The General Data Protection Regulation, an EU law that enters into force in May 2018, aims to protect the sensitive data of individuals in our digitized world. The responsibility for the sensitive data collected will be transferred to the enforcement organizations. This requires that the correct data protection is ensured. In this work, organizations must ensure that their employees have knowledge of information security. To know which training efforts are needed, a tool for measuring the maturity of information security in the organization is needed. Studies show that it is difficult to measure users' security intentions and that there is a lack of tools for this. The Information Security Behaviour Scale, ISeBIS-scale, was in this study designed with the aim of testing whether this scale could be used and how it could be used to evaluate change in a user's information security intentions following a training effort. In a case study, the ISeBIS scale was tested in an explanatory sequential mixed method. The selection team received a web survey, underwent education in information security and then responded to the questionnaire again. After the results were analysed, semistructured interviews were conducted with a selection of respondents to explain the trends seen in the study. The study shows that to only use the ISeBIS scale is inadequate as a tool for evaluating user safety behavior. The result after the training was difficult to analyze with both negative and positive outcomes in the scale's statement. However, it turned out that in combination with interviews with respondents it is seen that it is a useful tool to draw attention to the underlying factors of the answers, such as a lack of knowledge of the security features used daily and shortcomings in security processes in the organization. Which might not have been so transparent without the use of ISeBIS. The interviewees all meant that the ISeBIS scale and the education given created awareness and above all more discussion about how information security appeared in the organization and what could be improved in the short and long term.
Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:miun-32749 |
Date | January 2017 |
Creators | Lindqvist, Jill |
Publisher | Mittuniversitetet, Avdelningen för data- och systemvetenskap |
Source Sets | DiVA Archive at Upsalla University |
Language | Swedish |
Detected Language | English |
Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
Format | application/pdf |
Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0022 seconds