Researchers have explored the potential of using various approaches in order to reduce the number of security breaches caused by system users. The approaches can be categorized into technology and non-technology approaches. Technology approaches advocate the use of technological tools or integrating a variety of technologies during system design in order to address security issues. Non-technology approaches advocate the use of other means such as good user interface design and user education in order to reduce security breaches. The research described in this thesis considers non-technical approaches. It specifically evaluates system administrator and user perceptions of information security practices and user awareness at Florida State University. The study involves system administrators and end users. Data for this research was collected by surveying and interviewing system administrators; in addition, documents such as such security policies, training materials and email alerts were reviewed. End user data was collected by using a questionnaire. The aim of the system administrators' survey was to collect preliminary information about user awareness. Then follow up interviews were used to determine the perceptions of system administrators regarding non-technical approaches to security and their views about the user's role in security. Although interview results showed that system administrators placed more emphasis on external and technical threats than on internal and non-technical threats due to different factors including availability of resources, attitude toward users, and satisfaction with technological tools, in general results from system administrators showed that system administrators are more likely to engage effectively in user awareness if such barriers to user awareness are addressed. The second part of the study surveyed end users. The aim of the survey was to collect information about end users' general information vulnerability, awareness and practices. Findings from user surveys showed that users need user awareness education for them to be able to protect themselves against security attacks. The results of this study have increased understanding of the problems that hinder non-technical approaches to security. The fact that user practices have been shown to correlate with security awareness suggests that it is time to consider human factors. / A Dissertation submitted to the School of Library and Information Studies in partial fulfillment of the requirements for the degree of Doctor of
Philosophy. / Summer Semester, 2010. / April 1, 2010. / Information Security, Non-Technical Approaches, Protection Motivation Theory, User Awareness, User Behaviors / Includes bibliographical references. / Ian Douglas, Professor Directing Dissertation; David Paradice, University Representative; Lawrence Dennis, Committee Member; Ebrahim Randeree, Committee Member.
| Identifer | oai:union.ndltd.org:fsu.edu/oai:fsu.digital.flvc.org:fsu_181044 |
| Contributors | Mahabi, Victoria (authoraut), Douglas, Ian (professor directing dissertation), Paradice, David (university representative), Dennis, Lawrence (committee member), Randeree, Ebrahim (committee member), School of Library and Information Studies (degree granting department), Florida State University (degree granting institution) |
| Publisher | Florida State University, Florida State University |
| Source Sets | Florida State University |
| Language | English, English |
| Detected Language | English |
| Type | Text, text |
| Format | 1 online resource, computer, application/pdf |
| Rights | This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s). The copyright in theses and dissertations completed at Florida State University is held by the students who author them. |
Page generated in 0.0022 seconds