DocumentCode
1830565
Title
Improving Organisational Information Security Management: The Impact of Training and Awareness
Author
Waly, Nesren ; Tassabehji, Rana ; Kamala, Mumtaz
Author_Institution
Sch. of Comput., Inf. & Media, Bradford Univ., Bradford, UK
fYear
2012
fDate
25-27 June 2012
Firstpage
1270
Lastpage
1275
Abstract
Security breaches that affect personal data and organisational systems have become increasingly significant in the global technology (IT) industry. There is scope for research on the factors that influence user behaviour and attitudes toward this aspect of information security and their impact on organisation´s network integrity. This research aims to study the critical success factors (CSF) for employees in order to comply with the organisational information security policy with a view to mitigating security breaches. Information security can be managed through three separate mechanisms: organisational factors, behavioural factors and training. Each of these elements impact differently on information security and comprehensive solutions include combinations of all three. The findings provide empirically evaluated information regarding the obstacles and the effective factors in employees´ compliance with the implementation of the information security policy. The identified categories of factors are followed differently by employees working in Health, Business and Education. Questionnaire analysis as part of this study suggests that employees in the health sector comply the most in adhering with information security policy as compared to other sectors. One of the reasons for this is that health sector employees have better awareness, robust communication and effective training programmes with reinforcement and satisfaction. Moreover, employees in the health sector believe in the norms of security policies and have a positive attitude, as they recognise the significance of security policies, unlike the business and education sectors.
Keywords
behavioural sciences; organisational aspects; personnel; security of data; training; behavioural factors; business sector; critical success factors; education sector; employee compliance; global technology industry; health sector employees; information security awareness; organisation network integrity; organisational factors; organisational information security management; organisational information security policy; personal data; security breaches; training programmes; Humans; Information security; Training; Information security; awareness; compliance; quantitative research; security behaviour; training and awareness programme;
fLanguage
English
Publisher
ieee
Conference_Titel
High Performance Computing and Communication & 2012 IEEE 9th International Conference on Embedded Software and Systems (HPCC-ICESS), 2012 IEEE 14th International Conference on
Conference_Location
Liverpool
Print_ISBN
978-1-4673-2164-8
Type
conf
DOI
10.1109/HPCC.2012.187
Filename
6332323
Link To Document