BazEkon - Biblioteka Główna Uniwersytetu Ekonomicznego w Krakowie

BazEkon home page

Meny główne

Chmura Joanna (Nicolaus Copernicus University in Toruń, Poland)
Forming the Awareness of Employees in the Field of Information Security
Journal of Positive Management, 2017, vol. 8, nr 1, s. 78-85, bibliogr. 29 poz.
Słowa kluczowe
Bezpieczeństwo informacji, Świadomość pracowników, Pracownicy w organizacji
Information security, Employee awareness, Employees in the organization
Research purpose: The aim of this study is to present the essence and importance of information security awareness in the organisation and to analyse selected methods used in forming employee awareness in terms of information security.

Methodology/ approach: This paper is based on literature studies and available reports.

Findings: The presented paper suggests that in order to create a positive change in the organisation, information security training should focus on the attitude and behavior of employees. Concentration is primarily about what they do and how their actions affect the results. In order to minimise the risk of data breaches, often resulting from human error, training methods must meet the needs of today's employees. Effective information security awareness strategies should address the needs of both the organisation itself and the learning people.

Limitations/implications: The study is based on the theoretical analysis, indicating the need of conducting further empirical research.

Originality/value: The main value of the study is to clarify the need for forming employees' awareness of information security while indicating a number of available methods enabling the implementation of awareness programs in the organisation. (original abstract)
Pełny tekst
  1. Abawajy, J. (2014), "User preference of cyber security awareness delivery methods", Behaviour & Information Technology, Vol. 33 No. 3, pp. 236-247. DOI: 10.1080/0144929X.2012.708787
  2. Aurigemma, S., Panko, R. P. (2012), "A Composite Framework for Behavioral Compliance with Information Security Police", 47th Hawaii International Conference on System Sciences, pp. 3248-3257. DOI: 10.1109/HICSS.2012.49.
  3. Cone, B. D., Thompson, M. F., Irvine, C. E., Nguyen, T. D. (2006), "Cyber Security Training and Awareness Through Game Play", in: Fisher-Hubner, S., Rannenberg, K., Yngstrom, L., Lindskog, S. (Eds.), Security and Privacy in Dynamic Environments, International Federation for Information Processing, Vol. 201, Boston: Springer, Boston, pp. 431-436.
  4. Da Veiga, A. (2015), "An Information Security Training and Awareness Approach (ISTAAP) to Instil an Information Security - Positive Culture", Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015), pp. 95-107.
  5. Eminağaoğlu, M., Uçar, E., Eren, S. (2009), "The positive outcomes of information security awareness training in companies - A case study", Information Security Technical Report, Vol. 14 No. 4, pp. 223-229.
  6. EY (2017), "Path to cyber resilience: EY's 19th Global Information Security Survey 2016-2017", available at:$FILE/GISS_2016_Report_Final.pdf (accessed 3 September 2017).
  7. Hadlington, L. (2017), "Human factors in cybersecurity; examining the link between Internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours", Heliyon, Vol. 3 No. 7, pp. 1-18. DOI: 10.1016/j.heliyon.2017e00346
  8. Herold, R. (2010), Managing an Information Security and Privacy Awareness and Training Program, Second Edition, CRC Press, Inc. Boca Raton, FL, USA.
  9. Kajzer, M., D'Arcy, J., Crowell, Ch.R., Striegel, A., Bruggen, D.V. (2014), "An exploratory investigation of message-person congruence in information security awareness campaigns", Computers & Security, Vol. 43, pp. 64-76. DOI: 10.1016/j.cose.2014.03.003
  10. Khan, B., Alghathbar, K.S., Nabi, S.I., Khan, M.K. (2011), "Effectiveness of information security awareness methods based on psychological theories", African Journal of Business Management, Vol. 5 No. 26, pp. 10862-10868. DOI: 10.5897/AJBM11.067
  11. Ki-Aries, D., Faily, S. (2017), "Persona-centred information security awareness", Computers & Security, Vol. 70, pp. 663-674. DOI: 10.1016/j.cose.2017.08.001
  12. Kraemer, S., Carayon, P., Clem, J. (2009), "Human and organizational factors in computer and information security: Pathways to vulnerabilities", Computers & Security, Vol. 28 No. 7, pp. 509-520. DOI: 10.1016/j.cose.2009.04.006
  13. Kritzinger, E., Smith, E. (2009), "A prototype for enhancing information security awareness in industry", Proceedings of the World Academy of Science Engineering and Technology, Vol. 54, pp. 521-530.
  14. Kruger, H.A., Kearney, W.D. (2006), "A prototype for assessing information security awareness", Computers & Security, Vol. 25 No. 4, pp. 289-296. DOI: 10.1016/j.cose.2006.02.008
  15. Maqousi, A., Balikhina, T., Mackay, M. (2013), "An effective method for information security awareness raising initiatives", International Journal of Computer Science & Information Technology, Vol. 5 No. 2, pp. 63-72. DOI: 10.5121/ijcsit.2013.5206
  16. Mitnick, K.D., Simon, W.L. (2002), The Art of Deception: Controlling the Human Element of Security, Wiley, New Jersey.
  17. McCormac, A., Zwaans, T., Parsons, K., Calic, D., Butavicius, M., Pattinson, M. (2017), "Individual differences and Information Security Awareness", Computers in Human Behavior, Vol. 69, pp. 151-156. DOI: 10.1016/j.chb.2016.11.065
  18. Mukhlis, A. (2014), "Information security awareness level measurement using multiple criteria decision analysis (MCDA)", Jurnal Penelitian dan Pengembangan Komunikasi dan Informatika, Vol. 5 No. 1, pp. 15-24.
  19. Öğütçü, G., Testik, Ö.M., Chouseinoglou, O. (2016), "Analysis of personal information security behavior and awareness", Computers & Security, Vol. 56, pp. 83-93. DOI: 10.1016/j.cose.2015.10.002
  20. Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., Jerram, C. (2014), "Determining employee awareness using the Human Aspects of Information Security Questionnaire (HAIS-Q)", Computers & Security, Vol. 42, pp. 165-176. DOI: 10.1016/j.cose.2013.12.003
  21. Parsons, K., Calic, D., Pattinsonb, M., Butaviciusa, M., McCormaca, A., Zwaansc, T. (2017), "The Human Aspects of Information Security Questionnaire (HAIS-Q): Two further validation studie", Computers & Security, Vol. 66, pp. 40-51. DOI: 10.1016/j.cose.2017.01.004
  22. Schlienger, T., Teufel, S. (2003), "Information Security Culture - from analysis to change", South African Computer Journal, Vol. 2003 No. 31, pp. 46-52.
  23. Schultz, E. (2005), "The human factor in securiy", Computers & Security, Vol. 24 No. 6, pp. 425-426.
  24. Shaw, R.S., Charlie, Ch.C., Harris, A.L., Huang, H-J. (2009), "The impact of information richness on information security awareness training effectiveness", Computers & Education, Vol. 52, pp. 92-100. DOI: 10.1016/j.compedu.2008.06.011
  25. Soomro, Z.A., Shah, M.H., Ahmed, J. (2016), "Information security management needs more holistic approach: A literature review", International Journal of Information Management, Vol. 36 No. 2, pp. 215-225. DOI: 10.1016/j.ijinfomgt.2015.11.009
  26. Thomson, K., von Solms, R., Louw, L. (2006), "Cultivating an organisational information security culture", Computer Fraud and Security, Vol. 2006 No. 10, pp. 7-11.
  27. Tsohou, A., Karyda, M., Kokolakis, S. (2015), "Analyzing the role of cognitive and cultural biases in the internalization of information security policies: Recommendations for information security awareness programs", Computers & Security, Vol. 52, pp. 128-141. DOI: 10.1016/j.cose.2015.04.006
  28. Valentine, J.A. (2006), "Enhancing the employee security awareness model", Computer Fraud & Security, Vol. 6, pp. 17-19.
  29. Vroom, C., Von Solms, R. (2004), "Towards information security behavioural compliance", Computers & Security, Vol. 23 No. 3, pp. 191-198.
Cytowane przez
Udostępnij na Facebooku Udostępnij na Twitterze Udostępnij na Google+ Udostępnij na Pinterest Udostępnij na LinkedIn Wyślij znajomemu