With most employees in Engineering Small and Medium Enterprises (SME) now having access to their own personal workstations, the need for information security management to safeguard against loss/alteration or theft of the firms’ important information has increased. These Engineering SMEs tend to be more concerned with vulnerabilities from external threats, although industry research suggests that a substantial proportion of security incidents originate from insiders within the firm. Hence, technical preventative measures such as antivirus software and firewalls are proving to solve only part of the problem as the employees controlling them lack adequate information security knowledge. This tends to expose a firm to risk and costly mistakes made by naïve/uninformed employees. This dissertation presents an information security awareness process that seeks to cultivate positive security behaviours using a behavioural intention model based on the Theory of Reasoned Action, Protection Motivation Theory and the Behaviourism Theory. The process and model have been refined and verified using expert review and tested through action research at an Engineering SME in South Africa. The main finding was information security levels of employees within the firm were low, but the proposed information security awareness process increased their knowledge thereby positively altering their behaviour.
Identifer | oai:union.ndltd.org:netd.ac.za/oai:union.ndltd.org:ufh/vital:11138 |
Date | January 2013 |
Creators | Gundu, Tapiwa |
Publisher | University of Fort Hare, Faculty of Management & Commerce |
Source Sets | South African National ETD Portal |
Language | English |
Detected Language | English |
Type | Thesis, Masters, MCom (Information Systems) |
Format | 150 leaves; 30 cm, pdf |
Rights | University of Fort Hare |
Page generated in 0.0021 seconds