Towards an information security awareness process for engineering SMEs in emerging economies

With most employees in Engineering Small and Medium Enterprises (SME) now having access to their own personal workstations, the need for information security management to safeguard against loss/alteration or theft of the firms’ important information has increased. These Engineering SMEs tend to be more concerned with vulnerabilities from external threats, although industry research suggests that a substantial proportion of security incidents originate from insiders within the firm. Hence, technical preventative measures such as antivirus software and firewalls are proving to solve only part of the problem as the employees controlling them lack adequate information security knowledge. This tends to expose a firm to risk and costly mistakes made by naïve/uninformed employees. This dissertation presents an information security awareness process that seeks to cultivate positive security behaviours using a behavioural intention model based on the Theory of Reasoned Action, Protection Motivation Theory and the Behaviourism Theory. The process and model have been refined and verified using expert review and tested through action research at an Engineering SME in South Africa. The main finding was information security levels of employees within the firm were low, but the proposed information security awareness process increased their knowledge thereby positively altering their behaviour.

Identiferoai:union.ndltd.org:netd.ac.za/oai:union.ndltd.org:ufh/vital:11138
Date January 2013
CreatorsGundu, Tapiwa
PublisherUniversity of Fort Hare, Faculty of Management & Commerce
Source SetsSouth African National ETD Portal
LanguageEnglish
Detected LanguageEnglish
TypeThesis, Masters, MCom (Information Systems)
Format150 leaves; 30 cm, pdf
RightsUniversity of Fort Hare

Page generated in 0.0021 seconds