprises (SMMEs). Factors or determinants that influence the adoption of ICT security culture in SMMEs in the Gauteng province were investigated. Questionnaires were distributed to examine the perception of ICT security culture adoption among SMMEs in the Gauteng province South Africa. A sample of 647 individuals from different SMMEs in the Gauteng province returned the questionnaire. The results of the research study show that technological context (perceived benefits), environmental context (government regulations) and organisational context (management support) determinants have direct influence on the ICT security culture adoption. The recommendation is that information security awareness programmes must be put in place. Further research is recommended using more determinants that might have a positive impact toward the adoption of the ICT security culture. In order to minimize data breaches due to human error it is recommended that SMMEs around Gauteng Province in South Africa adopt the framework as outlined in this research study.
ICT Security culture
Information Security culture
SMMEs
ICT
Adoption
Human error
Dissertations, Academic -- South Africa
Information technology -- South Africa
4

Employee and Organization Security Value Alignment Through Value Sensitive Security Policy Design

Solomon, Dianne Blitstein 05 September 2014 (has links)
Every member of the organization must be involved in proactively and consistently preventing data loss. Implementing a culture of security has proven to be a reliable method of enfranchising employees to embrace security behavior. However, it takes more than education and awareness of policies and directives to effect a culture of security. Research into organizational culture has shown that programs to promote organizational culture - and thus security behavior - are most successful when the organization's values are congruent with employee values. What has not been clear is how to integrate the security values of the organization and its employees in a manner that promotes security culture. This study extended current research related to values and security culture by applying Value Sensitive Design (VSD) methodology to the design of an end user security policy. Through VSD, employee and organizational security values were defined and integrated into the policy. In so doing, the study introduced the concept of value sensitive security policy (VSP) and identified a method for using VSPs to promote a culture of security. At a time when corporate values are playing such a public role in defining the organization, improving security by increasing employee-organization value congruence is both appealing and practical.
Security Behavior
Security Culture
Security Policy
Security Values
Value Sensitive
Computer Sciences
Computer Security
5

Establishing an information security awareness and culture

Korovessis, Peter January 2015 (has links)
In today’s business environment all business operations are enabled by technology. Its always on and connected nature has brought new business possibilities but at the same time has increased the number of potential threats. Information security has become an established discipline as more and more businesses realize its value. Many surveys have indicated the importance of protecting valuable information and an important aspect that must be addressed in this regard is information security awareness. The human component has been recognized to have an important role in information security since the only way to reduce security risks is through making employees more information security aware. This also means that employees take responsibility of their actions when dealing with information in their everyday activities. The research is concentrated mainly on information security concepts alongside their relation to the human factor with evidence that users remain susceptible to information security threats, thus illustrating the need for more effective user training in order to raise the level of security awareness. Two surveys were undertaken in order to investigate the potential of raising security awareness within existing education systems by measuring the level of security awareness amongst the online population. The surveys analyzed not only the awareness levels and needs of students during their study and their preparation towards entering the workforce, but also whether this awareness level changes as they progress in their studies. The results of both surveys established that the awareness level of students concerning information security concepts is not at a sufficient level for students entering university education and does not significantly change as they progress their academic life towards entering the workforce. In respect to this, the research proposes and develops the information security toolkit as a prototype awareness raising initiative. The research goes one step further by piloting and evaluating toolkit effectiveness. As an awareness raising method, the toolkit will be the basis for the general technology user to understand the challenges associated with secure use of information technology and help him assess its current knowledge, identify lacks and weaknesses and acquire the required knowledge in order to be competent and confident users of technology.
005.8
6

Postoj Francie k zahraniční a bezpečnostní politice Spojených států amerických / The attitude of France towards the US security policy

Čmakalová, Kateřina January 2008 (has links)
One of the most surprising aspects of the renaissance of scholarly interest in culture has been the emerging consensus in national security policy studies that culture effects significantly grand strategy and state behaviour. Therefore, the paper tries to advance rigorous procedures for testing for the existence and influence of security and strategic culture of different national states. It builds mainly on the definition of Alastair I. Johnston (1995) and Jeffrey S. Lantis (2002), who relate security and strategic culture with the definition of main goals/objectives of the state in security affairs and with ways of achieving them. As a case study, the paper will evaluate the approaches of the United States and France towards security threats in the early 21st century, especially towards the threat of global terrorism. It will assess whether and why when achieving security objectives, defined at the highest political level, persuasive or coercive strategy and military or non-military tools were preferred; whether negotiations, diplomacy and political pressure were favoured, or whether it was rather opted for deployment of armed forces and warfare. The text attempts to show how the differences in security and strategic culture, American and French particular identities, values, norms and perceptive lens might lead to different understandings of terrorism as global security threat and to distinct measures taken in the fight against it.
7

Strong Intents Against Weak Links : Towards a Holistic Integration of Behavioral Information Security in Organizations with Strategic Intent

Koller, Teresa Marie, Ljung, Migle January 2021 (has links)
The human factor has been detected as the weakest link in the information security of organizations. Methods like training and awareness programs and the implementation of security policies have been developed, but they still seem to be less effective than desired. Authors have suggested integrating information security more holistically in organizations. In this study we discuss how strategic intent can influence an information security culture and improve information security behavior, thereby strengthening the weakest link. This thesis aims to develop a conceptual framework for organizations to integrate behavioral information security holistically with strategic intent. This thesis is based on a qualitative study with an abductive approach consisting of nine exploratory, semi-structured interviews. This way we could find today’s most prominent factors that might reinforce information security behavior in organizations and discuss the interrelations among those factors together with their potential facilitators and barriers. To improve behavioral InfoSec holistically in organizations, strategic Intent and InfoSec culture are promising factors. All factors have clear interrelations, but also potential facilitators and barriers.
Information Security Behavior
Information Security Culture
Strategic Intent
Behavioral Information Security
Qualitative Study
Business Administration
Företagsekonomi
8

Information Security Behavior: A Cross-Cultural Comparison of Irish and US Employees

Connolly, Lena Y., Lang, M., Wall, D.S. 16 June 2020 (has links)
Yes / This study explores how aspects of perceived national culture affect the information security attitudes and behavior of employees. Data was collected using 19 semi-structured interviews in Ireland and the United States of America (US). The main findings are that US employees in the observed organizations are more inclined to adopt formalized information security policies and procedures than Irish employees, and are also more likely to have higher levels of compliance and lower levels of non-compliance.
Information security culture
National culture
Information security behaviour
Cross-cultural research
Qualitative research
9

Security Culture in Sweden with Focus on Digital Certificate Culture in Organizations / Säkerhetskultur i Sverige med fokus på digitala certifikat i organisationer

Mohialdeen, Haneen, Draaijer, Johannes January 2020 (has links)
Digital certificates lie at the heart of security where effective security culture enables digital certificates to be widely and properly deployed in organizations. Digital certificates provide a way to secure websites and bank transactions, digitally sign documents and emails, enable secure access to remote locations on the internet through VPNs by providing a means for authentication, authorization, confidentiality, integrity, and non-repudiation. In this thesis, the barriers to an effective digital certificate security culture and the possibilities of misuse or misconception of certificates on both client and server side are investigated by first testing 49 scenarios for misuse and three for misconceptions in the network laboratory in Linnaeus University and, then by conducting a survey designed based on the eight dimensions of the Security Culture Framework. Possibilities for misuse were discovered and described in a Functional Scope Model and the most common barriers were found to be lack of funding and awareness regarding digital certificates within organizations. Overall, it was found that there is high usage, willingness and motivation in regards to certificates in organizations in Sweden but the quality of the digital certificate security culture needs to be improved.
Security Culture
Organisational Culture
X.509 Digital Certificates
Digital Certificate Security Culture
Information Systems, Social aspects
Computer Sciences
Datavetenskap (datalogi)
Computer and Information Sciences
Data- och informationsvetenskap
Information Systems
Communication Systems
Kommunikationssystem
10

Enhancing information security in organisations in Qatar

Al-Hamar, Aisha January 2018 (has links)
Due to the universal use of technology and its pervasive connection to the world, organisations have become more exposed to frequent and various threats. Therefore, organisations today are giving more attention to information security as it has become a vital and challenging issue. Many researchers have noted that the significance of information security, particularly information security policies and awareness, is growing due to increasing use of IT and computerization. In the last 15 years, the State of Qatar has witnessed remarkable growth and development of its civilization, having embraced information technology as a base for innovation and success. The country has undergone tremendous improvements in the health care, education and transport sectors. Information technology plays a strategic role in building the country's knowledge-based economy. Due to Qatar s increasing use of the internet and connection to the global environment, it needs to adequately address the global threats arising online. As a result, the scope of this research is to investigate information security in Qatar and in particular the National Information Assurance (NIA) policy. There are many solutions for information security some technical and some non-technical such as policies and making users aware of the dangers. This research focusses on enhancing information security through non-technical solutions. The aim of this research is to improve Qatari organisations information security processes by developing a comprehensive Information Security Management framework that is applicable for implementation of the NIA policy, taking into account Qatar's culture and environment. To achieve the aim of this research, different research methodologies, strategies and data collection methods will be used, such as a literature review, surveys, interviews and case studies. The main findings of this research are that there is insufficient information security awareness in organisations in Qatar and a lack of a security culture, and that the current NIA policy has many barriers that need to be addressed. The barriers include a lack of information security awareness, a lack of dedicated information security staff, and a lack of a security culture. These barriers are addressed by the proposed information security management framework, which is based on four strategic goals: empowering Qataris in the field of information security, enhancing information security awareness and culture, activating the Qatar National Information Assurance policy in real life, and enabling Qatar to become a regional leader in information security. The research also provides an information security awareness programme for employees and university students. At the time of writing this thesis, there are already indications that the research will have a positive impact on information security in Qatar. A significant example is that the information security awareness programme for employees has been approved for implementation at the Ministry of Administrative Development Labour and Social Affairs (ADLSA) in Qatar. In addition, the recommendations proposed have been communicated to the responsible organisations in Qatar, and the author has been informed that each organisation has decided to act upon the recommendations made.

Page generated in 0.0742 seconds